Uanble to register a new webhook

I’m trying to subscribe a webhook through REST API in which i’m facing an issue.

I have tried the version 1 API with basic auth(“email:api_key” in base64 encoded) but it is throwing the following error.

“message”: “Client must be authenticated to access this resource.”,
“status-code”: 401

From the JIRA REST API Documentation i understand that managing webhooks can be only accessible through connect and OAuth 2.0 apps. I have created a new app in my developer account and using the client and client secret i have generated the access token.

Using that access token with “Authorization : Bearer <access_token>” in the headers, still i am facing the same error. During the OAuth login, i’m able to see the access for manage webhooks (PFA)

But still “client must be authenticated” when i try registering a webhook. I have tried the same with the REST API version 3 endpoints (/rest/api/3/webhook) still that error persists.

Can you please help us with this?

Hi @ThamaraiselvanAnnadu,

after completing the authorization code grant flow for your OAuth 2.0 (3LO) app, are you able to successfully make a request to, as described in the documentation?

If so, are you able to successfully make requests to other Jira Cloud REST APIs?

1 Like

Yes. I’m able to access all the other APIs using the same access token. Only the registering the webhook API I’m unable to make a successful request.

@ThamaraiselvanAnnadu that sounds odd, since that error message should indicate that you haven’t provided any credentials in the request.

Could you please forward this to our Developer and Marketplace Support, including

  • the OAuth client ID
  • the Atl-Traceid and X-Arequestid HTTP response headers for a failing request, as well as the approximate time of the request
1 Like

Hello @epehrson ,
Sure. Thanks!

Looking at the provided example, this can be happening because you use the API key instead of an API Token.

Something similar to what’s described in: ECO-33 - Misleading error message when authenticating REST API calls with API Key instead of API Token.

Can you please verify?