Authenticating OAuth 2.0 for outgoing web requests in Jira Automation rules

Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


How to authenticate OAuth 2.0 for outgoing web requests in Automation


To authenticate over OAuth, you'll need two specific outgoing web requests. The first request will generate a token that's used in the second request to obtain the credentials needed for subsequent web requests.

First request

Common values for the Content-Type header are application/x-www-form-urlencoded ( shown below ) or application/json

First web request

Second request

Set the value for the Authorization header to Bearer {{webhookResponse.body.access_token}} as shown below. You may need to include additional values in the form body as well.

Second web request

Values provided in the webhook body are not HTML URL encoded. If a value contains a special character, $ for example, it is sent as-is instead of its HTML URL encoded equivalent of %24. If authentication is failing unexpectedly, convert special characters in values to their HTML URL encoded equivalent

Updated on June 6, 2024

Still need help?

The Atlassian Community is here for you.