Automation webhooks fail on project update in Jira Cloud

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

Discover why your Jira Cloud automation webhook isn't triggering on project updates, despite successful tests and audit log verification.

Solution

Webhook Configuration

Please note that new changes have been implemented to the incoming webhooks for Atlassian Automation, as announced below.

Incoming webhook triggers now require a security key, which must be included with the X-Automation-Webhook-Token header when utilizing the webhook. If your application does not support custom HTTP headers, you can instead insert a slash at the end of the URL and add the secret after this. For example, https://URL/SECRET. This will allow you to bypass the need for an HTTP header.

To address this, please append the secret key from the trigger to the webhook URL.

<Webhook URL>/<Secret>

Solution to get the Project key

We can access the project key with the help of the below smart value in the Jira automation rule, and we don't have to add any parameter of Project Key in the Jira Webhook setup:

{{webhookData.project.key}}

Research details

As per the logs from the Automation side, when we hit the webhook by changing the project lead. The error message is:

env: prod.safe    group: /aws/lambda/automation-prod-190929-63753f7017-webhook-router    level: INFO    ll: LLINFO    logger: com.codebarrel.aws.lambda.automation.event.handler.WebhookObjectHandler:privacy-safe    message: Incoming webhook request missing token    rackId: prd-usea1-00    stream: 2025/04/24/[$LATEST]fa36b5fc27b14da2b8c8c9b31eda9f0d    thread: main }

This error message signifies that we are not sending the Secret token when hitting the webhook URL, and the automation rule does not accept the request as the token is not there.

The Secret token in the Incoming Webhook request has to be sent in the Jira webhook URL in the format: <Webhook URL>/<Secret>.

Explanation for why the Secret is not attached in the Jira Webhook Secret column

The designated area in Jira webhook for Secret generates the secret for the webhook URL and then passes this secret to the external application/source code to hit the webhook URL.

However, in our case, we are using the automation rule incoming webhook, so we have to use the secret from the automation rule incoming webhook URL, and we should use the below format in the URL: <Webhook URL>/<Secret> 

References

Updated on May 20, 2025

Still need help?

The Atlassian Community is here for you.