Jira webhooks do not respect the allowlist/whitelist but webhooks in Service Management automations do
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Jira webhooks are not impacted by the entries global admins set in the allowlist/whiltelist. However, the webhooks used in Service Management automations do.
This may be seen as an inconsistency by admins.
Environment
All Jira versions
Cause
This is by design. Jira webhooks are created by Jira global admins who also control the whitelist/allowlist.
On the other hand, the Service Management rules can be created by agents so the whitelist/allowlist is a mechanism to control which URLs are used by non-admins, thus the effect they have on webhooks in automations.
Was this helpful?