Community
Products
Jira
Questions
Jira Automations - Send Web Request Response Payload Logged?

Jira Automations - Send Web Request Response Payload Logged?

I am trying to create an automation rule that sends a Web Request. The API uses OAUTH2 for authentication, so in an initial action, I need to request for an access-token, which will then be returned in the response body, then I will be able to use this access-token in the header of subsequent API calls as a bearer token.

I want to understand the security implications of this in terms of the chances of the bearer token being exposed. I understand that Header values of the Send Web Request Action can be 'Hidden', so you can configure the access-token as a smart-value in the subsequent API calls as a Hidden value.

My concern is if the response body of a Send web request is logged anywhere in which the bearer token will be exposed in the first request.

1 answer

0 votes

Hello @Kevin Tra

Welcome to the Atlassian community.

I recommend that you ask your Administrators to pose that question directly to Atlassian through a support case created here:

https://support.atlassian.com/contact/#/

From a Jira user/admin perspective within the rule itself it is possible to use a Log action to print the response into the rule Audit Log.

Beyond that I don't have any information about what information might be getting logged in backend system logs, but Atlassian Support should be able to provide that information.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Jira Automations - Send Web Request Response Payload Logged?

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events