Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Where does the webhook arrive from?

Marketa Dvorack1
Marketa Dvorackova February 12, 2015

Hi everyone and thanks in advance for any ideas!

I am implementing a service to receive webhook calls. My problem is, that I need to know and identify who (which JIRA, server as well as on demand so IP is not enough) is sending the request.

I had a look at the webhook request, but don't see my info there. The structure is as follows:

HEADERS

Cache-Control: max-age=0

Content-Type: application/json; charset=UTF-8

Host: requestb.in

Total-Route-Time: 0

Accept: */*

Connect-Time: 2

X-Request-Id: e6112d27-1da6-49a0-be40-9db2e90bea73

User-Agent: Atlassian HttpClient 0.20.1 / JIRA-6.4-OD-14-082 (64012) / Default

Content-Length: 6075

Connection: close

Via: 1.1 localhost (Apache-HttpClient/4.3.2 (cache)), 1.1 squid-133-2.ash1.uc-inf.net:3128 (squid/2.6.STABLE21), 1.1 vegur

QUERYSTRING

user_key: xxxxxxxx

user_id: xxxxxxxxx

FORM/POST PARAMETERS

None

RAW BODY

{json raw string}

Any ideas about how to get the "origin" info? Thanks a lot!

Watch
Like Be the first to like this
2615 views

2 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
Marketa Dvorack1
Marketa Dvorackova February 17, 2015

To close the deal.. After talking to the Atlassian support, it's been confirmed that there is no other way of knowing where the webhook request came from than digging into the raw json request body and finding the URL somewhere in the links.

There is nothing in the headers etc. So when it comes from a server instance, you get IP, when from Cloud, the IP is good for nothing and you should start digging or considering a parameter in the webhook request URL.

Not the best, but at least one knows.

View More Comments
philleicht
philleicht
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 17, 2015

At least there's clarity now.

Like
Reply
0 votes
philleicht
philleicht
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 13, 2015

Hey Marketa,

I've never used requestb.in, however it's strange to me it doesn't list the origin-address. For cloud it's harder to find out and it would end up with either 1) using a different service that displays the source IP or 2) try to fire the webhook request against a server with access logs that offer these information (e.g. using Apache).
For JIRA server instances, it should be the public facing IP of the server resulting in either its own or the IP of a proxy the server/instance is using to connect to the internet. But either way, if the options above work out, they should apply here too.

I hope that helps!

Regards,
Philipp

View More Comments
Marketa Dvorack1
Marketa Dvorackova February 13, 2015

Hi Philipp,

I need to say that in the final solution of course I don't use requestb.in. I used it only to visualize everything there is in the header.

I am using Apache, with reverse proxy, but found a mod that should be able to preserve the original request IP. The problem is really with the cloud, because there is just a bunch of addresses that are the same for "all of us" and don't allow any kind of further identification. I need a whole solution, one, for cloud/non-cloud and I need to be able to tell which client (from his JIRA instance) is sending me the request to proceed with further elaboration. And I really want to avoid digging into the JSON and looking for the domain in links:)

Another option is to use a parameter in the webhook, but only if not resolvable otherwise really.

Thanks a lot for your suggestions!

Like
philleicht
philleicht
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 13, 2015

Hey Marketa, yes, I understood the value of requestb.in for debug-in-development. It's just that I generally wondered that an important information like the IP is not rendered there. :) As for the actual issue, I unfortunately have no experience with webhooks in the the Atlassian Cloud environment, so I'm really limited to guessing on general technical experience. Since - as you say - the source IP of your cloud instance is shared through several others (which makes a lot of sense) it's probably indeed the easiest to add another parameter to the webhook that properly identifies your instance. That is, unless someone else comes up with an out-of-the-box answer. Sorry I couldn't help any further and I hope you'll succeed with your project! Regards, Philipp

Like
Marketa Dvorack1
Marketa Dvorackova February 16, 2015

Thanks Philipp, I believe you are right about the parameter. I am talking with the support guys about this, so if by any chance there is something overlooked and useful, I'll be sure to post it here. Take care, Marketa

Like
philleicht
philleicht
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 17, 2015

Hey Marketa, great, I'm looking forward to it. You never know when you'll need it. Regards, Philipp

Like
Steve Muskiewicz
Steve Muskiewicz February 17, 2015

Not entirely related to the original question, but does Atlassian have a JIRA Cloud page that documents what origin IP address(es) of the webhooks from JIRA Cloud would be (Bitbucket does this in their docs)? Reason being that we don't want to expose our hook processing server to the world, only to the "allowed" JIRA Cloud server IP addresses and/or address range.

Like
Marketa Dvorack1
Marketa Dvorackova February 17, 2015

Hi Steve, of course,it is understandable. It's enough to whitelist the IPs listed here: https://confluence.atlassian.com/display/Cloud/Atlassian+Cloud+site+resources Careful though, they change over time, so I suggest watching the page for being notified on changes.

Like
Steve Muskiewicz
Steve Muskiewicz February 18, 2015

Great, that's exactly the page I was looking for, thanks!

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events