You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Oh hey, one of the concerns with using the Web Request action is that if your request requires authentication, then your password or token is visible to all Jira Administrators and more troubling, to Project Administrators (who maybe only needed that permission to add/manage Versions or Components/Leads.)
The issue (specifically pertaining to the Jira API, but it applies to any web request that requires credentials) was documented well by @Wolfgang Landes here:
In response, @bmccoy did create AUT-2117 which is still open, but it looks like Atlassian may have provided something of a workaround:
Well, that's new! So cool. If you can't obscure the tokens/passwords for web requests, at least you can limit who can view/edit those rules. Good stuff Atlassian. Now can you please put it in the Release Notes?
And yes, why I do subscribe to the Atlassian Cloud Documentation blog and did not see this mentioned anywhere. Thanks for asking! :-}