Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to you create a webhook through the API that disables SSL?

https://developer.atlassian.com/bitbucket/api/2/reference/resource/repositories/%7Busername%7D/%7Brepo_slug%7D/hooks

 

This does not explain how to create a webhook that disables SSL verification though it offers it on the UI.  

1 answer

0 votes
Ana Retamal Atlassian Team Oct 15, 2019

Hi William, welcome to the Community.

According to the labels you added to the post and the link you sent us, seems like you're using Bitbucket Cloud, so my following response is based on that. If you're using a different platform let us know. 

First of all let me say that not all the features that are available via the UI are achievable using the API.

Secondly, can you share with us what are you trying to accomplish? Do you mean that you don't want to use HTTPS? Using HTTP is not possible, also note that using HTTP would mean that your connections would be less secure.

Let us know if there's anything else you need!

Best regards,

Ana 

Further thinking into your question made me wonder if you were referring to skipping the certificate verification option:

When you create a webhook, Bitbucket provides the Skip certificate verification option, which allows you to disable certificate verification when sending event payload requests to the webhook URL.

[...]

You may want to use this option if you receive webhooks at an HTTPS endpoint that's using a self-signed SSL certificate. However, because self-signed certificates are inherently not secure, we strongly advise that you don't disable certificate verification unless:

  • You can't install a valid SSL certificate that a public certificate authority has signed, AND
  • You're not concerned about the security of your webhooks.

[...]

If possible, we recommend that you don't disable certificate verification. Obtaining an SSL certificate from a trusted certificate authority is the only way to be confident during the initial key exchange that both parties are who they say they are. That way, you know that the data Bitbucket sends you is encrypted properly with the public key from your certificate, and not someone else's. 

You can read more about that at Manage webhooks.

 
If that's what you want, this is not documented in our API documentation but you can still access this setting using

https://api.bitbucket.org/2.0/repositories/owner/repositoryname/hooks/

Let us know,

Ana

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,826 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you