Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to you create a webhook through the API that disables SSL?

William Wu
William Wu
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 11, 2019

https://developer.atlassian.com/bitbucket/api/2/reference/resource/repositories/%7Busername%7D/%7Brepo_slug%7D/hooks

 

This does not explain how to create a webhook that disables SSL verification though it offers it on the UI.  

Answer
Watch
Like Leslie Hernández G likes this
465 views

1 answer

0 votes
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 15, 2019

Hi William, welcome to the Community.

According to the labels you added to the post and the link you sent us, seems like you're using Bitbucket Cloud, so my following response is based on that. If you're using a different platform let us know. 

First of all let me say that not all the features that are available via the UI are achievable using the API.

Secondly, can you share with us what are you trying to accomplish? Do you mean that you don't want to use HTTPS? Using HTTP is not possible, also note that using HTTP would mean that your connections would be less secure.

Let us know if there's anything else you need!

Best regards,

Ana 

View More Comments
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 15, 2019

Further thinking into your question made me wonder if you were referring to skipping the certificate verification option:

When you create a webhook, Bitbucket provides the Skip certificate verification option, which allows you to disable certificate verification when sending event payload requests to the webhook URL.

[...]

You may want to use this option if you receive webhooks at an HTTPS endpoint that's using a self-signed SSL certificate. However, because self-signed certificates are inherently not secure, we strongly advise that you don't disable certificate verification unless:

  • You can't install a valid SSL certificate that a public certificate authority has signed, AND
  • You're not concerned about the security of your webhooks.

[...]

If possible, we recommend that you don't disable certificate verification. Obtaining an SSL certificate from a trusted certificate authority is the only way to be confident during the initial key exchange that both parties are who they say they are. That way, you know that the data Bitbucket sends you is encrypted properly with the public key from your certificate, and not someone else's. 

You can read more about that at Manage webhooks.

 
If that's what you want, this is not documented in our API documentation but you can still access this setting using

https://api.bitbucket.org/2.0/repositories/owner/repositoryname/hooks/

Let us know,

Ana

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events