Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

calling API of webhooks -- "Only apps can access this resource."


I have a NodeJs application which is supposed to work with webhooks via REST API: register, get, delete.... It uses basic authentication by email and api token.

I haven't been to succeed to call any of the functions, I'll always get an error:

Only apps can access this resource.


What's up with that?

How can I call webhook-related functions via REST API using basic authentication by email:api_token?

Is it possible at all? Or will I have to use OAuth2, that is, create an application?

1 answer

1 accepted

0 votes
Answer accepted

Hi @Saša,

I'm afraid there is not much you can do, apart from creating an app.

It does make sense from an API perspective, as these webhooks are meant for Connect apps and integrations to interact with. Fortunately, setting up a Connect app is rather easy – if you already know NodeJS, then Atlassian Connect Express might be just the thing.

Hope that helps,


I've just created a new project using

$ npm start

and  it's running on my local computer.


What do I do next to be resolve my initial issue?

Hi @Saša ,

Congrats, that's a good first step!

From here on out, there's various avenues to take, depending on what you need. Without knowing all that much about your specific use-case, it's hard to go into details. I would suggest you follow Atlassian's guide here:

Once you got the app installed, you'd set up a route to trigger registering a webhook. In that route, you can call any Atlassian API as your app, the framework has an extended httpClient available, you can use it like this:

var httpClient = addon.httpClient(req);
httpClient.get('/', function(err, res, body) { ... });

Finally, I'd also use the Connect Express to receive the webhook and then trigger whatever services I want triggered internally. But really, how you do that is up to you.

Best regards,

@Oliver Siebenmarck _Polymetis Apps_  

I don't need an Atlassian Connect App itself at all. The only reason I've gone with it is to be able to call webhooks-related API.

Now once I've installed it, will I be able to somehow take out credentials it's generated, session, OAuth2 data, or anything like it, in order to reuse this in my local NodeJs script?

So that I'll be able to a) authenticate b) call webhook API
from my local, normal NodeJs script. Right?


For in the documentation

it alludes that  it requires OAuth2 data -- a token. Therefore, once I've obtained a token, I'll be able to use it in my local Nodejs script/application and make requests to webhook-related API. Right? If so. how will I obtain a token?

Note that for now I don't need to receive webhooks themselves. I only need to call webhook API and receive API responses of calling those webhook API.

Also, my local NodeJs application contains tests that call webhooks API, and which I have to run. Therefore, it can run locally only - it couldn't be uploaded onto Atlassian and run there.

will open another question

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events