Jira Automation Rules, Send Web Request and APIs protected by OAuth 2.0

Deleted user January 3, 2021

Recently, I created an Automation Rule in Jira Software (Cloud) to make a REST Callout to a Salesforce API. Salesforce secures API calls with OAuth 2.0. As I could not find any articles regarding how to use OAuth with Jira Automation Rules, I am sharing what I worked out in the hope it will save others some time. Many APIs are secured by OAuth 2.0 so this information is broadly applicable.

OAuth 2.0 supports a bewildering number of options. Jira Automation Rules with Send web request only supports a few. I used the OAuth 2.0 Username-Password flow. Pros and cons are discussed in the linked article.

My objective was to make an outbound PUT /issue/{{issue.key}} to my Salesforce API whenever the value of a particular field changes on a Jira Issue (so Salesforce could update Jira Issues I had previously sync'd to it).

Steps:

  1. Add an Automation rule on Settings -> System in the AUTOMATION section at the bottom by clicking the Create Rule button.
  2. Select Field value changed in the list of Triggers.
  3. Choose from Select a field and pick Edit Issue from the For select list then click the Save button.
  4. Next, click New action.
  5. Scroll down to the Notification section and pick Send web request. The purpose of this first request is to submit required information in order to get an OAuth access token back from Salesforce.
  6. The URL for starting an OAuth 2.0 flow with my Salesforce Sandbox is https://test.salesforce.com/services/oauth2/token so I put that in the Webhook URL field. Had I been setting this up for Production, the URL would have been https://login.salesforce.com/services/oauth2/token.
  7. In Headers (optional), add a header Content-Type with a value of application/x-www-form-urlencoded. Note: this was required by Salesforce (even if you were able to use curl successfully without that header).
  8. Set HTTP method to POST.
  9. Set Webhook body to Custom data.
  10. Check Delay execution of subsequent rule actions...
  11. In the Custom data field, you add required information in a url-encoded form to get an access or session token. In my case (replacing capitalized items with actual values - Salesforce requires a token to be preceded by the password - these are separate values)...
  12. grant_type=password&client_id=CLIENT-ID&client_secret=CLIENT-SECRET&username=USERNAME&password=PASSWORDTOKEN
  13. Click the Save button.
  14. Under Add component, click New action.
  15. Under Notifications, click Send web request. This time, we'll make the call to the REST endpoint and provide the access token we received from the first step in the header of the second request.
  16. For my API, I entered https://mycompany.my.salesforce.com/services/apexrest/issue/{{issue.key}} in the Webhook URL field. Note the use of the Jira Issue key in the URL. This is specific to my API.
  17. Three Headers must be added:
    • Authorization with a value of Bearer {{webhookResponse.body.access_token}}. This is how you use a value from a previous Send web request. The access token (access_token) is the import value in the JSON it returned.
    • Accept with a value of application/json.
    • Content-Type with a value of application/json.
  18. For HTTP method, I selected PUT as required by my API in order to perform an update.
  19. Select Custom data from Webhook body select list.
  20. In the Custom data field, I entered the following (note the parameterized value containing the new value for my field):
  21. {
    "billingType": "{{fieldChange.toString}}"
    }
  22. Click the Save button.
  23. Enter the name of your automation on the right and click the Turn it on button.

Once turned on, this Automation rule fires whenever my field is changed, gets an OAuth 2.0 access token from Salesforce, then calls my APEX REST endpoint to update the appropriate record in Salesforce. The approach would not have been possible without the relatively new feature Wait for response for Send web request.

By the way, when you're on step 11, it helps to expand Validate your webhook configuration (at the bottom) and click the Validate link to ensure you are sending the right data required to get an access/session token.

Hopefully, this information will save you some time if you need Automation Rules to interact with OAuth 2.0-protected APIs.

6 comments

Comment

Log in or Sign up to comment
Sebastian Krzewiński
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 3, 2021

Great job @[deleted] !!!

wow.gif

Deleted user January 3, 2021

Thanks!

Yatish Madhav
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 30, 2021

Thanks for this @[deleted]  - this looks a real interesting path to take for extending automation.

S_D July 27, 2021
{
"billingType": "{{fieldChange.toString}}"
}

Can you please explain what is fieldChange.toString? Is it a custom field?

 

The reason am asking is that I am trying to create an automation rule to call a webhook using custom payload. But looks like the variable interpolation of the custom fields is not happening. 

 

This is tracked here: https://jira.atlassian.com/browse/JSDSERVER-6970?error=login_required&error_description=Login+required&state=f185345d-1c4f-4f3a-bca6-c22539fdded3

 

In case you are aware of such scenario, please let me know.  

Deleted user July 27, 2021

{{fieldChange.toString}} is a built-in smart parameter containing a string value for the field that was changed (per the field selected in Field value changed in your Automation Rule). In my case, it does refer to a custom field I added called Billing. I could have replaced fieldChange.toString with a reference to that custom field but I kept it generic for my purposes.

S_D July 27, 2021

Thank you @[deleted] but I have been unsuccessful in getting the value from the custom fields. I tried all sorts but ins't working. 

 

Here is a sample of my payload.

 

{
"cluster": "${{request.customfiled_13710}}"
}

 

tried with 

{
"cluster": "${{request.cluster}}"
}

 

but nothing seems to work. 

Deleted user July 29, 2021

For the value of cluster, I see a few issues:

  1. customfield has a typo
  2. The customfield property should be on issue
  3. This isn't a JavaScript formatted string so "$" is not needed

 

Here's an example of where I reference several custom fields. In some cases, I am specifying what to do if the value is null. Dropdown custom fields should be also use ".value". Certain built-in fields need ".name" (like issueType).

 

{
"billingType": "{{issue.customfield_10090.value|"None"}}",
"accountName":"{{issue.customfield_10086.value|"Acme, Inc."}}",
"subject":{{issue.summary.asJsonString}},
"issueType":"{{issue.issuetype.name|"Task"}}",
"opportunityUrl":"{{issue.customfield_10113}}"
}

 

Kent Lee August 11, 2021

Just wanted to say thank you as this was very clear and extremely helpful for my use case. 

Matthew Crocco November 3, 2021

@[deleted] Great post.

I have a similar workflow with ServiceNow. I was curious, in step 12 do you have the password in visible in plain text? I am trying to make an api call with credentials that cannot be found by a nosy admin, or somehow where I can restrict permissions to that particular automation rule.

Thanks!

Sai Praveen Aminigadda November 14, 2023

@Matthew Crocco  are you able to configure it? i'm trying to add authorization. but it is not working.

Ivo Rodrigues January 25, 2024

Hello @Matthew Crocco

I'm trying to do the same by integrating with Servicenow, how ever my bearer toke is always failing i only get the 401.

If i generate the Bearer toke in Postman and then add that token in the API web request it works fine.

So for me only the first part of the web request isn't working.

I've

Captura de ecrã 2024-01-25 151901.png
Captura de ecrã 2024-01-25 152201.png

Tina February 20, 2024

Screenshot 2024-02-20 at 15.28.08.png

@Ivo Rodrigues  Add this header, i think it might help.

Like Ivo Rodrigues likes this
Daniel Saavedra February 24, 2022

@[deleted] Thank you for sharing as I was almost able to get it working. One question where I am stuck is how would you set up the callback URL? I noticed in your example, there wasn't any. Your help would be greatly appreciated.

Lakshmij August 26, 2022

My auth token response looks like this : 

auth.PNG

I'm using  authorization value as Bearer {{webResponse.Payload.access_token}} in header. But, I don't see value in webhook response, it looks empty like below : oauth.PNG

DILEEP KUMAR January 26, 2023

Hi @Lakshmij , It is same issue for me. 

I am using authorization value as Bearer {{webResponse.Payload.access_token}} in header but value in webhook response is empty. Please help if anyone able to resolve this. 

BearerTokenEmpty.jpg

Sai Praveen Aminigadda November 14, 2023

@DILEEP KUMAR are you able to resolve it?

TAGS
AUG Leaders

Atlassian Community Events