Cloud
Data Center 11.3
Versions

Managing webhooks

Integrating with other tools

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Webhooks are user-defined HTTP POST callbacks. They provide a lightweight mechanism for letting remote applications receive push notifications from Jira, without requiring polling. For example, you may want any changes in Jira bugs to be pushed to a test management system so that they can be retested.

Read the Jira Webhooks page (Jira developer documentation) for detailed information on how to configure Jira webhooks, including a description of the events, how to register a webhook via the REST API, examples, and more.

This page only contains instructions on how to use the Webhooks user interface in the Jira administration console.

On this page:

Async webhooks are now default in Jira Data Center

Starting from Jira Data Center 10.0.0, asynchronous webhooks are now the default and only option. This update significantly improves the user experience by processing webhooks through a dedicated thread pool, rather than tying them to the user request. Previously, in Jira 9 and earlier, webhooks were processed synchronously, with the most computationally intensive work performed during the HTTP request.

Environments with exceptional webhook usage in both Jira 9 and 10 might exceed the guardrails set by the default parameters. You can customize these limits to better suit your organization’s needs. We recommend testing the asynchronous webhooks within your staging environments before a final upgrade. If you experience any issues, check our list of known problems or reach out to our support team.

Explore how to tune webhook performance parameters in Jira

Securing your webhook

You can secure your webhook using a secret token or by using basic authentication.

Secret token: Use secret tokens to authenticate the payload and ensure that contents are not tampered between Jira and your endpoint. Combined with HTTPS, it helps ensure the message transmitted is the one that Jira intended to send.

When you define a secret for a webhook, each request is signed via a Hash-based Message Authentication Code (HMAC). The default for this algorithm is HMACSha256. The header X-Hub-Signature is defined and contains the HMAC. For example, the header of the POST request would be plain text encoded as follows:

x-hub-signature: sha256=c3383246d4fd871e66e962b50cc12222222222222222222222222222222222

To authenticate the validity of the message payload, the receiver can perform the HMAC algorithm on the received body with the secret as the key to the HMAC algorithm. If the results do not match, it may indicate there was a problem with transmission that has caused the message payload to change. 

Managing webhooks in Jira

  1. Log in as a user with the Jira Administrators global permission.
  2. In the upper-right corner of the screen, select Administration , then System.
  3. Under Advanced (the left-side panel), select WebHooks to open the Webhooks page, which shows a list of all existing webhooks.
  4. Here's a few tips on using this page:
    • Click the summary of the webhook in the left 'Webhooks' column to display the details of the webhook. You can edit, delete and disable it via the details panel.
    • Deleting a webhook removes it permanently. If you just want to prevent it from firing, disable the webhook instead.

Webhooks displayed in the Jira administration console.

Last modified on Mar 11, 2026

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.