Jira webhooks do not respect the allowlist/whitelist but webhooks in Service Management automations do
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Jira webhooks are not impacted by the entries global admins set in the allowlist/whiltelist. However, the webhooks used in Service Management automations do.
This may be seen as an inconsistency by admins.
Environment
All Jira versions
Cause
This is by design. Jira webhooks are created by Jira global admins who also control the whitelist/allowlist.
On the other hand, the Service Management rules can be created by agents so the whitelist/allowlist is a mechanism to control which URLs are used by non-admins, thus the effect they have on webhooks in automations.