Provide Account Type in Webhooks

Description

As part of GDPR changes, user keys are no longer provided in webhooks. As a result apps lose the ability to identify system apps.

The requirement is captured in this developer community thread: https://community.developer.atlassian.com/t/question-about-accountid/25619/16

Please provide information about the account type in the webhook payload.

Environment

None

Activity

Show:
Jon Bevan [Adaptavist]
April 2, 2019, 8:33 AM

Hi Ben, its a bit frustrating when a vendor raises a bug/request (especially to achieve GDPR compliance) and we get a response along the lines of "we've done a partial implementation but you'll need to tell us what we've missed".

We need the account type for ALL webhooks, not just webhooks that happen to have a user property in the payload. This is so that we know whether another addon has initiated the event or not, so we can do nothing in that scenario.

If we need to constantly hit the Atlassian REST APIs to retreive user information that could be sent to us it a) makes our systems more complex b) adds increased unecessary load on your infrastructure and c) makes us more likely to hit any unpublished rate limits.

Please can you either reopen this ticket or raise another ticket on my behalf? Ideally the account type would be part of the JWT token sent along with the request.

Marcin Kokoszka
April 2, 2019, 8:08 AM
Edited
  1. Account type is indeed present in event body but it's not present in a request parameter.

  2. Request parameters still contains user_id and user_key

Will you provide accountId and/or accountType in request parameters or we have to read this data from event body? It relates to AC-2433

Ben Kelley
April 1, 2019, 12:59 AM

This change should provide accountType in many places where a user bean was already provided.

While it is possible to look up the user using the /rest/api/2/user REST resource (which provides the accountType), if you would like the accountType to be provided in other webhooks that don't currently provide this, please raise those in a new ticket.

Andrzej Wieczorek
March 29, 2019, 4:23 PM

Sebastian Hesse - for comment_deleted I can see accountType for both comment author and updateAuthor but don't see it for user how initiated the action.

Sebastian Hesse (K15t)
March 29, 2019, 4:05 PM

I can see the accountType for comment_created and comment_updated, but also not for issuelink_created or issuelink_deleted. I would like to have that for issuelink webhooks as well!

Fixed

Assignee

Ben Kelley

Reporter

Norman Atashbar

Labels