How to set the secret in Bitbucket Server Create Webhook API call

Question

I have crafted a curl which looks something like this. It successfully creates a webhook in BitBucket Server, however, it does not set the 'secret' value, and because of this when the webhook is triggered it fails with a 'missing signature in header'.

If I manually set the secret value, it will then work.

I have looked through Bitbucket Server documentation for 'Create webhook' and do not see anything related.

Link for reference: https://developer.atlassian.com/server/bitbucket/rest/v804/api-group-repository/#api-api-latest-projects-projectkey-repos-repositoryslug-webhooks-post

  url --request POST \
  --url 'https://git.example.org/rest/api/latest/projects/DP/repos/demo/webhooks' \
  --header 'Authorization: Bearer xxx' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "events": [
    "repo:refs_changed"
  ],
  "active": true,
  "statistics": {},
  "configuration": {},
  "url": "http://example.org/push",
  "name": "Argo Events"
}'

what if you try to pass the secret in configuration? – Randommm Oct 07 '22 at 07:46 — Randommm, Oct 07 '22 at 07:46

score 0 · Answer 1 · answered Oct 07 '22 at 08:35

After opening web tools and manually creating the webhook in the BitBucket website, we inspected the network tab and found that it was stored in the configuration object. Example curl below.

  curl --request POST \
  --url 'https://example.org/webhooks' \
  --header 'Authorization: Bearer xxx' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "events": [
    "repo:refs_changed"
  ],
  "active": true,
  "statistics": {},
  "configuration": {"createdBy": "bitbucket","secret": "password"},
  "url": "http://example.org/push",
  "name": "Argo Events"
}'

How to set the secret in Bitbucket Server Create Webhook API call

1 Answers1