Our Jenkins pipeline should trigger release creation in codebeamer cloud via webhook, but it’s failing silently. The pipeline completes successfully, but no release gets created in codebeamer. Manual API calls work fine, so it’s definitely a webhook configuration issue.
Here’s the Jenkins webhook POST configuration:
POST https://company.codebeamer.com/api/v3/releases
Content-Type: application/json
Authorization: Bearer ${CB_API_TOKEN}
Jenkins shows 200 OK response, but nothing happens in codebeamer cloud. We’ve verified the webhook URL is correct and the secret validation passes in our local tests. Is there something specific about trigger config in cloud that differs from on-premise?
Check your Jenkins pipeline’s HTTP client timeout settings. Cloud webhooks can take 5-10 seconds to respond during high load, and if Jenkins times out at 3 seconds, it might be cutting off the connection before codebeamer finishes processing. Increase the timeout to at least 15 seconds.
The 200 response is misleading - cloud returns 200 for webhook receipt but actual processing happens asynchronously. Check the webhook logs in codebeamer under Admin > Integrations > Webhook History. You’ll likely see validation failures there even though Jenkins got a 200. Common issues include incorrect project context in the payload or missing required fields like ‘trackerId’ and ‘name’ in the release creation request.
We had this exact problem. The issue was that Jenkins was sending the webhook to the generic /api/v3/releases endpoint, but cloud requires project-specific endpoints. You need to use /api/v3/projects/{projectId}/releases instead. Also make sure your API key has ‘Release Manager’ role assigned in the specific project, not just general API access. Global admin rights don’t automatically grant project-level permissions in cloud.
Let me address all three critical areas for cloud webhook integration:
Webhook URL Configuration:
Your endpoint is incorrect for cloud. Use the project-specific format:
POST https://company.codebeamer.com/api/v3/projects/12345/releases
Replace 12345 with your actual project ID (found in project settings). Cloud enforces project-scoped endpoints for all resource creation - the generic /api/v3/releases endpoint only works for listing, not creation.
Secret Validation & Authentication:
Cloud requires both API key authentication AND webhook signature validation:
- Generate a webhook secret in codebeamer: Admin > Integrations > Webhooks > Create New > Copy Secret
- In Jenkins, compute HMAC-SHA256 signature of the request body using this secret
- Include headers:
- Authorization: Bearer {your-cloud-api-key}
- X-Codebeamer-Signature: sha256={computed-hmac}
- X-Codebeamer-Event: release.create
The API key must be from User Settings > API Keys (not legacy tokens). Ensure the user has ‘Release Manager’ role in the target project.
Trigger Configuration & Payload:
Your Jenkins pipeline needs the complete payload structure:
{
"name": "Release ${BUILD_NUMBER}",
"trackerId": 67890,
"description": "Automated release from Jenkins",
"status": {"id": 1},
"releaseDate": "2025-10-15T00:00:00Z"
}
Critical fields: trackerId (your release tracker ID), name, and status. The status.id must match a valid status in your release tracker workflow.
Debugging Steps:
- Enable webhook logging in Jenkins (HTTP Request Plugin debug mode)
- Check codebeamer webhook history: Admin > Integrations > Webhook Activity Log
- Look for validation errors - cloud logs show detailed failure reasons
- Test with curl first to isolate Jenkins-specific issues
- Verify project permissions: User must have ‘Create Release’ permission in project roles
Common Cloud-Specific Gotchas:
- Cloud enforces rate limiting (10 requests/minute per API key)
- Webhook responses are asynchronous - check the Location header in 202 responses for status polling
- API key rotation happens every 90 days - set up Jenkins credential expiry notifications
- Cloud instances have IP allowlisting - ensure Jenkins IPs are whitelisted in Security Settings
After fixing the endpoint and adding proper signature validation, monitor the webhook activity log for successful ‘release.created’ events. The Location header in the response contains the new release URL for verification.
Cloud instances have stricter webhook validation than on-premise. Make sure you’re including the X-Codebeamer-Signature header with HMAC-SHA256 hash of the request body. Also, the Bearer token format changed in cloud - you need to use the new API key format from User Settings > API Access, not the old authentication tokens.