Webhooks & Event Subscriptions

Overview#

The Webhooks & Event Subscriptions system enables real-time event notifications via HTTP callbacks. When events occur in the platform -- such as user logins, security alerts, or organization changes -- configured webhooks automatically deliver authenticated POST requests with event payloads to your endpoints, providing a secure and reliable way to integrate platform events with external services, SIEM platforms, notification systems, and custom workflows.

Key Features#

• Cryptographic Signature Verification -- Every webhook delivery includes a signature header for payload authenticity verification, preventing unauthorized or tampered payloads
• Comprehensive Event Types -- Subscribe to events across user lifecycle, MFA, security, SSO, organization, session, and OAuth categories for complete platform visibility
• Automatic Retry Logic -- Failed deliveries are retried up to 3 times with exponential backoff, ensuring reliable event delivery even during temporary endpoint issues
• Delivery History and Debugging -- View delivery attempt details including status codes, response bodies, and error messages for each webhook to diagnose integration issues
• Selective Event Subscription -- Subscribe to only the event types you need, minimizing network traffic and focusing on the events that matter to your integration
• Webhook Management API -- Create, list, update, and delete webhooks through a self-service API with full lifecycle management
• Tenant Isolation -- Users can only manage and receive events for their own webhooks, maintaining complete data separation
• Standard Payload Format -- All events use a consistent JSON payload structure with event type, timestamp, event-specific data, and organization context
• Idempotency Support -- Each delivery includes a unique delivery identifier that can be used as an idempotency key to prevent duplicate processing
• Delivery Statistics -- Track delivery success rates and failure counts per webhook for monitoring integration health

Supported Event Categories#

• User Events -- Account creation, login, logout, password changes, email changes, and profile updates
• MFA Events -- MFA enablement, disablement, passkey registration, and challenge failures
• Security Events -- Breach attempt detection, account lockouts, suspicious login detection, and password breach notifications
• SSO Events -- SSO authentication completions, provider linking, and provider unlinking
• Organization Events -- User additions, removals, and role changes within organizations
• Session Events -- Session creation, termination, and concurrent session limit events
• OAuth Events -- Client registration, token issuance, and token revocation

Use Cases#

• SIEM platforms subscribe to security events to receive real-time breach detection alerts, aggregate authentication failures across tenants, and trigger automated incident response workflows.
• IT automation systems subscribe to user lifecycle events to automatically provision and deprovision accounts in downstream systems when users are added to or removed from organizations.
• Compliance teams stream all platform events to immutable log storage for regulatory audit trails, monitoring privileged user activities and MFA enrollment patterns.
• DevOps teams monitor OAuth client and token events to track third-party application authentication activity and detect anomalous token usage patterns.
• Custom integrations use webhook events to synchronize platform changes with CRM records, ticketing systems, or notification channels in real time.

Integration#

The Webhooks system connects with the platform's authentication layer for secure webhook management, the event processing pipeline for reliable event capture and delivery, and supports integration with any external system that can receive HTTPS POST requests and verify cryptographic signatures.

Last Reviewed: 2026-02-05