Webhook APIs
Overview
A FusionAuth Webhook is intended to consume JSON events emitted by FusionAuth. Creating a Webhook allows you to tell FusionAuth where you would like to receive these JSON events.
Webhooks provides a publish - subscribe style integration with FusionAuth. Creating a Webhook is the subscribe portion of this common messaging pattern. If you’re already using Kafka for consuming messages in your infrastructure, see our Kafka integration as well.
These APIs that are used to manage Webhooks.
Create a Webhook
This API is used to create a Webhook. Specifying an Id on the URI will instruct FusionAuth to use that Id when creating the Webhook. Otherwise, FusionAuth will create a Id for the Webhook automatically.
Request
Create a Webhook without providing an Id. An Id will be automatically generated.
POST /api/webhook
Create a Webhook with the given Id.
POST /api/webhook/{webhookId}
Request Parameters
- webhookId [UUID] Optional defaults to secure random UUID
-
The Id to use for the new Webhook. If not specified a secure random UUID will be generated.
Request Body
- webhook.applicationIds [Array<UUID>] Optional
-
The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the
global
field is false, this Webhook will not be used. - webhook.connectTimeout [Integer] Required
-
The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.description [String] Optional
-
A description of the Webhook. This is used for display purposes only.
- webhook.eventsEnabled [Object] Optional
-
A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:
{ "user.create": true, "user.delete": false }
The possible event types are:
-
user.action
- When a user action is triggered -
user.bulk.create
- When multiple users are created in bulk (i.e. during an import) -
user.create
- When a user is created -
user.email.verified
- When a user verifies their email address Available since 1.8.0 -
user.update
- When a user is updated -
user.deactivate
- When a user is deactivated -
user.reactivate
- When a user is reactivated -
user.login.success
- When a user completes a login request Available since 1.6.0 -
user.login.failed
- When a user fails a login request Available since 1.6.0 -
user.password.breach
- When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0 -
user.registration.create
- When a user registration is created Available since 1.6.0 -
user.registration.update
- When a user registration is updated Available since 1.6.0 -
user.registration.delete
- When a user registration is deleted Available since 1.6.0 -
user.registration.verified
- When a user completes registration verification Available since 1.8.0 -
user.delete
- When a user is deleted -
jwt.public-key.update
- When a JWT RSA Public / Private keypair may have been changed -
jwt.refresh
- When an access token is refreshed using a refresh token Available since 1.16.0 -
jwt.refresh-token.revoke
- When a JWT Refresh Token is revoked
-
- webhook.global [Boolean] Optional defaults to
false
-
Whether or not this Webhook is used for all events or just for specific Applications.
- webhook.headers [Map<String, String>] Optional
-
An object that contains headers that are sent as part of the HTTP request for the events.
- webhook.httpAuthenticationPassword [String] Optional
-
The HTTP basic authentication password that is sent as part of the HTTP request for the events.
- webhook.httpAuthenticationUsername [String] Optional
-
The HTTP basic authentication username that is sent as part of the HTTP request for the events.
- webhook.readTimeout [Integer] Required
-
The read timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.sslCertificate [String] Optional
-
An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.
- webhook.url [String] Required
-
The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.
{
"webhook": {
"applicationIds": [
"00000000-0000-0000-0000-000000000003",
"00000000-0000-0000-0000-000000000004"
],
"connectTimeout": 1000,
"description": "The standard game Webhook",
"eventsEnabled": {
"user.create": true,
"user.delete": false
},
"global": false,
"headers": {
"Header 1": "value 1",
"Header 2": "value 2"
},
"httpAuthenticationPassword": "password",
"httpAuthenticationUsername": "username",
"readTimeout": 2000,
"sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
"url": "http://mygameserver.local:7001/fusionauth-webhook"
}
}
Response
The response for this API contains the information for the Webhook that was created.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body
- webhook.applicationIds [Array<UUID>]
-
The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the
global
field is false, this Webhook will not be used. - webhook.connectTimeout [Integer]
-
The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.description [String]
-
A description of the Webhook. This is used for display purposes only.
- webhook.eventsEnabled [Object]
-
A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:
{ "user.create": true, "user.delete": false }
The possible event types are:
-
user.action
- When a user action is triggered -
user.bulk.create
- When multiple users are created in bulk (i.e. during an import) -
user.create
- When a user is created -
user.email.verified
- When a user verifies their email address Available since 1.8.0 -
user.update
- When a user is updated -
user.deactivate
- When a user is deactivated -
user.reactivate
- When a user is reactivated -
user.login.success
- When a user completes a login request Available since 1.6.0 -
user.login.failed
- When a user fails a login request Available since 1.6.0 -
user.password.breach
- When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0 -
user.registration.create
- When a user registration is created Available since 1.6.0 -
user.registration.update
- When a user registration is updated Available since 1.6.0 -
user.registration.delete
- When a user registration is deleted Available since 1.6.0 -
user.registration.verified
- When a user completes registration verification Available since 1.8.0 -
user.delete
- When a user is deleted -
jwt.public-key.update
- When a JWT RSA Public / Private keypair may have been changed -
jwt.refresh
- When an access token is refreshed using a refresh token Available since 1.16.0 -
jwt.refresh-token.revoke
- When a JWT Refresh Token is revoked
-
- webhook.global [Boolean]
-
Whether or not this Webhook is used for all events or just for specific Applications.
- webhook.headers [Map<String, String>]
-
An object that contains headers that are sent as part of the HTTP request for the events.
- webhook.httpAuthenticationPassword [String]
-
The HTTP basic authentication password that is sent as part of the HTTP request for the events.
- webhook.httpAuthenticationUsername [String]
-
The HTTP basic authentication username that is sent as part of the HTTP request for the events.
- webhook.id [UUID]
-
The Id of the Webhook.
- webhook.readTimeout [Integer]
-
The read timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.sslCertificate [String]
-
An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.
- webhook.url [String]
-
The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.
{
"webhook": {
"applicationIds": [
"00000000-0000-0000-0000-000000000003",
"00000000-0000-0000-0000-000000000004"
],
"connectTimeout": 1000,
"description": "The standard game Webhook",
"eventsEnabled": {
"user.create": true,
"user.delete": false
},
"global": false,
"headers": {
"Header 1": "value 1",
"Header 2": "value 2"
},
"httpAuthenticationPassword": "password",
"httpAuthenticationUsername": "username",
"id": "00000000-0000-0000-0000-000000000042",
"readTimeout": 2000,
"sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
"url": "http://mygameserver.local:7001/fusionauth-webhook"
}
}
Retrieve a Webhook
This API is used to retrieve one or all of the configured Webhooks. Specifying an Id on the URI will retrieve a single Webhook. Leaving off the Id will retrieve all of the Webhooks.
Request
GET /api/webhook
Retrieve a single Webhook by Id
GET /api/webhook/{webhookId}
Request Parameters
- webhookId [UUID] Optional
-
The Id of the Webhook to retrieve.
Response
The response for this API contains either a single Webhook or all of the Webhooks. When you call this API with an Id the response will contain just that Webhook. When you call this API without an Id the response will contain all of the Webhooks. Both response types are defined below along with an example JSON response.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you requested doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body
- webhook.applicationIds [Array<UUID>]
-
The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the
global
field is false, this Webhook will not be used. - webhook.connectTimeout [Integer]
-
The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.description [String]
-
A description of the Webhook. This is used for display purposes only.
- webhook.eventsEnabled [Object]
-
A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:
{ "user.create": true, "user.delete": false }
The possible event types are:
-
user.action
- When a user action is triggered -
user.bulk.create
- When multiple users are created in bulk (i.e. during an import) -
user.create
- When a user is created -
user.email.verified
- When a user verifies their email address Available since 1.8.0 -
user.update
- When a user is updated -
user.deactivate
- When a user is deactivated -
user.reactivate
- When a user is reactivated -
user.login.success
- When a user completes a login request Available since 1.6.0 -
user.login.failed
- When a user fails a login request Available since 1.6.0 -
user.password.breach
- When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0 -
user.registration.create
- When a user registration is created Available since 1.6.0 -
user.registration.update
- When a user registration is updated Available since 1.6.0 -
user.registration.delete
- When a user registration is deleted Available since 1.6.0 -
user.registration.verified
- When a user completes registration verification Available since 1.8.0 -
user.delete
- When a user is deleted -
jwt.public-key.update
- When a JWT RSA Public / Private keypair may have been changed -
jwt.refresh
- When an access token is refreshed using a refresh token Available since 1.16.0 -
jwt.refresh-token.revoke
- When a JWT Refresh Token is revoked
-
- webhook.global [Boolean]
-
Whether or not this Webhook is used for all events or just for specific Applications.
- webhook.headers [Map<String, String>]
-
An object that contains headers that are sent as part of the HTTP request for the events.
- webhook.httpAuthenticationPassword [String]
-
The HTTP basic authentication password that is sent as part of the HTTP request for the events.
- webhook.httpAuthenticationUsername [String]
-
The HTTP basic authentication username that is sent as part of the HTTP request for the events.
- webhook.id [UUID]
-
The Id of the Webhook.
- webhook.readTimeout [Integer]
-
The read timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.sslCertificate [String]
-
An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.
- webhook.url [String]
-
The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.
{
"webhook": {
"applicationIds": [
"00000000-0000-0000-0000-000000000003",
"00000000-0000-0000-0000-000000000004"
],
"connectTimeout": 1000,
"description": "The standard game Webhook",
"eventsEnabled": {
"user.create": true,
"user.delete": false
},
"global": false,
"headers": {
"Header 1": "value 1",
"Header 2": "value 2"
},
"httpAuthenticationPassword": "password",
"httpAuthenticationUsername": "username",
"id": "00000000-0000-0000-0000-000000000042",
"readTimeout": 2000,
"sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
"url": "http://mygameserver.local:7001/fusionauth-webhook"
}
}
Request Body for all the Webhooks
- webhooks [Array]
-
The list of Webhooks.
- webhooks
[x]
.applicationIds [Array<UUID>] -
The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the
global
field is false, this Webhook will not be used. - webhooks
[x]
.connectTimeout [Integer] -
The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhooks
[x]
.description [String] -
A description of the Webhook. This is used for display purposes only.
- webhooks
[x]
.eventsEnabled [Object] -
A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:
{ "user.create": true, "user.delete": false }
The possible event types are:
-
user.action
- When a user action is triggered -
user.bulk.create
- When multiple users are created in bulk (i.e. during an import) -
user.create
- When a user is created -
user.email.verified
- When a user verifies their email address Available since 1.8.0 -
user.update
- When a user is updated -
user.deactivate
- When a user is deactivated -
user.reactivate
- When a user is reactivated -
user.login.success
- When a user completes a login request Available since 1.6.0 -
user.login.failed
- When a user fails a login request Available since 1.6.0 -
user.password.breach
- When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0 -
user.registration.create
- When a user registration is created Available since 1.6.0 -
user.registration.update
- When a user registration is updated Available since 1.6.0 -
user.registration.delete
- When a user registration is deleted Available since 1.6.0 -
user.registration.verified
- When a user completes registration verification Available since 1.8.0 -
user.delete
- When a user is deleted -
jwt.public-key.update
- When a JWT RSA Public / Private keypair may have been changed -
jwt.refresh
- When an access token is refreshed using a refresh token Available since 1.16.0 -
jwt.refresh-token.revoke
- When a JWT Refresh Token is revoked
-
- webhooks
[x]
.global [Boolean] -
Whether or not this Webhook is used for all events or just for specific Applications.
- webhooks
[x]
.headers [Map<String, String>] -
An object that contains headers that are sent as part of the HTTP request for the events.
- webhooks
[x]
.httpAuthenticationPassword [String] -
The HTTP basic authentication password that is sent as part of the HTTP request for the events.
- webhooks
[x]
.httpAuthenticationUsername [String] -
The HTTP basic authentication username that is sent as part of the HTTP request for the events.
- webhooks
[x]
.id [UUID] -
The Id of the Webhook.
- webhooks
[x]
.readTimeout [Integer] -
The read timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhooks
[x]
.sslCertificate [String] -
An SSL certificate in PEM format that is used to establish the a SSL (TLS specifically) connection to the Webhook.
- webhooks
[x]
.url [String] -
The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.
{
"webhooks": [
{
"applicationIds": [
"00000000-0000-0000-0000-000000000003",
"00000000-0000-0000-0000-000000000004"
],
"connectTimeout": 1000,
"description": "The standard game Webhook",
"eventsEnabled": {
"user.create": true,
"user.delete": false
},
"global": false,
"headers": {
"Header 1": "value 1",
"Header 2": "value 2"
},
"httpAuthenticationPassword": "password",
"httpAuthenticationUsername": "username",
"id": "00000000-0000-0000-0000-000000000042",
"readTimeout": 2000,
"sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
"url": "http://mygameserver.local:7001/fusionauth-webhook"
}
]
}
Update a Webhook
This API is used to update a Webhook. You must specify the Id of the Webhook to update on the URI.
Request
PUT /api/webhook/{webhookId}
PATCH /api/webhook/{webhookId}
Available since 1.12.0
When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A
null
value can be used to remove a value. Patching anArray
will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.
Request Parameters
- webhookId [UUID] Required
-
The Id of the Webhook to update.
Request Body
- webhook.applicationIds [Array<UUID>] Optional
-
The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the
global
field is false, this Webhook will not be used. - webhook.connectTimeout [Integer] Required
-
The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.description [String] Optional
-
A description of the Webhook. This is used for display purposes only.
- webhook.eventsEnabled [Object] Optional
-
A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:
{ "user.create": true, "user.delete": false }
The possible event types are:
-
user.action
- When a user action is triggered -
user.bulk.create
- When multiple users are created in bulk (i.e. during an import) -
user.create
- When a user is created -
user.email.verified
- When a user verifies their email address Available since 1.8.0 -
user.update
- When a user is updated -
user.deactivate
- When a user is deactivated -
user.reactivate
- When a user is reactivated -
user.login.success
- When a user completes a login request Available since 1.6.0 -
user.login.failed
- When a user fails a login request Available since 1.6.0 -
user.password.breach
- When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0 -
user.registration.create
- When a user registration is created Available since 1.6.0 -
user.registration.update
- When a user registration is updated Available since 1.6.0 -
user.registration.delete
- When a user registration is deleted Available since 1.6.0 -
user.registration.verified
- When a user completes registration verification Available since 1.8.0 -
user.delete
- When a user is deleted -
jwt.public-key.update
- When a JWT RSA Public / Private keypair may have been changed -
jwt.refresh
- When an access token is refreshed using a refresh token Available since 1.16.0 -
jwt.refresh-token.revoke
- When a JWT Refresh Token is revoked
-
- webhook.global [Boolean] Optional defaults to
false
-
Whether or not this Webhook is used for all events or just for specific Applications.
- webhook.headers [Map<String, String>] Optional
-
An object that contains headers that are sent as part of the HTTP request for the events.
- webhook.httpAuthenticationPassword [String] Optional
-
The HTTP basic authentication password that is sent as part of the HTTP request for the events.
- webhook.httpAuthenticationUsername [String] Optional
-
The HTTP basic authentication username that is sent as part of the HTTP request for the events.
- webhook.readTimeout [Integer] Required
-
The read timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.sslCertificate [String] Optional
-
An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.
- webhook.url [String] Required
-
The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.
{
"webhook": {
"applicationIds": [
"00000000-0000-0000-0000-000000000003",
"00000000-0000-0000-0000-000000000004"
],
"connectTimeout": 1000,
"description": "The standard game Webhook",
"eventsEnabled": {
"user.create": true,
"user.delete": false
},
"global": false,
"headers": {
"Header 1": "value 1",
"Header 2": "value 2"
},
"httpAuthenticationPassword": "password",
"httpAuthenticationUsername": "username",
"readTimeout": 2000,
"sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
"url": "http://mygameserver.local:7001/fusionauth-webhook"
}
}
Response
The response for this API contains the new information for the Webhook that was updated.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body
- webhook.applicationIds [Array<UUID>]
-
The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the
global
field is false, this Webhook will not be used. - webhook.connectTimeout [Integer]
-
The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.description [String]
-
A description of the Webhook. This is used for display purposes only.
- webhook.eventsEnabled [Object]
-
A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:
{ "user.create": true, "user.delete": false }
The possible event types are:
-
user.action
- When a user action is triggered -
user.bulk.create
- When multiple users are created in bulk (i.e. during an import) -
user.create
- When a user is created -
user.email.verified
- When a user verifies their email address Available since 1.8.0 -
user.update
- When a user is updated -
user.deactivate
- When a user is deactivated -
user.reactivate
- When a user is reactivated -
user.login.success
- When a user completes a login request Available since 1.6.0 -
user.login.failed
- When a user fails a login request Available since 1.6.0 -
user.password.breach
- When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0 -
user.registration.create
- When a user registration is created Available since 1.6.0 -
user.registration.update
- When a user registration is updated Available since 1.6.0 -
user.registration.delete
- When a user registration is deleted Available since 1.6.0 -
user.registration.verified
- When a user completes registration verification Available since 1.8.0 -
user.delete
- When a user is deleted -
jwt.public-key.update
- When a JWT RSA Public / Private keypair may have been changed -
jwt.refresh
- When an access token is refreshed using a refresh token Available since 1.16.0 -
jwt.refresh-token.revoke
- When a JWT Refresh Token is revoked
-
- webhook.global [Boolean]
-
Whether or not this Webhook is used for all events or just for specific Applications.
- webhook.headers [Map<String, String>]
-
An object that contains headers that are sent as part of the HTTP request for the events.
- webhook.httpAuthenticationPassword [String]
-
The HTTP basic authentication password that is sent as part of the HTTP request for the events.
- webhook.httpAuthenticationUsername [String]
-
The HTTP basic authentication username that is sent as part of the HTTP request for the events.
- webhook.id [UUID]
-
The Id of the Webhook.
- webhook.readTimeout [Integer]
-
The read timeout in milliseconds used when FusionAuth sends events to the Webhook.
- webhook.sslCertificate [String]
-
An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.
- webhook.url [String]
-
The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.
{
"webhook": {
"applicationIds": [
"00000000-0000-0000-0000-000000000003",
"00000000-0000-0000-0000-000000000004"
],
"connectTimeout": 1000,
"description": "The standard game Webhook",
"eventsEnabled": {
"user.create": true,
"user.delete": false
},
"global": false,
"headers": {
"Header 1": "value 1",
"Header 2": "value 2"
},
"httpAuthenticationPassword": "password",
"httpAuthenticationUsername": "username",
"id": "00000000-0000-0000-0000-000000000042",
"readTimeout": 2000,
"sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
"url": "http://mygameserver.local:7001/fusionauth-webhook"
}
}
Delete a Webhook
This API is used to delete a Webhook.
Request
DELETE /api/webhook/{webhookId}
Request Parameters
- webhookId [UUID] Required
-
The Id of the Webhook to delete.
Response
This API does not return a JSON response body.
Code | Description |
---|---|
200 |
The request was successful. The response will be empty. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you are trying to delete doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |