Webhook APIs

Overview

A FusionAuth Webhook is intended to consume JSON events emitted by FusionAuth. Creating a Webhook allows you to tell FusionAuth where you would like to receive these JSON events.

Webhooks provides a publish - subscribe style integration with FusionAuth. Creating a Webhook is the subscribe portion of this common messaging pattern. If you’re already using Kafka for consuming messages in your infrastructure, see our Kafka integration as well.

These APIs that are used to manage Webhooks.

Create a Webhook

This API is used to create a Webhook. Specifying an Id on the URI will instruct FusionAuth to use that Id when creating the Webhook. Otherwise, FusionAuth will create a Id for the Webhook automatically.

Request

Create a Webhook without providing an Id. An Id will be automatically generated.
POST/api/webhook
Create a Webhook with the given Id.
POST/api/webhook/{webhookId}

Request Parameters

webhookId[UUID]optionalDefaults to secure random UUID

The Id to use for the new Webhook. If not specified a secure random UUID will be generated.

Request Body

webhook.applicationIds[Array<UUID>]optionalDEPRECATED

The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds .

webhook.connectTimeout[Integer]required

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.data[Object]optionalavailable since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhook.description[String]optional

A description of the Webhook. This is used for display purposes only.

webhook.eventsEnabled[Object]optional

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.createWhen an audit log is createdavailable since Available since 1.30.0
  • event-log.createWhen an event log is created available since Available since 1.30.0
  • jwt.public-key.updateWhen a JWT RSA Public / Private keypair may have been changed
  • jwt.refreshWhen an access token is refreshed using a refresh token available since Available since 1.16.0
  • jwt.refresh-token.revokeWhen a JWT Refresh Token is revoked
  • kickstart.successWhen kickstart has successfully completed available since Available since 1.30.0
  • user.actionWhen a user action is triggered
  • user.bulk.createWhen multiple users are created in bulk (i.e. during an import)
  • user.createWhen a user is created
  • user.create.completeWhen a user create transaction has completed available since Available since 1.30.0
  • user.deactivateWhen a user is deactivated
  • user.deleteWhen a user is deleted
  • user.delete.completeWhen a user delete transaction has completed available since Available since 1.30.0
  • user.email.updateWhen a user updates their email address available since Available since 1.30.0
  • user.email.verifiedWhen a user verifies their email address available since Available since 1.8.0
  • user.identity-provider.linkWhen a link is created from a user to an Identity Provider available since Available since 1.36.0
  • user.identity-provider.unlinkWhen an existing Identity Provider link is removed from a User available since Available since 1.36.0
  • user.loginId.duplicate.createWhen a request to create a user with a login Id (email or username) which is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.create event .
  • user.loginId.duplicate.updateWhen a request to update a user and change their login Id (email or username) to one that is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.update event .
  • user.login.failedWhen a user fails a login request available since Available since 1.6.0
  • user.login.new-deviceWhen a user begins a login request with a new device available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.new-device event .
  • user.login.successWhen a user completes a login request available since Available since 1.6.0
  • user.login.suspiciousWhen a user logs in and is considered to be a potential threat (requires an activated Enterprise license) available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.suspicious event .
  • user.password.breachWhen Reactor detects a user is using a potentially breached password (requires an activated license) available since Available since 1.15.0
    Note: A paid plan is required to utilize the user.password.breach event .
  • user.password.reset.sendWhen a forgot password email has been sent to a user available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.send event.
  • user.password.reset.startWhen the process to reset a user password has started available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.start event.
  • user.password.reset.success When a user has successfully reset their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.success event.
  • user.password.updateWhen a user has updated their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.update event.
  • user.reactivateWhen a user is reactivated
  • user.registration.createWhen a user registration is created available since Available since 1.6.0
  • user.registration.create.completeWhen a user registration create transaction has completed available since Available since 1.30.0
  • user.registration.deleteWhen a user registration is deleted available since Available since 1.6.0
  • user.registration.delete.completeWhen a user registration delete transaction has completed available since Available since 1.30.0
  • user.registration.updateWhen a user registration is updated available since Available since 1.6.0
  • user.registration.update.complete When a user registration update transaction has completed available since Available since 1.30.0
  • user.registration.verifiedWhen a user completes registration verification available since Available since 1.8.0
  • user.two-factor.method.addWhen a user has added a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.add event.
  • user.two-factor.method.removeWhen a user has removed a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.remove event.
  • user.updateWhen a user is updated
  • user.update.completeWhen a user update transaction has completed available since Available since 1.30.0
webhook.global[Boolean]optionalDefaults to false

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Before 1.37.0

Whether or not this Webhook is used for all events or just for specific Applications. In almost all cases you want to set this field to true and filter on the application Id when processing the webhook.

webhook.headers[Map<String, String>]optional

An object that contains headers that are sent as part of the HTTP request for the events.

webhook.httpAuthenticationPassword[String]optional

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhook.httpAuthenticationUsername[String]optional

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhook.readTimeout[Integer]required

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.signatureConfiguration.enabled[Boolean]optionalDefaults to falseavailable since 1.48.0

Whether or not webhook events are signed.

webhook.signatureConfiguration.signingKeyId[UUID]optionalDefaults to falseavailable since 1.48.0

The Id of the key used to sign webhook events. Required when webhook.signatureConfiguration is set to true.

webhook.sslCertificate[String]optionalDEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId . This field is not allowed on a request when webhook.sslCertificateKeyId is provided.

webhook.sslCertificateKeyId[UUID]optionalavailable since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhook.tenantIds[Array<UUID>]optionalavailable since 1.37.0

The Ids of the Tenants that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used.

webhook.url[String]required

The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.

Example Request JSON
{
  "webhook": {
    "connectTimeout": 1000,
    "data": {
      "updatedBy": "richard"
    },
    "description": "The standard game Webhook",
    "eventsEnabled": {
      "user.create": true,
      "user.delete": false
    },
    "global": false,
    "headers": {
      "Header 1": "value 1",
      "Header 2": "value 2"
    },
    "httpAuthenticationPassword": "password",
    "httpAuthenticationUsername": "username",
    "readTimeout": 2000,
    "signatureConfiguration": {
      "enabled": true,
      "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
    },
    "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
    "tenantIds": [
      "32306536-3036-6431-3865-646430303332",
      "30663132-6464-6665-3032-326466613934"
    ],
    "url": "http://mygameserver.local:7001/fusionauth-webhook"
  }
}

Response

The response for this API contains the information for the Webhook that was created.

Response Codes
Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503 The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

webhook.applicationIds[Array<UUID>]optionalDEPRECATED

The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds .

webhook.connectTimeout[Integer]

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.data[Object]available since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhook.description[String]

A description of the Webhook. This is used for display purposes only.

webhook.eventsEnabled[Object]

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.createWhen an audit log is createdavailable since Available since 1.30.0
  • event-log.createWhen an event log is created available since Available since 1.30.0
  • jwt.public-key.updateWhen a JWT RSA Public / Private keypair may have been changed
  • jwt.refreshWhen an access token is refreshed using a refresh token available since Available since 1.16.0
  • jwt.refresh-token.revokeWhen a JWT Refresh Token is revoked
  • kickstart.successWhen kickstart has successfully completed available since Available since 1.30.0
  • user.actionWhen a user action is triggered
  • user.bulk.createWhen multiple users are created in bulk (i.e. during an import)
  • user.createWhen a user is created
  • user.create.completeWhen a user create transaction has completed available since Available since 1.30.0
  • user.deactivateWhen a user is deactivated
  • user.deleteWhen a user is deleted
  • user.delete.completeWhen a user delete transaction has completed available since Available since 1.30.0
  • user.email.updateWhen a user updates their email address available since Available since 1.30.0
  • user.email.verifiedWhen a user verifies their email address available since Available since 1.8.0
  • user.identity-provider.linkWhen a link is created from a user to an Identity Provider available since Available since 1.36.0
  • user.identity-provider.unlinkWhen an existing Identity Provider link is removed from a User available since Available since 1.36.0
  • user.loginId.duplicate.createWhen a request to create a user with a login Id (email or username) which is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.create event .
  • user.loginId.duplicate.updateWhen a request to update a user and change their login Id (email or username) to one that is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.update event .
  • user.login.failedWhen a user fails a login request available since Available since 1.6.0
  • user.login.new-deviceWhen a user begins a login request with a new device available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.new-device event .
  • user.login.successWhen a user completes a login request available since Available since 1.6.0
  • user.login.suspiciousWhen a user logs in and is considered to be a potential threat (requires an activated Enterprise license) available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.suspicious event .
  • user.password.breachWhen Reactor detects a user is using a potentially breached password (requires an activated license) available since Available since 1.15.0
    Note: A paid plan is required to utilize the user.password.breach event .
  • user.password.reset.sendWhen a forgot password email has been sent to a user available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.send event.
  • user.password.reset.startWhen the process to reset a user password has started available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.start event.
  • user.password.reset.success When a user has successfully reset their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.success event.
  • user.password.updateWhen a user has updated their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.update event.
  • user.reactivateWhen a user is reactivated
  • user.registration.createWhen a user registration is created available since Available since 1.6.0
  • user.registration.create.completeWhen a user registration create transaction has completed available since Available since 1.30.0
  • user.registration.deleteWhen a user registration is deleted available since Available since 1.6.0
  • user.registration.delete.completeWhen a user registration delete transaction has completed available since Available since 1.30.0
  • user.registration.updateWhen a user registration is updated available since Available since 1.6.0
  • user.registration.update.complete When a user registration update transaction has completed available since Available since 1.30.0
  • user.registration.verifiedWhen a user completes registration verification available since Available since 1.8.0
  • user.two-factor.method.addWhen a user has added a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.add event.
  • user.two-factor.method.removeWhen a user has removed a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.remove event.
  • user.updateWhen a user is updated
  • user.update.completeWhen a user update transaction has completed available since Available since 1.30.0
webhook.global[Boolean]

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Before 1.37.0

Whether or not this Webhook is used for all events or just for specific Applications.

webhook.headers[Map<String, String>]

An object that contains headers that are sent as part of the HTTP request for the events.

webhook.httpAuthenticationPassword[String]

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhook.httpAuthenticationUsername[String]

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhook.id[UUID]

The Id of the Webhook.

webhook.insertInstant[Long]

The instant that the Webhook was added to the FusionAuth database.

webhook.lastUpdateInstant[Long]

The instant that the Webhook was last updated in the FusionAuth database.

webhook.readTimeout[Integer]

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.signatureConfiguration.enabled[Boolean]Defaults to false

Whether or not webhook events are signed.

webhook.signatureConfiguration.signingKeyId[UUID]optional

The Id of the key used to sign webhook events.

webhook.sslCertificate[String]DEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId .

webhook.sslCertificateKeyId[UUID]available since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhook.tenantIds[Array<UUID>]optionalavailable since 1.37.0

The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used.

webhook.url[String]

The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.

Example Response JSON for a Single Webhook
{
  "webhook": {
    "connectTimeout": 1000,
    "data": {
      "updatedBy": "richard"
    },
    "description": "The standard game Webhook",
    "eventsEnabled": {
      "user.create": true,
      "user.delete": false
    },
    "global": false,
    "headers": {
      "Header 1": "value 1",
      "Header 2": "value 2"
    },
    "httpAuthenticationPassword": "password",
    "httpAuthenticationUsername": "username",
    "id": "00000000-0000-0000-0000-000000000042",
    "insertInstant": 1471786482322,
    "lastUpdateInstant": 1595361143101,
    "readTimeout": 2000,
    "signatureConfiguration": {
      "enabled": true,
      "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
    },
    "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
    "tenantIds": [
      "32306536-3036-6431-3865-646430303332",
      "30663132-6464-6665-3032-326466613934"
    ],
    "url": "http://mygameserver.local:7001/fusionauth-webhook"
  }
}

Retrieve a Webhook

This API is used to retrieve one or all of the configured Webhooks. Specifying an Id on the URI will retrieve a single Webhook. Leaving off the Id will retrieve all of the Webhooks.

Request

Retrieve all of the Webhooks
GET/api/webhook
Retrieve a single Webhook by Id
GET/api/webhook/{webhookId}

Request Parameters

webhookId[UUID]optional

The Id of the Webhook to retrieve.

Response

The response for this API contains either a single Webhook or all of the Webhooks. When you call this API with an Id the response will contain just that Webhook. When you call this API without an Id the response will contain all of the Webhooks. Both response types are defined below along with an example JSON response.

Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404 The object you requested doesn't exist. The response will be empty.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503 The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

webhook.applicationIds[Array<UUID>]optionalDEPRECATED

The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds .

webhook.connectTimeout[Integer]

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.data[Object]available since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhook.description[String]

A description of the Webhook. This is used for display purposes only.

webhook.eventsEnabled[Object]

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.createWhen an audit log is createdavailable since Available since 1.30.0
  • event-log.createWhen an event log is created available since Available since 1.30.0
  • jwt.public-key.updateWhen a JWT RSA Public / Private keypair may have been changed
  • jwt.refreshWhen an access token is refreshed using a refresh token available since Available since 1.16.0
  • jwt.refresh-token.revokeWhen a JWT Refresh Token is revoked
  • kickstart.successWhen kickstart has successfully completed available since Available since 1.30.0
  • user.actionWhen a user action is triggered
  • user.bulk.createWhen multiple users are created in bulk (i.e. during an import)
  • user.createWhen a user is created
  • user.create.completeWhen a user create transaction has completed available since Available since 1.30.0
  • user.deactivateWhen a user is deactivated
  • user.deleteWhen a user is deleted
  • user.delete.completeWhen a user delete transaction has completed available since Available since 1.30.0
  • user.email.updateWhen a user updates their email address available since Available since 1.30.0
  • user.email.verifiedWhen a user verifies their email address available since Available since 1.8.0
  • user.identity-provider.linkWhen a link is created from a user to an Identity Provider available since Available since 1.36.0
  • user.identity-provider.unlinkWhen an existing Identity Provider link is removed from a User available since Available since 1.36.0
  • user.loginId.duplicate.createWhen a request to create a user with a login Id (email or username) which is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.create event .
  • user.loginId.duplicate.updateWhen a request to update a user and change their login Id (email or username) to one that is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.update event .
  • user.login.failedWhen a user fails a login request available since Available since 1.6.0
  • user.login.new-deviceWhen a user begins a login request with a new device available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.new-device event .
  • user.login.successWhen a user completes a login request available since Available since 1.6.0
  • user.login.suspiciousWhen a user logs in and is considered to be a potential threat (requires an activated Enterprise license) available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.suspicious event .
  • user.password.breachWhen Reactor detects a user is using a potentially breached password (requires an activated license) available since Available since 1.15.0
    Note: A paid plan is required to utilize the user.password.breach event .
  • user.password.reset.sendWhen a forgot password email has been sent to a user available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.send event.
  • user.password.reset.startWhen the process to reset a user password has started available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.start event.
  • user.password.reset.success When a user has successfully reset their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.success event.
  • user.password.updateWhen a user has updated their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.update event.
  • user.reactivateWhen a user is reactivated
  • user.registration.createWhen a user registration is created available since Available since 1.6.0
  • user.registration.create.completeWhen a user registration create transaction has completed available since Available since 1.30.0
  • user.registration.deleteWhen a user registration is deleted available since Available since 1.6.0
  • user.registration.delete.completeWhen a user registration delete transaction has completed available since Available since 1.30.0
  • user.registration.updateWhen a user registration is updated available since Available since 1.6.0
  • user.registration.update.complete When a user registration update transaction has completed available since Available since 1.30.0
  • user.registration.verifiedWhen a user completes registration verification available since Available since 1.8.0
  • user.two-factor.method.addWhen a user has added a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.add event.
  • user.two-factor.method.removeWhen a user has removed a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.remove event.
  • user.updateWhen a user is updated
  • user.update.completeWhen a user update transaction has completed available since Available since 1.30.0
webhook.global[Boolean]

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Before 1.37.0

Whether or not this Webhook is used for all events or just for specific Applications.

webhook.headers[Map<String, String>]

An object that contains headers that are sent as part of the HTTP request for the events.

webhook.httpAuthenticationPassword[String]

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhook.httpAuthenticationUsername[String]

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhook.id[UUID]

The Id of the Webhook.

webhook.insertInstant[Long]

The instant that the Webhook was added to the FusionAuth database.

webhook.lastUpdateInstant[Long]

The instant that the Webhook was last updated in the FusionAuth database.

webhook.readTimeout[Integer]

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.signatureConfiguration.enabled[Boolean]Defaults to false

Whether or not webhook events are signed.

webhook.signatureConfiguration.signingKeyId[UUID]optional

The Id of the key used to sign webhook events.

webhook.sslCertificate[String]DEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId .

webhook.sslCertificateKeyId[UUID]available since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhook.tenantIds[Array<UUID>]optionalavailable since 1.37.0

The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used.

webhook.url[String]

The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.

Example Response JSON for a Single Webhook
{
  "webhook": {
    "connectTimeout": 1000,
    "data": {
      "updatedBy": "richard"
    },
    "description": "The standard game Webhook",
    "eventsEnabled": {
      "user.create": true,
      "user.delete": false
    },
    "global": false,
    "headers": {
      "Header 1": "value 1",
      "Header 2": "value 2"
    },
    "httpAuthenticationPassword": "password",
    "httpAuthenticationUsername": "username",
    "id": "00000000-0000-0000-0000-000000000042",
    "insertInstant": 1471786482322,
    "lastUpdateInstant": 1595361143101,
    "readTimeout": 2000,
    "signatureConfiguration": {
      "enabled": true,
      "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
    },
    "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
    "tenantIds": [
      "32306536-3036-6431-3865-646430303332",
      "30663132-6464-6665-3032-326466613934"
    ],
    "url": "http://mygameserver.local:7001/fusionauth-webhook"
  }
}

Response Body

webhooks[x].applicationIds[Array<UUID>]optionalDEPRECATED

The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds .

webhooks[x].connectTimeout[Integer]

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhooks[x].data[Object]available since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhooks[x].description[String]

A description of the Webhook. This is used for display purposes only.

webhooks[x].eventsEnabled[Object]

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.createWhen an audit log is createdavailable since Available since 1.30.0
  • event-log.createWhen an event log is created available since Available since 1.30.0
  • jwt.public-key.updateWhen a JWT RSA Public / Private keypair may have been changed
  • jwt.refreshWhen an access token is refreshed using a refresh token available since Available since 1.16.0
  • jwt.refresh-token.revokeWhen a JWT Refresh Token is revoked
  • kickstart.successWhen kickstart has successfully completed available since Available since 1.30.0
  • user.actionWhen a user action is triggered
  • user.bulk.createWhen multiple users are created in bulk (i.e. during an import)
  • user.createWhen a user is created
  • user.create.completeWhen a user create transaction has completed available since Available since 1.30.0
  • user.deactivateWhen a user is deactivated
  • user.deleteWhen a user is deleted
  • user.delete.completeWhen a user delete transaction has completed available since Available since 1.30.0
  • user.email.updateWhen a user updates their email address available since Available since 1.30.0
  • user.email.verifiedWhen a user verifies their email address available since Available since 1.8.0
  • user.identity-provider.linkWhen a link is created from a user to an Identity Provider available since Available since 1.36.0
  • user.identity-provider.unlinkWhen an existing Identity Provider link is removed from a User available since Available since 1.36.0
  • user.loginId.duplicate.createWhen a request to create a user with a login Id (email or username) which is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.create event .
  • user.loginId.duplicate.updateWhen a request to update a user and change their login Id (email or username) to one that is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.update event .
  • user.login.failedWhen a user fails a login request available since Available since 1.6.0
  • user.login.new-deviceWhen a user begins a login request with a new device available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.new-device event .
  • user.login.successWhen a user completes a login request available since Available since 1.6.0
  • user.login.suspiciousWhen a user logs in and is considered to be a potential threat (requires an activated Enterprise license) available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.suspicious event .
  • user.password.breachWhen Reactor detects a user is using a potentially breached password (requires an activated license) available since Available since 1.15.0
    Note: A paid plan is required to utilize the user.password.breach event .
  • user.password.reset.sendWhen a forgot password email has been sent to a user available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.send event.
  • user.password.reset.startWhen the process to reset a user password has started available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.start event.
  • user.password.reset.success When a user has successfully reset their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.success event.
  • user.password.updateWhen a user has updated their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.update event.
  • user.reactivateWhen a user is reactivated
  • user.registration.createWhen a user registration is created available since Available since 1.6.0
  • user.registration.create.completeWhen a user registration create transaction has completed available since Available since 1.30.0
  • user.registration.deleteWhen a user registration is deleted available since Available since 1.6.0
  • user.registration.delete.completeWhen a user registration delete transaction has completed available since Available since 1.30.0
  • user.registration.updateWhen a user registration is updated available since Available since 1.6.0
  • user.registration.update.complete When a user registration update transaction has completed available since Available since 1.30.0
  • user.registration.verifiedWhen a user completes registration verification available since Available since 1.8.0
  • user.two-factor.method.addWhen a user has added a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.add event.
  • user.two-factor.method.removeWhen a user has removed a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.remove event.
  • user.updateWhen a user is updated
  • user.update.completeWhen a user update transaction has completed available since Available since 1.30.0
webhooks[x].global[Boolean]

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Before 1.37.0

Whether or not this Webhook is used for all events or just for specific Applications.

webhooks[x].headers[Map<String, String>]

An object that contains headers that are sent as part of the HTTP request for the events.

webhooks[x].httpAuthenticationPassword[String]

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhooks[x].httpAuthenticationUsername[String]

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhooks[x].id[UUID]

The Id of the Webhook.

webhooks[x].insertInstant[Long]

The instant that the Webhook was added to the FusionAuth database.

webhooks[x].lastUpdateInstant[Long]

The instant that the Webhook was last updated in the FusionAuth database.

webhooks[x].readTimeout[Integer]

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhooks[x].signatureConfiguration.enabled[Boolean]Defaults to false

Whether or not webhook events are signed.

webhooks[x].signatureConfiguration.signingKeyId[UUID]optional

The Id of the key used to sign webhook events.

webhooks[x].sslCertificate[String]DEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId .

webhooks[x].sslCertificateKeyId[UUID]available since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhooks[x].tenantIds[Array<UUID>]optionalavailable since 1.37.0

The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used.

webhooks[x].url[String]

The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.

Example Response JSON for all the Webhooks
{
  "webhooks": [
    {
      "connectTimeout": 1000,
      "data": {
        "updatedBy": "richard"
      },
      "description": "The standard game Webhook",
      "eventsEnabled": {
        "user.create": true,
        "user.delete": false
      },
      "global": false,
      "headers": {
        "Header 1": "value 1",
        "Header 2": "value 2"
      },
      "httpAuthenticationPassword": "password",
      "httpAuthenticationUsername": "username",
      "id": "00000000-0000-0000-0000-000000000042",
      "insertInstant": 1471786482322,
      "lastUpdateInstant": 1595361143101,
      "readTimeout": 2000,
      "signatureConfiguration": {
        "enabled": true,
        "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
      },
      "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
      "tenantIds": [
        "32306536-3036-6431-3865-646430303332",
        "30663132-6464-6665-3032-326466613934"
      ],
      "url": "http://mygameserver.local:7001/fusionauth-webhook"
    }
  ]
}

Update a Webhook

This API is used to update an existing Webhook.

You must specify all of the properties of the Webhook when calling this API with the PUT HTTP method. When used with PUT, this API doesn’t merge the existing Webhook and your new data. It replaces the existing Webhook with your new data.

Utilize the PATCH HTTP method to send specific changes to merge into an existing Webhook.

Request

Update a Webhook by Id
PUT/api/webhook/{webhookId}
PATCH/api/webhook/{webhookId}

When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902] or JSON Merge Patch/RFC 7396. See the PATCH documentation for more information.

When using the PATCH method with a Content-Type of application/json the provided request parameters will be merged into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A null value can be used to remove a value. Patching an Array will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.

Request Parameters

webhookId[UUID]required

The Id of the Webhook to update.

Request Body

webhook.applicationIds[Array<UUID>]optionalDEPRECATED

The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds .

webhook.connectTimeout[Integer]required

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.data[Object]optionalavailable since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhook.description[String]optional

A description of the Webhook. This is used for display purposes only.

webhook.eventsEnabled[Object]optional

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.createWhen an audit log is createdavailable since Available since 1.30.0
  • event-log.createWhen an event log is created available since Available since 1.30.0
  • jwt.public-key.updateWhen a JWT RSA Public / Private keypair may have been changed
  • jwt.refreshWhen an access token is refreshed using a refresh token available since Available since 1.16.0
  • jwt.refresh-token.revokeWhen a JWT Refresh Token is revoked
  • kickstart.successWhen kickstart has successfully completed available since Available since 1.30.0
  • user.actionWhen a user action is triggered
  • user.bulk.createWhen multiple users are created in bulk (i.e. during an import)
  • user.createWhen a user is created
  • user.create.completeWhen a user create transaction has completed available since Available since 1.30.0
  • user.deactivateWhen a user is deactivated
  • user.deleteWhen a user is deleted
  • user.delete.completeWhen a user delete transaction has completed available since Available since 1.30.0
  • user.email.updateWhen a user updates their email address available since Available since 1.30.0
  • user.email.verifiedWhen a user verifies their email address available since Available since 1.8.0
  • user.identity-provider.linkWhen a link is created from a user to an Identity Provider available since Available since 1.36.0
  • user.identity-provider.unlinkWhen an existing Identity Provider link is removed from a User available since Available since 1.36.0
  • user.loginId.duplicate.createWhen a request to create a user with a login Id (email or username) which is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.create event .
  • user.loginId.duplicate.updateWhen a request to update a user and change their login Id (email or username) to one that is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.update event .
  • user.login.failedWhen a user fails a login request available since Available since 1.6.0
  • user.login.new-deviceWhen a user begins a login request with a new device available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.new-device event .
  • user.login.successWhen a user completes a login request available since Available since 1.6.0
  • user.login.suspiciousWhen a user logs in and is considered to be a potential threat (requires an activated Enterprise license) available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.suspicious event .
  • user.password.breachWhen Reactor detects a user is using a potentially breached password (requires an activated license) available since Available since 1.15.0
    Note: A paid plan is required to utilize the user.password.breach event .
  • user.password.reset.sendWhen a forgot password email has been sent to a user available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.send event.
  • user.password.reset.startWhen the process to reset a user password has started available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.start event.
  • user.password.reset.success When a user has successfully reset their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.success event.
  • user.password.updateWhen a user has updated their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.update event.
  • user.reactivateWhen a user is reactivated
  • user.registration.createWhen a user registration is created available since Available since 1.6.0
  • user.registration.create.completeWhen a user registration create transaction has completed available since Available since 1.30.0
  • user.registration.deleteWhen a user registration is deleted available since Available since 1.6.0
  • user.registration.delete.completeWhen a user registration delete transaction has completed available since Available since 1.30.0
  • user.registration.updateWhen a user registration is updated available since Available since 1.6.0
  • user.registration.update.complete When a user registration update transaction has completed available since Available since 1.30.0
  • user.registration.verifiedWhen a user completes registration verification available since Available since 1.8.0
  • user.two-factor.method.addWhen a user has added a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.add event.
  • user.two-factor.method.removeWhen a user has removed a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.remove event.
  • user.updateWhen a user is updated
  • user.update.completeWhen a user update transaction has completed available since Available since 1.30.0
webhook.global[Boolean]optionalDefaults to false

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Before 1.37.0

Whether or not this Webhook is used for all events or just for specific Applications. In almost all cases you want to set this field to true and filter on the application Id when processing the webhook.

webhook.headers[Map<String, String>]optional

An object that contains headers that are sent as part of the HTTP request for the events.

webhook.httpAuthenticationPassword[String]optional

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhook.httpAuthenticationUsername[String]optional

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhook.readTimeout[Integer]required

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.signatureConfiguration.enabled[Boolean]optionalDefaults to falseavailable since 1.48.0

Whether or not webhook events are signed.

webhook.signatureConfiguration.signingKeyId[UUID]optionalDefaults to falseavailable since 1.48.0

The Id of the key used to sign webhook events. Required when webhook.signatureConfiguration is set to true.

webhook.sslCertificate[String]optionalDEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId . This field is not allowed on a request when webhook.sslCertificateKeyId is provided.

webhook.sslCertificateKeyId[UUID]optionalavailable since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhook.tenantIds[Array<UUID>]optionalavailable since 1.37.0

The Ids of the Tenants that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used.

webhook.url[String]required

The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.

Example Request JSON
{
  "webhook": {
    "connectTimeout": 1000,
    "data": {
      "updatedBy": "richard"
    },
    "description": "The standard game Webhook",
    "eventsEnabled": {
      "user.create": true,
      "user.delete": false
    },
    "global": false,
    "headers": {
      "Header 1": "value 1",
      "Header 2": "value 2"
    },
    "httpAuthenticationPassword": "password",
    "httpAuthenticationUsername": "username",
    "readTimeout": 2000,
    "signatureConfiguration": {
      "enabled": true,
      "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
    },
    "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
    "tenantIds": [
      "32306536-3036-6431-3865-646430303332",
      "30663132-6464-6665-3032-326466613934"
    ],
    "url": "http://mygameserver.local:7001/fusionauth-webhook"
  }
}

Response

The response for this API contains the new information for the Webhook that was updated.

Response Codes
Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503 The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

webhook.applicationIds[Array<UUID>]optionalDEPRECATED

The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds .

webhook.connectTimeout[Integer]

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.data[Object]available since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhook.description[String]

A description of the Webhook. This is used for display purposes only.

webhook.eventsEnabled[Object]

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.createWhen an audit log is createdavailable since Available since 1.30.0
  • event-log.createWhen an event log is created available since Available since 1.30.0
  • jwt.public-key.updateWhen a JWT RSA Public / Private keypair may have been changed
  • jwt.refreshWhen an access token is refreshed using a refresh token available since Available since 1.16.0
  • jwt.refresh-token.revokeWhen a JWT Refresh Token is revoked
  • kickstart.successWhen kickstart has successfully completed available since Available since 1.30.0
  • user.actionWhen a user action is triggered
  • user.bulk.createWhen multiple users are created in bulk (i.e. during an import)
  • user.createWhen a user is created
  • user.create.completeWhen a user create transaction has completed available since Available since 1.30.0
  • user.deactivateWhen a user is deactivated
  • user.deleteWhen a user is deleted
  • user.delete.completeWhen a user delete transaction has completed available since Available since 1.30.0
  • user.email.updateWhen a user updates their email address available since Available since 1.30.0
  • user.email.verifiedWhen a user verifies their email address available since Available since 1.8.0
  • user.identity-provider.linkWhen a link is created from a user to an Identity Provider available since Available since 1.36.0
  • user.identity-provider.unlinkWhen an existing Identity Provider link is removed from a User available since Available since 1.36.0
  • user.loginId.duplicate.createWhen a request to create a user with a login Id (email or username) which is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.create event .
  • user.loginId.duplicate.updateWhen a request to update a user and change their login Id (email or username) to one that is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.update event .
  • user.login.failedWhen a user fails a login request available since Available since 1.6.0
  • user.login.new-deviceWhen a user begins a login request with a new device available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.new-device event .
  • user.login.successWhen a user completes a login request available since Available since 1.6.0
  • user.login.suspiciousWhen a user logs in and is considered to be a potential threat (requires an activated Enterprise license) available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.suspicious event .
  • user.password.breachWhen Reactor detects a user is using a potentially breached password (requires an activated license) available since Available since 1.15.0
    Note: A paid plan is required to utilize the user.password.breach event .
  • user.password.reset.sendWhen a forgot password email has been sent to a user available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.send event.
  • user.password.reset.startWhen the process to reset a user password has started available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.start event.
  • user.password.reset.success When a user has successfully reset their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.success event.
  • user.password.updateWhen a user has updated their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.update event.
  • user.reactivateWhen a user is reactivated
  • user.registration.createWhen a user registration is created available since Available since 1.6.0
  • user.registration.create.completeWhen a user registration create transaction has completed available since Available since 1.30.0
  • user.registration.deleteWhen a user registration is deleted available since Available since 1.6.0
  • user.registration.delete.completeWhen a user registration delete transaction has completed available since Available since 1.30.0
  • user.registration.updateWhen a user registration is updated available since Available since 1.6.0
  • user.registration.update.complete When a user registration update transaction has completed available since Available since 1.30.0
  • user.registration.verifiedWhen a user completes registration verification available since Available since 1.8.0
  • user.two-factor.method.addWhen a user has added a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.add event.
  • user.two-factor.method.removeWhen a user has removed a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.remove event.
  • user.updateWhen a user is updated
  • user.update.completeWhen a user update transaction has completed available since Available since 1.30.0
webhook.global[Boolean]

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Before 1.37.0

Whether or not this Webhook is used for all events or just for specific Applications.

webhook.headers[Map<String, String>]

An object that contains headers that are sent as part of the HTTP request for the events.

webhook.httpAuthenticationPassword[String]

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhook.httpAuthenticationUsername[String]

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhook.id[UUID]

The Id of the Webhook.

webhook.insertInstant[Long]

The instant that the Webhook was added to the FusionAuth database.

webhook.lastUpdateInstant[Long]

The instant that the Webhook was last updated in the FusionAuth database.

webhook.readTimeout[Integer]

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.signatureConfiguration.enabled[Boolean]Defaults to false

Whether or not webhook events are signed.

webhook.signatureConfiguration.signingKeyId[UUID]optional

The Id of the key used to sign webhook events.

webhook.sslCertificate[String]DEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId .

webhook.sslCertificateKeyId[UUID]available since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhook.tenantIds[Array<UUID>]optionalavailable since 1.37.0

The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used.

webhook.url[String]

The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.

Example Response JSON for a Single Webhook
{
  "webhook": {
    "connectTimeout": 1000,
    "data": {
      "updatedBy": "richard"
    },
    "description": "The standard game Webhook",
    "eventsEnabled": {
      "user.create": true,
      "user.delete": false
    },
    "global": false,
    "headers": {
      "Header 1": "value 1",
      "Header 2": "value 2"
    },
    "httpAuthenticationPassword": "password",
    "httpAuthenticationUsername": "username",
    "id": "00000000-0000-0000-0000-000000000042",
    "insertInstant": 1471786482322,
    "lastUpdateInstant": 1595361143101,
    "readTimeout": 2000,
    "signatureConfiguration": {
      "enabled": true,
      "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
    },
    "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
    "tenantIds": [
      "32306536-3036-6431-3865-646430303332",
      "30663132-6464-6665-3032-326466613934"
    ],
    "url": "http://mygameserver.local:7001/fusionauth-webhook"
  }
}

Delete a Webhook

This API is used to delete a Webhook.

Request

Delete a Webhook by Id
DELETE/api/webhook/{webhookId}

Request Parameters

webhookId[UUID]required

The Id of the Webhook to delete.

Response

This API does not return a JSON response body.

Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404 The object you requested doesn't exist. The response will be empty.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503 The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Search for Webhooks

This API has been available since 1.45.0

This API is used to search for Webhooks and may be called using the GET or POST HTTP methods. Examples of each are provided below. The POST method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET or POST HTTP method will provide the same search results given the same query parameters.

Request

Search for Webhooks
GET/api/webhook/search?description={description}

Request Parameters

description[String]optional

The case-insensitive string to search for in the Webhook description. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

numberOfResults[Integer]optionalDefaults to 25

The number of results to return from the search.

orderBy[String]optionalDefaults to name ASC

The field to order the search results as well as an order direction.

The possible values are:

  • description - the description of the Webhook
  • id - the unique Id of the Webhook
  • insertInstant - the instant when the Webhook was created
  • url - the Webhook URL

The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

startRow[Integer]optionalDefaults to 0

The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

For example, if the total search results are greater than the page size designated by numberOfResults , set this value to 25 to retrieve results 26-50, assuming the default page size.

tenantId[UUID]optional

Restricts the results to Webhooks associated with the given Tenant and all global Webhooks.

url[String]optional

The case-insensitive string to search for in the Webhook URL. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

Search for Webhooks
POST/api/webhook/search

When calling the API using a POST request you will send the search criteria in a JSON request body.

Request Body

search.description[String]optional

The case-insensitive string to search for in the Webhook description. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

search.numberOfResults[Integer]optionalDefaults to 25

The number of results to return from the search.

search.orderBy[String]optionalDefaults to name ASC

The field to order the search results as well as an order direction.

The possible values are:

  • description - the description of the Webhook
  • id - the unique Id of the Webhook
  • insertInstant - the instant when the Webhook was created
  • url - the Webhook URL

The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

search.startRow[Integer]optionalDefaults to 0

The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

For example, if the total search results are greater than the page size designated by numberOfResults , set this value to 25 to retrieve results 26-50, assuming the default page size.

search.tenantId[UUID]optional

Restricts the results to Webhooks associated with the given Tenant and all global Webhooks.

search.url[String]optional

The case-insensitive string to search for in the Webhook URL. This can contain wildcards using the asterisk character (*). If no wildcards are present, this parameter value will be interpreted as *value*.

Example Response JSON
{
  "search": {
    "description": "game",
    "numberOfResults": 25,
    "orderBy": "insertInstant",
    "startRow": 0,
    "tenantId": "30663132-6464-6665-3032-326466613934"
  }
}

Response

The response for this API contains the Webhooks matching the search criteria in paginated format and the total number of results matching the search criteria.

Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Response Body

webhooks[x].applicationIds[Array<UUID>]optionalDEPRECATED

The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds .

webhooks[x].connectTimeout[Integer]

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhooks[x].data[Object]available since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhooks[x].description[String]

A description of the Webhook. This is used for display purposes only.

webhooks[x].eventsEnabled[Object]

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.createWhen an audit log is createdavailable since Available since 1.30.0
  • event-log.createWhen an event log is created available since Available since 1.30.0
  • jwt.public-key.updateWhen a JWT RSA Public / Private keypair may have been changed
  • jwt.refreshWhen an access token is refreshed using a refresh token available since Available since 1.16.0
  • jwt.refresh-token.revokeWhen a JWT Refresh Token is revoked
  • kickstart.successWhen kickstart has successfully completed available since Available since 1.30.0
  • user.actionWhen a user action is triggered
  • user.bulk.createWhen multiple users are created in bulk (i.e. during an import)
  • user.createWhen a user is created
  • user.create.completeWhen a user create transaction has completed available since Available since 1.30.0
  • user.deactivateWhen a user is deactivated
  • user.deleteWhen a user is deleted
  • user.delete.completeWhen a user delete transaction has completed available since Available since 1.30.0
  • user.email.updateWhen a user updates their email address available since Available since 1.30.0
  • user.email.verifiedWhen a user verifies their email address available since Available since 1.8.0
  • user.identity-provider.linkWhen a link is created from a user to an Identity Provider available since Available since 1.36.0
  • user.identity-provider.unlinkWhen an existing Identity Provider link is removed from a User available since Available since 1.36.0
  • user.loginId.duplicate.createWhen a request to create a user with a login Id (email or username) which is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.create event .
  • user.loginId.duplicate.updateWhen a request to update a user and change their login Id (email or username) to one that is already in use has been received available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.loginId.duplicate.update event .
  • user.login.failedWhen a user fails a login request available since Available since 1.6.0
  • user.login.new-deviceWhen a user begins a login request with a new device available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.new-device event .
  • user.login.successWhen a user completes a login request available since Available since 1.6.0
  • user.login.suspiciousWhen a user logs in and is considered to be a potential threat (requires an activated Enterprise license) available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.login.suspicious event .
  • user.password.breachWhen Reactor detects a user is using a potentially breached password (requires an activated license) available since Available since 1.15.0
    Note: A paid plan is required to utilize the user.password.breach event .
  • user.password.reset.sendWhen a forgot password email has been sent to a user available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.send event.
  • user.password.reset.startWhen the process to reset a user password has started available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.start event.
  • user.password.reset.success When a user has successfully reset their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.reset.success event.
  • user.password.updateWhen a user has updated their password available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.password.update event.
  • user.reactivateWhen a user is reactivated
  • user.registration.createWhen a user registration is created available since Available since 1.6.0
  • user.registration.create.completeWhen a user registration create transaction has completed available since Available since 1.30.0
  • user.registration.deleteWhen a user registration is deleted available since Available since 1.6.0
  • user.registration.delete.completeWhen a user registration delete transaction has completed available since Available since 1.30.0
  • user.registration.updateWhen a user registration is updated available since Available since 1.6.0
  • user.registration.update.complete When a user registration update transaction has completed available since Available since 1.30.0
  • user.registration.verifiedWhen a user completes registration verification available since Available since 1.8.0
  • user.two-factor.method.addWhen a user has added a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.add event.
  • user.two-factor.method.removeWhen a user has removed a two-factor method available since Available since 1.30.0
    Note: An Enterprise plan is required to utilize the user.two-factor.method.remove event.
  • user.updateWhen a user is updated
  • user.update.completeWhen a user update transaction has completed available since Available since 1.30.0
webhooks[x].global[Boolean]

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Before 1.37.0

Whether or not this Webhook is used for all events or just for specific Applications.

webhooks[x].headers[Map<String, String>]

An object that contains headers that are sent as part of the HTTP request for the events.

webhooks[x].httpAuthenticationPassword[String]

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhooks[x].httpAuthenticationUsername[String]

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhooks[x].id[UUID]

The Id of the Webhook.

webhooks[x].insertInstant[Long]

The instant that the Webhook was added to the FusionAuth database.

webhooks[x].lastUpdateInstant[Long]

The instant that the Webhook was last updated in the FusionAuth database.

webhooks[x].readTimeout[Integer]

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhooks[x].signatureConfiguration.enabled[Boolean]Defaults to false

Whether or not webhook events are signed.

webhooks[x].signatureConfiguration.signingKeyId[UUID]optional

The Id of the key used to sign webhook events.

webhooks[x].sslCertificate[String]DEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId .

webhooks[x].sslCertificateKeyId[UUID]available since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhooks[x].tenantIds[Array<UUID>]optionalavailable since 1.37.0

The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used.

webhooks[x].url[String]

The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.

Example Response JSON for all the Webhooks
{
  "webhooks": [
    {
      "connectTimeout": 1000,
      "data": {
        "updatedBy": "richard"
      },
      "description": "The standard game Webhook",
      "eventsEnabled": {
        "user.create": true,
        "user.delete": false
      },
      "global": false,
      "headers": {
        "Header 1": "value 1",
        "Header 2": "value 2"
      },
      "httpAuthenticationPassword": "password",
      "httpAuthenticationUsername": "username",
      "id": "00000000-0000-0000-0000-000000000042",
      "insertInstant": 1471786482322,
      "lastUpdateInstant": 1595361143101,
      "readTimeout": 2000,
      "signatureConfiguration": {
        "enabled": true,
        "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
      },
      "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
      "tenantIds": [
        "32306536-3036-6431-3865-646430303332",
        "30663132-6464-6665-3032-326466613934"
      ],
      "url": "http://mygameserver.local:7001/fusionauth-webhook"
    }
  ]
}