Retrieve a Webhook

This API is used to retrieve one or all of the configured Webhooks. Specifying an Id on the URI will retrieve a single Webhook. Leaving off the Id will retrieve all of the Webhooks.

Request#

Global API Key Authentication
Retrieve all of the Webhooks
GET/api/webhook
OpenAPI Spec
Global API Key Authentication
Retrieve a single Webhook by Id
GET/api/webhook/{webhookId}
OpenAPI Spec

Request Parameters#

webhookIdUUIDoptional

The Id of the Webhook to retrieve.

Response#

The response for this API contains either a single Webhook or all of the Webhooks. When you call this API with an Id the response will contain just that Webhook. When you call this API without an Id the response will contain all of the Webhooks. Both response types are defined below along with an example JSON response.

Response Codes
CodeDescription
200The request was successful. The response will contain a JSON body.
400The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404The object you requested doesn't exist. The response will be empty.
500There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body#

webhook.applicationIdsArray<UUID>optionalDEPRECATED

The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds.

webhook.connectTimeoutInteger

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.dataObjectAvailable since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhook.descriptionString

A description of the Webhook. This is used for display purposes only.

webhook.eventsEnabledObject

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.create - When an audit log is created Available since 1.30.0
  • event-log.create - When an event log is created Available since 1.30.0
  • jwt.public-key.update - When a JWT signing Public / Private keypair may have been changed
  • jwt.refresh - When an access token is refreshed using a refresh token Available since 1.16.0
  • jwt.refresh-token.revoke - When a JWT Refresh Token is revoked
  • kickstart.success - When kickstart has successfully completed Available since 1.30.0
  • user.action - When a user action is triggered
  • user.bulk.create - When multiple users are created in bulk (i.e. during an import)
  • user.create - When a user is created
  • user.create.complete - When a user create transaction has completed Available since 1.30.0
  • user.deactivate - When a user is deactivated
  • user.delete - When a user is deleted
  • user.delete.complete - When a user delete transaction has completed Available since 1.30.0
  • user.email.update - When a user updates their email address Available since 1.30.0
  • user.email.verified - When a user verifies their email address Available since 1.8.0
  • user.identity-provider.link - When a link is created from a user to an Identity Provider Available since 1.36.0
  • user.identity-provider.unlink - When an existing Identity Provider link is removed from a User Available since 1.36.0
  • user.identity.verified - When a user's identity is verified Available since 1.59.0
  • user.loginId.duplicate.create - When a request to create a user with a login Id (email or username) which is already in use has been received Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.loginId.duplicate.update - When a request to update a user and change their login Id (email or username) to one that is already in use has been received Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.login.failed - When a user fails a login request Available since 1.6.0
  • user.login.new-device - When a user begins a login request with a new device Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.login.success - When a user completes a login request Available since 1.6.0
  • user.login.suspicious - When a user logs in and is considered to be a potential threat (requires an activated Enterprise license) Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.breach - When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0

    Note: To use , you'll need a paid plan.

  • user.password.reset.send - When a forgot password email has been sent to a user Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.reset.start - When the process to reset a user password has started Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.reset.success - When a user has successfully reset their password Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.update - When a user has updated their password Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.reactivate - When a user is reactivated
  • user.registration.create - When a user registration is created Available since 1.6.0
  • user.registration.create.complete - When a user registration create transaction has completed Available since 1.30.0
  • user.registration.delete - When a user registration is deleted Available since 1.6.0
  • user.registration.delete.complete - When a user registration delete transaction has completed Available since 1.30.0
  • user.registration.update - When a user registration is updated Available since 1.6.0
  • user.registration.update.complete - When a user registration update transaction has completed Available since 1.30.0
  • user.registration.verified - When a user completes registration verification Available since 1.8.0
  • user.two-factor.challenge - When a user is presented a two-factor challenge Available since 1.68.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.failed-attempt - When a user submits an incorrect answer to a two-factor challenge Available since 1.68.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.method.add - When a user has added a two-factor method Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.method.remove - When a user has removed a two-factor method Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.success - When a user submits a correct answer to a two-factor challenge Available since 1.68.0

    Note: To use , you'll need an Enterprise plan.

  • user.update - When a user is updated
  • user.update.complete - When a user update transaction has completed Available since 1.30.0
webhook.globalBoolean

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Whether or not this Webhook is used for all events or just for specific Applications.

webhook.headersMap<String, String>

An object that contains headers that are sent as part of the HTTP request for the events.

webhook.httpAuthenticationPasswordString

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhook.httpAuthenticationUsernameString

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhook.idUUID

The Id of the Webhook.

webhook.insertInstantLong

The instant that the Webhook was added to the FusionAuth database.

webhook.lastUpdateInstantLong

The instant that the Webhook was last updated in the FusionAuth database.

webhook.readTimeoutInteger

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhook.signatureConfiguration.enabledBooleanDefaults to false

Whether or not webhook events are signed.

webhook.signatureConfiguration.signingKeyIdUUIDoptional

The Id of the key used to sign webhook events.

webhook.sslCertificateStringDEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId.

webhook.sslCertificateKeyIdUUIDAvailable since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhook.tenantIdsArray<UUID>optionalAvailable since 1.37.0

The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used.

webhook.urlString

The fully qualified URL of the Webhook's endpoint that will accept the event requests from FusionAuth.

Example Response JSON for a Single Webhook

{
  "webhook": {
    "connectTimeout": 1000,
    "data": {
      "updatedBy": "richard"
    },
    "description": "The standard game Webhook",
    "eventsEnabled": {
      "user.create": true,
      "user.delete": false
    },
    "global": false,
    "headers": {
      "Header 1": "value 1",
      "Header 2": "value 2"
    },
    "httpAuthenticationPassword": "password",
    "httpAuthenticationUsername": "username",
    "id": "00000000-0000-0000-0000-000000000042",
    "insertInstant": 1471786482322,
    "lastUpdateInstant": 1595361143101,
    "readTimeout": 2000,
    "signatureConfiguration": {
      "enabled": true,
      "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
    },
    "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
    "tenantIds": [
      "32306536-3036-6431-3865-646430303332",
      "30663132-6464-6665-3032-326466613934"
    ],
    "url": "http://mygameserver.local:7001/fusionauth-webhook"
  }
}

Response Body#

webhooks[x].applicationIdsArray<UUID>optionalDEPRECATED

The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used. Typically global should be set to true.

Removed in 1.37.0

In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field tenantIds.

webhooks[x].connectTimeoutInteger

The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhooks[x].dataObjectAvailable since 1.15.0

An object that can hold any information about the Webhook that should be persisted.

webhooks[x].descriptionString

A description of the Webhook. This is used for display purposes only.

webhooks[x].eventsEnabledObject

A mapping for the events that are enabled for this Webhook. The key of the Object property is the name of the event and the value is a boolean. It should look like this:

{
  "user.create": true,
  "user.delete": false
}

The possible event types are:

  • audit-log.create - When an audit log is created Available since 1.30.0
  • event-log.create - When an event log is created Available since 1.30.0
  • jwt.public-key.update - When a JWT signing Public / Private keypair may have been changed
  • jwt.refresh - When an access token is refreshed using a refresh token Available since 1.16.0
  • jwt.refresh-token.revoke - When a JWT Refresh Token is revoked
  • kickstart.success - When kickstart has successfully completed Available since 1.30.0
  • user.action - When a user action is triggered
  • user.bulk.create - When multiple users are created in bulk (i.e. during an import)
  • user.create - When a user is created
  • user.create.complete - When a user create transaction has completed Available since 1.30.0
  • user.deactivate - When a user is deactivated
  • user.delete - When a user is deleted
  • user.delete.complete - When a user delete transaction has completed Available since 1.30.0
  • user.email.update - When a user updates their email address Available since 1.30.0
  • user.email.verified - When a user verifies their email address Available since 1.8.0
  • user.identity-provider.link - When a link is created from a user to an Identity Provider Available since 1.36.0
  • user.identity-provider.unlink - When an existing Identity Provider link is removed from a User Available since 1.36.0
  • user.identity.verified - When a user's identity is verified Available since 1.59.0
  • user.loginId.duplicate.create - When a request to create a user with a login Id (email or username) which is already in use has been received Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.loginId.duplicate.update - When a request to update a user and change their login Id (email or username) to one that is already in use has been received Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.login.failed - When a user fails a login request Available since 1.6.0
  • user.login.new-device - When a user begins a login request with a new device Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.login.success - When a user completes a login request Available since 1.6.0
  • user.login.suspicious - When a user logs in and is considered to be a potential threat (requires an activated Enterprise license) Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.breach - When Reactor detects a user is using a potentially breached password (requires an activated license) Available since 1.15.0

    Note: To use , you'll need a paid plan.

  • user.password.reset.send - When a forgot password email has been sent to a user Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.reset.start - When the process to reset a user password has started Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.reset.success - When a user has successfully reset their password Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.password.update - When a user has updated their password Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.reactivate - When a user is reactivated
  • user.registration.create - When a user registration is created Available since 1.6.0
  • user.registration.create.complete - When a user registration create transaction has completed Available since 1.30.0
  • user.registration.delete - When a user registration is deleted Available since 1.6.0
  • user.registration.delete.complete - When a user registration delete transaction has completed Available since 1.30.0
  • user.registration.update - When a user registration is updated Available since 1.6.0
  • user.registration.update.complete - When a user registration update transaction has completed Available since 1.30.0
  • user.registration.verified - When a user completes registration verification Available since 1.8.0
  • user.two-factor.challenge - When a user is presented a two-factor challenge Available since 1.68.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.failed-attempt - When a user submits an incorrect answer to a two-factor challenge Available since 1.68.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.method.add - When a user has added a two-factor method Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.method.remove - When a user has removed a two-factor method Available since 1.30.0

    Note: To use , you'll need an Enterprise plan.

  • user.two-factor.success - When a user submits a correct answer to a two-factor challenge Available since 1.68.0

    Note: To use , you'll need an Enterprise plan.

  • user.update - When a user is updated
  • user.update.complete - When a user update transaction has completed Available since 1.30.0
webhooks[x].globalBoolean

Whether or not this Webhook is used for all Tenants or just for specific Tenants.

Whether or not this Webhook is used for all events or just for specific Applications.

webhooks[x].headersMap<String, String>

An object that contains headers that are sent as part of the HTTP request for the events.

webhooks[x].httpAuthenticationPasswordString

The HTTP basic authentication password that is sent as part of the HTTP request for the events.

webhooks[x].httpAuthenticationUsernameString

The HTTP basic authentication username that is sent as part of the HTTP request for the events.

webhooks[x].idUUID

The Id of the Webhook.

webhooks[x].insertInstantLong

The instant that the Webhook was added to the FusionAuth database.

webhooks[x].lastUpdateInstantLong

The instant that the Webhook was last updated in the FusionAuth database.

webhooks[x].readTimeoutInteger

The read timeout in milliseconds used when FusionAuth sends events to the Webhook.

webhooks[x].signatureConfiguration.enabledBooleanDefaults to false

Whether or not webhook events are signed.

webhooks[x].signatureConfiguration.signingKeyIdUUIDoptional

The Id of the key used to sign webhook events.

webhooks[x].sslCertificateStringDEPRECATED

An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.

Deprecated since 1.48.0

In version 1.48.0 and beyond, the webhook SSL certificate can be managed via webhook.sslCertificateKeyId.

webhooks[x].sslCertificateKeyIdUUIDAvailable since 1.48.0

The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.

webhooks[x].tenantIdsArray<UUID>optionalAvailable since 1.37.0

The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the global field is false, this Webhook is not used.

webhooks[x].urlString

The fully qualified URL of the Webhook's endpoint that will accept the event requests from FusionAuth.

Example Response JSON for all the Webhooks

{
  "webhooks": [
    {
      "connectTimeout": 1000,
      "data": {
        "updatedBy": "richard"
      },
      "description": "The standard game Webhook",
      "eventsEnabled": {
        "user.create": true,
        "user.delete": false
      },
      "global": false,
      "headers": {
        "Header 1": "value 1",
        "Header 2": "value 2"
      },
      "httpAuthenticationPassword": "password",
      "httpAuthenticationUsername": "username",
      "id": "00000000-0000-0000-0000-000000000042",
      "insertInstant": 1471786482322,
      "lastUpdateInstant": 1595361143101,
      "readTimeout": 2000,
      "signatureConfiguration": {
        "enabled": true,
        "signingKeyId": "401c9046-b274-403f-963d-adc5024c6ef0"
      },
      "sslCertificateKeyId": "e31e242b-4eca-4309-921f-48cb72ec9bfb",
      "tenantIds": [
        "32306536-3036-6431-3865-646430303332",
        "30663132-6464-6665-3032-326466613934"
      ],
      "url": "http://mygameserver.local:7001/fusionauth-webhook"
    }
  ]
}