Logo
Frontend
Backend 

Webhooks

Webhooks allow you to reliably receive an HTTP request when a specific action occurs, like a user signing up, joining an organization, or having their role change.

Some examples of things you can do include:

  • Creating a copy of your users and organizations in your DB
  • Signing up new users to your mailing list and sending them a welcome email
  • Provisioning resources for a user right when they sign up
  • Updating your billing information as new users join organizations within your product

You can set them up by going to the Integrations section of your dashboard followed by Webhooks. You can set up different endpoints for your test and production environments, so you can easily distinguish between the two. There's also a full event catalog with examples of what the events look like.

We use Svix for our Webhooks. To make sure that the requests are actually coming from us and not from a malicious actor, make sure to verify the messages you receive.

Here is a full list of events that you can subscribe to. Each webhook payload will include any relevant information as well as the event type:

  • org.api_key_deleted: Event that happens whenever an organization API Key is deleted
  • org.created: An organization was created
  • org.deleted: An organization was deleted
  • org.saml_removed: A SAML connection has been removed
  • org.saml_setup: An organization has set up SAML
  • org.updated: Some information about the organization has changed. To avoid the case where a webhook can be received out of order - we only record the org_id and ask you to fetch the latest information about the organization from our API
  • user.added_to_org: A user was added to an organization
  • user.created: A new user signed up
  • user.deleted: A user was deleted
  • user.deleted_personal_api_key: A personal API key has been deleted
  • user.disabled: A user was manually disabled and can no longer log in
  • user.enabled: A user was manually re-enabled and can log in again
  • user.impersonated: One of your users has been impersonated by a member of your team
  • user.invited_to_org: A user has been invited to an organization
  • user.locked: A user's account has been locked for security reasons
  • user.logged_out: A user has logged out
  • user.login: A user has logged in successfully
  • user.removed_from_org: A user was removed from an organization
  • user.role_changed_within_org: A user's role within an organization changed
  • user.updated: Some information about the user has changed. To avoid the case where a webhook can be received out of order - we only record the user_id and ask you to fetch the latest information about the user from our API

We also provide you with the ability to send your own emails. Part of the setup process for sending your own emails is subscribing to webhook email events.

  • email.account_locked: Too many incorrect login attempts
  • email.confirmation_email: A confirmation email should be sent to the user
  • email.merge_account_with_sso: Logging into an account with a new sign-in method. Only required if the SSO provider doesn't validate emails
  • email.mfa_account_locked: Too many incorrect MFA attempts
  • email.org_invite: The user was invited to an organization
  • email.org_now_requires_2fa: 2FA is now required for the specified organization. The user receiving the email has not yet set up 2FA
  • email.otp_login: User requested an OTP code
  • email.passwordless_login: Logging in via magic link
  • email.reset_password: Requesting a password reset
  • email.update_email: User confirming their new email address
  • email.waitlist_user_confirmation: A user was invited off of the waitlist
  • email.waitlist_user_invitation: A user signed up for a waitlist