Use the event-types endpoint for the identifiers supported by the running deployment. For the maintained static payload reference, see Webhook Events Reference.
Event Types
GET /api/organizations/:org_slug/webhooks/event-types
Get a list of all available webhook event types with descriptions and categories.
Authentication: Required (Organization Management JWT)
Permissions: Organization owner or admin
Path Parameters:
| Parameter | Type | Description |
|---|---|---|
org_slug |
string | Organization slug |
Query Parameters: None
Request Headers:
Authorization: Bearer {jwt_token}
Example Request:
curl -X GET https://sso.example.com/api/organizations/acme-corp/webhooks/event-types \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..."
Response (200 OK):
[
{
"value": "user.signup.success",
"label": "USER SIGNUP SUCCESS",
"category": "User Management"
},
{
"value": "user.login.success",
"label": "USER LOGIN SUCCESS",
"category": "User Management"
},
{
"value": "user.login.failed",
"label": "USER LOGIN FAILED",
"category": "User Management"
},
{
"value": "user.logout",
"label": "USER LOGOUT",
"category": "User Management"
},
{
"value": "user.mfa.enabled",
"label": "USER MFA ENABLED",
"category": "User Management"
}
]
Response Fields:
value(string): Event type identifier (use this in webhook subscription)label(string): Human-readable event namecategory(string): Event category
Event Categories:
- User Management
- Service Management
- Organization Management
- Plan Management
- Subscription Management
- Invitation Management
- Security
- API Keys
- Custom Domains
- Branding
Error Responses:
401 Unauthorized: Missing or invalid JWT token403 Forbidden: User is not an admin or owner404 Not Found: Organization not found
Available Event Types
Webhooks can subscribe to the following event types:
User Management
Lifecycle Events:
user.signup.success- New user account createduser.login.success- Successful user authenticationuser.login.failed- Failed authentication attemptuser.logout- User logged out
MFA Events:
user.mfa.enabled- User enabled MFAuser.mfa.disabled- User disabled MFAuser.mfa.verify.success- Successful MFA verificationuser.mfa.verify.failed- Failed MFA verification
Administrative Actions:
user.invited- User invited to organizationuser.joined- User accepted invitationuser.removed- User removed from organizationuser.role_updated- User role changed
Service Management
service.created- New service createdservice.updated- Service details updatedservice.deleted- Service deletedservice.oauth_credentials.updated- OAuth credentials updated
Organization Management
organization.updated- Organization details updatedorganization.smtp.configured- SMTP settings configuredorganization.smtp.removed- SMTP settings removed
Plan Management
plan.created- New subscription plan createdplan.updated- Plan updatedplan.deleted- Plan deleted
Subscription Management
subscription.created- User subscribed to plansubscription.updated- Subscription modifiedsubscription.canceled- Subscription canceled
Invitation Management
invitation.accepted- Invitation acceptedinvitation.declined- Invitation declinedinvitation.expired- Invitation expiredinvitation.revoked- Invitation revoked
Security Events
security.mfa.enabled- Organization-level MFA enabledsecurity.mfa.disabled- Organization-level MFA disabledsecurity.password.changed- Password changed
API Key Management
api_key.created- API key createdapi_key.deleted- API key deleted
Custom Domains & Branding
domain.set- Custom domain setdomain.verified- Custom domain verifieddomain.deleted- Custom domain deletedbranding.updated- Branding settings updated
Webhook Payload Structure
All webhook deliveries follow a consistent payload structure:
{
"event": "user.login.success",
"timestamp": "2025-01-15T10:30:00Z",
"organization_id": "org-uuid",
"actor_user_id": "user-uuid",
"actor_email": "user@example.com",
"target_type": "user",
"target_id": "user-uuid",
"data": {
"service_id": "service-uuid",
"provider": "github",
"custom_field": "value"
}
}
Common Fields:
event(string): Event type that triggered the webhooktimestamp(string): ISO 8601 timestamp of event occurrenceorganization_id(string): Organization ID (if applicable)actor_user_id(string): User ID who triggered the event (if applicable)actor_email(string): Email of user who triggered the event (if applicable)target_type(string): Type of resource affected (e.g., “user”, “service”, “organization”)target_id(string): ID of the affected resourcedata(object): Event-specific additional data
Example Payloads
User Signup:
{
"event": "user.signup.success",
"timestamp": "2025-01-15T10:30:00Z",
"organization_id": "org-123",
"actor_user_id": "user-456",
"actor_email": "newuser@example.com",
"target_type": "user",
"target_id": "user-456",
"data": {
"provider": "google",
"service_id": "service-789"
}
}
User Login:
{
"event": "user.login.success",
"timestamp": "2025-01-15T10:30:00Z",
"organization_id": "org-123",
"actor_user_id": "user-456",
"actor_email": "user@example.com",
"target_type": "user",
"target_id": "user-456",
"data": {
"provider": "github",
"service_id": "service-789"
}
}
MFA Enabled:
{
"event": "user.mfa.enabled",
"timestamp": "2025-01-15T10:30:00Z",
"organization_id": "org-123",
"actor_user_id": "user-456",
"actor_email": "user@example.com",
"target_type": "user",
"target_id": "user-456",
"data": {
"method": "totp",
"backup_codes_count": 10
}
}
Service Created:
{
"event": "service.created",
"timestamp": "2025-01-15T10:30:00Z",
"organization_id": "org-123",
"actor_user_id": "admin-789",
"actor_email": "admin@acme.com",
"target_type": "service",
"target_id": "service-456",
"data": {
"service_name": "Mobile App",
"service_slug": "mobile-app",
"service_type": "mobile"
}
}