Webhooks

Events

All available webhook event types and their payload structures.

Event Envelope

Every event is wrapped in the same envelope:

json
{
  "id": "evt_abc123",
  "type": "user.created",
  "createdAt": "2026-01-15T10:30:00Z",
  "projectId": "proj_abc123",
  "data": { ... }  // event-specific payload
}

User Events

user.created

Fired when a new user signs up for the first time.

event.data
json
{
  "user": {
    "id": "usr_abc123",
    "email": "user@example.com",
    "displayName": "John Doe",
    "provider": "google",
    "createdAt": "2026-01-15T10:30:00Z"
  }
}
user.updated

Fired when a user's profile is updated.

event.data
json
{
  "user": { ... },
  "changes": ["displayName", "avatarUrl"]
}
user.deleted

Fired when a user account is permanently deleted.

event.data
json
{
  "userId": "usr_abc123",
  "email": "user@example.com"
}
user.banned

Fired when a user is banned. All their sessions are revoked.

event.data
json
{
  "user": {
    "id": "usr_abc123",
    "email": "user@example.com"
  },
  "bannedBy": "admin",
  "bannedAt": "2026-01-15T10:30:00Z"
}
user.unbanned

Fired when a ban is lifted from a user.

event.data
json
{
  "user": {
    "id": "usr_abc123",
    "email": "user@example.com"
  }
}

Session Events

session.created

Fired when a user signs in and a new session is created.

event.data
json
{
  "session": {
    "id": "sess_abc123",
    "userId": "usr_abc123",
    "ipAddress": "203.0.113.1",
    "userAgent": "Mozilla/5.0...",
    "createdAt": "2026-01-15T10:30:00Z"
  },
  "user": { ... }
}
session.ended

Fired when a session expires or the user signs out normally.

event.data
json
{
  "session": {
    "id": "sess_abc123",
    "userId": "usr_abc123",
    "endedAt": "2026-01-16T10:30:00Z",
    "reason": "expired"
  }
}
session.revoked

Fired when a session is force-revoked from the dashboard.

event.data
json
{
  "session": {
    "id": "sess_abc123",
    "userId": "usr_abc123",
    "revokedAt": "2026-01-15T11:00:00Z",
    "reason": "admin_revoke"
  }
}

Provider Events

provider.linked

Fired when a user links a new OAuth provider to their account.

event.data
json
{
  "userId": "usr_abc123",
  "provider": "github",
  "linkedAt": "2026-01-15T10:30:00Z"
}
provider.unlinked

Fired when a user disconnects an OAuth provider.

event.data
json
{
  "userId": "usr_abc123",
  "provider": "github",
  "unlinkedAt": "2026-01-15T10:30:00Z"
}
Authon — Universal Authentication Platform