Webhooks

Webhooks allow you to integrate LoginRadius with external systems by sending real-time HTTP POST requests to specified URLs whenever certain events occur. This mechanism empowers you to build event-driven applications, automate workflows, and ensure synchronized data across platforms. Below are some examples of how these webhooks can help your business use cases.

Real-Time Event Notifications: Webhooks deliver instant payloads to your endpoint for subscribed events.
Event Subscription Flexibility: Configure webhooks for specific events to suit your application's needs.
Secure Integration: Enforce HTTPS with hashed payload signatures for reliable and secure communication.

Webhooks act as a bridge to connect LoginRadius with other systems seamlessly and securely.

Use Cases

Webhooks serve various use cases across different domains. Whether it’s user tracking, workflow automation, or real-time notifications, webhooks can streamline processes and enhance system efficiency.

Popular Scenarios:

Real-Time Data Sync: Keep external systems updated with user profile changes, such as CRM integrations or analytics dashboards.
Workflow Automation: Trigger events like email campaigns or inventory updates in response to user activities.
Behavioral Analytics: Capture and analyze user interactions, such as logins or profile modifications, for business insights.

Webhooks simplify the integration of LoginRadius data into your ecosystem, allowing businesses to stay agile and responsive.

Integration and Configuration

LoginRadius supports two methods for configuring webhooks: through the Admin Console and APIs. This flexibility allows you to implement webhook setups according to their preferences and workflows.

Steps to configure in the Admin Console

Access Webhooks: Go to Integrations > Webhooks in the Console.
Create a Webhook:
- Assign a unique webhook name.
- Select an event from the dropdown.
- Provide a Subscribe URL where payloads will be sent.
- Choose a Secret Name for signature generation.
- Choose Authentication Type:
  
  i. No Authentication: No credentials required
  
  ii. Bearer Token: Provide the Bearer Token.
  
  iii. Basic Authentication: Provide username and password.
- Headers and Query Parameters: Optionally provide custom headers and/or query parameters to include in requests.
Save and Review: The configured webhook appears in the Configured Requests table for editing or unsubscribing.

You can also manage your webhooks by editing, updating, or unsubscribing from events as your needs change.

Key Actions:

Editing: Modify event subscriptions or associated API secrets directly in the Admin Console.
Unsubscribing: Remove unwanted event subscriptions to keep your system efficient.
Custom Objects: Update or manage custom objects via the webhook interface for tailored workflows.

API Integration:

For dynamic setups, use the LoginRadius Webhooks API to manage subscriptions and configurations programmatically. Webhooks provide a developer-friendly approach for real-time and scalable integrations with minimal overhead.

Events

Events are the core triggers that activate webhooks. LoginRadius offers a broad range of events, enabling precise control over what data is shared with your systems.

Supported Events:

User Authentication: Login, Register, ChangePassword, ResetPassword.
Profile Management: UpdateProfile, VerifyPhoneNumber, AddEmail, RemoveEmail.
Account Changes: BlockAccount, DeleteAccount, SetUsername.
Custom Data: CreateCustomObject, UpdateCustomObject, DeleteCustomObject.
Security Updates: SetPIN, ResetPIN, ChangePIN.

By subscribing only to necessary events, you can reduce unnecessary API calls and optimize server performance.

Webhook Payloads and Headers

Webhooks deliver structured payloads for each event, ensuring all relevant data is readily available for processing.

Key Components:

Headers: Include fields like signature, host, content-type, and others for secure identification.
Payload Body: Varies by event and includes details such as user profiles, timestamps, and field changes.

For instance:

A Login Event payload contains user details and timestamps.
A Profile Update Event highlights the fields that were modified.

You can use this data for workflows, backups, or analytics. Here is the sample for the WebHook payload header:

WebHook Payload header

WebHook sample payload Body for these events can be seen by clicking on the link provided for specific events.

Event	Sample Payload
Login	Link
Register	Link
UpdateProfile	Link
ResetPassword	Link
ChangePassword	Link
emailVerification	Link
AddEmail	Link
RemoveEmail	Link
BlockAccount	Link
DeleteAccount	Link
SetUsername	Link
AssignRoles	Link
UnassignRoles	Link
SetPassword	Link
LinkAccount	Link
UnlinkAccount	Link
UpdatePhoneId	Link
VerifyPhoneNumber	Link
UpdateCustomobject	Link
DeleteCustomObject	Link
CreateCustomObject	Link
InvalidateEmailVerification	Link
InvalidatePhoneVerification	Link
RemovePhoneId	Link
RemoveRoleContext	Link
SetPin	Link
ResetPin	Link
ChangePin	Link

Supported Events for Partner IAM

The following events will be triggered for Partner IAM:

Event	Description
OrgCreated	When an organization is created.
OrgUpdated	When an organization is updated.
OrgDeleted	When an organization is deleted. Note: If an organization is deleted, including all its connections and related entities, only the `OrgDeleted` event will be fired.
OrgRoleCreated	When an organizational role is created.
OrgRoleUpdated	When an organization role is updated.
OrgRoleDeleted	When an organization role is deleted.
OrgConnectionCreated	When an organization connection is created.
OrgConnectionUpdate	When an organization connection is updated.
OrgConnectionDeleted	When an organization connection is deleted.
OrgMembershipCreated	When an organization membership is created.
OrgMembershipUpdate	When an organization's membership is updated.
OrgMembershipDeleted	When an organization's membership is deleted.
`InvitationCreated`	When an invitation to an organization is created.

note

Webhooks are dispatched for specific B2B events, not for bulk updates.

For instance:

An `OrgConnectionDeleted` event is triggered when a connection is deleted.
If an entire organization is deleted (including all its connections from the database), only an `OrgDeleted` event is fired.

Payload Reference Table

Here is a reference table for the payloads associated with Partner IAM events. Each payload contains the relevant data for the event, allowing you to process it effectively in your application.

Payload Type	Description	Link
Organization Entity	Payload for OrgCreated, OrgUpdated, OrgDeleted events	See Organization Entity Payload
Organization Role	Payload for OrgRoleCreated, OrgRoleUpdated, OrgRoleDeleted events	See Organization Role Payload
Organization Connection	Payload for OrgConnectionCreated, OrgConnectionUpdate, OrgConnectionDeleted events	See Organization Connection Payload
Organization Membership	Payload for OrgMembershipCreated, OrgMembershipUpdate, OrgMembershipDeleted events	See Organization Membership Payload
Invitation	Payload for InvitationCreated event	See Invitation Payload

Webhook Payloads for Partner IAM Events

Webhook data will contain the entity data that triggered the event. Below are sample payloads for the key entities involved in B2B Org APIs.

Organization Entity Payload

This payload is sent for events like `OrgCreated`, `OrgUpdated`, and `OrgDeleted`.

{
  "Id": "org_Z9EqDYmFlLJpyJYV",
  "IsActive": true,
  "Name": "org2",
  "Display": {
    "Name": "Org1",
    "LogoURL": "https://example.com/logo.jpg"
  },
  "Metadata": {
    "hello": "world"
  },
  "Domains": [
    {
      "Id": "org_domain_Z9EqDYmFlLJpyJYU",
      "DomainName": "example.com",
      "IsVerified": true,
      "VerificationStrategy": "manual"
    }
  ],
  "IsAuthRestrictedToDomain": false,
  "Policies": {
    "PasswordPolicy": {
      "MinLength": 8,
      "MaxLength": 64,
      "RequireUppercase": true,
      "RequireLowercase": true,
      "RequireNumber": true,
      "RequireSpecialChar": true,
      "ExpiryDays": 90
    },
    "MFAPolicy": {
      "EnforcementMode": "none"
    },
    "SessionPolicy": {
      "AccessTokenTTL": 15,
      "RefreshTokenTTL": 86400
    },
    "JITPolicy": {
      "Enabled": false
    }
  },
  "CreatedDate": "2025-03-12 T06:30:37.909Z",
  "ModifiedDate": "2025-03-12 T06:30:37.909Z"
}

Organization Role Payload

This payload is sent for events like `OrgRoleCreated`, `OrgRoleUpdated`, and `OrgRoleDeleted`.

{
  "Id": "role_Z9ezJV_mha6GtrGd",
  "Name": "manager",
  "Description": "Manager role",
  "Level": "org",
  "OrgId": "org_Z9evphKLiQWhlHH6",
  "Permissions": [
    {
      "Id": "perm_Z9exnF_mha6GtrGX",
      "Name": "read:users",
      "Description": "Read users data"
    }
  ],
  "CreatedDate": "2025-03-17 T05:29:09.987Z",
  "ModifiedDate": "2025-03-17 T05:29:09.987Z"
}

Organization Connection Payload

This payload is sent for events like `OrgConnectionCreated`, `OrgConnectionUpdate`, and `OrgConnectionDeleted`. Note that the structure can vary based on the `ConnectionType` (e.g., SAML, OpenID Connect).

SAML Connection Payload

{
    "Id": "conn_Z9e2mV_mha6GtrGk",
    "IsActive": true,
    "Name": "AzureAD",
    "ConnectionType": "saml_entraid",
    "Domain": "example.com",
    "Attributes": {
      "ID": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "Email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "FirstName": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "LastName": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
      "Groups": "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups",
      "CustomMapping": null
    },
    "GroupRoles": null,
    "CreatedDate": "2025-03-17T05:43:53.537Z",
    "EntityId": "https://dev-puneet-b2b.devhub.lrinternal.com/saml/sp/xxxx",
    "MetadataUrl": "https://dev-puneet-b2b.devhub.lrinternal.com/saml/sp/xxxxxxxxxxx/metadata.xml",
    "ACSEndpoint": "https://dev-puneet-b2b.devhub.lrinternal.com/saml/sp/acs/xxxxxxxxxxxxx",
    "SPCertificate": {
      "Certificate": "-----BEGIN CERTIFICATE-----\nMxxxxxxxxxxxxxxxxxxxxxxxxxxwrLdJuy/XpA==\n-----END CERTIFICATE-----\n"
    },
    "IDPMetadataUrl": "https://login.microsoftonline.com/xxxxxxxxxxxxxx/federationmetadata/2007-06/federationmetadata.xml?appid=fba62a07-02d3-4315-b7a0-097189bbba1b",
    "IDPEntityId": "https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxx/",
    "IDPLoginUrl": "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxx/saml2",
    "IDPLogoutUrl": "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxx/saml2",
    "IDPCertificate": {
      "Certificate": "-----BEGIN CERTIFICATE-----\nxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxZiQ+az2ET8c+6kOFJC0trS4fZZ0BkqCULfnuFUaW4pyCnxulk\n4G7Y6Wy2eRJNWZamlFkgICSLE6WQ9+xKtErOvsZ7B3kDacmFyni9tLjaNQIDAQAB\nMA0GCSqGSIb3DQEBCwUAA4IBAQCfMjhmVur1cSC4xJ/nZX0DDjy+6LRiW9dUjItf\nUohdw8wCBfppTegqyeCRCI7nQCwakw/EBgIkg3ssTmbHk+IxgYHFgbo1+YAscwPe\n0+Hr+coldXooyc5ELtN2eJBjsReXhGIOH64/UWoxRbj8KBwd+mePwCTJBNDPqSL6\n0W6HVLbKdJQ0mEyEofOyeCBg+/zZns4ImijgqoFNDETgmoboHTZh0Yeu2Xk/1vba\ny5+vgvDFCYjVA5M+BQ6QpPHwo6CrJ8SMUqWu3WV3TXVZVs1I+N7kw028WMJNzai6\nYHo+NWzsJ3w74kq+gI64bwG4arFy+65avZVriOM3+0iaHhQ8\n-----END CERTIFICATE-----\n",
      "NotBefore": "2025-02-12T06:36:09Z",
      "NotAfter": "2028-02-12T06:36:08Z"
    }
  }

{
  "Id": "conn_65d1234567890abcdef12345",
  "IsActive": true,
  "Name": "MyConnection",
  "ConnectionType": "SAML",
  "Domain": "example.com",
  "Attributes": {
    "ID": "attr_123",
    "Email": "email",
    "FirstName": "first_name",
    "LastName": "last_name",
    "Groups": "user_groups",
    "CustomMapping": {
      "custom_attr_1": "value1",
      "custom_attr_2": "value2"
    }
  },
  "GroupRoles": [
    {
      "Id": "group_role_65d9876543210abcdef67890",
      "Name": "Admin",
      "GroupId": "group_1",
      "RoleId": "role_65d543210abcdef67890123"
    },
    {
      "Id": "group_role_65d876543210abcdef56789",
      "Name": "Editor",
      "GroupId": "group_2",
      "RoleId": "role_65d432109abcdef67890123"
    }
  ]
  "CreatedDate": "2025-03-03T12:00:00Z",
  "ModifiedDate": "2025-03-03T12:30:00Z",

  "Issuer": "https://openid.example.com",
  "AuthorizationUrl": "https://openid.example.com/auth",
  "TokenUrl": "https://openid.example.com/token",
  "UserInfoUrl": "https://openid.example.com/userinfo",
  "ClientId": "client_123",
  "ClientSecret": "secret_abc",
  "RedirectURI": "https://app.example.com/callback",
  "Scopes": ["openid", "profile", "email"],
  "TokenAuthMethod": "client_secret_post"
}

Organization Membership Payload

This payload is sent for events like `OrgMembershipCreated`, `OrgMembershipUpdate`, and `OrgMembershipDeleted`.

{
  "EmailId": "user@example.com",
  "Uid": "xxxxxxxxxxxxxxxxxxxxxxx",
  "OrgId": "org_65d543210abcdef67890123",
  "Roles": [
    "role_65d9876543210abcdef67890",
    "role_65d9876543210abcdef67890"
  ]
}

Invitation Payload

{
    "Id": "inv_Z9fDNE5YXFHpTMQF",
    "OrgId": "org_Z9evphKLiQWhlHH6",
    "RoleIds": [
      "role_Z9fBqk5YXFHpTMP9"
    ],
    "Status": "Invited",
    "EmailId": "puneet@yopmail.com",
    "CreatedDate": "2025-03-17T06:37:38.027Z",
    "ExpirationDate": "2025-03-24T06:37:38.027Z",
    "ModifiedDate": "2025-03-17T06:37:38.027Z",
    "InviterUid": "c14e25c9de1e4a14bfb338e53fedcf2e"
  }

Security

Ensuring webhook payload security is crucial. LoginRadius enforces HTTPS and provides signature verification using your API secret to authenticate data integrity. Implementing signature validation ensures that only authorized payloads are processed. For detailed implementation, refer to the Webhook Security Guide.

The Tenant Management -> Audit section records all changes made to webhooks, including adding new or deleting existing webhooks. For further information, please refer to our Audit Log documentation.