This page outlines how Webhooks work in Zenlogin, and the different Webhook events available.
There are currently 6 different Webhook events that are fired by Zenlogin to the Webhook URL you've set up. When these events fire, they contain data that you can use to trigger your own internal logic.
The primary purpose of these Webhooks is to ensure your system is kept up to date with the status or state of your user's security.
The HTTP Response from any Webhooks must be a 200
status code. This tells our server that the Webhook has been
successfully received.
If the Webhook responds with anything except a
200 HTTP status code, then Zenlogin will re-attempt
the webhook (up to 5 times) until it receives a
200 status code response.
This will take place over 5-minutes (1 webhook attempt per
minute) until it receives a successful 200 HTTP
status code, or the maximum number of attempts has been reached.
For added security, when using Webhooks you can verify that each webhook is in fact coming from Zenlogin. To do so, please follow the steps below:
sha256
algorithm).
X-SIGNATURE header. Note that
if you're using Cloudflare, this header key/name may be modified
before reaching your server (e.g. X-SIGNATURE
becomes HTTP_X_SIGNATURE).
Below you can see an example of doing this in PHP:
$payload = '{{zenlogin webhook URL}}';
$secretKey = 'sk_live_00000000000000000000000000000000';
$comparisonSignature = hash_hmac('sha256', $payload, $secretKey);
$receivedSignature = $_SERVER['HTTP_X_SIGNATURE'] ?? null;
$valid = $comparisonSignature === $receivedSignature;
var_dump($valid);
Test requests do not trigger webhooks. For
example, when you use the Preview or
Send preview options on the
Email Customization
page in the
Admin,
those will not trigger the
applicationLoginCheck.ruleApplied webhooks.
Below is a list of the Webhook events currently triggered by Zenlogin.
| Event | Details |
|---|---|
account.created |
This event is fired when your account is first created. This assumes that during the creation process, you specified a Webhook URL. Currently, this is only relevant for WordPress integrations. |
account.setup.complete |
This event is fired when your account has been successfully been setup. At the moment, this means you've confirmed your email address. Currently, this is only relevant for WordPress integrations. |
application.disabled |
This event is fired when your application's Zenlogin integration is turned off. This is controlled via your Account Settings page. |
application.enabled |
This event is fired when your application's Zenlogin integration is turned on. This is controlled via your Account Settings page. |
applicationLoginCheck.ruleApplied |
This event is fired when a security rule has been applied, indicating that the user should be notified of a potential security issue. |
webhook.test |
This event is fired periodically to test your webhook. It's also fired immediately after specifying a Webhook URL. |
account.created
{
"success": true,
"data": {
"type": "account.created",
"accessToken": "********************************",
"account": {
"publicId": "accn1abtwskjj3q1"
},
"application": null
}
}
account.setup.complete
{
"success": true,
"data": {
"type": "account.setup.complete",
"accessToken": "********************************",
"account": {
"publicId": "accn1abtwskjj3q1"
},
"application": {
"publicId": "applrn12zr5zayrp"
}
}
}
application.disabled
{
"success": true,
"data": {
"type": "application.disabled",
"account": {
"publicId": "accn1abtwskjj3q1"
},
"application": {
"publicId": "applrn12zr5zayrp"
}
}
}
application.enabled
{
"success": true,
"data": {
"type": "application.enabled",
"account": {
"publicId": "accn1abtwskjj3q1"
},
"application": {
"publicId": "applrn12zr5zayrp"
}
}
}
applicationLoginCheck.ruleApplied
{
"success": true,
"data": {
"type": "applicationLoginCheck.ruleApplied",
"account": {
"publicId": "accn1abtwskjj3q1"
},
"application": {
"publicId": "applrn12zr5zayrp"
},
"applicationIdentity": {
"publicId": "apid1tv26zhtx2zy",
"identityKey": "usr012s9zbs5b2ro",
"identityEmailAddress": "oliver@zenlogin.co",
"identityFirstName": "",
"identityLastName": "",
"identityFullName": ""
},
"applicationLoginCheck": {
"publicId": "alch39ztz6gg65as",
"reqTest": true,
"ipAddress": {
"publicId": "ipadl53b436jbexx",
"ipAddress": "2607:fea8:3a9e:5e00:89e3:c998:abf4:3e13",
"label": "Richmond Hill, Canada",
"countryCode2": "ca",
"lat": "43.86780166626",
"long": "-79.442001342773"
},
"userAgent": {
"publicId": "usagtxcy386y2v21",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36",
"browserName": "Chrome",
"browserVersion": "88.0.4324.192",
"browserVersionMajor": "88",
"deviceLabel": "Apple Mac",
"deviceName": "Mac",
"deviceType": "Desktop",
"isMobileDevice": false
},
"applicationAPIRequest": {
"publicId": "aarq1i3n636y83az",
"requestId": "req_27457tl394fhozgz5xwv92wwq5raf9qs"
}
}
}
}
webhook.test
{
"success": true,
"data": {
"type": "webhook.test",
"account": {
"publicId": "accn1abtwskjj3q1"
},
"application": {
"publicId": "applrn12zr5zayrp"
}
}
}