Webhook Events
Complete catalog of webhook event types with payload schemas for user, session, organization, OAuth, SSO, and permission events.
Every webhook delivery includes a JSON payload with a consistent envelope format. The event_type field identifies the event, and the payload field contains the event-specific data.
{
"event_id": "evt_a1b2c3d4-e5f6-7890-abcd-ef1234567890"
| Field | Description |
|---|
event_id | Unique identifier for deduplication |
event_type | The event type (see tables below) |
timestamp | When the event occurred (RFC 3339) |
schema_version | Payload schema version for forward compatibility |
actor_id | The user or service account that triggered the event |
actor_type | user, service_account, or system |
organization_id | Organization context (if applicable) |
payload | Event-specific data |
| Event Type | Trigger |
|---|
user.created | New user account created |
user.updated | User profile, traits, or metadata changed |
user.deleted | User permanently deleted |
user.disabled | User account deactivated |
user.enabled | User account reactivated |
user.email_verified | User's email address verified |
user.phone_verified | User's phone number verified |
user.password_changed | User changed their password |
user.mfa_enrolled | User enrolled a new MFA method |
user.mfa_removed | User removed an MFA method |
user.deletion_scheduled | User deletion scheduled (30-day countdown) |
user.deletion_cancelled | Scheduled deletion was cancelled |
{
"payload": {
"user": {
"id": "usr_4f18acec-2712-4be7-a9af-b063b4f6deba",
"email": "[email protected]",
"first_name": "Jane",
"last_name": "Smith",
"email_verified": false,
"state": "active",
"organization_id": "org_7a2b3c4d",
{
"payload": {
"user": { "id": "usr_4f18acec", "email": "[email protected]", "..." : "..." },
"changed_fields": ["first_name", "phone"],
"previous_values": { "first_name": "Jane", "phone": null },
"new_values": {
{
"payload": {
"user_id": "usr_4f18acec",
"method": "totp",
"label": "Google Authenticator",
"credential_id": "cred_abc123"
}
}
| Event Type | Trigger |
|---|
session.created | New session established after login |
session.revoked | Session terminated (logout, admin action, or expiry) |
{
"payload": {
"session_id": "ses_1a2b3c4d",
"user_id": "usr_4f18acec",
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"location": { "country": "US", "city": "San Francisco" },
"auth_methods": ["password", "totp"
| Event Type | Trigger |
|---|
organization.created | New organization created |
organization.updated | Organization settings, policies, or branding changed |
organization.deleted | Organization deleted |
organization.member_added | User joined an organization |
organization.member_removed | User removed from an organization |
organization.member_role_changed | Member's role was changed |
organization.invitation_sent | Invitation email sent |
organization.invitation_accepted | Invitation accepted |
organization.domain_verified | Domain ownership verified |
{
"payload": {
"organization_id": "org_7a2b3c4d",
"user_id": "usr_7b2c3d4e",
"role": "member",
"added_by": "usr_4f18acec"
}
}
| Event Type | Trigger |
|---|
oauth.client_created | New OAuth application registered |
oauth.client_updated | OAuth application settings changed |
oauth.client_deleted | OAuth application deleted |
oauth.token_issued | Access token issued (authorization code or client credentials) |
oauth.token_revoked | Token explicitly revoked |
oauth.consent_granted | User granted consent to an application |
oauth.consent_revoked | User revoked consent from an application |
{
"payload": {
"client_id": "cli_abc123def456",
"user_id": "usr_4f18acec",
"grant_type": "authorization_code",
"scopes": ["openid", "profile", "email"],
"token_type": "access_token"
}
}
| Event Type | Trigger |
|---|
sso.connection_created | New SSO connection configured |
sso.connection_activated | SSO connection activated and ready |
sso.connection_deleted | SSO connection removed |
sso.login_succeeded | User authenticated via SSO |
sso.login_failed | SSO authentication failed |
| Event Type | Trigger |
|---|
scim.user_provisioned | User created via SCIM push |
scim.user_updated | User updated via SCIM push |
scim.user_deprovisioned | User deactivated/deleted via SCIM push |
scim.group_created | Group created via SCIM push |
scim.group_updated | Group membership changed via SCIM push |
scim.group_deleted | Group deleted via SCIM push |
{
"payload": {
"directory_id": "dir_abc123",
"scim_user_id": "scim_usr_xyz",
"email": "[email protected]",
"first_name": "Bob",
"last_name": "Wilson",
"avnology_user_id": "usr_7b2c3d4e"
}
}
| Event Type | Trigger |
|---|
permission.granted | Permission tuple created |
permission.revoked | Permission tuple removed |
{
"payload": {
"namespace": "organizations",
"object": "org_7a2b3c4d",
"relation": "admin",
"subject": "identities:usr_7b2c3d4e"
}
}
Webhook deliveries are POST requests to your endpoint URL with:
| Header | Value |
|---|
Content-Type | application/json |
X-Avnology-Signature | HMAC-SHA256 signature |
X-Avnology-Timestamp | Unix timestamp of delivery |
X-Avnology-Event | Event type |
X-Avnology-Delivery-Id | Unique delivery ID |
Failed deliveries (non-2xx response or timeout) are retried with exponential backoff:
| Attempt | Delay |
|---|
| 1 | Immediate |
| 2 | 1 minute |
| 3 | 5 minutes |
| 4 | 30 minutes |
| 5 | 2 hours |
| 6 | 12 hours |
| 7 | 24 hours |
After 7 failed attempts, the delivery moves to the dead letter queue. Use the Replay Delivery endpoint to retry manually.