Overview

Webhooks enable seamless integration with LoginRadius by allowing systems to subscribe to specific events. LoginRadius automatically triggers a real-time HTTPS POST request to the configured webhook URL, delivering relevant payload data when an event occurs. This functionality can be leveraged for various use cases, such as updating external tracking systems or synchronizing data with a backup mirror.

Use Cases

Webhooks enable real-time, event-driven integrations across various industries. Here are some practical use cases:

• User Authentication & Management: Notify external systems when users register, log in, or update their profiles.
• CRM & Marketing Automation: Sync customer data with CRM platforms, trigger automated email campaigns, or update lead statuses.
• Security & Compliance: Log security events such as failed login attempts, password changes, or suspicious activities.
• Incident Monitoring & Alerts: Integrate with monitoring tools to send alerts for system failures or performance issues.
• Project Management & Collaboration: Automatically create tasks, update statuses, or send notifications when specific actions occur.

Webhooks are highly versatile, enabling seamless automation and real-time synchronization between applications.

Event-Based Webhook-Related APIs

Multiple events can trigger webhooks, each corresponding to specific system actions. Each event is linked to one or more LoginRadius APIs that initiate the webhook, ensuring real-time data synchronization and automation.

For more information, have a look at the table below comprising of events and related APIs

Event	APIs
Login	Passwordless Login Verification Smart Login Ping MFA Email Login Auth Login by Email Passwordless Login Phone Verification MFA Validate Google Auth Code MFA Validate OTP One Touch OTP Verification Auth Verify Email Auth Verify Email by OTP Auth Reset Password by OTP Auth Reset Password by Reset Token Auth Reset Password by Security Answer and Phone Phone Verification by OTP Auth User Registration by Email Auth Social Identity Auth User Registration by ReCaptcha
Register	Smart Login Ping One Touch Login by Phone One Touch Login by Email Account Create Auth User Registration by Email Auth Social Identity Auth User Registration by ReCaptcha
UpdateProfile	Auth Privacy Policy Accept Account Email Delete Account Update Upsert Email Auth Update Profile by Token
ResetPassword	Phone Reset Password by OTP Auth Reset Password by Reset Token
ChangePassword	Auth Change Password
emailVerification	Passwordless Login Verification Smart Login Verify Token Auth Verify Email Auth Verify Email by OTP Auth Reset Password by Reset Token
AddEmail	Auth Verify Email Auth Verify Email by OTP
RemoveEmail	Auth Remove Email
BlockAccount	MFA Email Login Auth Login by Email Passwordless login Phone Verification MFA Validate Backup code MFA Validate Google Auth Code MFA Validate OTP One Touch OTP Verification Account Update Auth Unlock Account by Access Token Update MFA setting Auth Verify Email Auth Verify Email by OTP Validate MFA by Backup Code Validate MFA by Google Authenticator code Auth Change Password Phone reset password by OPT Auth Reset Password by Reset Token Auth Reset Password by Security Answer and Phone Phone Verification by OTP Auth User Registration by Email Auth User Registration by ReCaptcha
DeleteAccount	Account Delete Auth Account Delete
SetUsername	Auth Set or Change UserName
AssignRoles	Role Context Profile Assign Roles by UID
UnassignRoles	Delete Additional Permission from Context Unassign roles by UID Delete Role from Context
SetPassword	Account Set Password
LinkAccount	Smart Login Ping Auth Account DeleteAuth Social Identity Auth Social Identity Auth Link Social Identities
UnlinkAccount	Auth unlink Social Identities
UpdatePhoneId	Account Update Phone Number Update
VerifyPhoneNumber	Phone Verification by OTP
UpdateCustomobject	Custom object update by Access token Custom Object Update by UID
DeleteCustomObject	Custom Object Delete by Record Id And Token Delete custom Object by ObjectRecordId
CreateCustomObject	Create Custom Object by Token Create Custom Object by UID
InvalidateEmailVerification	Account Invalidate Verification Email
InvalidatePhoneVerification	Reset phone ID verification
RemovePhoneId	Remove Phone ID by Access Token
RemoveRoleContext	Delete Role Context
ConsentProfileUpdate	Update Consent By Access Token
SetPIN	Set PIN By PINAuthToken
ResetPIN	Reset PIN By Email and OTP Reset PIN By UserName and OTP Reset PIN By Phone and OTP Reset PIN By ResetToken Reset PIN By SecurityAnswer and Email Reset PIN By SecurityAnswer and UserName Reset PIN By SecurityAnswer and Phone
ChangePIN	Change PIN By Access Token

Webhook Handling

Effective webhook handling is crucial for ensuring the reliable processing of incoming event notifications. When your server receives a webhook request, it should be structured to handle the data efficiently and securely.

Trigger Method

Webhooks in LoginRadius use the POST method to transmit event data to the configured endpoint.
Ensure your server is set up to handle POST requests properly to receive and process webhook payloads efficiently.

Format

Following is the format for the data posted to your respective server:

{  
   "HookName": "login",  
   "Time": "2018-07-31T09:03:18Z",  
   "HookId": "50***64eb",  
   "Data": {  
     "Password": "83c****Sxj",  
     "LastPasswordChangeDate": "2018-03-05T22:13:36.48263Z",  
     "EmailVerified": false,  
     "IsActive": true,  
     "IsDeleted": false,  
     "Uid": "8061*****4b9"  
   }  
}  

Payload Information

The data posted to your server includes the following details:

• HookName (string): The WebHook event which is triggered.

• Time (string): The timestamp when the hook is triggered.

• HookId (string): A uniquely generated number associated with the triggered hook.

• Data (object): The object that contains information about the user profile details associated with the webhook.

Webhook APIs

Subscribe to Webhook

Using the Create Webhook Subscription API, you can set up a target URL of your server where the POST request will be triggered.

Subscribed URLs

List All Webhooks can get a list of all the URLs subscribed for a particular event.

Update Webhook

Using the Update Webhook Subscription API, you can modify existing webhooks as required.

This way, you can make updates to a webhook that already exists.

Unsubscribe Webhook

Delete Webhook Subscription can unsubscribe a particular server URL based on an event.

You can use these APIs to remove one of the targeted URLs where LoginRadius posts data.

Best Practices

Adhere to these best practices to enhance security, ensure reliability, and optimize efficiency in webhook processing:

• Verify the Payload – Authenticate the request using signature validation or API keys to prevent unauthorized access.
• Respond Quickly – Acknowledge receipt with a 2xx HTTP status code to prevent unnecessary retries.
• Process Asynchronously – Avoid long-running operations in the request handler; instead, queue the payload for background processing.
• Implement Retry Logic – Be prepared for duplicate requests by ensuring idempotent processing to handle retries gracefully.
• Log and Monitor – Maintain logs of incoming webhooks for debugging and auditing and set up alerts for failures.

Related Resources

• WebHooks
• Cloud Connector
• WebHooks Payload Sample