Authsignal sends webhooks as signed JSON over HTTPS whenever a relevant event happens in your tenant. Your endpoint returns a 2xx response to acknowledge the event.Documentation Index
Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
Use this file to discover all available pages before exploring further.
How to receive webhooks
1. Create an endpoint
In your application, create a route that acceptsPOST requests over HTTPS. For local development, expose your endpoint with a tunnel such as ngrok or Cloudflare Tunnel.
2. Configure the webhook URL
Webhook URLs are configured in different places depending on the event type.| Event type | Where to configure |
|---|---|
Authenticator events (authenticator.created, authenticator.updated, authenticator.deleted) | Tenant settings → Webhooks → Authenticator events webhook URL |
Log events (action.log_created, challenge.log_created) | Tenant settings → Webhooks → Log events webhook URL |
email.created, sms.created, push.created | Authenticator settings → open the Email, SMS, or Push authenticator → set the delivery method to Webhook and enter the URL there |
action.verify | Action configuration (Portal or Management API verificationWebhookUrl) |
3. Verify the signature
Every request is signed with anX-Signature-V2 header. Verify it before trusting the payload. See Verify webhook requests.
4. Handle the event
Inspect the envelopetype and route to the right handler. Each event’s data schema is documented on its own page in this section.