> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhooks

> Use webhooks to receive real-time events from Authsignal and integrate with your own systems.

Authsignal sends webhooks as signed JSON over HTTPS whenever a relevant event happens in your tenant. Your endpoint returns a 2xx response to acknowledge the event.

## How to receive webhooks

### 1. Create an endpoint

In your application, create a route that accepts `POST` requests over HTTPS. For local development, expose your endpoint with a tunnel such as [ngrok](https://ngrok.com) or [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/).

### 2. Configure the webhook URL

Webhook URLs are configured in different places depending on the event type.

| Event type                                                                                       | Where to configure                                                                                                                                                                                         |
| ------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Authenticator events (`authenticator.created`, `authenticator.updated`, `authenticator.deleted`) | [Tenant settings](https://portal.authsignal.com/organisations/tenants/settings) → Webhooks → **Authenticator events webhook URL**                                                                          |
| Log events (`action.log_created`, `challenge.log_created`)                                       | [Tenant settings](https://portal.authsignal.com/organisations/tenants/settings) → Webhooks → **Log events webhook URL**                                                                                    |
| `email.created`, `sms.created`, `push.created`                                                   | [Authenticator settings](https://portal.authsignal.com/organisations/tenants/authenticators) → open the Email, SMS, or Push authenticator → set the delivery method to **Webhook** and enter the URL there |
| `action.verify`                                                                                  | Action configuration (Portal or [Management API](/api-reference/management-api/create-action-configurations) `verificationWebhookUrl`)                                                                     |

### 3. Verify the signature

Every request is signed with an `X-Signature-V2` header. Verify it before trusting the payload. See [Verify webhook requests](/advanced-usage/webhooks/verify-requests).

### 4. Handle the event

Inspect the envelope `type` and route to the right handler. Each event's `data` schema is documented on its own page in this section.
