Frontegg allows developers to subscribe to webhooks to trigger automation workflows based on actions occurring in Frontegg's servers.

Examples of use cases include:

  • Registering user on internal DB when the user is invited
  • Send marketing email to the user upon first login
  • Generate specific transactional flows based on login actions

Read below to learn how to subscribe to webhooks.

Configuring and Subscribing to Webhooks

Follow the steps below to subscribe to webhook events.

Step 1: Create a new webhook connection

In your Frontegg Portal, go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Integrations.

The page lists all your webhooks and has a button for adding a new webhook.

Click on the Connect button next to Webhooks, fill the webhook details for display name choose the events you want to subscribe to.

Step 2: Enter URL Address

Enter the URL at which you will receive the webhook data. The URL acts like an address that Frontegg can send a JSON message to when the assigned events happen.

Here is an example of the structure and content of the JSON.

  "user": {
    "id": "35639902-a53d-44c3-9aea-066b06569f78",
    "email": "[email protected]",
    "verified": null,
    "name": "cheli",
    "phoneNumber": null,
    "profilePictureUrl": "",
    "provider": "local",
    "mfaEnrolled": false,
    "metadata": "{}",
    "tenantIds": [
    "tenantId": "adf4c0a5-9a5e-4c51-a228-d008050c0e15",
    "roles": [],
    "permissions": [],
    "createdAt": "2021-05-02T11:25:22.000Z",
    "lastLogin": null,
    "isLocked": false,
    "activatedForTenant": true
  "eventContext": {
    "tenantId": "adf4c0a5-9a5e-4c51-a228-d008050c0e15"
    "userId": "35639902-a53d-44c3-9aea-066b06569f78" //note: userID is optional
  "eventKey": "frontegg.user.created"

STEP 3: Test

To pass the test, make sure your URL endpoint is up and running and will return a 200 response to the webhook request.


Webhook response

Any 2XX code will be registered as success
Any 4XX code will be registered as failure
The response body can remain empty.


Protecting your requests with a Secret Key:

You can set a Secret Key for each webhook connection your create.
Just go to Settings Tab , under Secret key Enter a value that is confidential. Frontegg will generate a header called x-webhook-secret and sign the webhook request using the secret.
For enhanced security, Frontegg recommends that you use the webhook secret.

In order to verify the hook's signature using x-webhook-secret header, you should use a method from your backend library.

For example, for Node.js you could use the below function:

jwt.verify(<x-webhook-secret-value>, <the secret in the dashboard on bhook settings>)


Frontegg webhooks are sent from below IPs

Webhook events

Read below to learn more about the available events in Frontegg.

Authentication Events

EventEvent KeyWhen do we send it?
User authenticatedfrontegg.user.authenticateda user is authenticated
User SAML authenticationfrontegg.user.authenticatedWithSAMLa user is authenticated using SAML
User SSO authenticationfrontegg.user.authenticatedWithSSOa user is authenticated using SSO
User failed to authenticatefrontegg.user.failedAuthenticationa user tries to sign in and inputs incorrect credentials

MFA Events

EventEvent KeyWhen do we send it?
User MFA enrollfrontegg.user.enrolledMFAa user enrolls with MFA
User disabled MFAfrontegg.user.disabledMFAa user disables MFA

User Management Events

EventEvent KeyWhen do we send it?
User createdfrontegg.user.createda user is created
User signed upfrontegg.user.signedUpa user signs up
User deletedfrontegg.user.deleteda user is deleted
User invited to tenantfrontegg.user.invitedToTenanta user is invited to tenant
User changed passwordfrontegg.user.changedPassworda user changes their password
User forgot passwordfrontegg.user.forgotPassworda user forgets their password
User removed from tenantfrontegg.user.removedFromTenanta user is removed from tenant
User API token createdfrontegg.userApiToken.createda user API token is created
User API token deletedfrontegg.userApiToken.deleteda user API token is deleted
User activatedfrontegg.user.activateda user activates their account

Tenant Events

EventEvent KeyWhen do we send it?
Tenant createdfrontegg.tenant.createda tenant is created
Tenant deletedfrontegg.tenant.deleteda tenant is deleted
Tenant updatedfrontegg.tenant.updateda tenant is updated
Tenant API token createdfrontegg.tenantApiToken.createda tenant API token is created
Tenant APi token deletedfrontegg.tenantApiToken.deleteda tenant API token is deleted

Custom Webhooks

Frontegg allows you to customize your webhooks, providing a more flexible and powerful way to create integrations with third-party tools. With custom webhooks, you can send data in real-time to external applications, allowing you to create customized workflows that cater to your specific needs and automate repetitive tasks. Learn more about creating Custom Webhooks

Configuring Webhooks in Your Admin Portal

You need to toggle on that option to enable webhook management for your users in the admin portal. Learn more about Webhook Settings and Configuration