Frontegg webhooks enable you to trigger automation workflows upon actions occuring in Frontegg's servers.

Examples of use cases may include:

  • Registering a user on an internal database when they are invited to your app.
  • Sending a marketing email to users upon first login.
  • Generating transactional flows based on login-related actions.


Frontegg webhooks are sent from the following IPs



Configuring and Subscribing to Webhooks

Subscribing to webhook events is done in 3 simple steps:

Step 1: Create a Webhook Connection

Step 2: Enter URL Address

Step 3: Test Webhook Request

Create a webhook connection

In your Frontegg Portal, go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Integrations.

The page lists all your webhooks and has a button for adding a new webhook.

Click the Connect button next to Webhooks. Fill in the webhook details for display name choose the events you want to subscribe to.

Enter URL Address

Enter the URL at which you will receive the webhook data. The URL acts like an address that where Frontegg sends a JSON message to when the assigned event occurs.

Here is an example of the structure and content of the JSON.

  "user": {
    "id": "35639902-a53d-44c3-9aea-066b06569f78",
    "email": "[email protected]",
    "verified": null,
    "name": "cheli",
    "phoneNumber": null,
    "profilePictureUrl": "",
    "provider": "local",
    "mfaEnrolled": false,
    "metadata": "{}",
    "tenantIds": [
    "tenantId": "adf4c0a5-9a5e-4c51-a228-d008050c0e15",
    "roles": [],
    "permissions": [],
    "createdAt": "2021-05-02T11:25:22.000Z",
    "lastLogin": null,
    "isLocked": false,
    "activatedForTenant": true
  "eventContext": {
    "tenantId": "adf4c0a5-9a5e-4c51-a228-d008050c0e15"
    "userId": "35639902-a53d-44c3-9aea-066b06569f78" //note: userID is optional
  "eventKey": "frontegg.user.created"

Test Webhook Request

For the test to succeed, ensure your URL endpoint is up and running and returns a 200 response to the webhook request.


Webhook response

Any 2XX code will be registered as success
Any 4XX code will be registered as failure
The response body can remain empty.


Protecting your requests with a Secret Key:

We strongly recommend to set a Secret Key for each webhook connection your create.
Go to your Settings Tab, and under the Secret key field, enter a value that is confidential. Frontegg will generate a header called x-webhook-secret and will sign the webhook request using the secret.

To verify the hook's signature using thex-webhook-secret header, you should use a method from your backend library.

For example, for Node.js you could use the below function:

jwt.verify(<x-webhook-secret-value>, <the secret in the dashboard on bhook settings>)

Webhook events

Read below to learn more about the available events in Frontegg.

Authentication Events

EventEvent KeyWhen do we send it?
User authenticatedfrontegg.user.authenticateda user is authenticated
User SAML authenticationfrontegg.user.authenticatedWithSAMLa user is authenticated using SAML
User SSO authenticationfrontegg.user.authenticatedWithSSOa user is authenticated using SSO
User failed to authenticatefrontegg.user.failedAuthenticationa user tries to sign in and inputs incorrect credentials

MFA Events

EventEvent KeyWhen do we send it?
User MFA enrollfrontegg.user.enrolledMFAa user enrolls with MFA
User disabled MFAfrontegg.user.disabledMFAa user disables MFA

User Management Events

EventEvent KeyWhen do we send it?
User createdfrontegg.user.createda user is created
User signed upfrontegg.user.signedUpa user signs up
User deletedfrontegg.user.deleteda user is deleted
User invited to tenantfrontegg.user.invitedToTenanta user is invited to tenant
User changed passwordfrontegg.user.changedPassworda user changes their password
User forgot passwordfrontegg.user.forgotPassworda user forgets their password
User removed from tenantfrontegg.user.removedFromTenanta user is removed from tenant
User API token createdfrontegg.userApiToken.createda user API token is created
User API token deletedfrontegg.userApiToken.deleteda user API token is deleted
User activatedfrontegg.user.activateda user activates their account

Tenant Events

EventEvent KeyWhen do we send it?
Tenant createdfrontegg.tenant.createda tenant is created
Tenant deletedfrontegg.tenant.deleteda tenant is deleted
Tenant updatedfrontegg.tenant.updateda tenant is updated
Tenant API token createdfrontegg.tenantApiToken.createda tenant API token is created
Tenant APi token deletedfrontegg.tenantApiToken.deleteda tenant API token is deleted

Custom Webhooks

Frontegg allows you to customize your webhooks, providing a more flexible and powerful way to create integrations with third-party tools. With custom webhooks, you can send data in real-time to external applications, allowing you to create customized workflows that cater to your specific needs and automate repetitive tasks. Learn more about creating Custom Webhooks

Configuring Webhooks in Your Admin Portal

You need to toggle on that option to enable webhook management for your users in the admin portal. Learn more about Webhook Settings and Configuration