Skip to content
  • Integrations
  • Webhooks

Add and manage webhooks

Webhooks are outbound calls that are sent from Kinde when a specified events occurs. Calls are sent using HTTPS REST calls to a verified external URL you specify.

Use Kinde’s webhooks to create triggers and push event data to your other systems and applications.

Webhook security

Link to this section

Webhook request payloads are signed and sent as a JSON Web Token (JWT) from Kinde.

You’re probably using a library to validate your JWTs and they will require the url for your public JSON Web Key (also known as a jwks file).

The jwks file can be found at https://<your_subdomain>.kinde.com/.well-known/jwks

  1. Go to Settings > Environment > Webhooks.
  2. Select Add webhook.
  3. Give the webhook a name and enter a description so it’s clear what it’s for.
  4. Enter the external URL.
  5. Select the event triggers. You can choose from a number of triggers and categories. See below for definitions.

Edit a webhook

Link to this section
  1. Go to Settings > Environment > Webhooks.
  2. Select the webhook name to open the details window.
  3. Update events and triggers.
  4. Select Save.

Delete a webhook

Link to this section
  1. Go to Settings > Environment > Webhooks.
  2. Select the three dots menu next to the webhook you want to delete.
  3. Select Delete webhook. A confirmation message appears.
  4. Confirm you want to delete the webhook.

Manage webhooks via the Kinde API

Link to this section

Everything you can do in Kinde’s UI with webhooks, you can also do through the Kinde API using these endpoints.

  • POST api/v1/webhooks - create a webhook
  • PATCH api/v1/webhook/{webhook_id} - update a webhook
  • DELETE api/v1/webhook/{webhook_id} - delete a webhook
  • GET api/v1/webhooks - list of available webhooks

Events can also be retrieved using:

  • GET /api/v1/events/{event_id} - get an event by the event_id provided in a webhook
  • GET /api/v1/event_types - list the available event types

Webhook triggers

Link to this section

Available triggers include:

organization.created;
organization.updated;
user.created;
user.updated;
user.deleted;
user.authentication_failed;
user.authenticated;
organization.deleted;
role.created;
role.updated;
role.deleted;
permission.created;
permission.updated;
permission.deleted;
subscriber.created;
access_request.created;

Testing webhooks locally

Link to this section

In order to use webhooks, you need a publicly available URL. To test locally you need to use a proxy to expose your local instance on the internet.

Here are a couple of free tools to help you to do this.

  • localtunnel - fast and easy, we recommend using the —subdomain attribute to fix the issued subdomain.
  • Ngrok - for intermediate users, requires some dev experience to get set up.

Each of these services expose a local port though a public URL that can be set as your web socket.