Webhook Event Catalog

All events AuthWorx can deliver to your endpoint, with full payload examples.

Payload envelope

Every webhook delivery shares the same outer envelope:

{
  "event":     "member.joined",
  "orgId":     "org_01ABCD",
  "orgSlug":   "acme-corp",
  "timestamp": "2025-05-23T14:00:00.000Z",
  "data":      { ... }
}

Field	Type	Description
event	string	Event name (see catalog below).
orgId	string	ID of the organization that triggered the event.
orgSlug	string	Slug of the organization.
timestamp	string (ISO 8601)	UTC time when the event occurred.
data	object	Event-specific payload (see each event below).

Always verify the X-Webhook-Signature header before processing the payload. See Signature Verification.

Member events

member.invited An org admin sent an invitation email.

{
  "event": "member.invited",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-23T14:00:00.000Z",
  "data": {
    "inviteId": "inv_01XYZ",
    "email": "bob@acme.com",
    "role": "member",
    "invitedBy": {
      "id": "usr_01HXYZ",
      "email": "alice@acme.com"
    },
    "expiresAt": "2025-05-30T14:00:00.000Z"
  }
}

member.joined A user accepted an invitation and joined the org.

{
  "event": "member.joined",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-24T09:15:00.000Z",
  "data": {
    "user": {
      "id": "usr_01HABC",
      "name": "Bob Smith",
      "email": "bob@acme.com"
    },
    "membership": {
      "role": "member",
      "status": "active",
      "joinedAt": "2025-05-24T09:15:00.000Z"
    }
  }
}

member.removed A member was removed from the org by an admin.

{
  "event": "member.removed",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-25T16:00:00.000Z",
  "data": {
    "user": {
      "id": "usr_01HABC",
      "email": "bob@acme.com"
    },
    "removedBy": {
      "id": "usr_01HXYZ",
      "email": "alice@acme.com"
    }
  }
}

Organization events

org.updated Organization settings were changed.

{
  "event": "org.updated",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-23T11:00:00.000Z",
  "data": {
    "org": {
      "id": "org_01ABCD",
      "name": "Acme Corporation",
      "slug": "acme-corp",
      "appUrl": "https://app.acme.com",
      "plan": "pro",
      "status": "active"
    }
  }
}

org.suspended The organization was suspended or deleted by a platform admin.

{
  "event": "org.suspended",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-26T08:00:00.000Z",
  "data": {
    "org": {
      "id": "org_01ABCD",
      "name": "Acme Corp",
      "slug": "acme-corp",
      "status": "suspended"
    }
  }
}

User events

user.login A user successfully completed login (including 2FA if enabled).

{
  "event": "user.login",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-23T09:01:00.000Z",
  "data": {
    "user": {
      "id": "usr_01HXYZ",
      "email": "alice@acme.com",
      "name": "Alice Chen"
    }
  }
}

user.deleted A user account was permanently deleted.

{
  "event": "user.deleted",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-27T10:00:00.000Z",
  "data": {
    "user": {
      "id": "usr_01HXYZ",
      "email": "alice@acme.com"
    }
  }
}

Test events

webhook.test Sent when you click Test on a webhook. Not a real event — safe to ignore in production.

{
  "event": "webhook.test",
  "orgId": "org_01ABCD",
  "orgSlug": "acme-corp",
  "timestamp": "2025-05-23T15:00:00.000Z",
  "data": { "message": "This is a test delivery from AuthWorx." }
}

Full event list

Event	Trigger
`member.invited`	Org admin sends an invitation.
`member.joined`	User accepts invite and joins.
`member.removed`	Org admin removes a member.
`org.updated`	Org settings are changed.
`org.suspended`	Org is suspended or deleted by platform admin.
`user.login`	Successful login (including after 2FA).
`user.deleted`	User account is permanently deleted.
`webhook.test`	Manual test delivery from admin panel.