Application webhooks are emitted by the Accounts API when applications (application-settings) are created, updated, or deleted. These correspond to POST /application-settings, PUT /application-settings/:id, POST /application-settings/:id/keys, and DELETE /application-settings/:id.
Events
| Action | Event name |
|---|---|
| create application (POST /application-settings) | applications.created |
| update application (PUT /application-settings/:id) | applications.updated |
| regenerate application keys (POST /application-settings/:id/keys) | applications.updated |
| delete application (DELETE /application-settings/:id) | applications.deleted |
Payload structure
All events include:
- providerId: Account ID of the provider (the authenticated account that performed the action).
- apiKey: The value of the X-API-KEY header from the request that triggered the action.
- data: Event-specific payload (see below).
applications.created and applications.updated
data is the application document without the privateKey field (for security). It includes _id, userId, accountId, name, description, internal, key, settings, requestEndpoint, enableUserSignOn, channels, roles, and audit fields (createdAt, updatedAt) as applicable.
{
"providerId": "string",
"apiKey": "string",
"data": {
"_id": "string",
"userId": "string",
"accountId": "string",
"name": "string",
"description": "string",
"internal": "boolean",
"key": "string",
"settings": {},
"requestEndpoint": "string",
"enableUserSignOn": "boolean",
"channels": ["string"],
"roles": {},
"createdAt": {},
"updatedAt": {}
}
}
applications.deleted
data contains only the id of the soft-deleted application.
{
"providerId": "string",
"apiKey": "string",
"data": {
"id": "string"
}
}
| Field | Type | Description |
|---|---|---|
| providerId | string | Account ID that performed the action. |
| apiKey | string | X-API-KEY header value from the request. |
| data | object | For created/updated: application document without privateKey. For deleted: object with id (application id). |