Event Reference
Complete list of HelloJohn webhook events — user, session, MFA, tenant, and organization events with full payload examples.
Complete reference for all events HelloJohn can send to your webhook endpoint.
Event structure
Every event has the same envelope:
{
"id": "evt_01HX...",
"type": "user.created",
"created_at": "2026-03-07T14:00:00Z",
"tenant_id": "ten_01HX...",
"data": { ... }
}User events
user.created
Fired when a new user account is created (via registration, admin creation, or SSO JIT provisioning).
{
"type": "user.created",
"data": {
"user": {
"id": "usr_01HX...",
"email": "alice@acme.com",
"first_name": "Alice",
"last_name": "Chen",
"roles": ["member"],
"email_verified": false,
"created_at": "2026-03-07T14:00:00Z"
},
"source": "registration" // "registration" | "admin" | "sso_jit" | "invitation"
}
}user.updated
Fired when a user's profile, roles, or status is updated.
{
"type": "user.updated",
"data": {
"user": { ... },
"changes": {
"roles": { "before": ["member"], "after": ["admin", "member"] }
}
}
}user.deleted
Fired when a user is permanently deleted.
{
"type": "user.deleted",
"data": {
"user_id": "usr_01HX...",
"email": "alice@acme.com",
"deleted_by": "usr_admin_01HX..."
}
}user.disabled / user.enabled
Fired when a user's status changes to disabled or back to active.
{
"type": "user.disabled",
"data": {
"user_id": "usr_01HX...",
"disabled_by": "usr_admin_01HX..."
}
}user.email_verified
Fired when a user verifies their email address.
{
"type": "user.email_verified",
"data": {
"user_id": "usr_01HX...",
"email": "alice@acme.com"
}
}user.password_changed
Fired when a user changes or resets their password.
{
"type": "user.password_changed",
"data": {
"user_id": "usr_01HX...",
"source": "reset" // "reset" | "self_change" | "admin_forced"
}
}Session / authentication events
user.login
Fired on every successful login.
{
"type": "user.login",
"data": {
"user_id": "usr_01HX...",
"session_id": "ses_01HX...",
"auth_method": "email_password", // "email_password" | "google" | "magic_link" | "sso" | ...
"ip_address": "203.0.113.1",
"user_agent": "Mozilla/5.0 ...",
"mfa_used": true
}
}user.login_failed
Fired on failed login attempts (wrong password, account disabled, etc.).
{
"type": "user.login_failed",
"data": {
"email": "alice@acme.com",
"reason": "invalid_credentials", // "invalid_credentials" | "user_disabled" | "mfa_failed" | ...
"ip_address": "203.0.113.1"
}
}user.logout
Fired when a user logs out or a session is revoked.
{
"type": "user.logout",
"data": {
"user_id": "usr_01HX...",
"session_id": "ses_01HX...",
"revoked_by": "usr_01HX..." // same user = self-logout, different = admin revocation
}
}MFA events
mfa.enrolled
Fired when a user enrolls an MFA method.
{
"type": "mfa.enrolled",
"data": {
"user_id": "usr_01HX...",
"method": "totp", // "totp" | "webauthn" | "sms_otp" | "email_otp"
"method_id": "mfa_01HX..."
}
}mfa.removed
Fired when an MFA method is removed (by user or admin).
{
"type": "mfa.removed",
"data": {
"user_id": "usr_01HX...",
"method": "totp",
"removed_by": "usr_admin_01HX..."
}
}Tenant events
tenant.created / tenant.updated / tenant.deleted
{
"type": "tenant.created",
"data": {
"tenant": {
"id": "ten_01HX...",
"name": "Acme Corp",
"slug": "acme-corp"
}
}
}Organization events
org.created / org.member_added / org.member_removed
{
"type": "org.member_added",
"data": {
"org_id": "org_01HX...",
"user_id": "usr_01HX...",
"role": "admin",
"invited_by": "usr_admin_01HX..."
}
}Subscribing to all events
Use "*" to subscribe to all events:
{
"url": "https://yourapp.com/webhooks/hellojohn",
"events": ["*"]
}Or subscribe to all events of a category:
{
"events": ["user.*", "mfa.*"]
}Webhooks
Receive real-time event notifications from HelloJohn — user created, login, MFA enrolled, tenant changes, and more. Setup, security, and retry behavior.
Signature Verification
Verify HelloJohn webhook signatures to ensure requests are authentic — HMAC-SHA256 verification in Node.js, Go, Python, Ruby, and PHP.