These docs are for AuthRocket 1. Looking for AuthRocket 2 docs?

Settings: Webhooks

AuthRocket generates numerous events based on activity of the data in each realm. Sometimes it’s really useful to have AuthRocket notify your app via a webhook in response to one or more of those events.

Webhooks have a built-in retry mechanism and will be retried several times over the course of about 2 days. A 2xx response is required for success, whereas a 4xx or 5xx response will be treated as an error and retried. You can see the status of the webhook(s) for an individual event under Events.


A webhook may be triggered for one, several, or all events.

Destination URL

The URL in your app that will receive the webhook. Webhooks always use POST. HTTPS is strongly recommended.

The delivered webhook payload will include the same basic event information as would be retrieved using Get an Event.

To authenticate the webhook, there are several options:

  1. Password protect the URL using basic auth. Include the user and password as part of the URL, eg:
  2. Make the URL itself unguessable by including a UUID or other long, random string in it, such as
  3. In the inbound webhook, just grab the Event ID and use the Get an Event API to retrieve a fresh copy of the event.

Note that webhooks can come in quite rapidly if you generate a ton of events at once, say using a batch process. If this is a problem for your app, slow down the batch process itself.

Questions? Find a Typo? Get in touch.