Skip to main content

Webhooks

Entrust Identity as a Service (IDaaS) webhooks deliver real-time event notifications to your systems over HTTPS, so you don't need to poll for changes. When an event occurs, IDaaS sends an HTTP POST request with a JSON payload to a callback URL that you configure.

Webhooks cover several categories of events:

  • Authentication: Sign-in successes and failures, useful for security monitoring, alerting, and feeding events into SIEM or compliance tools.
  • User lifecycle: Account creation, profile updates, deletions, and registration completions, useful for automating onboarding, offboarding, and keeping downstream systems in sync.
  • Administrative actions: Important identity changes made by administrators, useful for tracking identity changes, audit trails, and compliance workflows.
  • Authenticator changes: Password resets, grid card updates, passkey enrollment, and other authenticator lifecycle events.

Start with these pages:

Requirements and limits

Endpoint requirements

Your callback URL must use HTTPS and support TLSv1.2 or TLSv1.3. Versions lower than TLSv1.2 are not supported.

Response time

Your webhook endpoint must return a success status code (2xx) within 3 seconds. If IDaaS does not receive a successful response within that time, the delivery attempt is marked as failed.

Retry behavior

If the callback endpoint returns a 5xx server error, IDaaS retries the webhook delivery up to 3 total attempts.

  • The first retry happens after about 2 seconds.
  • The second retry happens after about 4 seconds.
  • Each retry includes a small random delay, so retries do not always occur at the exact same moment.

IDaaS retries webhook deliveries only for server-side failures that return a 5xx response.

Failure behavior

If a webhook reaches 100 consecutive delivery failures, IDaaS automatically disables it. To resume event delivery, enable the webhook again.

Configuration limit

Each customer can configure a maximum of 20 active webhooks.

Topics in this section