Webhooks
Webhooks let your application receive real-time HTTP POST notifications when events occur in AuthDuty - cases closing, verifications completing, and more.
Creating a Webhook Endpoint
- Go to Settings → Webhooks (Lead or Developer role required).
- Click Add Endpoint.
- Enter your endpoint URL (must be HTTPS).
- Select which event types you want to receive.
- Click Create.
A signing secret is generated automatically. Use it to verify that incoming requests are genuinely from AuthDuty.
Event Types
| Event | Triggered When |
|---|---|
| case.created | A new verification case is created |
| case.closed | All verification steps completed successfully |
| case.failed | A verification step failed |
| case.expired | The case expired before completion |
| verification.step_completed | An individual verification step was completed |
| ping | Test event sent from the console |
Retries & Reliability
If your endpoint doesn't respond with a 2xx status code, AuthDuty retries the delivery with exponential backoff:
- Retry 1: after 30 seconds
- Retry 2: after 2 minutes
- Retry 3: after 15 minutes
- Retry 4: after 1 hour
- Retry 5: after 4 hours
- Retry 6: after 12 hours
- Retry 7: after 24 hours
After all retries are exhausted (~41 hours total), the delivery is moved to a dead letter queue. Endpoints that accumulate 15 consecutive failures are automatically disabled to prevent cascading issues.
Managing Endpoints
From the Webhooks settings page you can:
- View all endpoints and their status (active, disabled)
- Edit endpoint URL and subscribed events
- Rotate the signing secret
- Send a test ping to verify connectivity
- View recent deliveries and their outcomes
- Delete an endpoint
Each team can have up to 10 webhook endpoints.
Testing Your Endpoint
Use the Send Test button on any endpoint to send a ping event. This helps verify your endpoint is reachable and correctly processing webhook payloads before real events occur.