For the best web experience, please use IE11+, Chrome, Firefox, or Safari
OneLogin + One Identity delivering IAM together. Learn more

What is a Webhook?


How Apps Communicate

Apps need to communicate with each other to save time, reduce errors, and improve user experiences. There are several ways apps can communicate. You may be familiar with one such method called an API (Application Programming Interface). Web APIs allow you to make a request over the internet to check for and send new data from one system to another. APIs can be used to perform certain actions, such as signing in with your social media account, completing a transaction with the “Pay with PayPal” option on a third-party site, and more. Another related, but very different, method that transfers information between several different applications is using webhooks.

What is a Webhook?

Apps use webhooks to communicate events automatically between each other. Unlike an API, webhooks do not require the administrator to manually submit a request when new information is needed. Instead, a webhook automatically broadcasts information to third-party systems which can then be used to make event-driven decisions. A common way to use a webhook is how OneLogin leverages a webhook to stream events to Security Information and Event Management (SIEM) tools. This enables IT admins to automatically receive updates on login activity as well as risky user logins without having to make an API request.

How Does a Webhook Work?

The first step is to enter the URL on your web application where you want the webhook to send HTTP requests. Once an event occurs in the originating service, the webhook sees the event, collects the data, and sends it to the app via the URL you specified in real-time. This is similar to when you provide an email address or phone number to receive notifications on upcoming sales from your favorite brands.

You can use webhooks to:

  • Receive an alert when a particular event occurs
  • Ensure data synchronization across multiple web applications
  • Customize or modify functionality in an application based on a specific event
Web Hooks Diagram

What is an Example of a Webhook?

Using webhooks can save you time, increase accuracy, and improve user satisfaction. instead of having to retype user or event information, a webhook can automatically:

  • Stream login events to your SIEM and analytics tools, like SumoLogic and Splunk
  • Post event notifications to Slack
  • Send an email notification when a new user logs in with a new device
  • Sync new members or membership updates with your CMS

The Future of Webhooks

Webhooks are a very useful method to communicate events, such as login activity, from one application or system to another. However, this is primarily a one-way flow of information and requires setting up a server to catch, filter, and act on these webhooks. The burden is on IT & developer teams to not only maintain their own servers, but also to scale performance as login activity increases. As we move more towards cloud orchestration and greater demands for customization, teams need a low-code approach to make event-driven decisions at scale and remove the burden of maintaining the infrastructure necessary to support them.

OneLogin Smart Hooks

OneLogin Smart Hooks is an exciting new concept that introduces next-gen extensibility. Unlike webhooks, Smart Hooks allow you to alter functionality within the OneLogin platform based on the occurrence of a specific event, rather than simply broadcasting a login event to a third-party application to take some action. Another benefit to Smart Hooks is that they are serverless, meaning OneLogin hosts and runs the custom code for you. No need to maintain additional servers or worry about performance or scale. Smart Hooks automatically scale with your user growth, providing greater customization and platform extensibility for even the most complex requirements.

For example, you can use a Smart Hook to dynamically assign a user policy that requires users to submit a biometric factor when they attempt to sign in from a mobile device. Another example may be to require an additional authentication factor when a user is using an older browser, or even deny access for specific browser types. Perhaps you only want to allow specific factors when a user is traveling outside your home country, or need more granular control over factor enrollment workflows–all of this is now possible with Smart Hooks.

Smart Hooks extension

We also have a growing list of sample hooks in our Postman collection, which includes a library of code examples, so that IT teams can quickly implement changes with minimal developer support required.

In summary, there are several different approaches to customizing and integrating your identity and access management platform with other systems or applications. Whether it’s through traditional webhooks or API, each should be evaluated based on the available resources on your team and the goal you are trying to achieve. With Smart Hooks, you can build custom workflows and integrations using serverless code to meet your businesses’ access security needs faster.

To learn more about OneLogin Smart Hooks, visit our Smart Hooks product page.

Try OneLogin for Free

Experience OneLogin’s Access Management capabilities first-hand for 30 days