--- title: Configure authentication webhooks description: Use webhooks to send an HTTP POST request to a server when a specific event occurs during an authenticated session, such as a user logging out. component: pingoneaic page_id: pingoneaic:am-authentication:auth-tree-webhooks canonical_url: https://docs.pingidentity.com/pingoneaic/am-authentication/auth-tree-webhooks.html --- # Configure authentication webhooks Use *webhooks* to send an HTTP POST request to a server when a specific event occurs during an authenticated session, such as a user logging out. Webhooks are used from within authentication journeys, by the [Register Logout Webhook node](https://docs.pingidentity.com/auth-node-ref/latest/register-logout-webhook.html). To create a webhook: 1. Under Native Consoles > Access Management, go to Realms > *Realm Name* > Authentication > Webhooks. 2. Select Create Webhook, specify a Webhook Name, and select Create. ![Creating a new authentication webhook.](_images/trees-webhook-create.png) 3. Configure the following settings: * Url The URL to which the HTTP POST is sent when the event occurs. * Body The body of the HTTP POST. To send different data formats, set the correct Content-Type header in the `Header` property, for example: * **Form Data**. Enter the body value in the format `parameter=value¶meter2=value2`, and set a `Content-Type` header of `application/x-www-form-urlencoded`. * **JSON Data**. Enter the body value in the format `{"parameter":"value","parameter2":"value2"}`, and set a `Content-Type` header of `application/json`. * Headers Any HTTP headers to add to the POST. To add a header, enter the name of the header in the `Key` field, and the value, and then click Add (➕). To remove a header, click Delete (✖). The fields in a webhook support variables for retrieving values from the user's session after successfully authenticating. Specify a variable in the following format: `${variable_name}`. To access the type of webhook event, use the `WebhookEventType` parameter key to return one of the following possible values: * `LOGOUT` * `UPGRADE` * `DESTROY` * `MAX_TIMEOUT` * `IDLE_TIMEOUT` For example, to retrieve the event type as a query parameter: `&event=${WebhookEventType}` You can use a variable to access custom properties added to the session with the [Set Session Properties node](https://docs.pingidentity.com/auth-node-ref/latest/set-session-properties.html) as well as the following default session properties: > **Collapse: Default session properties** > > | Property | Example value | Description | > | ---------------------------- | -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | `AMCtxId` | 22e73c81-708e-4849-b064-db29b68ef943-105372 | The audit ID for the session. This is logged as the `trackingIds` field in Advanced Identity Cloud access audit logs. | > | `authInstant` | 2022-02-28T14:06:31Z | The exact time that authentication completed. | > | `AuthLevel` | 5 | The authentication level of the session, determined by the login mechanism used to create the session. For example, a journey can have an authentication level of 10.Step-up authentication is triggered if an authentication level specified by an agent or policy that is designed to protect a resource, is greater than or equal to the value of the `AuthLevel` session property.Learn more in [Session upgrade with MFA](../am-sessions/session-upgrade.html). | > | `CharSet` | UTF-8 | The character set for the session, set to `UTF-8`. | > | `clientType` | genericHTML | The type of client, set to `genericHTML`. | > | `FullLoginURL` | https\://example.forgeblocks.com/platform/?realm=alpha | The full login URL, including query parameters. | > | `Host` | 192.0.2.1 | The originating IP address of the authentication request. | > | `HostName` | 192.0.2.1 | The host name that was used when the session was authenticated. | > | `IndexType` | service | Based on the value of the `authIndexValue` query parameter during authentication. Typically, this is set to `service`. | > | `Locale` | en\_US | The session locale. | > | `loginURL` | /am/XUI | The base login URL. A subset of `FullLoginURL`. | > | `OidcSid` | g0wmSpoAIwH6HAwCnurvRcfYqh4 | Unique session ID used by Advanced Identity Cloud to determine whether OIDC ID tokens granted for the same client relate to the same session. This appears when `Enable Session Management` (`storeOpsToken`) is set to true in the OAuth 2.0 provider settings. | > | `Organization` | o=alpha,ou=services,dc=am,dc=example,dc=com | The DN of the realm where authentication took place. | > | `Principal` | id=bjensen,ou=user,o=alpha,ou=services,dc=am,dc=example,dc=com | The value of `sun.am.UniversalIdentifier`. | > | `Principals` | bjensen | The username for the session. | > | `Service` | Example | The name of the journey that was used to authenticate this session. | > | `successURL` | /am/console | The URL that was redirected to, upon a successful login request. | > | `sun.am.UniversalIdentifier` | id=bjensen,ou=user,o=alpha,ou=services,dc=am,dc=example,dc=com | The DN of the user (username is lowercase). | > | `UserId` | bjensen | The `id` value from the `Principal` property. | > | `UserProfile` | Required | Can be one of: `Required`, `Create`, `Ignore`, or `CreateWithAlias`. Based on the value of the `dynamicProfileCreation` authentication configuration. Values other than `Ignore` indicates that user profile attributes were mapped based on the `User Attribute Mapping to Session Attribute` setting. Learn more in [authentication configuration](realm-auth-config.html#authn-core-post-auth).Default: `Required`. | > | `UserToken` | bjensen | The username, as defined in the `Principal` property. | The following figure shows an example webhook, using variable substitutions: ![Example authentication webhook.](_images/trees-webhook-example.png) | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Specifying a variable that isn't present in the user's session puts the literal variable text in the HTTP POST request, for example `user=${UserId}`, rather than `user=bjensen`. |