When a user makes an action in your application, Privy will emit a webhooks payload with the following fields:

Webhook example payloads

Webhook payloads generally have two different formats. Both formats include a user object that is the same structure as what the user REST API returns. For webhook events that involve an account change, we will include an account object that represents the changed account. For example, in a user.unlinked_account event, the account value will be the account that was just removed, so it will no longer exist on the user.

Example payload for different webhook events:

{
  "type": "user.created",
  "user": {
    "created_at": 969628260,
    "has_accepted_terms": false,
    "id": "did:privy:cfbsvtqo2c22202mo08847jdux2z",
    "is_guest": false,
    "linked_accounts": [
      {
        "address": "[email protected]",
        "first_verified_at": 969628260,
        "latest_verified_at": 969628260,
        "type": "email",
        "verified_at": 969628260
      }
    ],
    "mfa_methods": []
  }
}

Webhook signing key

The webhook signing key is necessary to verify that the payloads sent to your endpoint are from Privy. Follow the steps below in order to set up webhook verification in your backend.

Was this page helpful?