Get Started Guides > Webhooks v3 > Gather Your Details > Your listener endpoint

Your listener endpoint

Your listener endpoint is a server on your end that is in charge of receiving and processing webhook event notifications.

If you haven’t already, you must set up a listener endpoint for your webhooks subscription and provide it at the bottom of this page.

Please see the technical requirements for your listener endpoint here: Configure a webhook listener endpoint

Migrating from webhooks v2 to v3? Note that you cannot simply use your existing v2 endpoint. You will need to set up a new endpoint for webhooks v3. This is because the payload for v3 is very different from v2:

Unlike v2, your endpoint will need a process for decoding the v3 payload and validating the included signature
The field names and values are different in v3
V3 includes a unique identifier for each notification

For more information, see Migrate to Webhooks v3.

The webhook payload

The payload of a webhook notification comes in the form of a JSON Web Token (JWT), which is a collection of JSON data that has been Base64URL encoded and looks something like this:

eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vdjEuYXBpLmV1LmphbnJhaW4uY29tL2IxOGZjODFkLTQ1N2UtNGE0MC1hYzg3LTJiNzhiZDk0NmZhMi9sb2dpbi9qd2siLCJraWQiOiIzMGU2MTVjNTg2NzQ5MGNlNWVkNzU1ZGYyZWFlNmVkMDdlZTVhYzk3IiwidHlwIjoic2VjZXZlbnQrand0In0.eyJhdWQiOlsiaHR0cHM6Ly93ZWJob29rLnNpdGUvYTM5YzhiODQtYTRjNS00ZWIyLTg1OGEtMjhjNGUxMTM5OTE0Il0sImV2ZW50cyI6eyJlbnRpdHlDcmVhdGVkIjp7ImNhcHR1cmVBcHBsaWNhdGlvbklkIjoidGVwMmRjcXk0Znd1cnd0cGtheGc3NnR3Z2YiLCJjYXB0dXJlQ2xpZW50SWQiOiJ6ZmNjZnp6Y2Y2MjZ0NDQ5d3U1dW1idDZ6aGVrMmRldCIsImVudGl0eVR5cGUiOiJ1c2VyIiwiZ2xvYmFsU3ViIjoiY2FwdHVyZS12MTovL2V1LmphbnJhaW5jYXB0dXJlLmNvbS90ZXAyZGNxeTRmd3Vyd3Rwa2F4Zzc2dHdnZi91c2VyLzcyNjA4N2VjLTM1ZGYtNDA0MS1hZWM4LWMxMWVjYzIwOGVmYSIsImlkIjoiMDJlOTUwZGMtNzMwNi00ZTVhLTllNGItYjljZDU2MjlkNzZiIiwic3ViIjoiNzI2MDg3ZWMtMzVkZi00MDQxLWFlYzgtYzExZWNjMjA4ZWZhIn19LCJpYXQiOjE2MzI0MTYzMjYsImlzcyI6Imh0dHBzOi8vdjEuYXBpLmV1LmphbnJhaW4uY29tL2IxOGZjODFkLTQ1N2UtNGE0MC1hYzg3LTJiNzhiZDk0NmZhMi93ZWJob29rcyIsImp0aSI6ImU2N2YzM2Y0LTI4YWUtNGFiZS1hNWE0LTk4ZTk1OTM3NzRiYiIsInRvZSI6MTYzMjQxNjMyNn0.JXvZsPv4ZzK9Pa-3Xry7OlJsZ2xvUJ-ozj3GvpTyHQhL4OH4FYtUQ7yuTCOszev7HZzWPbrH9rWln2_va0wPxCAeYton8g3LpX-jT45_YD6YmWDmpaq9OrhLSNXnU4igjet6adjfcl-tn6JA_hUhzNJifg2xfcotaljjqBUgMD8LP6YtqyflqL3yiMq3HuaATGhSKWDipbH4Yh_9YcCuRr7g4PXYulHsmk-fb3qnF5MuEt5Ioy80b9yViXe_AA0wCNYeBZYfDIbhGdLa1YbcPEow5hAuLuF8Q_SvECbkrhzsgEg6tVFK3rPU6RoLrfBa9KPirvXh0Dt-OVA2UVhE2g

Your endpoint must have a process for decoding the token so that you can retrieve and leverage the information within it. See Webhooks v3 security event tokens for more information.

A decoded token looks something like this:

{
 alg: "RS256",
 jku: "https://v1.api.us.janrain.com/a12bc34d-567e-8f90-gh12-3i45jk678lm9/login/jwk",
 kid: "30e615c5867490ce5ed755df2eae6ed07ee5ac97",
 typ: "secevent+jwt"
}.
{
 aud: [
  "https://mylistener.domain.com/endpoint"
 ],
 events: {
  entityCreated: {
   captureApplicationId: "a1bcde2fg3h456ijk7l8mnop9q",
   captureClientId: "zfccfzzcf626t449wu5umbt6zhek2det",
   entityType: "user",
   globalSub: "capture-v1://us.janraincapture.com/a1bcde2fg3h456ijk7l8mnop9q/user/726087ec-35df-4041-aec8-c11ecc208efa",
   id: "02e950dc-7306-4e5a-9e4b-b9cd5629d76b",
   sub: "726087ec-35df-4041-aec8-c11ecc208efa"
  }
 },
 iat: 1632416326,
 iss: "https://v1.api.us.janrain.com/a12bc34d-567e-8f90-gh12-3i45jk678lm9/webhooks",
 jti: "e67f33f4-28ae-4abe-a5a4-98e9593774bb",
 toe: 1632416326
}.
JXvZsPv4ZzK9Pa-3Xry7OlJsZ2xvUJ-ozj3GvpTyHQhL4OH4FYtUQ7yuTCOszev7HZzWPbrH9rWln2_va0wPxCAeYton8g3LpX-jT45_YD6YmWDmpaq9OrhLSNXnU4igjet6adjfcl-tn6JA_hUhzNJifg2xfcotaljjqBUgMD8LP6YtqyflqL3yiMq3HuaATGhSKWDipbH4Yh_9YcCuRr7g4PXYulHsmk-fb3qnF5MuEt5Ioy80b9yViXe_AA0wCNYeBZYfDIbhGdLa1YbcPEow5hAuLuF8Q_SvECbkrhzsgEg6tVFK3rPU6RoLrfBa9KPirvXh0Dt-OVA2UVhE2g

Note that it includes three (3) parts in the following order:

A header, which contains information about the token
A payload, which contains the webhook event data
A signature, which is used to validate the token

For details on the webhook payload, see Webhooks v3 security event tokens.

Receiving, responding, and processing webhooks

The best architecture for working with webhooks is to set up a single listener endpoint that parses the event notifications and then directs traffic to your necessary applications. You must:

Receive the notification
Return an immediate 200 response to Akamai
Put the webhook payload in your queue
Process the webhook

See the below sequence diagram for a full example. Webhook receiver sequence diagram

For more information on the Akamai endpoints referenced in this diagram, see:

Webhooks JSON web keys (JWK)
Get a user profile (/entity)

Once your listener endpoint is ready, provide it below.

Listener Endpoint:

Example: https://mylistener.domain.com/endpoint

Tip! If you’d like a quick test endpoint to see what your webhook notifications will look like, we recommend using webhook.site. Copy Your unique URL from the site into the field above and continue to next steps. Once you create your webhooks subscription, you can observe notifications to the endpoint in the site’s interface.