Security Event Token Payloads

The SET payload contains a set of name/value pairs (also known as claims) that describe the event and when it occurred. For example:

{
 "iss": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/webhooks",
 "iat": 1563488631,
 "jti": "b70046bd-44c7-4575-b1a2-9b8556d1f040",
 "aud": "https://example.com/path/to/endpoint",
 "txn": "00000000-0000-0000-0000-000000000000",
 "toe": 1559372400,
 "events": {
   "entityUpdated": {
     "attributes": [
         "email"
         ],
     "captureApplicationId": "zzyn9gy9r8xdy5zkru4y54syk6",
     "captureClientId": "elrrniux51a3nrhfwzklvz3t46lb5n2m",
     "entityType": "user",
     "globalSub": "capture-v1://us.janraincapture.com/zzyn9gy9r8xdy5zkru4y54syk6/user/6b004bc5-179c-45c2-815d-31b06169371d",
     "sub": "6b004bc5-179c-45c2-815d-31b06169371d",
     "id": "00000000-0000-0000-0000-000000000000"
   }
 }
}

These claims are explored in more detail in the following table:

Claim

Description

iss

Specifies the entity that issued the token. For Webhooks v3, the issuer is the Webhooks domain followed by  the customer ID followed by webhooks. For example:

https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/webhooks

iat

Specifies the date and time when the token was issued. The iat ("issued at time") claim is formatted using Unix epoch time, which represents the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC) on January 1, 1970. For example, the value 1553405263 represents Saturday, March 23, 2019 at 22:27:43 Pacific Daylight Time. 

jti

The unique identifier for the webhooks notification. Note that this differs from the id claim found in the events claim: the id claim uniquely identifies the event itself, while jti uniquely identifies the event notification.

aud

Intended audience for the webhooks notification. This will always be the URL of the  listener endpoint specified by the customer.

txn

Unique identifier assigned to the request as it passed through the Akamai API gateway.

toe

Date and time when the event occurred; this might occasionally differ from the time that the token was issued (the iat claim). The toe claim is formatted using Unix epoch time, which represents the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC) on January 1, 1970. For example, the value 1553405263 represents Saturday, March 23, 2019 at 22:27:43 Pacific Daylight Time.

events

The actual event itself. The claims specified in any given webhooks notification will vary depending on the type of event. 

captureApplicationId 

Unique identifier of the Akamai Identity Cloud application associated with the event.

captureClientId

Unique identifier of the API client associated with the event.

entityType

Name of the entity type database associated with the event.

global_sub

URI that points to the user record within the Identity Cloud user profile store. 

For example:

"sub": "capture-v1://us.janraincapture.com/zzyn9gy9r8xdy5zkru4y54syk6/user/6b004bc5-179c-45c2-815d-31b06169371d"

In the preceding URL, zzyn9gy9r8xdy5zkru4y54syk6 represents the unique identifier of the Identity Cloud application and 6b004bc5-179c-45c2-815d-31b06169371d represents the user’s UUID (Universally Unique Identifier).

This claim is primarily for internal Identity Cloud use.

sub

UUID of the user account associated with the event (for example, the UUID of the user account that was just modified). This claim will not be present if no user accounts are associated with the event.

id

Unique Akamai customer ID.

If you’re familiar with JSON Web Tokens, you might have noticed that at least two commonly-used claims – exp (Expiration Time) and sub (Subject) – are missing from the token payload. There’s a good reason (actually, two good reasons) for that. For one, security event tokens don’t expire; consequently, there’s no reason to include the exp claim. For another, the sub claim is used whenever applicable. However, that claim will always be included as part of the events claim, and won’t stand out on its own.