Session Ended Webhook

The Session ended webhook is triggered when a particular User Service Session was terminated through either its parent Directory, Service, or a Mobile Authenticator.

Body

Note that the Session Ended Webhook does not utilize JWE encryption as all of the necessary fields are located in URL parameters.

Query String Parameters

clear:

JSON string with following parameters:

api_time:

The date and time the logout was performed. This value is passed for two distinct reasons:

Ensuring that the service is informed of when the logout callback was made, so that the service may ensure the user has not started a new session, since logging out and ending their service session.
Enabling the service to protect itself from replay and denial of service attacks by verifying the request was recent based on the value of this parameter.

serice_user_hash:

string The hashed user identifier that will match the same value returned by a Auths GET request in which the user had responded or an Authentication Response Event.

signature:

A Base64 encoded RSA Signature of the clear query string parameter.

Example

POST https://my.example.com/callback?clear=%7B%22api_time%22%3A+%222015-04-24T22%3A49%3A19Z%22%2C+%22user_hash%22%3A+%22FjnZrwQKfnUVlXaOu2KRuzTI3E9ZrVvgfsp57bzrGVH%22%7D&signature=pg5K8kXL1gYvaWB2S9P3p2QNQIMtCPf%2FoPViDN1tWbU096w7WsOh7CAXOfEC2sca0tr5PvikEZLoCnjL3%2BTlk1FG1mX1AKPtblir1Nlg5ttdfRbd2XkEBs6%2BDf4tpfWnkjApjDWUJwHvRYOg1JhjypCvy2YeMpIr9r6jv4UpuZ%2Ff%2FgDXEo3%2FjioUvoiWhvcBRRAHaI%2FUMD5JwhgUBgpfQat5wDw2REj4DrPTyrst65j2%2FQjjPH5xz9sHa4wFpOP5enVYQZMJSKeLCXqkOBtiNWukyyf6YNIj04bN36zGZaK%2BtfjB5TMD4i%2FxC1sJyO0P4BlznGHfDSHoKbVniV4vEQ%3D%3D HTTP/1.1
Content-Type: application/json
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 0

Session Ended Webhook

Body

Query String Parameters

Example

User Contributed