Create an Event Stream
Events are currently available in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement.
To learn more about Auth0's product release cycle, review Product Release Stages.
By subscribing to events, and delivering them to a destination of your choice using event streams, you can facilitate a number of related use cases, including:
Sending emails to new customers to welcome them or ask them to verify their email address.
Monitoring user lifecycle changes so that you can update CRM (customer relationship management) or billing systems.
You can create an event stream using either AWS EventBridge or webhooks. The sections below outline the setup process for both options.
Access Management API (optional)
Event streams can either be provisioned using the Auth0 dashboard or the Auth0 Management API. If using the Management API, before you can set up an event stream, you need to create a machine-to-machine (M2M) application and authenticate with a Management API token. For more information, review Management API Access Tokens.
Navigate to Dashboard > Applications > Applications and select Create Application.
Enter a descriptive name for your application and choose Machine to Machine Applications. Then, select Create.
Select the API you want to call from your application. In this case, use the Auth0 Management API.
Choose the permissions that you want to be issued as part of your application's access token, then select Authorize. For testing purposes, select:
read:event_streamscreate:event_streamsupdate:event_streamsdelete:event_streamsread:event_deliveriesupdate:event_deliveriescreate:users
Navigate to the Settings tab to gather your Client ID, Client Secret, and Domain.
Review Get Management API Access Tokens to retrieve and store your access token.
AWS EventBridge
The information below describes how you can create and enable an event stream using AWS EventBridge.
EventBridge prerequisites
To use AWS EventBridge for event streams, you will need the following:
AWS account
Your AWS account must have permissions to use EventBridge. If you don’t have an account, sign up at https://aws.amazon.com/eventbridge/.
AWS IAM permissions
AWS EventBridge event bus
AWS account ID & region
Create an event stream (EventBridge)
Event streams allow you to capture real-time changes within your Auth0 tenant and send them to an external system for processing.
Before setting up an event stream, you need to identify the event types you want to monitor. Then, you will use your AWS account ID and region to set up your event stream, as demonstrated below.
This example uses the Auth0 CLI to create an event stream that subscribes to the user.created event, which triggers whenever a new user is registered in your tenant.
auth0 events create --name ng-demo-eventbridge --type eventbridge --subscriptions "user.created" --configuration '{"aws_account_id":"<your-aws-account-id>","aws_region":"<your-aws-region>"}'Was this helpful?
If successful, this call returns the following JSON with your event stream id. New event streams are enabled by default.
{
"id": "est_8of6RXoM1997qikH7NS11h",
"status": "enabled",
"name": "ng-demo-eventbridge",
"subscriptions": [
{
"event_type": "user.created"
}
],
"created_at": "2025-01-29T18:08:43.440Z",
"updated_at": "2025-01-29T18:08:43.440Z",
"destination": {
"type": "eventbridge",
"configuration": {
"aws_account_id": "<your-aws-account-id>",
"aws_region": "<your-aws-region>",
"aws_partner_event_source": "default"
}
}
}Was this helpful?
To create an event stream in the Auth0 Dashboard using AWS EventBridge:
Navigate to Auth0 Dashboard > Event Streams (Early).
Select +Create Event Stream.
From the list of stream types, select AWS EventBridge. This will open the configuration form for your new EventBridge stream.
Configure Stream Details: In the configuration form, you will need to provide the following information:
Stream Name:
Enter a descriptive name for your event stream. This will help you identify it within the Auth0 Dashboard.
AWS Account ID:
Enter the 12-digit AWS account ID where you want the Auth0 events to be sent.
AWS Region:
Select the specific AWS Region where your EventBridge event bus is located.
Select Event Types: In the Select Event Types section, choose the specific Auth0 event types you want to include in this stream. You can select multiple event types based on your requirements (e.g.,
user.created,user.updated,user.deleted).Save Changes: Once you have configured the stream name, AWS details, and selected your desired event types, click the Save Changes button.
Your new event stream is now created, and Auth0 can begin publishing the selected event types to the specified AWS EventBridge event bus. You can monitor the status and manage your event stream from the Event Streams (Early) page in the Auth0 Dashboard.
Before getting started with Terraform, ensure you have:
The Terraform CLI installed
The Auth0 CLI installed and authenticated via
auth0 loginYour AWS Account ID and AWS region for configuring an EventBridge stream
File configuration
To provision your event stream using Terraform, you'll need a structured project directory. We recommend using the following configuration when setting this up for the first time:
auth0-event-streams/
├── main.tf # Core configuration: defines providers and the 'auth0_event_stream' resource.
├── variables.tf # Variable declaration: defines inputs like 'aws_account_id' and 'aws_region'.
└── terraform.tfvars # Variable values: holds the actual configuration values (e.g., "123456789012").Was this helpful?
Define variables
In your variables.tf file, declare the necessary input variables your stream configuration will need:
variable "aws_account_id" {
description = "The 12-digit AWS Account ID where the EventBridge event bus resides."
type = string
}
variable "aws_region" {
description = "The AWS region (e.g., us-east-1) for the EventBridge event bus."
type = string
}Was this helpful?
Set variable values
In your terraform.tfvars file, provide the actual values for your specific environment:
aws_account_id = "<your-aws-account-id>" # e.g., "123456789012"
aws_region = "<your-aws-region>" # e.g., "us-east-1"Was this helpful?
Environment configuration
In your terminal, set the three required environment variables using the credentials you copied in Access Management API (optional) above.
export AUTH0_DOMAIN="your-tenant-name.auth0.com" export AUTH0_CLIENT_ID="your_m2m_client_id" export AUTH0_CLIENT_SECRET="your_m2m_client_secret"Was this helpful?
/
Create an Event Stream
This example uses the auth0_event_stream resource to create an event stream that subscribes to the user.created event, which triggers whenever a new user is registered in your tenant. Use the following sample in your main.tf file:
# main.tf
terraform {
required_providers {
auth0 = {
source = "auth0/auth0"
version = ">= 1.0.0"
}
}
}
provider "auth0" {}
resource "auth0_event_stream" "eventbridge_stream" {
name = "ng-demo-eventbridge-tf"
destination_type = "eventbridge" # Required
subscriptions = ["user.created"]
eventbridge_configuration {
aws_account_id = var.aws_account_id
aws_region = var.aws_region
}
}Was this helpful?
Once you have created and saved all three of the files above, you are ready to create your stream.
Initialize the provider:
terraform initWas this helpful?
/Review your changes:
terraform planWas this helpful?
/Create the stream:
terraform applyWas this helpful?
/
Webhooks
As an alternative to AWS EventBridge, you can use webhooks to facilitate event streams.
To get started, first set up a webhook handler to receive real-time notifications when a specific event occurs. Then, you can create your event stream.
You can either create a basic webhook handler by following the instructions below, or you can use an existing service such as:
Vercel
Inngest
If you decide to use an existing service, you can proceed to Create an event stream (webhook). Otherwise, follow the instructions below to create your own basic webhook handler.
Webhook prerequisites
Ensure you have the following installed to properly write your webhook handler:
node.jsjqnpmngrok
Write the webhook handler
Install
expressto yournode_modulesfolder and yourpackage.jsondependencies.Install
dotenvto your root directory to use a.envfile for storing environment variables.Create a
webhook.jsfle to receive theuser.createdevent and store it in a database.const express = require('express'); const bodyParser = require('body-parser'); require('dotenv').config(); // Load environment variables const app = express(); const API_TOKEN = process.env.API_TOKEN; // Get token from .env app.use(bodyParser.json()); app.use((req, res, next) => { const token = req.headers["authorization"]; if (token !== `Bearer ${API_TOKEN}`) { console.warn("Unauthorized attempt: Invalid token"); return res.status(401).json({ error: "Unauthorized" }); } next(); }); // Webhook endpoint app.post("/webhook", (req, res) => { // Removed 'async' as database logic is commented console.log("Webhook received:", JSON.stringify(req.body, null, 2)); const eventData = req.body; const { type } = eventData; console.log(`Webhook event of type '${type}' successfully processed.`); res.sendStatus(204); }); const PORT = 3000; app.listen(PORT, () => { console.log(`Webhook server running on http://localhost:${PORT}`); });Was this helpful?
/In the root of your project, create a
.envfile and add your API token using:API_TOKEN=`openssl rand -hex 32` echo "API_TOKEN=$API_TOKEN" > .envWas this helpful?
/Start your server:
node webhook.jsWas this helpful?
/To test the Webhook, expose your webhook handler using a tool like ngrok:
This provides a public URL for your local webhook handler, for example:ngrok http 3000Was this helpful?
/http://localhost:3000Was this helpful?
/
Create an event stream (webhooks)
Event streams allow you to capture real-time changes within your Auth0 tenant and send them to an external system for processing.
Before setting up an event stream, you need to identify the event types you want to monitor. You will then use your webhook handler to create an event stream, as demonstrated below.
This example uses the Auth0 CLI to create an event stream that subscribes to the user.created event, which triggers whenever a new user is registered in your tenant. The event data is then forwarded to a webhook endpoint for further processing.
source .env # Make sure you are in the webhook directory where you created your .env file
WEBHOOK_URL="<ngrok URL>/webhook"
auth0 events create -n my-event1 -t webhook -s "user.created" -c '{"webhook_endpoint":"'"${WEBHOOK_URL}"'","webhook_authorization":{"method":"bearer","token":'"${API_TOKEN}"'"}}'Was this helpful?
If successful, this returns the following JSON with your event stream id. New event streams are enabled by default.
{
"id": "est_8of6RXoM1997qikH7NS11h",
"status": "enabled",
"name": "ng-demo-2",
"subscriptions": [
{
"event_type": "user.created"
}
],
"created_at": "2025-01-29T18:08:43.440Z",
"updated_at": "2025-01-29T18:08:43.440Z",
"destination": {
"type": "webhook",
"configuration": {
"webhook_endpoint": "https://example.com/webhook",
"webhook_authorization": {
"method": "bearer"
}
}
}
}Was this helpful?
Verify the event stream
After you create an event stream, you can verify that the event stream exists using the following command:
auth0 events show <EVENT_STREAM_ID>Was this helpful?
To create an event stream in the Auth0 Dashboard using AWS EventBridge:
Navigate to Auth0 Dashboard > Event Streams (Early).
Select +Create Event Stream.
From the list of stream types, select Webhook. This will open the configuration form for your new webhook stream.
Configure Stream Details: In the configuration form, you will need to provide the following information:
Stream Name:
Enter a descriptive name for your event stream. This will help you identify it within the Auth0 Dashboard.
Endpoint: Enter the complete URL of the HTTP endpoint where you want Auth0 to send the events. This is the service that will receive and process the event data.
Authentication Method: Choose the authentication method required by your endpoint.
Authorization Token: If you selected Bearer Token as the authentication method, enter the required authorization token here.
Select Event Types: In the Select Event Types section, choose the specific Auth0 event types you want to include in this stream. You can select multiple event types based on your requirements (e.g.,
user.created,user.updated,user.deleted).Save Changes: Once you have configured the stream name, AWS details, and selected your desired event types, click the Save Changes button.
Your new event stream is now created, and Auth0 can begin publishing the selected event types to the specified Webhook. You can monitor the status and manage your event stream from the Event Streams (Early) page in the Auth0 Dashboard.
File configuration
To provision your event stream using Terraform, you'll need a structured project directory. We recommend using the following configuration when setting this up for the first time:
auth0-event-streams/
├── main.tf # Core configuration: defines providers and the 'auth0_event_stream' resource.
├── variables.tf # Variable declaration: defines inputs.
└── terraform.tfvars # Variable values: holds the actual configuration values (e.g., "123456789012").Was this helpful?
Define variables
In your variables.tf file, declare the necessary input variables your stream configuration will need:
variable "api_token" {
description = "The secret token used for Webhook Bearer Authorization."
type = string
sensitive = true
}
variable "webhook_endpoint_url" {
description = "The public HTTPS URL for the webhook handler (e.g., your ngrok URL)."
type = string
}Was this helpful?
Environment configuration
Using the API token generated above, securely set the environment variable in your terminal using the
TF_VAR_prefix:export TF_VAR_api_token="${API_TOKEN}" export AUTH0_DOMAIN="your-tenant-name.auth0.com" export AUTH0_CLIENT_ID="your_m2m_client_id" export AUTH0_CLIENT_SECRET="your_m2m_client_secret"Was this helpful?
/
Create an Event Stream
This example uses the auth0_event_stream resource to create an event stream that subscribes to the user.created event, which triggers whenever a new user is registered in your tenant. Use the following sample in your main.tf file:
terraform {
required_providers {
auth0 = {
source = "auth0/auth0"
version = ">= 1.0.0"
}
}
}
provider "auth0" {}
resource "auth0_event_stream" "webhook_stream" {
name = "my-webhook-handler-stream-tf"
destination_type = "webhook"
subscriptions = ["user.created"]
webhook_configuration {
webhook_endpoint = var.webhook_endpoint_url
webhook_authorization {
method = "bearer"
token = var.api_token
}
}
}Was this helpful?
Once you have created and saved all three of the files above, you are ready to create your stream.
Initialize the provider:
terraform initWas this helpful?
/Run the plan:
URL="<your-ngrok-url>/webhook" terraform plan -var="webhook_endpoint_url=${URL}"Was this helpful?
/Create the stream:
terraform apply -var="webhook_endpoint_url=https://<your-ngrok-url>/webhook"Was this helpful?
/
After the stream is active, you can test the event stream. For more information, review Event Testing, Observability, and Failure Recovery.