Create an Event Stream

By subscribing to events, and delivering them to a destination of your choice using event streams, you can facilitate a number of related use cases, including: 

• Sending emails to new customers to welcome them or ask them to verify their email address.

• Monitoring user lifecycle changes so that you can update CRM (customer relationship management) or billing systems.

You can create an event stream using either AWS EventBridge or webhooks. The sections below outline the setup process for both options.

Event streams are facilitated by the Auth0 Management API. Before you can set up an event stream, you need to create a machine-to-machine (M2M) application and authenticate with a Management API token. For more information, review Management API Access Tokens.

1. Navigate to Dashboard > Applications > Applications and select Create Application.

2. Enter a descriptive name for your application and choose Machine to Machine Applications. Then, select Create.

3. Select the API you want to call from your application. In this case, use the Auth0 Management API.

4. Choose the permissions that you want to be issued as part of your application's access token, then select Authorize. For testing purposes, select:

   • read:event_streams

   • create:event_streams

   • update:event_streams

   • delete:event_streams

   • read:event_deliveries

   • update:event_deliveries

   • create:users

5. Navigate to the Settings tab to gather your Client ID, Client Secret, and Domain.

6. Review Get Management API Access Tokens to retrieve and store your access token.

The information below describes how you can create and enable an event stream using AWS EventBridge.

To use AWS EventBridge for event streams, you will need the following:

• AWS account

  • Your AWS account must have permissions to use EventBridge. If you don’t have an account, sign up at https://aws.amazon.com/eventbridge/.

• AWS IAM permissions

• AWS EventBridge event bus

• AWS account ID & region

Event streams allow you to capture real-time changes within your Auth0 tenant and send them to an external system for processing.

Before setting up an event stream, you need to identify the event types you want to monitor. Then, you will use your AWS account ID and region to set up your event stream, as demonstrated below. 

This example creates an event stream that subscribes to the user.created event, which triggers whenever a new user is registered in your tenant. 

auth0 events create --name ng-demo-eventbridge --type eventbridge --subscriptions "user.created" --configuration '{"aws_account_id":"<your-aws-account-id>","aws_region":"<your-aws-region>"}'

curl -s \
 -H "Authorization: Bearer $TOKEN" \
 -H "Content-Type: application/json" \
 -X POST https://$TENANT/api/v2/event-streams \
 -d '{
   "name": "ng-demo-eventbridge",
   "subscriptions": [
     { "event_type": "user.created" }
   ],
   "destination": {
     "type": "eventbridge",
     "configuration": {
       "aws_account_id": "<your-aws-account-id>",
       "aws_region": "<your-aws-region>"
     }
   }
 }'

If successful, this call returns the following JSON with your event stream id. New event streams are enabled by default.

{
  "id": "est_8of6RXoM1997qikH7NS11h",
  "status": "enabled",
  "name": "ng-demo-eventbridge",
  "subscriptions": [
    {
      "event_type": "user.created"
    }
  ],
  "created_at": "2025-01-29T18:08:43.440Z",
  "updated_at": "2025-01-29T18:08:43.440Z",
  "destination": {
    "type": "eventbridge",
    "configuration": {
      "aws_account_id": "<your-aws-account-id>",
      "aws_region": "<your-aws-region>",
      "aws_partner_event_source": "default"
    }
  }
}

As an alternative to AWS EventBridge, you can use webhooks to facilitate event streams.

To get started, first set up a webhook handler to receive real-time notifications when a specific event occurs.  Then, you can create your event stream.

You can either create a basic webhook handler by following the instructions below, or you can use an existing service such as:

• Vercel

• Inngest

If you decide to use an existing service, you can proceed to Create an event stream (webhook). Otherwise, follow the instructions below to create your own basic webhook handler.

Ensure you have the following installed to properly write your webhook handler:

• node.js

• jq

• npm

• ngrok

1. Install express to your node_modules folder and your package.json dependencies.

2. Install dotenv to your root directory to use a .env file for storing environment variables.

3. Create a webhook.js file and insert the following code:

   const express = require('express');
   const bodyParser = require('body-parser');
   require('dotenv').config(); // Load .env file
   
   const app = express();
   const PORT = 3000;
   
   // Load the API token from environment variables
   const API_TOKEN = process.env.API_TOKEN; // Access your API_TOKEN
   
   // Parse JSON payloads
   app.use(bodyParser.json());
   
   // Webhook endpoint
   app.post('/webhook', (req, res) => {
     // Check for the API token in the request headers
     const token = req.headers['authorization'];
   
     if (token !== `Bearer ${API_TOKEN}`) {
       // If the token is invalid, respond with a 401 Unauthorized
       return res.status(401).json({ error: 'Unauthorized' });
     }
   
     // If the token is valid, process the webhook payload
     console.log('Webhook received:', JSON.stringify(req.body, null, 2));
   
     // Respond to the webhook sender
     res.sendStatus(204); // No Content
   });
   
   // Start the server
   app.listen(PORT, () => {
     console.log(`Webhook handler running on http://localhost:${PORT}`);
   });

   Was this helpful?

   feedbackSection.yesButtonText /feedbackSection.noButtonText

4. In the root of your project, create a .env file and add your API token using:

   API_TOKEN=`openssl rand -hex 32`
   echo "API_TOKEN=$API_TOKEN" > .env

   Was this helpful?

   feedbackSection.yesButtonText /feedbackSection.noButtonText

5. Start your server:

   node webhook.js

   Was this helpful?

   feedbackSection.yesButtonText /feedbackSection.noButtonText

6. To test the Webhook, expose your webhook handler using a tool like ngrok:

   ngrok http 3000

   Was this helpful?

   feedbackSection.yesButtonText /feedbackSection.noButtonText
   This provides a public URL for your local webhook handler, for example:

   http://localhost:3000

   Was this helpful?

   feedbackSection.yesButtonText /feedbackSection.noButtonText

Event streams allow you to capture real-time changes within your Auth0 tenant and send them to an external system for processing.

Before setting up an event stream, you need to identify the event types you want to monitor. You will then use your webhook handler to create an event stream, as demonstrated below.

This example creates an event stream that subscribes to the user.created event, which triggers whenever a new user is registered in your tenant. The event data is then forwarded to a webhook endpoint for further processing.

source .env # Make sure you are in the webhook directory where you created your .env file
WEBHOOK_URL="<ngrok URL>/webhook"

auth0 events create -n my-event1 -t webhook -s "user.created" -c '{"webhook_endpoint":"'"${WEBHOOK_URL}"'","webhook_authorization":{"method":"bearer","token":'"${API_TOKEN}"'"}}'

source .env # Make sure you are in the webhook directory where you created your .env file
TENANT="acme.plf-eda-cyx20241115a.auth0c.com"
WEBHOOK_URL="https://fac1-134-238-185-121.ngrok-free.app/webhook"

curl -s \
 -H "Authorization: Bearer $TOKEN" \
 -H "Content-Type: application/json" \
 -X POST https://$TENANT/api/v2/event-streams \
 -d '{
   "name": "ng-demo-3",
   "subscriptions": [
     { "event_type": "user.created" }
   ],
   "destination": {
     "type": "webhook",
     "configuration": {
       "webhook_endpoint": "'"$WEBHOOK_URL"'",
       "webhook_authorization": {
         "method": "bearer",
         "token": "'"$API_TOKEN"'"
       }
     }
   }
 }'

If successful, this returns the following JSON with your event stream id. New event streams are enabled by default.

{
  "id": "est_8of6RXoM1997qikH7NS11h",
  "status": "enabled",
  "name": "ng-demo-2",
  "subscriptions": [
    {
      "event_type": "user.created"
    }
  ],
  "created_at": "2025-01-29T18:08:43.440Z",
  "updated_at": "2025-01-29T18:08:43.440Z",
  "destination": {
    "type": "webhook",
    "configuration": {
      "webhook_endpoint": "https://example.com/webhook",
      "webhook_authorization": {
        "method": "bearer"
      }
    }
  }
}

After you create an event stream, you can verify that the event stream exists using the following command:

auth0 events show <EVENT_STREAM_ID>

TENANT="acme.plf-eda-cyx20241115a.auth0c.com" EVENT_STREAM_ID="est_b9QmRDub5BQKNF1oRKdiYe"

curl -s \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -X GET "https://$TENANT/api/v2/event-streams/$EVENT_STREAM_ID" | jq .

After the stream is active, you can test the event stream. For more information, review Event Testing, Observability, and Failure Recovery.

• Event Types
• Event Testing, Observability, and Failure Recovery
• Events Best Practices