Create an Event Stream
By subscribing to events, and delivering them to a destination of your choice using event streams, you can facilitate a number of related use cases, including:
Sending emails to new customers to welcome them or ask them to verify their email address.
Monitoring user lifecycle changes so that you can update CRM (customer relationship management) or billing systems.
You can create an event stream using either AWS EventBridge or webhooks. The sections below outline the setup process for both options.
Access Management API (optional)
Event streams can either be provisioned using the Auth0 dashboard or the Auth0 Management API. If using the Management API, before you can set up an event stream, you need to create a machine-to-machine (M2M) application and authenticate with a Management API token. For more information, review Management API Access Tokens.
Navigate to Dashboard > Applications > Applications and select Create Application.
Enter a descriptive name for your application and choose Machine to Machine Applications. Then, select Create.
Select the API you want to call from your application. In this case, use the Auth0 Management API.
Choose the permissions that you want to be issued as part of your application's access token, then select Authorize. For testing purposes, select:
read:event_streams
create:event_streams
update:event_streams
delete:event_streams
read:event_deliveries
update:event_deliveries
create:users
Navigate to the Settings tab to gather your Client ID, Client Secret, and Domain.
Review Get Management API Access Tokens to retrieve and store your access token.
AWS EventBridge
The information below describes how you can create and enable an event stream using AWS EventBridge.
EventBridge prerequisites
To use AWS EventBridge for event streams, you will need the following:
AWS account
Your AWS account must have permissions to use EventBridge. If you don’t have an account, sign up at https://aws.amazon.com/eventbridge/.
AWS IAM permissions
AWS EventBridge event bus
AWS account ID & region
Create an event stream (EventBridge)
Event streams allow you to capture real-time changes within your Auth0 tenant and send them to an external system for processing.
Before setting up an event stream, you need to identify the event types you want to monitor. Then, you will use your AWS account ID and region to set up your event stream, as demonstrated below.
This example uses the Auth0 CLI to create an event stream that subscribes to the user.created
event, which triggers whenever a new user is registered in your tenant.
auth0 events create --name ng-demo-eventbridge --type eventbridge --subscriptions "user.created" --configuration '{"aws_account_id":"<your-aws-account-id>","aws_region":"<your-aws-region>"}'
Was this helpful?
If successful, this call returns the following JSON with your event stream id
. New event streams are enabled by default.
{
"id": "est_8of6RXoM1997qikH7NS11h",
"status": "enabled",
"name": "ng-demo-eventbridge",
"subscriptions": [
{
"event_type": "user.created"
}
],
"created_at": "2025-01-29T18:08:43.440Z",
"updated_at": "2025-01-29T18:08:43.440Z",
"destination": {
"type": "eventbridge",
"configuration": {
"aws_account_id": "<your-aws-account-id>",
"aws_region": "<your-aws-region>",
"aws_partner_event_source": "default"
}
}
}
Was this helpful?
To create an event stream in the Auth0 Dashboard using AWS EventBridge:
Navigate to Auth0 Dashboard > Event Streams (Early).
Select +Create Event Stream.
From the list of stream types, select AWS EventBridge. This will open the configuration form for your new EventBridge stream.
Configure Stream Details: In the configuration form, you will need to provide the following information:
Stream Name:
Enter a descriptive name for your event stream. This will help you identify it within the Auth0 Dashboard.
AWS Account ID:
Enter the 12-digit AWS account ID where you want the Auth0 events to be sent.
AWS Region:
Select the specific AWS Region where your EventBridge event bus is located.
Select Event Types: In the Select Event Types section, choose the specific Auth0 event types you want to include in this stream. You can select multiple event types based on your requirements (e.g.,
user.created
,user.updated
,user.deleted
).Save Changes: Once you have configured the stream name, AWS details, and selected your desired event types, click the Save Changes button.
Your new event stream is now created, and Auth0 can begin publishing the selected event types to the specified AWS EventBridge event bus. You can monitor the status and manage your event stream from the Event Streams (Early) page in the Auth0 Dashboard.
Webhooks
As an alternative to AWS EventBridge, you can use webhooks to facilitate event streams.
To get started, first set up a webhook handler to receive real-time notifications when a specific event occurs. Then, you can create your event stream.
You can either create a basic webhook handler by following the instructions below, or you can use an existing service such as:
Vercel
Inngest
If you decide to use an existing service, you can proceed to Create an event stream (webhook). Otherwise, follow the instructions below to create your own basic webhook handler.
Webhook prerequisites
Ensure you have the following installed to properly write your webhook handler:
node.js
jq
npm
ngrok
Write the webhook handler
Install
express
to yournode_modules
folder and yourpackage.json
dependencies.Install
dotenv
to your root directory to use a.env
file for storing environment variables.Create a
webhook.js
fle to receive theuser.created
event and store it in a database.const express = require('express'); const app = express(); // Authorization middleware app.use((req, res, next) => { const token = req.headers["authorization"]; if (token !== `Bearer ${API_TOKEN}`) { return res.status(401).json({ error: "Unauthorized" }); } next(); }); // Webhook endpoint app.post("/webhook", async (req, res) => { console.log("Webhook received:", JSON.stringify(req.body, null, 2)); const eventData = req.body; const { id, type, time, data } = eventData; const user = data.object; try { switch (type) { case "user.created": await handleUserCreated(user, time); break; case "user.updated": await handleUserUpdated(user, time); break; case "user.deleted": await handleUserDeleted(user, time); break; default: await handleDefaultEvent(id, type, time, data); } console.log(`Webhook event of type '${type}' committed to the database.`); res.sendStatus(204); } catch (err) { console.error("Error processing webhook:", err); res.status(500).json({ error: "Internal server error" }); } }); // Specific function for handling the user created event // In this example we're making sure users are also created in our own database async function handleUserCreated(user, time) { const { user_id, email, name, nickname, created_at, updated_at } = user; const query = ` INSERT INTO users (user_id, email, name, nickname, created_at, updated_at, raw_user, last_event_processed) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) `; const values = [ user_id, email, name, nickname, created_at, updated_at, user, time, ]; try { await getPool().query(query, values); } catch (err) { if (err.code === "23505") { console.error(`Duplicate user_id=${user_id}, skipping insert.`); } else { console.error(`Database error while creating user_id=${user_id}:`, err); throw err; } } }
Was this helpful?
/In the root of your project, create a
.env
file and add your API token using:API_TOKEN=`openssl rand -hex 32` echo "API_TOKEN=$API_TOKEN" > .env
Was this helpful?
/Start your server:
node webhook.js
Was this helpful?
/To test the Webhook, expose your webhook handler using a tool like ngrok:
This provides a public URL for your local webhook handler, for example:ngrok http 3000
Was this helpful?
/http://localhost:3000
Was this helpful?
/
Create an event stream (webhooks)
Event streams allow you to capture real-time changes within your Auth0 tenant and send them to an external system for processing.
Before setting up an event stream, you need to identify the event types you want to monitor. You will then use your webhook handler to create an event stream, as demonstrated below.
This example uses the Auth0 CLI to create an event stream that subscribes to the user.created
event, which triggers whenever a new user is registered in your tenant. The event data is then forwarded to a webhook endpoint for further processing.
source .env # Make sure you are in the webhook directory where you created your .env file
WEBHOOK_URL="<ngrok URL>/webhook"
auth0 events create -n my-event1 -t webhook -s "user.created" -c '{"webhook_endpoint":"'"${WEBHOOK_URL}"'","webhook_authorization":{"method":"bearer","token":'"${API_TOKEN}"'"}}'
Was this helpful?
If successful, this returns the following JSON with your event stream id
. New event streams are enabled by default.
{
"id": "est_8of6RXoM1997qikH7NS11h",
"status": "enabled",
"name": "ng-demo-2",
"subscriptions": [
{
"event_type": "user.created"
}
],
"created_at": "2025-01-29T18:08:43.440Z",
"updated_at": "2025-01-29T18:08:43.440Z",
"destination": {
"type": "webhook",
"configuration": {
"webhook_endpoint": "https://example.com/webhook",
"webhook_authorization": {
"method": "bearer"
}
}
}
}
Was this helpful?
Verify the event stream
After you create an event stream, you can verify that the event stream exists using the following command:
auth0 events show <EVENT_STREAM_ID>
Was this helpful?
To create an event stream in the Auth0 Dashboard using AWS EventBridge:
Navigate to Auth0 Dashboard > Event Streams (Early).
Select +Create Event Stream.
From the list of stream types, select Webhook. This will open the configuration form for your new webhook stream.
Configure Stream Details: In the configuration form, you will need to provide the following information:
Stream Name:
Enter a descriptive name for your event stream. This will help you identify it within the Auth0 Dashboard.
Endpoint: Enter the complete URL of the HTTP endpoint where you want Auth0 to send the events. This is the service that will receive and process the event data.
Authentication Method: Choose the authentication method required by your endpoint.
Authorization Token: If you selected Bearer Token as the authentication method, enter the required authorization token here.
Select Event Types: In the Select Event Types section, choose the specific Auth0 event types you want to include in this stream. You can select multiple event types based on your requirements (e.g.,
user.created
,user.updated
,user.deleted
).Save Changes: Once you have configured the stream name, AWS details, and selected your desired event types, click the Save Changes button.
Your new event stream is now created, and Auth0 can begin publishing the selected event types to the specified Webhook. You can monitor the status and manage your event stream from the Event Streams (Early) page in the Auth0 Dashboard.
After the stream is active, you can test the event stream. For more information, review Event Testing, Observability, and Failure Recovery.