Skip to main content
Version: 4.x

Webhooks

Webhooks let you push notifications to any external HTTP endpoint when plugin events occur - no polling required. Use them to sync user activity to a CRM, trigger CI pipelines, send Slack alerts, or integrate with any service that accepts HTTP calls.

Webhooks are disabled by default. Enable them in Settings → Simple JWT Login → Webhooks → Config.


Configuration

Webhooks configuration

Enable Webhooks

Toggle the Enable Webhooks switch at the top of the Webhooks page to activate the feature. Each individual webhook also has its own enable/disable toggle, so you can disable specific hooks without deleting them.


Adding a Webhook

Click Add Webhook to create a new entry. Each webhook is configured with the following fields:

Endpoint URL

The full URL that will receive the HTTP request when the event fires.

https://example.com/webhook

HTTP Method

The HTTP verb to use when calling the endpoint. Supported methods: GET, POST, PUT, PATCH, DELETE.

Default: POST

Trigger Events

Select one or more events that will fire this webhook. Each event corresponds to a specific plugin action:

EventTrigger
loginUser successfully auto-logged in via JWT
registerNew WordPress user successfully registered
authUser authenticated and received a JWT
delete_userWordPress user account deleted via the API
reset_password_requestPassword reset code requested
reset_passwordPassword successfully changed

Custom Headers

Add any number of custom HTTP headers to the webhook request. This is useful for passing authentication tokens or content-type hints to the receiving service.

Example:

X-Secret-Token : my-shared-secret
Content-Type : application/json

Custom Payload

By default, the plugin sends a standard JSON payload. To override it, enter a JSON template in the Custom Payload textarea.

Use the following template variables - they are replaced at delivery time with real values:

VariableDescription
{{user_id}}WordPress user ID of the user involved in the event
{{user_email}}Email address of the user
{{event}}The event name that triggered the webhook (e.g. login)

Example custom payload:

{
"user_id": "{{user_id}}",
"email": "{{user_email}}",
"event": "{{event}}",
"source": "my-wordpress-site"
}

Leave the field blank to use the default payload.


Webhook Logs

Webhook Call Log

Every outgoing webhook request is logged. View the log under Settings → Simple JWT Login → Webhooks → Logs.

Each log entry shows:

  • The webhook URL that was called
  • The HTTP method used
  • The event that triggered it
  • The response status code
  • The timestamp
tip

Webhook logs help you debug delivery failures. If a webhook is not reaching your endpoint, check the log for the HTTP status code returned by your server.


Delivery Behavior

Webhook HTTP calls are dispatched after the API response is sent to the client - they never block or delay the response your app receives.

The plugin uses PHP's fastcgi_finish_request() to flush the response to the client first, then process all queued webhooks in the same PHP process. If that function is unavailable (see table below), webhooks are processed synchronously before the response is returned, which adds latency equal to the total time of all outgoing HTTP calls.

Server environmentAsync delivery
nginx + PHP-FPM (standard nginx setup)Yes - response flushed before HTTP calls are made
Apache + PHP-FPM (mod_proxy_fcgi)Yes - response flushed before HTTP calls are made
Apache + mod_phpNo - webhooks block the response
LiteSpeed / OpenLiteSpeedDepends on version - generally no
tip

If your site runs on Apache with mod_php and you have slow webhook endpoints, consider keeping webhook payloads small and endpoints fast to avoid adding visible latency to your login/register API calls.


Security Recommendations

  • Use HTTPS endpoints only - avoid sending event data over plain HTTP.
  • Pass a shared secret in a custom header (e.g. X-Webhook-Secret) and verify it on the receiving side to ensure the request originated from your site.
  • Validate the payload on the receiver before acting on it.

Example: Notify Slack on User Registration

  1. Create a Slack Incoming Webhook URL in your Slack workspace.
  2. In the plugin, add a new webhook with that URL.
  3. Set the method to POST.
  4. Enable the register event.
  5. Set a custom payload:
{
"text": "New user registered: {{user_email}}"
}

Slack will display the message in your chosen channel each time a new user registers.