Auth0 Home Blog Docs

How can I test a post-registration-webhook?



I need to test a webhook, I’ve tried the Runner panel and manually setting up a request to a http address but it didn’t requested that URL.

This is what my code looks like:

module.exports = function (user, context, cb) {
  const request = require('request');
    uri: '',
    method: 'POST',
    form: {
     user, context
  }, cb)


While executing the code using runner, did you save it as described in the link below:


Oh, my bad … I had not saved it. Now I have another question, how can I trust the request actually comes from Auth0? I’ve looked at headers and there are some Bearer Bearer tokens and x-auth0-secret like ones but can’t see any particular token or key at dashboard I can use to compare and verify the POST actually comes from Auth0


As mentioned in the comments and for greater visibility and the benefit of others do ensure that the code is saved in the editor.

In relation to ensuring that a request made from a hook to an external URL is indeed coming from the hook itself and not from some other source this will depend more on the external URL then any hook specific limitation.

The hook is just Javascript code that is mostly equivalent to running the same set of code from within Node.js; this means that the same methods of authenticating a request coming from a Node.js script is available to code associated with a hook.

In particular, you can choose to accept a secret or API key in your external URL and then configure the hook to send this API key as part of the request. If the external URL accepts a bearer access token following OAuth2 rules then the hook can also act as a confidential client application and perform a client credentials grant to obtain an access token for that external URL and then send the token with the final request.