Token event payload
You can use the following token event payloads to trigger asynchronous workflows and synchronizations for event notification webhooks and APIs.
| Name | Data type | Description |
|---|---|---|
| data.access_token_type | String | The type of token requested. For example, "bearer" for default opaque tokens, or "jwt" for JWT-format tokens. |
| data.action | String | The operation that is run for the request. For example, "issued" for token requests, or "revoked" for token revocation. |
| data.applicationname | String | The name of the application that is associated with this token request. Available when the client_category is Application client or Application API client. |
| data.applicationtype | String | The type of application that is associated with this token request. For example "Custom application". Available when the client_category is Application client or Application API client. |
| data.applicationid | String | The ID of the application associated with this token request. Available when the client_category is Application client or Application API client. |
| data.at_hash | String | Hash of the access token. |
| data.cause | String | The cause of the failure. |
| data.client_category | String | The type of client. For example, "API client" for tenant API clients, "Application client", and "Application API client". |
| data.client_id | String | The client ID. |
| data.client_name | String | The client name. |
| data.client_type | String | Specifies whether the client is a confidential or public client. |
| data.devicetype | String | The "User-agent" of the device that made the request. For example, the browser name or the relying party client name. |
| data.entitlement | String | The IBM® Verify API access entitlements granted for this token request. |
| data.grant_id | String | The unique ID to identify the grant that was created for this token request. |
| data.grant_type | String | The grant type. For example, "client_credentials". |
| data.origin | String | IP address of the origin of this token request. |
| data.result | String | The result of this token request. For example, success or failure. |
| data.scope | String | The scope that is granted for this token request. For example, "openid" and any other scope that was granted for this request. |
| data.token_lifetime | String | How long the token generated will be valid for, in seconds. For example 7200. |
| data.token_type | String | The token type. For example, "Access token". |
| geoip.city_name geoio.continent_name geoip.country_iso_code geoip.country_name geoip.location geoip.region_name |
String | Augmented by Event service by using data.origin. |
Example
The following code is a sample payload. Use the Events APIs to get the actual attributes. See https://docs.verify.ibm.com/verify/reference/getallevents and https://docs.verify.ibm.com/verify/docs/pulling-event-data.
{
"geoip": {
"continent_name": "North America",
"city_name": "Columbus",
"country_iso_code": "USA",
"ip": "11.111.11.11",
"country_name": "United States",
"region_name": "Ohio",
"location": {
"lon": "-83.0235",
"lat": "39.9653"
}
},
"data": {
"at_hash": "AbcDeFg123hiJKlmNOpq-U",
"client_category": "API client",
"origin": "22.222.22.22",
"entitlement": "authnAnyUser performDUA createPrivacyConsent runExternalAgent generateOTP manageAccessPolicies manageAPIClients manageAppAccessOwner manageAppAccessAdmin manageAppPurpose manageAttributes manageAuthenticatorsConfig manageAuthenticatorsAnyUser manageCerts manageExternalAgents manageFederations manageIdentitySources manageOIDCConsents manageOIDCGrants manageOidcDynamicClient managePwdVault managePwdPolicy managePwdVaultConfig managePwdVaultAnyUser managePrivacyConsent managePurpose managePrivacyPolicy managePushCreds manageReports manageEnrollMFAMethodAnyUser manageMFAMethods manageTemplates manageUserStandardGroups manageUserGroups readAccessPolicies readAppConfig readAttributes readAuthenticatorsConfig readAuthenticatorsAnyUser readCerts readExternalAgents readFederations readIdentitySources readOIDCConsents readOIDCGrants readPwdVault readPwdPolicy readPwdVaultConfig readPwdVaultAnyUser readPrivacyConsent readPurpose readPrivacyPolicy readPushCreds readReports readEnrollMFAMethodAnyUser readMFAMethods readTemplates readTenantProperties readUserGroups recoverUsername resetPassword resetPasswordAnyUser performDSP manageAllUserGroups updateAnyUser",
"token_type": "Access token",
"devicetype": "UNKNOWN",
"client_id": "33333333-3333-3333-3333-333333333333",
"access_token_type": "Bearer",
"result": "success",
"token_lifetime": "7200",
"grant_type": "client_credentials",
"grant_id": "44444444-4444-4444-4444-444444444444",
"scope": "openid",
"action": "issued",
"client_name": "My client"
},
"year": 2023,
"event_type": "token",
"month": 1,
"indexed_at": 1674769220306,
"tenantid": "55555555-5555-5555-5555-555555555555",
"tenantname": "tenant name.verify.ibmcloudsecurity.com",
"correlationid": "CORR_ID-6666666666-6666-6666-6666-666666666666",
"id": "77777777-7777-7777-7777-777777777777",
"time": 1674769219931,
"day": 26
}