Create Hooks

You can create multiple Hooks for any given extensibility point using the Dashboard or Management API. To learn more, read Extensibility Points.

You can also import and export Hooks using the Deploy Command-Line Interface (CLI) tool. To learn more, read Deploy CLI Tool.

Although you may create multiple Hooks for any given extensibility point, each extensibility point may have only one enabled Hook at a time. The enabled Hook will be executed for all applications and APIs.

Optionally, you can add secrets (such as Twilio Keys or database connection strings) to Hooks.

When creating new Hooks, Auth0 automatically enables the first Hook you create for an extensibility point. Any subsequent Hooks you create for that extensibility point are automatically disabled, so you must explicitly enable them.

Go to Auth0 Dashboard > Auth Pipeline > Hooks and click + Create.
Enter a descriptive name for your Hook, select the extensibility point for which the Hook should execute, and click Create.
Locate the section for the extensibility point you selected, and click the pencil icon next to the Hook you created.
Update the Hook using the Hook Editor and click the disk icon to save.

Make a POST call to the Create a Hook endpoint. Be sure to replace MGMT_API_ACCESS_TOKEN, HOOK_NAME, HOOK_SCRIPT, and EXTENSIBILITY_POINT_NAME placeholder values with your Management API access token, Hook name, Hook script, and extensibility point name, respectively.

cURL
C#
Go
Java
Node.JS
Obj-C
...
- PHP
- Python
- Ruby
- Swift

curl --request POST \
  --url 'https://YOUR_DOMAIN/api/v2/hooks' \
  --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/json' \
  --data '{ "name": "HOOK_NAME", "script": "HOOK_SCRIPT", "triggerId": "EXTENSIBILITY_POINT_NAME" }'

Was this helpful?/

var client = new RestClient("https://YOUR_DOMAIN/api/v2/hooks");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MGMT_API_ACCESS_TOKEN");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/json", "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"triggerId\": \"EXTENSIBILITY_POINT_NAME\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Was this helpful?/

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://YOUR_DOMAIN/api/v2/hooks"

	payload := strings.NewReader("{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"triggerId\": \"EXTENSIBILITY_POINT_NAME\" }")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("content-type", "application/json")
	req.Header.Add("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
	req.Header.Add("cache-control", "no-cache")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Was this helpful?/

HttpResponse<String> response = Unirest.post("https://YOUR_DOMAIN/api/v2/hooks")
  .header("content-type", "application/json")
  .header("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
  .header("cache-control", "no-cache")
  .body("{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"triggerId\": \"EXTENSIBILITY_POINT_NAME\" }")
  .asString();

Was this helpful?/

var axios = require("axios").default;

var options = {
  method: 'POST',
  url: 'https://YOUR_DOMAIN/api/v2/hooks',
  headers: {
    'content-type': 'application/json',
    authorization: 'Bearer MGMT_API_ACCESS_TOKEN',
    'cache-control': 'no-cache'
  },
  data: {
    name: 'HOOK_NAME',
    script: 'HOOK_SCRIPT',
    triggerId: 'EXTENSIBILITY_POINT_NAME'
  }
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error);
});

Was this helpful?/

#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"content-type": @"application/json",
                           @"authorization": @"Bearer MGMT_API_ACCESS_TOKEN",
                           @"cache-control": @"no-cache" };
NSDictionary *parameters = @{ @"name": @"HOOK_NAME",
                              @"script": @"HOOK_SCRIPT",
                              @"triggerId": @"EXTENSIBILITY_POINT_NAME" };

NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://YOUR_DOMAIN/api/v2/hooks"]
                                                       cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                   timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
                                                }
                                            }];
[dataTask resume];

Was this helpful?/

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://YOUR_DOMAIN/api/v2/hooks",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"triggerId\": \"EXTENSIBILITY_POINT_NAME\" }",
  CURLOPT_HTTPHEADER => [
    "authorization: Bearer MGMT_API_ACCESS_TOKEN",
    "cache-control: no-cache",
    "content-type: application/json"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Was this helpful?/

import http.client

conn = http.client.HTTPSConnection("")

payload = "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"triggerId\": \"EXTENSIBILITY_POINT_NAME\" }"

headers = {
    'content-type': "application/json",
    'authorization': "Bearer MGMT_API_ACCESS_TOKEN",
    'cache-control': "no-cache"
    }

conn.request("POST", "/YOUR_DOMAIN/api/v2/hooks", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

Was this helpful?/

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://YOUR_DOMAIN/api/v2/hooks")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MGMT_API_ACCESS_TOKEN'
request["cache-control"] = 'no-cache'
request.body = "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"triggerId\": \"EXTENSIBILITY_POINT_NAME\" }"

response = http.request(request)
puts response.read_body

Was this helpful?/

import Foundation

let headers = [
  "content-type": "application/json",
  "authorization": "Bearer MGMT_API_ACCESS_TOKEN",
  "cache-control": "no-cache"
]
let parameters = [
  "name": "HOOK_NAME",
  "script": "HOOK_SCRIPT",
  "triggerId": "EXTENSIBILITY_POINT_NAME"
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://YOUR_DOMAIN/api/v2/hooks")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Was this helpful?/

Value	Description
`MGMT_API_ACCESS_TOKEN`	Access Token for the Management API with the scope `create:hooks`. To learn more, read Management API Access Tokens.
`HOOK_NAME`	Name of the Hook to create.
`HOOK_SCRIPT`	Script that contains the code for the Hook. Should match what you would enter if you were creating a new Hook using the Dashboard.
`EXTENSIBILITY_POINT_NAME`	Name of the extensibility point for which the Hook should execute. Options include: `credentials-exchange`, `pre-user-registration`, `post-user-registration`, `post-change-password`. To learn more about extensibility points, read Extensibiity Points.

Handle Rate Limits when calling APIs from within Hooks

If you call Auth0 APIs from within a Hook's script, you will need to handle rate limits. To do so, check the X-RateLimit-Remaining header and act appropriately when the number returned nears 0.

Additionally, add logic to handle cases in which you exceed the provided rate limits and receive the 429 HTTP Status Code (Too Many Requests). In this case, if a re-try is needed, it is best to allow for a back-off to avoid going into an infinite retry loop.

To explore starter code and sample Hook scripts, see the documentation for your chosen extensibility point:

Docs

Create Hooks

Create Hooks

Create Hooks using the Dashboard

Create Hooks using the Management API

Handle Rate Limits when calling APIs from within Hooks

Explore starter code and sample Hook scripts

Was this article helpful?