Update Hooks

You can update Hooks configured for any given extensibility point using the Dashboard or Management API.

You can also import and export Hooks using the Deploy Command-Line Interface (CLI) tool.

Optionally, you can add secrets (such as Twilio Keys or database connection strings) to Hooks.

Rename Hooks using the Dashboard

  1. Go to Auth0 Dashboard > Auth Pipeline > Hooks and click the gear icon next to the Hook you want to rename.

  2. Click Rename.

  3. Type a new name for the Hook and click Rename.

    Auth0 Rename Hooks

Update hook scripts using the Dashboard

  1. Go to Auth0 Dashboard > Auth Pipeline > Hooks and click the pencil icon next to the Hook you want to update.

    Auth0 Hooks select a Hook
  2. Update the Hook using the Hook Editor and click the disk icon to save.

    Auth0 Hook Editor

Update Hooks using the Management API

Make a PATCH call to the Update a Hook endpoint. Be sure to replace HOOK_ID and MGMT_API_ACCESS_TOKEN placeholder values with your Hook ID and Management API Access Token, respectively.

curl --request PATCH \
  --url 'https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID' \
  --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/json' \
  --data '{ "name": "HOOK_NAME", "script": "HOOK_SCRIPT", "enabled": "true" }'
var client = new RestClient("https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID");
var request = new RestRequest(Method.PATCH);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MGMT_API_ACCESS_TOKEN");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/json", "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"enabled\": \"true\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
package main

import (

func main() {

	url := "https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID"

	payload := strings.NewReader("{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"enabled\": \"true\" }")

	req, _ := http.NewRequest("PATCH", url, payload)

	req.Header.Add("content-type", "application/json")
	req.Header.Add("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
	req.Header.Add("cache-control", "no-cache")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)


HttpResponse<String> response = Unirest.patch("https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID")
  .header("content-type", "application/json")
  .header("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
  .header("cache-control", "no-cache")
  .body("{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"enabled\": \"true\" }")
var axios = require("axios").default;

var options = {
  method: 'PATCH',
  url: 'https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID',
  headers: {
    'content-type': 'application/json',
    authorization: 'Bearer MGMT_API_ACCESS_TOKEN',
    'cache-control': 'no-cache'
  data: {name: 'HOOK_NAME', script: 'HOOK_SCRIPT', enabled: 'true'}

axios.request(options).then(function (response) {
}).catch(function (error) {
#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"content-type": @"application/json",
                           @"authorization": @"Bearer MGMT_API_ACCESS_TOKEN",
                           @"cache-control": @"no-cache" };
NSDictionary *parameters = @{ @"name": @"HOOK_NAME",
                              @"script": @"HOOK_SCRIPT",
                              @"enabled": @"true" };

NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID"]
[request setHTTPMethod:@"PATCH"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
[dataTask resume];
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID",
  CURLOPT_POSTFIELDS => "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"enabled\": \"true\" }",
    "authorization: Bearer MGMT_API_ACCESS_TOKEN",
    "cache-control: no-cache",
    "content-type: application/json"

$response = curl_exec($curl);
$err = curl_error($curl);


if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
import http.client

conn = http.client.HTTPSConnection("")

payload = "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"enabled\": \"true\" }"

headers = {
    'content-type': "application/json",
    'authorization': "Bearer MGMT_API_ACCESS_TOKEN",
    'cache-control': "no-cache"

conn.request("PATCH", "/YOUR_DOMAIN/api/v2/hooks/HOOK_ID", payload, headers)

res = conn.getresponse()
data = res.read()

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Patch.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MGMT_API_ACCESS_TOKEN'
request["cache-control"] = 'no-cache'
request.body = "{ \"name\": \"HOOK_NAME\", \"script\": \"HOOK_SCRIPT\", \"enabled\": \"true\" }"

response = http.request(request)
puts response.read_body
import Foundation

let headers = [
  "content-type": "application/json",
  "authorization": "Bearer MGMT_API_ACCESS_TOKEN",
  "cache-control": "no-cache"
let parameters = [
  "name": "HOOK_NAME",
  "script": "HOOK_SCRIPT",
  "enabled": "true"
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://YOUR_DOMAIN/api/v2/hooks/HOOK_ID")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PATCH"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  } else {
    let httpResponse = response as? HTTPURLResponse


Value Description
HOOK_ID ID of the Hook to update.
MGMT_API_ACCESS_TOKEN Access Tokens for the Management API with the scope update:hooks. To learn more, read Management API Access Tokens.
HOOK_NAME Name of the Hook to create.
HOOK_SCRIPT Script that contains the code for the Hook. Should match what you would enter if you were creating a new hook using the Dashboard.

The enabled property represents whether the rule is enabled (true) or disabled (false).

Handle Rate Limits when calling APIs from within Hooks

If you call Auth0 APIs from within a Hook's script, you will need to handle rate limits. To do so, check the X-RateLimit-Remaining header and act appropriately when the number returned nears 0.

Additionally, add logic to handle cases in which you exceed the provided rate limits and receive the 429 HTTP Status Code (Too Many Requests). In this case, if a re-try is needed, it is best to allow for a back-off to avoid going into an infinite retry loop.