View the History of a Webhook Event

Endpoint URL: {identityDomain} /{customerId} /webhooks/subscriptions/{subscriptionId}/events/{eventId}/history


Important. This endpoint is designed for testing and troubleshooting; it's not designed as an alternate way to monitor and download webhook events. That's the job of your listener endpoint.

Returns the event history for the specified webhooks event. From the time an event occurs to the time a notification of that event is successfully delivered to the listener endpoint, the event passes through several states. These states, which are recorded in a relational database table and can be retrieved by using the /{eventId}/history endpoint, are listed in the following table:

Event State



The event is ready for delivery. When the delivery process actually begins, the event state changes to executing.


The event is being delivered.

By design, events are not delivered if a webhook subscription is disabled. So what happens if an event is marked as executing(but hasn’t been delivered yet) at the very moment that a subscription is disabled? In that case, the process continues and the event will be delivered (and marked as success). However, if delivery fails the process ends: delivery will not be retried if the subscription has been disabled.


The event was successfully delivered to the listener endpoint.


The event could not be delivered. With one exception, events are not marked as failure until they have reached the number of allowed retries (see the retry parameter for more information).

The one exception? Delivery attempts that result in an HTTPS status code of 1xx or 3xx are automatically marked as failures and are not retried.

Note that failure events are not immediately discarded; instead, all events (including failure events) are maintained in the Identity Cloud event store for 7 days. 


The event could not be delivered and has been scheduled for another delivery try. The delivery schedule for event notifications works like this:

  • Webhooks v3 attempts to deliver the event.
  • If delivery fails, the system waits 3 seconds and then tries a second time to deliver the event.
  • If the second delivery attempt fails, the system waits 30 seconds and tries again.
  • If the third delivery attempt fails, the system waits 5 minutes and tries again .
  • If the fourth delivery attempt fails, the system waits 1 hour and tries again.
  • If the fifth delivery attempt fails, the system waits 24 hours and tries again.

If the sixth delivery attempt fails the event is marked as failure and no further delivery attempts are scheduled. 

At a minimum, each event passes through the following three states:

  1. awaiting-executing
  2. executing
  3. success

Note that the Webhooks v3 APIs all have an API response timeout of 10 seconds.

Respects the API Client Allow List: No

Base URL

The base URL for this endpoint is your Identity Cloud API URL, including the appropriate region. For example, if you are in the US region, then your base URL will look like this:

If you are in the Australian (AU) region your base URL will look like this: 

URL path parameters








Unique identifier of the organization (customer) associated with the webhooks subscription whose event history is being retrieved. For example:





Unique identifier of the webhooks subscription associated with the event whose history is being checked. For example:





Unique identifier of the webhooks event whose history is being returned. For example:


Request Parameters

No additional parameters are required to call this endpoint.


This endpoint requires token-based authentication. To obtain an access token, you must use a confidential client (using the client ID as the username and the client secret as the password) to access the /{customerId}/login/token endpoint. The access token returned from that endpoint is then used in the Authorization header of your API call. For example, if you get back the access token 03v-eeodppPrrHXXIx56pRLyDBaOldDxqEwI59MFCFGVuSkLRapzgmfwmEHyKWle then your Authorization header will look like this when using Curl:

-H 'Authorization: Bearer 03v-eeodppPrrHXXIx56pRLyDBaOldDxqEwI59MFCFGVuSkLRapzgmfwmEHyKWle'

In Postman, set the Authorization Type to Bearer and use the access token as the value of the Token field.

Sample Request (curl)

The following command returns the event history for the event notification with the ID 28da8068-61cc-4af3-8d5e-ae49a02dd47b:

curl -X GET \ e5269842-024f-49bf-8a39-67aec8048b42/events/28da8068-61cc-4af3-8d5e-ae49a02dd47b \
  -H 'Authorization: Bearer Xk7EzdpGq5GPQcsxCWM2SxdlwU_iTsA4i2Px4TEzBrfLIvddjnDVBJxjPDuCARHH'


200 OK

If your call to this endpoint succeeds, you'll get back the complete event history for the specified event notification:

    "total": 3,
    "_links": {
        "self": {
            "href": "/00000000-0000-0000-0000-000000000000/webhooks/subscriptions/e5269842-024f-49bf-8a39-67aec8048b42/events/28da8068-61cc-4af3-8d5e-ae49a02dd47b/history"

        "redeliver": {
            "href": "/00000000-0000-0000-0000-000000000000/webhooks/subscriptions/e5269842-024f-49bf-8a39-67aec8048b42/events/28da8068-61cc-4af3-8d5e-ae49a02dd47b/redeliver"
    "_embedded": [
            "id": "28da8068-61cc-4af3-8d5e-ae49a02dd47b",
            "createdAt": "2020-01-27T16:53:51.554764Z",
            "updatedAt": "2020-01-27T16:53:50.815936Z",
            "state": "success",
            "attempts": 1,
            "request": {
                "endpoint": ""
                "headers": {
                    "Accept": "*/*",
                    "Content-Length": "1293",
                    "Content-Type": "application/secevent+jwt",
                    "Host": "",
                    "User-Agent": "Akamai Identity Cloud Webhooks/v3.0.0"
                "payload": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFkYzEyMDczNjk5YzY4YzFkYWVlNmM5YTEwMGUyYjQzZmViZGNkOTIifQ.eyJhdWQiOlsiaHR0cHM6Ly93ZWJob29rLnNpdGUvNDZmZjNjNWUtYWU5NS00M2RmLWIzMmQtZDA3YmI4NDc0NmI0Il0sImV2ZW50cyI6eyJlbnRpdHlVcGRhdGVkIjp7ImF0dHJpYnV0ZXMiOlsiZmFtaWx5TmFtZSJdLCJjYXB0dXJlQXBwbGljYXRpb25JZCI6IjN2YWRiYTN2aHFwa2RndHNycWQ0c3Q3Nm0zIiwiY2FwdHVyZUNsaWVudElkIjoiM2ZwNHp0OXQyNTZqcWs0dHgzNXd1ajRhcDJlNTNocTkiLCJlbnRpdHlUeXBlIjoidXNlciIsImdsb2JhbFN1YiI6ImNhcHR1cmUtdjE6Ly9hcHAuY2FwdHVyZS5tdWx0aS5kZXYub3IuamFucmFpbi5jb20vM3ZhZGJhM3ZocXBrZGd0c3JxZDRzdDc2bTMvdXNlci9lNDk5YWMyNC00NmJkLTRkODUtOTFlZS1iZGVhZGQ0NDZjMWUiLCJzdWIiOiJlNDk5YWMyNC00NmJkLTRkODUtOTFlZS1iZGVhZGQ0NDZjMWUifX0sImlhdCI6MTU4MDE0NDAzMCwiaXNzIjoiaHR0cHM6Ly9hcGkubXVsdGkuZGV2Lm9yLmphbnJhaW4uY29tLzAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMC93ZWJob29rcyIsImp0aSI6IjFlNTY5YmI1LWMyMWQtNGU5Yy1hMWFhLTdlYzNiODMxYmRhMiIsInRvZSI6MTU4MDE0NDAzMDczOSwidHhuIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0.D4PsqQiwvXmd-3bons9JcqHEf69Tw46I2C4Zg713gw8Y11QPLywKXMveFzgmRRVS3OyG38LVSz6wJfmn02Du4hlMpi44Rnna_k9rv1WTxC7CFOFqVXzJyQ-TvSdYLEU5hfCpfodlyeE4v-SPZoOfZ-kQdUa8vPm4wiOOnr0QfZlY3uTRcPczY3jy2Gv6eLRSjk2q4LY0-rYHHaojHofYJARahGjah9JrkmbTaMkvuv3CwBnUrKkp2nomOzl2Z858xaRUrgHfgXEuOYrhasRrbcAn-MyuQfY7hlPjSl8Lka25JgeIOmCLpK2-fFZ0rDW1k1MzHak6q2rftE7vSvObcw"
            "response": {
                "statusCode": 200
                "headers": {
                    "Cache-Control": "no-cache, private",
                    "Content-Type": "text/plain; charset=UTF-8",
                    "Date": "Mon, 27 Jan 2020 16:53:51 GMT",
                    "Server": "nginx/1.14.2",
                    "Set-Cookie": "laravel_session=0WvS2SrKRs0In3XSBAdlLykpCCTTnJmzLnCYljfw; expires=Mon, 27-Jan-2020 18:53:51 GMT; Max-Age=7200; path=/; httponly",
                    "Vary": "Accept-Encoding",
                    "X-Ratelimit-Limit": "100",
                    "X-Ratelimit-Remaining": "97",
                    "X-Request-Id": "11d339a3-17bd-457d-abde-64c5810e5244",
                    "X-Token-Id": "46ff3c5e-ae95-43df-b32d-d07bb84746b4"
            "eventType": "entityUpdated"
            "id": "28da8068-61cc-4af3-8d5e-ae49a02dd47b",
            "createdAt": "2020-01-27T16:53:50.82427Z",
            "updatedAt": "2020-01-27T16:53:50.815936Z"
            "state": "executing",
            "attempts": 1
            "request": null,
            "response": null,
            "eventType": "entityUpdated"
            "id": "28da8068-61cc-4af3-8d5e-ae49a02dd47b",
            "createdAt": "2020-01-27T16:53:50.815936Z",
            "updatedAt": "2020-01-27T16:53:50.815936Z",
            "state": "awaiting-scheduling"
            "attempts": 0,
            "request": null
            "response": null,
            "eventType": "entityUpdated"

Note. The API response includes a redeliver property and points to a redelivery URL. This URL is not used in Webhooks v3. Instead, the URL is reserved for future use.

Error Response Codes

The following table includes information about some of the other response codes that you might encounter when calling this endpoint.

Response Code



Forbidden. You do not have permission to access the requested resource. You will often see this error if you are using an expired access token. By default, access tokens can only be used for one hour before they need to be replaced.


Not found. The specified customer, the specified event, and/or the specific webhooks subscription could not be found.