The Oauth Token webhook is described below. Note that webhooks deliver only the event notification. The actual data must be read using the provided event details.
Webhook Subject: API_CLIENT_OAUTH_TOKEN
Supported events:
Webhook for deletion notification for Oauth tokens. The OAuth token endpoint is primarily used for revocation of OAuth tokens for integrations.
As integrations are installed for a user via an OAuth flow, the user who granted the access can always revoke them however this can impact your integration overall. To mitigate that risk and be notified when the user who granted the OAuth access e.g. linking Xero or HubSpot, listen for the OAuth deletion events.
Below is an example webhook payload (pretty printed):
{
"trigger" : {
"urn" : "6099cb4a-00a5-4e08-8a8d-c570254b5757",
"owner" : {
"urn" : "32a90f18-aaa0-4bdc-a63e-4efd2e16c28c",
"url" : "/n/v1/company/32a90f18-aaa0-4bdc-a63e-4efd2e16c28c"
},
"timestamp" : "2026-05-29T13:45:32",
"subject" : "API_CLIENT_OAUTH_TOKEN",
"event" : "CREATE",
"targetUrn" : "fdcb0191-8408-4132-abf7-57adeafe59e2"
},
"subscription" : {
"urn" : "691be1de-09df-411d-ad4a-3cc7ec771cd4",
"subject" : "API_CLIENT_OAUTH_TOKEN",
"event" : "ALL",
"destinationUrl" : "https://example.com/webhooks/oauthtoken",
"auth" : "BEARER",
"expirationTimestamp" : "2026-06-28T13:45:32",
"eventsPerMinute" : 500
},
"v1" : {
"urn" : "fdcb0191-8408-4132-abf7-57adeafe59e2",
"url" : "/n/v1/oauthtoken/fdcb0191-8408-4132-abf7-57adeafe59e2"
}
}