Webhook Types

Last updated: April 1, 2020


Meveto identifies webhook calls by designated types that are simple string values. These types indicate the event that has occurred, thus allowing your app to perform the required action based on the type of the call. With each webhook call, there will always be a type parameter in the request payload. The types of calls that meveto will send are described below.

Type User_Logged_Out

Meveto will send a webhook call with type parameter set to the string "User_Logged_Out". This type indicates that a user has requested to logout of your app. The associated user will be represented by a token. There will be a user_token parameter. For more details on this process, checkout user logout.

Type Meveto_Protection_Removed

Meveto will send a webhook call with type parameter set to the string "Meveto_Protection_Removed". By default, your application should not allow those users that use Meveto, to be able to login with other authentication methods (the worst being a password based). This will only work, if your app can identify those users that have started using Meveto. A very simple way to tell whether a user has used Meveto with your app before or not, is by checking if their associated meveto_id is set to NULL or not. If Meveto ID is set for a user, reject their attempts of logging in to your application by other means. For more, read how login works and how to register users.

However, Meveto allows users to stop using Meveto. A user can request their Meveto protection to be removed from an application from their dashboard. When this happens, Meveto conveys the request to your app via a webhook call of this type. To identify the associated user, the request payload will also include user_token parameter that you can use to retrieve Meveto ID of the user. So if your application's logic identifies Meveto users of your application, as mentioned above, then your application would need to set meveto_id in your application's database back to NULL. Therefore, the rest of your application's logic should now automatically allow the user to be able to login, using other authentication methods.