Failed Login webhook payload
Unlike most other webhook types, the Failed Login webhook does not have a resource.url (the value is null) because failed login attempts do not correspond to a retrievable API resource.
When this webhook fires
- Failed Login Added — When a user fails to authenticate (for example, by entering an incorrect password).
Content payload
When a Failed Login:Added webhook is triggered, the
content section of the payload includes the following attributes:
| Attribute | Type | Description |
|---|---|---|
| userEmail | String | The email address that was used in the failed login attempt. |
| ipAddress | String | The IP address from which the failed login attempt originated. |
| partner | String | The identifier of the marketplace (tenant) where the failed login attempt occurred. |
| attemptedAt | String | The timestamp of the failed login attempt, in ISO 8601 format (for example, 2026-03-15T14:30:00Z). May be null if the timestamp is unavailable. |
| failedAttemptCount | Integer | The total number of consecutive failed login attempts for this user. This count resets after a successful login. |
Example payload
{
"uuid": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"timestamp": 1742054400000,
"resource": {
"type": "UNSUCCESSFUL_LOGIN_ATTEMPT",
"uuid": null,
"url": null,
"content": {
"userEmail": "johndoe@example.com",
"ipAddress": "192.168.1.100",
"partner": "ACME",
"attemptedAt": "2026-03-15T14:30:00Z",
"failedAttemptCount": 3
}
},
"resourceAction": "ADDED"
}
Was this page helpful?
Tell us more…
Help us improve our content. Responses are anonymous.
Thanks
We appreciate your feedback!