Keeping user information up to date across multiple systems can be challenging. With Firstup’s Webhook API, you can automatically sync user profile changes (such as role updates, name changes, or deactivations) with external HRIS platforms, Active Directory, or an employee dashboard.
Before setting up user management syncing, ensure that:
- You have a publicly accessible endpoint that can receive webhook events (e.g., your HR system’s API).
- You have API access to register webhooks via the
POST /v2/webhooks/subscriptionsendpoint. - You have permission to fetch user details using the
GET /scim/v2/users/{userId}endpoint if you need additional data. - You have API access to the
POST /v2/Users/{user_id}/forgetendpoint to forget users from your system (non-SCIM compliant). - You have the following permission scopes:
webhooks.read,webhooks.write.
| Firstup Attribute | Description |
|---|---|
name | A descriptive name for your webhook. |
url | The external system’s endpoint that will receive webhook notifications. |
events | The event type(s) to listen for. In this case, when a user is updated or deactivated. |
active | Specifies whether the webhook is active. |
| Event Name | When it Fires | Typical Action |
|---|---|---|
user.updated | Any SCIM user attribute change (e.g., role, email, group). | Call SCIM GET /scim/v2/users/{user_id} |
user.deactivated | A user is disabled or marked inactive in Firstup. | Deactivate or archive that yser in your identity system. |
user.deleted (optional) | A user is fully removed (e.g., GDPR) | Remove the user from your directory or analytics. |
Keep user records current whenever a user changes roles, email, or attributes.
- Subscribe to
user.updated.
POST /v2/webhooks/subscriptions
Authorization: Bearer <APP_TOKEN>
Content-Type: application/json
{
"url": "https://example.com/webhooks/user-sync",
"active": true,
"events": [{ "name": "user.updated", "version": "1" }]
}- Receive payload.
{
"event": "user.updated",
"timestamp": "2025-11-10T15:42:30Z",
"data": {
"user_id": "u_987",
"changed_fields": ["email", "role"]
}
}- Fetch latest SCIM record.
GET /scim/v2/Users/{user_id}
Authorization: Bearer <APP_TOKEN>
Accept: application/scim+jsonUse the response up update your external directory or CRM record.
Automatically reflect account disablement or deletion.
- Subscribe to
user.deactivated.
POST /v2/webhooks/subscriptions
{
"url": "https://example.com/webhooks/user-sync",
"active": true,
"events": [{ "name": "user.deactivated", "version": "1" }]
}- Receive payload.
{
"event": "user.deactivated",
"timestamp": "2025-11-11T08:00:00Z",
"data": { "user_id": "u_654" }
}- Verify status.
GET /scim/v2/Users/{user_id}
Response field "active": false confirms deactivation.
- If user is permanently deleted, the
/v2/Users/{user_id}/forgetendpoint removes all records. If a webhookuser.deletedevent is emitted, delete or anonymize the user on your side as well.
With webhooks, occasional reconciliation ensures no missed updates.
GET /scim/v2/Users?count=100
Compare user lists between systems nightly. Use SCIM filtering (filter=userName eq "email@example.com") to resolve discrepancies.
| Issue | Likely Cause | Fix |
|---|---|---|
404 on /scim/v2/Users/{id} | User has been forgotten or never existed | Remove or skip that user |
| No webhook deliveries | Subscription inactive or incorrect event name | Verify via GET /v2/webhooks/subscriptions |
| Duplicate events | Retry or timeout | Deduplicate by event ID |
Expecting identity.* events | These are not public | Use user.updated / user.deactivated instead |