{"id":18298635,"url":"https://github.com/fusionauth/fusionauth-example-php-webhook","last_synced_at":"2026-03-01T04:08:28.593Z","repository":{"id":45056345,"uuid":"285929389","full_name":"FusionAuth/fusionauth-example-php-webhook","owner":"FusionAuth","description":"Example of a webhook implementation that makes a subsequent API call.","archived":false,"fork":false,"pushed_at":"2026-02-06T22:49:25.000Z","size":14,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":9,"default_branch":"main","last_synced_at":"2026-02-07T09:42:59.548Z","etag":null,"topics":["example","fusionauth","php","webhooks"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FusionAuth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-08-07T22:11:48.000Z","updated_at":"2024-07-28T05:55:34.000Z","dependencies_parsed_at":"2024-07-28T06:52:26.682Z","dependency_job_id":null,"html_url":"https://github.com/FusionAuth/fusionauth-example-php-webhook","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/FusionAuth/fusionauth-example-php-webhook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-example-php-webhook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-example-php-webhook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-example-php-webhook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-example-php-webhook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FusionAuth","download_url":"https://codeload.github.com/FusionAuth/fusionauth-example-php-webhook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-example-php-webhook/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29960235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T01:47:18.291Z","status":"online","status_checked_at":"2026-03-01T02:00:07.437Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["example","fusionauth","php","webhooks"],"created_at":"2024-11-05T15:06:36.035Z","updated_at":"2026-03-01T04:08:28.575Z","avatar_url":"https://github.com/FusionAuth.png","language":"PHP","readme":"# Lock account webhook\n\nThis repository is a webhook to listen for a breached password event on login. If a user has compromised credentials, the system will lock their account.\n\nYou can read the blog post here: https://fusionauth.io/blog/2020/08/13/locking-an-account-with-breached-password\n\n## To use\n\nNote that breached password detection is a feature available to FusionAuth installations with valid license keys. However you can modify this code to listen for any [webhook event](https://fusionauth.io/docs/v1/tech/events-webhooks/events) to allow for external processing of user data changes.\n\n### Prerequisites\n\n* A modern PHP\n* FusionAuth installed\n* This repo\n\n### Setup\n\n* Clone this repo and change directory into it.\n* Run `composer install`.\n* Create an API key for locking the user account.\n* Update `config.php` with the API key, your authorization header value, and your FusionAuth instance URL, if needed.\n* Start a webserver: `php -S 0.0.0.0:8000` . This should not be used for production.\n* Log into the administrative user interface.\n* Go to the *Reactor* tab.\n* Enable breached password detection by entering a valid license key in the *Reactor* tab.\n* Navigate to the *Tenant* section and edit the tenant for which you want to enable webhooks.\n* Go to the *Webhooks* tab and enable the `user.password.breach` webhook. Change the transaction setting to 'All the webhooks must succeed'.\n* Navigate to the *Password* tab and to the *Breached password detection settings* section. \n* Click the 'Enabled' checkbox to enable this functionality.\n* Change the 'On Login' option to be 'Only record the result'.\n* Navigate to the *Settings* section and then to *Webhooks* \n* Create a new webhook.\n  * Set the value of the URL to: \"http://localhost:8000/webhook.php\"\n  * Uncheck all the events except for `user.password.breach`\n  * Set the appropriate authorization header value under the 'Headers' tab.\n  * Save it\n* You should be able to test it out. \n  * If the event type is anything other than `user.password.breach` the webhook will just log a message.\n\n### To use\n\n* Create a user with an insecure password such as `password` via the *Users* section.\n  * You may need to disable the breached password detection first and then add the user and then re-enable it.\n* In an incognito window, login as this user.\n* You should not be able to login.\n\nLook at the user in the administrative interface and you should see the account is now locked.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffusionauth%2Ffusionauth-example-php-webhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffusionauth%2Ffusionauth-example-php-webhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffusionauth%2Ffusionauth-example-php-webhook/lists"}