Skip to main content
WEBHOOK
profile.updated
{
  "id": "evt_00000000000000000000000000",
  "type": "<string>",
  "created_at": 123,
  "location": {
    "funnel_id": "<string>",
    "funnel_version": 123,
    "origin": "<string>",
    "query": "<string>",
    "query_params": {},
    "sandbox": true,
    "onboarding": "<string>",
    "experiment_id": "<string>",
    "experiment_title": "<string>",
    "experiment_alias": "<string>"
  },
  "profile": {
    "id": "pro_00000000000000000000000000",
    "session_id": "ses_00000000000000000000000000",
    "email": "me@example.com",
    "country": "GB",
    "ip": "00.00.000.00",
    "city": "Birmingham",
    "time_zone": "Europe/London",
    "user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X)",
    "locale": "🇪🇸 Spanish",
    "locale_code": "en_US"
  },
  "project_id": "00000000000000000000000000",
  "is_sandbox": false,
  "session_id": "ses_00000000000000000000000000",
  "data": {
    "id": "pro_00000000000000000000000000",
    "email": "me@example.com",
    "phone_number": "+1234567890",
    "password_hashes": {
      "argon2id": "$argon2id$v=19$m=65536,t=1,p=4$[salt]$[hash]",
      "bcrypt": "$2a$10$[salt-and-hash]",
      "pbkdf2_sha256": "$pbkdf2-sha256$i=100000$[salt]$[hash]",
      "scrypt": "$scrypt$n=32768,r=8,p=1$[salt]$[hash]"
    }
  },
  "funnel_id": "00000000000000000000000000",
  "profile_id": "pro_00000000000000000000000000"
}

Body

application/json

Fires when:

  • A user updates profile information such as their email, password, or phone number — even if those details are entered across different funnel screens (for example, updating a password on one screen and an email on another).
  • The FunnelFox Billing user - update email webhook is received.
  • A user signs in using an OAuth button or by entering their email in the funnel.
  • You update a user’s email from the Customers dashboard page.

Password hashes

When a password is updated, the webhook includes password hashes in 4 different formats to ensure compatibility with various authentication systems:

  • argon2id: Modern, secure algorithm. Format: $argon2id$v=19$m=65536,t=1,p=4$salt$hash (PHC format).
  • bcrypt: Widely supported. Format: $2a$10$... (standard bcrypt format).
  • pbkdf2_sha256: FIPS-compliant. Format: $pbkdf2-sha256$i=100000$salt$hash (PHC format).
  • scrypt: Memory-hard algorithm. Format: $scrypt$n=32768,r=8,p=1$salt$hash (PHC format).

All passwords are normalized to UTF-8 NFC before hashing. Salts are randomly generated for each hash.

The hashes follow the PHC string format specification where applicable.

Learn about password hashes verification.

id
string
required
Example:

"evt_00000000000000000000000000"

type
string
required
Examples:

"onboarding.started"

"onboarding.completed"

"purchase.completed"

"profile.updated"

"subscription.activated"

"subscription.cancelled"

"subscription.renewed"

created_at
integer<int64>
required

UNIX timestamp in seconds

location
object
required
profile
object
required
project_id
string
required
Example:

"00000000000000000000000000"

is_sandbox
boolean
required
Example:

false

session_id
string
required
Example:

"ses_00000000000000000000000000"

data
object
required
funnel_id
string
deprecated
Example:

"00000000000000000000000000"

profile_id
string
deprecated
Example:

"pro_00000000000000000000000000"

Response

200

Event received successfully