Documentation updates for APIs related to webhook changes

site/docs/src/json/applications/post-request.json

@@ -131,8 +131,5 @@
       "xmlSignatureC14nMethod": "exclusive_with_comments",
       "xmlSignatureLocation": "Assertion"
     }
-  },
-  "webhookIds": [
-    "00000000-0000-0000-0000-000000000042"
-  ]
+  }
 }

site/docs/src/json/applications/put-request.json

@@ -85,8 +85,5 @@
         "numberOfDaysToRetain": 30
       }
     }
-  },
-  "webhookIds": [
-    "00000000-0000-0000-0000-000000000042"
-  ]
+  }
 }

site/docs/src/json/tenants/request.json

@@ -59,7 +59,7 @@
       "security": "TLS",
       "setPasswordEmailTemplateId": "a9aba13e-0125-4fd7-a2b1-aaa146b02423",
       "twoFactorMethodAddEmailTemplateId": "7c3045c7-97d8-47f8-8725-61b93deacf5d",
-      "twoFactorMethodRemoveEmailTemplateId": "8c3045c7-97d8-47f8-8725-61b93deacf5d"
+      "twoFactorMethodRemoveEmailTemplateId": "8c3045c7-97d8-47f8-8725-61b93deacf5d",
       "unverified": {
         "allowEmailChangeWhenGated": false,
         "behavior": "Allow"
@@ -345,6 +345,9 @@
         "numberOfDigits": 5,
         "separator": "#"
       }
-    }
+    },
+    "webhookIds": [
+      "00000000-0000-0000-0000-000000000042"
+    ]
   }
 }

site/docs/src/json/webhooks/request.json

@@ -1,9 +1,5 @@
 {
   "webhook": {
-    "applicationIds": [
-      "00000000-0000-0000-0000-000000000003",
-      "00000000-0000-0000-0000-000000000004"
-    ],
     "connectTimeout": 1000,
     "data": { "updatedBy" : "richard" },
     "description": "The standard game Webhook",
@@ -20,6 +16,10 @@
     "httpAuthenticationUsername": "username",
     "readTimeout": 2000,
     "sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
+    "tenantIds": [
+      "32306536-3036-6431-3865-646430303332",
+      "30663132-6464-6665-3032-326466613934"
+    ],
     "url": "http://mygameserver.local:7001/fusionauth-webhook"
   }
 }

site/docs/src/json/webhooks/response.json

@@ -1,9 +1,5 @@
 {
   "webhook": {
-    "applicationIds": [
-      "00000000-0000-0000-0000-000000000003",
-      "00000000-0000-0000-0000-000000000004"
-    ],
     "connectTimeout": 1000,
     "data": { "updatedBy" : "richard" },
     "description": "The standard game Webhook",
@@ -23,6 +19,10 @@
     "lastUpdateInstant": 1595361143101,
     "readTimeout": 2000,
     "sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
+    "tenantIds": [
+      "32306536-3036-6431-3865-646430303332",
+      "30663132-6464-6665-3032-326466613934"
+    ],
     "url": "http://mygameserver.local:7001/fusionauth-webhook"
   }
 }

site/docs/src/json/webhooks/responses.json

@@ -1,10 +1,6 @@
 {
   "webhooks": [
     {
-      "applicationIds": [
-        "00000000-0000-0000-0000-000000000003",
-        "00000000-0000-0000-0000-000000000004"
-      ],
       "connectTimeout": 1000,
       "data": { "updatedBy" : "richard" },
       "description": "The standard game Webhook",
@@ -24,6 +20,10 @@
       "lastUpdateInstant": 1595361143101,
       "readTimeout": 2000,
       "sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\n-----END CERTIFICATE-----",
+      "tenantIds": [
+        "32306536-3036-6431-3865-646430303332",
+        "30663132-6464-6665-3032-326466613934"
+      ],
       "url": "http://mygameserver.local:7001/fusionauth-webhook"
     }
   ]

site/docs/v1/tech/apis/_application-request-body.adoc

@@ -478,8 +478,10 @@ The Id of the Email Template that is used to send the Registration Verification
 [field]#application.verifyRegistration# [type]#[Boolean]# [optional]#Optional# [default]#Defaults to `false`#::
 Whether or not registrations to this Application may be verified. When this is set to `true` the `verificationEmailTemplateId` parameter is also required.
 
-[field]#webhookIds# [type]#[Array<UUID>]# [optional]#Optional#::
+[field]#webhookIds# [type]#[Array<UUID>]# [optional]#Optional# [deprecated]#Deprecated#::
 An array of Webhook Ids. For Webhooks that are not already configured for All Applications, specifying an Id on this request will indicate the associated Webhook should handle events for this application.
++
+[deprecated]#Removed in version 1.37.0# In version 1.37.0 and beyond, Webhooks configuration can be managed in the `link:/docs/v1/tech/apis/tenants[Tenant API]`.
 
 ifdef::includeRoles[]
 [source,json]

site/docs/v1/tech/apis/_tenant-request-body.adoc

@@ -875,6 +875,9 @@ This strategy instructions FusionAuth when to append a unique suffix to the user
 * `Always` - Always append a unique suffix even when the requested username is not in use.
 * `OnCollision` - Only append a unique suffix when the requested username is in use.
 
+[field]#webhookIds# [type]#[Array<UUID>]# [optional]#Optional# [since]#Available since 1.37.0#::
+An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.
+
 [source,json]
 .Example Request JSON
 ----

site/docs/v1/tech/apis/_webhook-request-body.adoc

@@ -1,8 +1,10 @@
 ==== Request Body
 
 [.api]
-[field]#webhook.applicationIds# [type]#[Array<UUID>]# [optional]#Optional#::
+[field]#webhook.applicationIds# [type]#[Array<UUID>]# [optional]#Optional# [deprecated]#Deprecated#::
 The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the [field]#global# field is `false`, this Webhook will not be used. Typically [field]#global# should be set to `true`.
++
+[deprecated]#Removed in version 1.37.0# In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field [field]#tenantIds#.
 
 [field]#webhook.connectTimeout# [type]#[Integer]# [required]#Required#::
 The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
@@ -46,6 +48,9 @@ The read timeout in milliseconds used when FusionAuth sends events to the Webhoo
 [field]#webhook.sslCertificate# [type]#[String]# [optional]#Optional#::
 An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.
 
+[field]#webhook.tenantIds# [type]#[Array<UUID>]# [optional]#Optional# [since]#Available since 1.37.0#::
+The Ids of the Tenants that this Webhook should be associated with. If no Ids are specified and the [field]#global# field is `false`, this Webhook will not be used.
+
 [field]#webhook.url# [type]#[String]# [required]#Required#::
 The fully qualified URL of the Webhook's endpoint that will accept the event requests from FusionAuth.
 

site/docs/v1/tech/apis/_webhook-response-body-base.adoc

@@ -1,6 +1,8 @@
 [.api]
-[field]#{base_field_name}.applicationIds# [type]#[Array<UUID>]#::
-The Ids of the Applications that this Webhook should be associated with. If no Ids are specified and the `global` field is false, this Webhook will not be used.
+[field]#{base_field_name}.applicationIds# [type]#[Array<UUID>]# [optional]#Optional# [deprecated]#Deprecated#::
+The Ids of the Applications that this Webhook is associated with. If no Ids are returned and the [field]#global# field is `false`, this Webhook is not used. Typically [field]#global# should be set to `true`.
++
+[deprecated]#Removed in version 1.37.0# In version 1.37.0 and beyond, Webhooks are optionally associated with Tenants instead of Applications. See new field [field]#tenantIds#.
 
 [field]#{base_field_name}.connectTimeout# [type]#[Integer]#::
 The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.
@@ -53,6 +55,9 @@ The read timeout in milliseconds used when FusionAuth sends events to the Webhoo
 [field]#{base_field_name}.sslCertificate# [type]#[String]#::
 An SSL certificate in PEM format that is used to establish the SSL (TLS specifically) connection to the Webhook.
 
+[field]#webhook.tenantIds# [type]#[Array<UUID>]# [optional]#Optional# [since]#Available since 1.37.0#::
+The Ids of the Tenants that this Webhook is associated with. If no Ids are returned and the [field]#global# field is `false`, this Webhook is not used.
+
 [field]#{base_field_name}.url# [type]#[String]#::
 The fully qualified URL of the Webhook's endpoint that will accept the event requests from FusionAuth.
 

site/docs/v1/tech/core-concepts/applications.adoc

@@ -505,17 +505,17 @@ For example, if a password needs to be stored in an external configuration and t
 
 === Webhooks
 
+[WARNING.warning]
+====
+This feature is removed as of version 1.37.0.
+====
+
 The Webhooks tab allows you to select one or more webhooks to be used for this Application. In this example screenshot either no webhooks have been configured, or no application specific webhooks are configured.
 
 image::core-concepts/application-webhooks-none.png[No Application Webhooks,width=1200,role=bottom-cropped]
 
 In most cases you will not need to configure this panel. Only a few specific events are considered application specific, and when a webhook is configured to be application specific, only those events will be sent to the webhook.
 
-[WARNING.warning]
-====
-In a future release this configuration tab will be removed.
-====
-
 This example screenshot shows one Application specific webhook selected. This option will be visible if at least one webhook is configured as application specific.
 
 image::core-concepts/application-webhooks-selected.png[Application Webhooks Selected,width=1200,role=bottom-cropped]

site/docs/v1/tech/events-webhooks/_application-webhooks-warning.adoc

@@ -1,13 +1,11 @@
-A few events can be generated for one or more specified applications, or for all applications within a tenant.
-
 [WARNING]
 ====
-The ability to limit the generation of an event for only certain applications is legacy functionality and will be modified in the future. If you want to get events for certain applications, send events for a tenant. Filter on the `applicationId` when consuming the event and discard events from any applications not of interest.
+This documentation is for versions earlier than 1.37.0. Application scoped events are not supported on versions later than 1.37.0. If you are on a version earlier than 1.37.0 and you want to get events for certain applications, the preferred method is to send events for a tenant. Filter on the `applicationId` when consuming the event and discard events from any applications not of interest.
 
 **Please don't use application scoped webhook functionality.**
 ====
 
-These events can be application scoped:
+Prior to version 1.37.0 these events could be application scoped:
 
 * `jwt.public-key.update`
 * `jwt.refresh-token.revoke`

site/docs/v1/tech/events-webhooks/_tenant-or-application-scoped-event.adoc

@@ -1,3 +1,5 @@
-This is a tenant or application scoped event. It can be sent to all applications in a tenant or to one or more specified applications. It will also be sent to all tenants that are listening for this event. A [field]#tenantId# will be present in the payload to allow for filtering.
+Prior to version 1.37.0 this was a tenant or application scoped event. It can be sent to all applications or to one or more specified applications.
 
-The ability to limit the generation of an event for only certain applications is legacy functionality and may be modified in the future. You almost certainly want to enable this event at the tenant level and optionally filter on the [field]#applicationId# when consuming the event.
+The ability to limit the generation of an event for only certain applications is legacy functionality and is removed as of version 1.37.0. In earlier versions, you almost certainly want to enable this event at the tenant level and optionally filter on the [field]#tenantId# when consuming the event.
+
+In version 1.37.0 and later this is a tenant scoped event. It can be sent to all tenants or to one or more specified tenants. Those tenants will only be sent events related to their tenant. You can optionally also filter on the [field]#applicationId# when consuming the event.

site/docs/v1/tech/events-webhooks/_tenant-scoped-event.adoc

@@ -1 +1,3 @@
-This is a tenant scoped event. This event will be sent to all tenants that are listening, but will contain a [field]#tenantId# to allow for filtering.
+Prior to version 1.37.0 this was a tenant scoped event. This event will be sent to all tenants that are listening, but will contain a [field]#tenantId# to allow for filtering.
+
+In version 1.37.0 and later this is also a tenant scoped event. It can be sent to all tenants or to one or more specified tenants. However, those tenants will not be sent events for other tenants, but only events related to themselves.

site/docs/v1/tech/events-webhooks/writing-a-webhook.adoc

@@ -17,6 +17,7 @@ Additional headers may be added to the request by adding headers to the Webhook
 * <<Responses>>
 * <<Configuration>>
 ** <<Application Scoped Events>>
+** <<Tenant Scoped Events>>
 ** <<Example Configuration>>
 * <<Retries>>
 ** <<Retry Examples>>
@@ -41,6 +42,16 @@ If you have multiple tenants listening for the same event, they will all receive
 
 include::docs/v1/tech/events-webhooks/_application-webhooks-warning.adoc[]
 
+=== Tenant Scoped Events
+
+As of version 1.37.0, all events can be tenant scoped except instance events:
+
+* `audit-log.create`
+* `create-log.create`
+* `kickstart.success`
+
+If you want to get events for certain applications, the preferred method is to send events for a tenant. Filter on the `applicationId` when consuming the event and discard events from any applications not of interest.
+
 === Example Configuration
 
 Here's an example scenario. You have two tenants, Pied Piper and Hooli. You have configured two webhooks listening for `user.create` events. One updates a separate user database, the other records information in an analytics system. Both the Pied Piper and Hooli tenants have the `user.create` event enabled in their webhook configurations.