> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ofauth.com/llms.txt
> Use this file to discover all available pages before exploring further.

# System Webhook Events

> Receive webhook notifications for connection lifecycle changes and Dynamic Rules updates

System Webhook Events deliver webhook notifications to your server when connections change or Dynamic Rules updates are available. Use them to react immediately without polling.

## Quick Reference

| Type              | Delivery | Purpose                                                  |
| ----------------- | -------- | -------------------------------------------------------- |
| Connection events | Webhook  | Track connection creation, updates, expiry, and deletion |
| System events     | Webhook  | Get notified when Dynamic Rules change                   |

## Configuration

Configure System Webhook Events in the [OFAuth Dashboard](https://app.ofauth.com/platform/developers/webhooks):

* Set your webhook endpoint URL
* Choose which events to subscribe to
* Review delivery history and failures

<CardGroup cols={2}>
  <Card title="Connections Guide" icon="plug" href="/guides/connections">
    Learn how to store and manage connection IDs
  </Card>

  <Card title="Error Handling" icon="triangle-exclamation" href="/reference/error-handling">
    Handle delivery failures and retries
  </Card>
</CardGroup>

## Event References

<CardGroup cols={2}>
  <Card title="Connection Events" icon="plug" href="/api-reference/system-webhook-events/connection-events">
    `connection.created`, `connection.updated`, `connection.expired`, and `connection.disconnected`
  </Card>

  <Card title="System Events" icon="wand-magic-sparkles" href="/api-reference/system-webhook-events/system-events">
    `rules.updated` and Dynamic Rules change notifications
  </Card>
</CardGroup>

## Delivery & Retries

* Retry policy: exponential backoff with up to 5 attempts
* Timeout: 10 seconds per request
* Ordering: in-order delivery per connection ID

Your endpoint should return a `2xx` response within 10 seconds.

## Signature Verification

Every System Webhook Events delivery includes an `OFAuth-Signature` header:

```http theme={null}
OFAuth-Signature: t=1234567890,v1=abc123...
```

Verify requests by:

1. Extracting the timestamp (`t`) and signature (`v1`)
2. Rejecting requests older than 5 minutes
3. Computing an HMAC-SHA256 of `{timestamp}.{raw_body}` using your signing secret
4. Comparing the expected signature with a constant-time comparison

## Implementation Checklist

1. Parse the `application/json` body
2. Verify the signature before processing
3. Route the event by `type`
4. Return `2xx` within 10 seconds
5. Make handlers idempotent by storing processed event IDs

## Troubleshooting

<AccordionGroup>
  <Accordion title="Delivery failed">
    Ensure your endpoint is publicly reachable and returns a `2xx` response within 10 seconds.
  </Accordion>

  <Accordion title="Events are not arriving">
    Verify the endpoint URL and selected subscriptions in the Dashboard.
  </Accordion>

  <Accordion title="Signature verification is failing">
    Use the raw request body, not the parsed JSON body, and confirm the signing secret matches your Dashboard configuration.
  </Accordion>
</AccordionGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Connection Events" icon="plug" href="/api-reference/system-webhook-events/connection-events">
    Connection lifecycle payloads and examples
  </Card>

  <Card title="System Events" icon="wand-magic-sparkles" href="/api-reference/system-webhook-events/system-events">
    `rules.updated` deliveries and Dynamic Rules guidance
  </Card>
</CardGroup>
