docs: add 'Identifier.Lockout' webhook event

charIeszhao · charIeszhao · commit 0404f4a18602 · 2025-11-13T23:28:36.000+08:00
diff --git a/docs/developers/webhooks/events.mdx b/docs/developers/webhooks/events.mdx
@@ -116,6 +116,14 @@ This guide list the different Logto webhook events and explains when each event
 | User password reset      | User.Data.Updated |
 | User registration        | User.Created      |
 
+## Exception hook events
+
+### Security
+
+| Event type         | Description                                                       |
+| ------------------ | ----------------------------------------------------------------- |
+| Identifier.Lockout | A user account is locked due to multiple failed sign-in attempts. |
+
 ## FAQs \{#faqs}
 
 <details>
diff --git a/docs/developers/webhooks/request.mdx b/docs/developers/webhooks/request.mdx
@@ -45,6 +45,7 @@ type UserEntity = {
 ```tsx
 type ApplicationEntity = {
   id: string;
+  type: ApplicationType;
   name: string;
   description?: string;
 };
@@ -203,3 +204,23 @@ type OrganizationScope = {
 | OrganizationScope.Created      | data  | OrganizationScope |          | The created organization scope entity. |
 | OrganizationScope.Data.Updated | data  | OrganizationScope |          | The updated organization scope entity. |
 | OrganizationScope.Deleted      | data  | null              | /        |                                        |
+
+## Exception hook events request body
+
+Available events: `Identifier.Lockout`
+
+The request body is a JSON object that contains the standard request body fields and additional fields as below:
+
+| Field            | Type                | Optional | Notes                                                              |
+| ---------------- | ------------------- | -------- | ------------------------------------------------------------------ |
+| hookId           | `string`            |          | The identifier in Logto.                                           |
+| event            | `string`            |          | Which event that triggers this hook.                               |
+| createdAt        | `string`            |          | The create time of payload in ISO format.                          |
+| userAgent        | `string`            | ✅       | The user-agent for the request.                                    |
+| ip               | `string`            | ✅       | The IP address for the request.                                    |
+| interactionEvent | `string`            | ✅       | The interaction event that triggers this hook.                     |
+| sessionId        | `string`            | ✅       | The Session ID (not Interaction ID) for this event, if applicable. |
+| applicationId    | `string`            | ✅       | The related Application ID for this event, if applicable.          |
+| application      | `ApplicationEntity` | ✅       | The related application info for this event, if applicable.        |
+| type             | `SignInIdentifier`  |          | The user's identifier type, e.g., email, phone or username.        |
+| value            | `string`            |          | The user's identifier value that triggered the lockout.            |
