# Account Endpoint: POST account Version: v1 Security: X-Signature ## Header parameters: - `X-Signature` (string, required) Example: "X-Signature: t=1492774577,v1=5257a869..." ## Request fields (application/json): - `version` (string) The version of the event. Example: "1" - `id` (string) The unique identifier for the event. This can be used as an idempotency key. Example: "c478966c-f927-411c-b919-179832d3d50c" - `timestamp` (integer) When the event occurred, formatted as a UNIX timestamp (in seconds). Example: 1698604061 - `category` (string) The category of the event. Enum: "ENTITY" - `description` (string) The description of the event. Note: this is subject to change and should not be used to match on this object. Example: "employee@example.com on Google Workspace updated" - `type` (string) The type of event that occurred. Enum: "CREATE", "UPDATE", "DELETE" - `object` (string) The object that was created, updated or deleted. Enum: "ACCOUNT" - `friendlyName` (string) The friendly name of this object. Note: this is subject to change and should not be used to match on this object. Example: "Account" - `new` (object) This object represents an account in your organization. - `new.id` (string) Unique identifier for the account Example: "d6a32ba5-0532-4a66-8137-48cdf409c972" - `new.employeeId` (string) Identifier of primary employee that this account belongs to Example: "72d0347a-2663-4ef5-b1c5-df39163f1603" - `new.appType` (string) The app associated with this account Example: "ATLASSIAN" - `new.appId` (string) The ID of the app associated with this account Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0" - `new.email` (string) The email address used to log into the account Example: "john.hill@example.com" - `new.mfaRegistered` (boolean,null) Whether MFA is registered or not. If unknown, null is provided. Example: true - `new.mfaMethods` (array,null) The MFA methods registered for this account Enum: "APP_TOTP", "PUSH_NOTIFICATION", "EMAIL_OTP", "U2F", "HARDWARE_TOTP", "PHONE_CALL", "SMS_OTP", "APP_PASSWORD", "GRID_CARD", "EXTERNAL_PROVIDER", "BACKUP_CODES", "WEBAUTHN" - `new.passwordId` (string,null) Identifier of the password used on this account. The actual password is not sent up by the browser extension and so this is an identifier for it instead. This value is null if password authentication is not used. Example: "4c13674f-e88a-4411-bfa2-53a70468a898" - `new.loginMethods` (object) - `new.loginMethods.passwordLogin` (boolean) Whether or not this account has been logged into with a password Example: true - `new.loginMethods.oidcLogin` (string,null) The identity provider that was used to do an OIDC login on this account. This is null if no OIDC login has been performed. Example: "GOOGLE_WORKSPACE" - `new.loginMethods.samlLogin` (string,null) The identity provider that was used to do a SAML login on this account. This is null if no SAML login has been performed. Example: "OKTA" - `new.loginMethods.oktaSwaLogin` (boolean) Whether or not this account has been logged into with Okta SWA Example: true - `new.loginMethods.vendorSsoLogin` (string,null) Whether or not this account has an associated vendor SSO provider. Example: "GOOGLE_WORKSPACE" - `new.loginMethods.fedCmLogin` (string,null) The identity provider that was used to do a FedCM login on this account. This is null if no FedCM login has been performed. Example: "GOOGLE_WORKSPACE" - `new.creationTimestamp` (integer) When this account was created, formatted as a UNIX timestamp (in seconds) Example: 1698064423 - `new.lastUsedTimestamp` (integer,null) When the account was last used by an employee, formatted as a UNIX timestamp (in seconds) Example: 1698669168 - `old` (object) This object represents an account in your organization. - `old.id` (string) Unique identifier for the account Example: "d6a32ba5-0532-4a66-8137-48cdf409c972" - `old.employeeId` (string) Identifier of primary employee that this account belongs to Example: "72d0347a-2663-4ef5-b1c5-df39163f1603" - `old.appType` (string) The app associated with this account Example: "ATLASSIAN" - `old.appId` (string) The ID of the app associated with this account Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0" - `old.email` (string) The email address used to log into the account Example: "john.hill@example.com" - `old.mfaRegistered` (boolean,null) Whether MFA is registered or not. If unknown, null is provided. Example: true - `old.mfaMethods` (array,null) The MFA methods registered for this account Enum: "APP_TOTP", "PUSH_NOTIFICATION", "EMAIL_OTP", "U2F", "HARDWARE_TOTP", "PHONE_CALL", "SMS_OTP", "APP_PASSWORD", "GRID_CARD", "EXTERNAL_PROVIDER", "BACKUP_CODES", "WEBAUTHN" - `old.passwordId` (string,null) Identifier of the password used on this account. The actual password is not sent up by the browser extension and so this is an identifier for it instead. This value is null if password authentication is not used. Example: "4c13674f-e88a-4411-bfa2-53a70468a898" - `old.loginMethods` (object) - `old.loginMethods.passwordLogin` (boolean) Whether or not this account has been logged into with a password Example: true - `old.loginMethods.oidcLogin` (string,null) The identity provider that was used to do an OIDC login on this account. This is null if no OIDC login has been performed. Example: "GOOGLE_WORKSPACE" - `old.loginMethods.samlLogin` (string,null) The identity provider that was used to do a SAML login on this account. This is null if no SAML login has been performed. Example: "OKTA" - `old.loginMethods.oktaSwaLogin` (boolean) Whether or not this account has been logged into with Okta SWA Example: true - `old.loginMethods.vendorSsoLogin` (string,null) Whether or not this account has an associated vendor SSO provider. Example: "GOOGLE_WORKSPACE" - `old.loginMethods.fedCmLogin` (string,null) The identity provider that was used to do a FedCM login on this account. This is null if no FedCM login has been performed. Example: "GOOGLE_WORKSPACE" - `old.creationTimestamp` (integer) When this account was created, formatted as a UNIX timestamp (in seconds) Example: 1698064423 - `old.lastUsedTimestamp` (integer,null) When the account was last used by an employee, formatted as a UNIX timestamp (in seconds) Example: 1698669168 ## Response 2XX fields