Based on the information provided in the extracts, there could be a few reasons why you're not seeing any requests go to your API endpoint. 1. Webhook Authentication: The webhook supports API key authentication. You can configure whether the API key is sent as a cookie or in a header, and the cookie/header name. If you haven't set this up, it could be causing issues. Here's how you can add an API key to the token hook:

bash ory patch oauth2-config {project.id} \    --add '/oauth2/token_hook/url="<https://my-example.app/token-hook>"' \    --add '/oauth2/token_hook/auth/type="api_key"' \    --add '/oauth2/token_hook/auth/config/in="header"' `# or cookie` \    --add '/oauth2/token_hook/auth/config/name="X-API-Key"' \    --add '/oauth2/token_hook/auth/config/value="MY API KEY"' \    --format yaml

(Source: [Webhook Authentication](https://www.ory.sh/docs/hydra/guides/claims-at-refresh#webhook-authentication)) 2. Webhook Payload: The token hook endpoint must accept a specific payload format. If your endpoint is not set up to accept this format, it could be causing issues. You can find the required payload format in the [Webhook Payload](https://www.ory.sh/docs/hydra/guides/claims-at-refresh) section of the documentation. 3. Legacy Webhook Implementation: If you're using the

refresh_token

grant type, there's a legacy webhook feature that you might be using. This feature works the same way as the new one, but has a different payload that is sent to the webhook URL. If you're using this feature, make sure you're using the correct payload format. (Source: [Legacy Webhook Implementation](https://www.ory.sh/docs/hydra/guides/claims-at-refresh#legacy-webhook-implementation)) If you've checked all of these and are still having issues, it might be worth reaching out to the Ory community or support for further assistance.

If you've followed all the steps correctly and still aren't receiving any requests to your webhook API endpoint, it could be due to network issues or server errors. Ory implements a retry policy that attempts to deliver the payload up to three times, with a 30-second timeout between each attempt. If delivery fails on the first attempt, Ory will automatically retry the delivery two more times, with a 30-second delay between each retry. (Source: [Webhook Retries](https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#webhook-retries)) If you're still not receiving any requests, it might be worth checking the following: 1. Webhook is not triggered: If an Ory Action webhook fails to trigger, verify whether the sign in after registration

session

hook is activated. The

session

hook modifies the HTTP response, and no other hooks are executed after it. If you want to execute other hooks besides the

session

hook, you need to make sure that it is executed last. To debug this issue, export the Ory Identities configuration and check the order of the actions. The

session

hook should be the last one to run. (Source: [Troubleshoot Ory Actions Webhook issues](https://www.ory.sh/docs/troubleshooting/troubleshoot-actions)) 2. API Access Control: The APIs of Ory open-source Servers don't come with integrated access control. This means that all requests sent to their APIs are considered authenticated, authorized, and will be executed. If you haven't set up access control, it could be causing issues. (Source: [API Access Control](https://www.ory.sh/docs/self-hosted/operations/api-access-control)) If you've checked all of these and are still having issues, it might be worth reaching out to the Ory community on [Ory Community Slack](http://slack.ory.sh/) for further assistance.

You can check whether the sign in after registration

session

hook is activated by following these steps: 1. Go to the Ory Console and navigate to the Base Settings page. The URL for this page is:

<https://console.ory.sh/projects/current/auth>

. 2. Look for the Sign In After Registration toggle. If this is switched on, it means the

session

hook is activated. If you want to check this via the Ory CLI, you can export the Ory Identities configuration and check the order of the actions. The

session

hook should be the last one to run. Here's how you can do this:

bash ory get identity-config {project_id} \    --format=jsonpath='selfservice.flows.login.after'

This command will list all configured hooks for the

after

login method. Look for the

session

hook in the output. If it's present, it means the

session

hook is activated. For more information, you can refer to the [Ory Documentation](https://www.ory.sh/docs/identities/sign-in/actions#log-in-users-after-registration) and the [Troubleshoot Ory Actions Webhook issues](https://www.ory.sh/docs/troubleshooting/troubleshoot-actions) guide.