To configure webhooks that are called when an identity is created in Ory, you need to set up an "after registration" webhook. Here's how to do it: ### Creating a Registration Webhook 1. Navigate to Authentication → Actions & Webhooks in the [Ory Console](https://console.ory.sh/projects/current/developers/actions) 2. Click on + Create new Action 3. Choose the "Registration" flow and "After" execution time 4. Configure the webhook URL, method, and other necessary parameters 5. Click on Next to configure authentication and request body details 6. Click on Save action to create your webhook ### Important Configuration Considerations When configuring your webhook, be aware of the following: 1. Hook Order Matters: If you have enabled "Sign in after registration" (which uses the

session

hook), you need to ensure your webhook runs before the session hook. This is because the session hook overwrites any hooks that run after it. As mentioned in a GitHub issue: > The session hook overwrites any other hooks that run after it which is why you don't see a response. [GitHub Issue #361](https://github.com/ory/network/issues/361) 2. Method-Specific Configuration: You can configure webhooks for specific authentication methods (password, OIDC, webauthn) or for all methods. 3. Request Body Customization: You can customize the webhook payload using [Jsonnet](https://jsonnet.org/):

function(ctx) { user_id: ctx.identity.id }

This example sends

{ user_id: {some-id} }

in the request body. ### Using the Ory CLI for Configuration For more precise control, especially to ensure correct hook ordering, use the Ory CLI:

ory patch identity-config {project_id} \   --add '/selfservice/flows/registration/after/password/hooks=[{"config": {...}, "hook": "web_hook"}, {"hook": "session"}]'

Make sure your webhook comes before the session hook in the configuration. ### Example Configuration Here's an example configuration structure:

yaml password:   hooks:   - config:       body: <base64://ENCODED_JSONNET>       can_interrupt: false       method: POST       response:         ignore: false         parse: false       url: <https://your-webhook-url.com>     hook: web_hook   - hook: session

For more details on webhook configuration options and integrations with services like Mailchimp, HubSpot, or Segment, see the [Ory Actions webhook guide](https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks).

I understand you're self-hosting Ory Kratos. In this case, configuring webhooks for identity creation works slightly differently than in the Ory Network. For self-hosted Ory Kratos, you'll need to configure webhooks directly in your Kratos configuration file. Here's how to set up webhooks that trigger when an identity is created: ## Configuring Registration Webhooks in Self-Hosted Kratos You'll need to modify your

kratos.yml

configuration file to add webhook hooks to the registration flow:

yaml selfservice:   flows:     registration:       after:         hooks:           - hook: web_hook             config:               url: <https://your-webhook-endpoint.com>               method: POST               body: <base64://ENCODED_JSONNET>               response:                 parse: false  # Set to true if you want to parse the response               auth:                 type: api_key  # Optional authentication                 config:                   name: Authorization                   value: your-api-key                   in: header

If you want to add the webhook only for specific authentication methods (like password-based registration), you can use:

yaml selfservice:   flows:     registration:       after:         password:           hooks:             - hook: web_hook               config:                 # webhook configuration here

## Available Actions For self-hosted Kratos, you have several actions available: - `web_hook`: Triggers external custom logic - `session`: Signs in the user immediately after account creation - `revoke_active_sessions`: Revokes other active sessions - `require_verified_address`: Requires verified email for sign-in [Available actions](https://www.ory.sh/docs/kratos/hooks/configure-hooks#available-actions) ## Next Steps After configuring webhooks, you might want to: - [Add Two Factor Authentication (2FA) to your App](https://www.ory.sh/docs/kratos/mfa/overview) - [Configure The Password Policy](https://www.ory.sh/docs/concepts/password-policy) - [Fork the Ory Kratos Node.js UI Reference](https://github.com/ory/kratos-selfservice-ui-node) or build a custom UI [Next Steps](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#next-steps) If you need to export or import configurations between self-hosted Kratos and Ory Network, you can use the Ory CLI:

bash # Export config from Ory Network to use with self-hosted Kratos ory get identity-config --project <project-id> --workspace <workspace-id> --format yaml > identity-config.yaml

[Ory Identities CLI](https://www.ory.sh/docs/guides/cli/identity-cli)

I can see you're encountering an error while running the Kubernetes Helm chart init container for Ory Kratos. This appears to be an issue with SQL migrations. The error suggests that there's a problem creating a unique index called "identity_credential_identifiers_identifier_idx" on the "identity_credential_identifiers" table. This typically happens when you're trying to run migrations on a database that already has some schema elements in place. Here are some steps to resolve this issue: 1. Enable auto-migration in your Helm chart values: Similar to how it's done for Hydra, you can enable auto-migration for Kratos:

yaml    kratos:      automigration:        enabled: true

[Upgrade Using Helm Charts in Kubernetes](https://www.ory.sh/docs/self-hosted/oel/oauth2/upgrade#upgrade-using-helm-charts-in-kubernetes) 2. Run migrations manually before deploying:

bash    kratos migrate sql -e --yes

This command applies SQL migrations to your database. The

-e

flag reads the database connection string from the environment variable DSN, and

--yes

automatically accepts all confirmation prompts. [kratos migrate sql](https://www.ory.sh/docs/kratos/cli/kratos-migrate-sql#kratos-migrate-sql) 3. Check your database configuration: Make sure your DSN (Data Source Name) is correctly configured in your Helm values or as an environment variable. For PostgreSQL, it should look like:

<postgres://user:password@host:port/database?sslmode=disable&max_conns=20&max_idle_conns=4>

[PostgreSQL Configuration](https://www.ory.sh/docs/self-hosted/deployment#postgresql) 4. If using Docker, you can run migrations with:

bash    docker run -e DSN="{your database URL}" oryd/kratos:<version> migrate sql -e

[Running migrations with Docker](https://www.ory.sh/docs/kratos/guides/docker#running-migrations) The error suggests that the index might already exist or there's a conflict with existing database objects. If you're upgrading from a previous version, make sure to back up your database before running migrations. If the issue persists, you might need to check if the index already exists in your database and drop it manually before running the migrations again. Remember to always back up your database before running migrations in a production environment! Would you like more specific guidance on any of these steps?