Qlik Cloud system events

Qlik Cloud system events allow you to subscribe to events and react to changes in real time within your tenant.

Migration to a new event format

Qlik Cloud webhooks will transition legacy event payloads to a new format based on the CloudEvents 1.0.2 specification.

Starting on or after November 3, 2025, any event not already CloudEvents-compliant will be sent in a hybrid format that includes both legacy and CloudEvents attributes. Legacy fields will be deprecated and removed after a notice period of at least six months, which will be announced in the changelog.

If you use webhooks, plan to update your integrations to rely on the CloudEvents attributes (id, source, type, time, and others).

For more information, see the Qlik Cloud Webhooks: Migration to new event formats is coming article on Qlik Community.

Use cases

By using webhooks, the Audits API, and Qlik Automate, you can respond instantly to events such as user actions, app changes, or data reloads.

Some use cases include:

  • Slack notifications: notify your team whenever a new app is created in Qlik Cloud automatically.
  • Welcome emails: send automated welcome emails when new users are added to your tenant.
  • Automated updates: update records in an external system automatically when users are removed.

Event delivery methods

System events can be consumed through two primary methods: webhooks and the Audits API.

Format differences

The event envelope differs depending on the delivery method (webhooks or Audits API). However, the payload contained in the data object remains consistent across both methods. This ensures that the business logic you build around event data is portable, regardless of how you receive the events.

Authentication and security

Secure webhook endpoints

To secure webhook endpoints:

  • Use HTTPS: always host your webhook endpoint over HTTPS to encrypt data during transmission.
  • Authenticate requests: implement authentication mechanisms to verify that requests are coming from Qlik Cloud.

Verify webhook payload signature

Qlik Cloud signs webhook payloads using a secret key that you provide during webhook registration. You should verify the signature to ensure that requests are coming from Qlik Cloud. To verify webhook signatures:

  1. Retrieve the signature from the Qlik-Signature header attached to the request.
  2. Use your secret key and the request body to compute the HMAC SHA256 hash.
  3. Compare the computed HMAC SHA256 hash with the signature from the Qlik-Signature header.

If the signatures match, proceed to process the event. If not, reject the request.

Qlik Cloud signs webhook payloads using a secret key that you provide during webhook registration. You should verify the signature to ensure that requests are coming from Qlik Cloud.

For a detailed guide on how to verify webhook signatures in JavaScript, including code examples and best practices, see Verify webhook signatures using HMAC.

Reference documentation

MCPs

Events emitted for Model Context Protocol Server (MCPS) tool executions in Qlik Cloud.
ai

IP policies

Events emitted when IP policies are created, updated, or deleted in your tenant.
core

Tasks

scheduling

Alerting tasks

Events emitted for data alerting task execution, including alert triggers and notifications.

API key configs

Events emitted when API key configuration settings are updated in a Qlik Cloud tenant.

API keys

Events emitted when API keys are created, updated, deleted, or validated in a Qlik Cloud tenant.

App usages

Track application usage events including opens, closes, and user interactions.

Apps

Events emitted when apps are created, deleted, updated, exported, published, or reloaded in a Qlik Cloud tenant.

Automations

Events emitted when automations are created, updated, executed, or deleted in Qlik Automate.

Data integration projects

Monitor data integration pipeline task execution and track project events.

Environments

Events emitted for environment creation, deletion, and configuration changes.

Group settings

Events emitted when group settings are updated in a Qlik Cloud tenant.

Groups

Events emitted when groups are created, updated, deleted, or have their user membership modified in a Qlik Cloud tenant.

Hub dashboards

Track hub dashboard updates to audit changes to activity center home page layouts.

Large app quotas

Track Large App quota consumption and allocation events across your Qlik Cloud tenant.

Licenses

Track license usage and entitlement events for your Qlik Cloud tenant.

Notification digests

Events related to notification digest compilation and delivery.

OAuth clients

Events emitted when OAuth clients are created, updated, deleted, published, or when their secrets and connection configurations are modified.

OAuth tokens

Events emitted when OAuth tokens are issued or revoked in a Qlik Cloud tenant.

Rate limits

Events emitted when API rate limits are exceeded for a tenant or user in a Qlik Cloud environment.

Reloads

Subscribe to reload-related events to monitor and react to app reload activity in real time.

Reporting tasks

Events emitted for scheduled report generation and delivery tasks.

Roles

Events emitted when roles are created, updated, or deleted in your tenant.

Spaces

Events emitted when spaces are created, updated, deleted, or when space members are modified.

Tenants

Events emitted when tenants are created, updated, deleted, deactivated, or reactivated in Qlik Cloud.

User identities

Events emitted when user identities experience conflicts or are reassigned in a Qlik Cloud tenant.

User sessions

Events emitted when user sessions begin or end in a Qlik Cloud tenant.

Users

Events emitted when users are created in or deleted from a Qlik Cloud tenant.

Web integrations

Events related to web integration configuration and CORS settings changes.

Next steps

Was this page helpful?