Qlik Cloud system events

Qlik Cloud system events allow you to subscribe to events and react to changes in real time within your tenant.

Migration to a new event format

Qlik Cloud webhooks will transition legacy event payloads to a new format based on the CloudEvents 1.0.2 specification.

Starting on or after November 3, 2025, any event not already CloudEvents-compliant will be sent in a hybrid format that includes both legacy and CloudEvents attributes. Legacy fields will be deprecated and removed after a notice period of at least six months, which will be announced in the changelog.

If you use webhooks, plan to update your integrations to rely on the CloudEvents attributes (id, source, type, time, and others).

For more information, see the Qlik Cloud Webhooks: Migration to new event formats is coming article on Qlik Community.

Use cases

By using webhooks, the Audits API, and Qlik Automate, you can respond instantly to events such as user actions, app changes, or data reloads.

Some use cases include:

  • Slack notifications: notify your team whenever a new app is created in Qlik Cloud automatically.
  • Welcome emails: send automated welcome emails when new users are added to your tenant.
  • Automated updates: update records in an external system automatically when users are removed.

Event delivery methods

System events can be consumed through two primary methods: webhooks and the Audits API.

Format differences

The event envelope differs depending on the delivery method (webhooks or Audits API). However, the payload contained in the data object remains consistent across both methods. This ensures that the business logic you build around event data is portable, regardless of how you receive the events.

Authentication and security

Secure webhook endpoints

To secure webhook endpoints:

  • Use HTTPS: always host your webhook endpoint over HTTPS to encrypt data during transmission.
  • Authenticate requests: implement authentication mechanisms to verify that requests are coming from Qlik Cloud.

Verify webhook payload signature

Qlik Cloud signs webhook payloads using a secret key that you provide during webhook registration. You should verify the signature to ensure that requests are coming from Qlik Cloud. To verify webhook signatures:

  1. Retrieve the signature from the Qlik-Signature header attached to the request.
  2. Use your secret key and the request body to compute the HMAC SHA256 hash.
  3. Compare the computed HMAC SHA256 hash with the signature from the Qlik-Signature header.

If the signatures match, proceed to process the event. If not, reject the request.

Qlik Cloud signs webhook payloads using a secret key that you provide during webhook registration. You should verify the signature to ensure that requests are coming from Qlik Cloud.

For a detailed guide on how to verify webhook signatures in JavaScript, including code examples and best practices, see Verify webhook signatures using HMAC.

Available events

The following table shows which events are available through the Audits API and webhooks:

EventDescriptionAudits APIWebhooks
AppsEvents emitted when apps are created, deleted, updated, exported, published, or reloaded.
Data integration projectsOperational status updates of data integration projects.
Large app quotasQuota consumption events for large app support.
UsersEvents emitted when users are created or deleted.

Reference documentation

Apps

Events emitted when apps are created, deleted, updated, exported, published, or reloaded in a Qlik Cloud tenant.

Data integration projects

Events emitted when data integration project tasks are started, completed, failed, or stopped in a Qlik Cloud tenant.

Large app quotas

Users

Events emitted when users are created in or deleted from a Qlik Cloud tenant.

Next steps

Was this page helpful?