Skip to main content

How is Zephr integrated into the wider enterprise stack?


How is Zephr integrated into the wider enterprise stack?

Zephr has two patterns for integrating with other, related technologies. One is using the API for inbound requests with Webhooks for outbound requests. The second is using the Zephr plugin API.


Zephr features two families of Web APIs: the Admin APIs and the Public APIs.

The Admin API controls all elements of Zephr – the Admin Console is a client to this API.

The Admin API is:

  • ReSTful
  • Secure (using HMAC request signing)

The Public API exposes basic functionality to a client device (such as a browser).

The Public API is:

  • Stateful in that it is tightly tied to an end user’s session
  • Insecure, in that it is a public API without additional authentication beyond the session


Webhooks can be set up in the Zephr Admin Console such that Zephr will push data to 3rd party software. System events that can be used to trigger a webhook include:

  • User created
  • User deleted
  • User updated
  • User’s extended profile updated
  • User’s extended profile deleted
  • User login
  • Concurrent session breach
  • Users deleted due to inactivity
  • Entitlement granted
  • Entitlement started
  • Entitlement ended
  • Access decision made
  • Feature transform
  • Feature custom – this is triggered from within a rule

More information can be found in the Webhooks section of the User Guide.


Plugins are Javascript modules that exist within the Zephr runtime. Plugins can be used by hooking up to events fired within the core system to execute bespoke code; plugins can also expose their own custom APIs.