2 replies

Better-Auth x Inbound plugin

Plugins related

Next.js🤔Question

I'm building an Inbound Email plugin for Better Auth that automatically sends transactional emails for security/auth events. Before I publish it, I wanted to confirm I'm not missing any important events.

Currently supporting these events via
after
after
hooks:

| Event | Endpoint(s) | Description |
|-------|------------|-------------|
| Password Changed |

POST /change-password

POST /change-password

| User changes their password |
| Email Changed |

POST /change-email

POST /change-email

| User updates their email address |
| New Device Sign-in |

POST /sign-in/email

POST /sign-in/email

/sign-in/social

/sign-in/social

/sign-in/magic-link

/sign-in/magic-link

/sign-in/passkey

/sign-in/passkey

| Login from unrecognized device/IP |
| Account Created |

POST /sign-up/email

POST /sign-up/email

/sign-up/social

/sign-up/social

| New user registration |
| 2FA Enabled/Disabled |

POST /two-factor/enable

POST /two-factor/enable

/two-factor/disable

/two-factor/disable

| TOTP/2FA status changes |

Questions:

1. Are there other security-critical events I should be listening for? For example:
- Account deletion?
- Session revocation (

/revoke-session

/revoke-session

)?
- Failed login attempts?
- OAuth/social account linking/unlinking?
- Password reset requests (currently disabled by default since Better Auth handles sending those)?
- Account lockout?

2. Is there a canonical list of all Better Auth API endpoints that trigger user-facing actions? I want to make sure I'm covering the important ones.
3. For the
after
after
hooks, is this the correct pattern to check for success?

   if (returned?.status !== 200) return;

   if (returned?.status !== 200) return;

4. Is there a recommended way to detect session/account context in the hook handler? Currently parsing from

ctx.context.session

ctx.context.session

ctx.context.newSession

ctx.context.newSession

.

Thanks!

inbound

inbound - email infrastructure, redefined

the modern email infrastructure platform for developers. receive, parse, and manage inbound emails with powerful apis, webhooks, and real-time processing.

Better Auth•2mo ago•

2 replies

ryan v

Better-Auth x Inbound plugin

Plugins related

Next.js🤔Question

POST /change-password

POST /change-password

| User changes their password |
| Email Changed |

POST /change-email

POST /change-email

| User updates their email address |
| New Device Sign-in |

POST /sign-in/email

POST /sign-in/email

/sign-in/social

/sign-in/social

/sign-in/magic-link

/sign-in/magic-link

/sign-in/passkey

/sign-in/passkey

| Login from unrecognized device/IP |
| Account Created |

POST /sign-up/email

POST /sign-up/email

/sign-up/social

/sign-up/social

| New user registration |
| 2FA Enabled/Disabled |

POST /two-factor/enable

POST /two-factor/enable

/two-factor/disable

/two-factor/disable

| TOTP/2FA status changes |

Questions:

1. Are there other security-critical events I should be listening for? For example:
- Account deletion?
- Session revocation (

/revoke-session

/revoke-session

   if (returned?.status !== 200) return;

   if (returned?.status !== 200) return;

4. Is there a recommended way to detect session/account context in the hook handler? Currently parsing from

ctx.context.session

ctx.context.session

ctx.context.newSession

ctx.context.newSession

.

Thanks!

inbound

inbound - email infrastructure, redefined

the modern email infrastructure platform for developers. receive, parse, and manage inbound emails with powerful apis, webhooks, and real-time processing.

Better-Auth x Inbound plugin

Better-Auth x Inbound plugin

Similar Threads

Similar Threads

Similar Threads