Zitadel Preview Docs

Submit client-side event

Submits telemetry or fingerprint data from the frontend. Does not advance the state machine. Used for risk evaluation.

POST
/flow/{id}/event

Submits telemetry or fingerprint data from the frontend. Does not advance the state machine. Used for risk evaluation.

Path Parameters

id*string

Flow ID returned by POST /flow or the latest POST /flow/{id}/submit. Used to look up the correct flow state from the encrypted cookie, which can hold multiple concurrent flows. May change between responses when a flow pivot or pop occurs — always use the id from the latest response.

_zflow*string

Encrypted flow state cookie set by POST /flow or the previous POST /flow/{id}/submit. The cookie holds a map of flow states keyed by flow ID, allowing multiple concurrent flows in the same browser (e.g. login in one tab, registration in another). The server uses the {id} path parameter to look up the correct flow state from the cookie.

Browsers send this automatically; non-browser clients must capture the Set-Cookie header and resend it.

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

curl -X POST "https://example.com/flow/flow_01H8Z/event" \  --cookie "_zflow=string" \  -H "Content-Type: application/json" \  -d '{    "type": "fingerprint"  }'
Empty
{  "code": "string",  "message": "string",  "details": {}}
{  "code": "string",  "message": "string",  "details": {}}
{  "code": "string",  "message": "string",  "details": {}}