Operate Your Project
Notifications
A focused view of the auth events that matter most — new users, security changes, organization activity, and key management.
Notifications give you a quick overview of the most important things happening in your auth system. Instead of scanning through a full audit trail, the Notifications page highlights the events that typically require your attention — new user sign-ups, password changes, MFA enrollment, organization changes, and API key creation.
Every notification links back to the full audit log, so you can always dig deeper when you need to.
Tracked Events
Notifications surface these high-signal event types:
| Event | Triggered When |
|---|---|
user.created | A new user account is created |
user.deleted | A user account is deleted |
password.changed | A user changes their password |
mfa.enabled | A user enables multi-factor authentication |
organization.created | A new organization is created |
organization.deleted | An organization is deleted |
member.invited | A user is invited to an organization |
member.removed | A member is removed from an organization |
api-key.created | A new API key is generated |
webhook.created | A new webhook endpoint is registered |
These events represent state changes that administrators should know about — new accounts, security posture shifts, organizational changes, and infrastructure updates.
Viewing Notifications in the Dashboard
- Open your project in the Banata dashboard.
- Click Notifications in the sidebar.
Each notification row shows three things:
- Action — The event type (e.g.,
user.created,password.changed) - Actor — Who performed the action, shown as their name or email
- Timestamp — When it happened, displayed as relative time (e.g., "2 minutes ago", "yesterday")
Notifications are listed in reverse chronological order, so the most recent events appear first. When there are no new events to show, you will see a simple "all caught up" message.
Building Custom Notification Logic
If you want to surface notifications in your own application or build custom alerting, use the SDK's audit log methods to fetch and filter events programmatically.
import { BanataAuth } from "@banata-auth/sdk";
const banata = new BanataAuth({
apiKey: "your-api-key",
baseUrl: "https://auth.banata.dev",
});
// Fetch recent audit events
const { data: events } = await banata.auditLogs.listEvents({
limit: 50,
});
// Filter to the event types you care about
const importantActions = [
"user.created",
"user.deleted",
"password.changed",
"mfa.enabled",
"organization.created",
"organization.deleted",
"member.invited",
"member.removed",
"api-key.created",
"webhook.created",
];
const notifications = events.filter((event) =>
importantActions.some((action) => event.action.includes(action))
);You can adjust the importantActions list to match your needs. Any valid audit log action can be included — see Audit Logs for the full list of auto-tracked events.
Webhook-Based Notifications
For real-time push notifications — sending alerts to Slack, email, PagerDuty, or any other external service — use Webhooks instead of polling. Webhooks push events to your endpoint the moment they happen, so you do not need to check for new events on a schedule.
const endpoint = await banata.webhooks.createEndpoint({
url: "https://myapp.com/api/notifications",
events: [
"user.created",
"user.deleted",
"password.changed",
"organization.created",
"member.removed",
],
});See the Webhooks guide for details on payload format, signature verification, and retry behavior.
Troubleshooting
No notifications showing, but events are happening. Check the full Audit Logs page to confirm events are being recorded. Common high-frequency events like session.created are intentionally excluded from notifications because they would create too much noise.
Notifications fail to load. Verify that your backend is running and that you are signed in with an admin account. Notifications require admin-level access.
Next Steps
- Audit Logs — Search, filter, and export your full event history
- Webhooks — Push real-time event notifications to external services
- Radar & Bot Protection — Monitor and block suspicious authentication activity