# User state change

Triggered every time a user's state is updated.
See the Webhooks guide for setup instructions, signature verification, and best practices.

Events may not be delivered in the order they occurred. Use data.occurred_at to reconcile the order.
See the Event Ordering guide for details.

* Event type: users#state-change
* Profile level subscriptions: Not Supported
* Application level subscriptions: Supported

User state change transitions

The possible previous_state and current_state values are:
- ACTIVE - The user's account is active.
- WITHDRAW_ONLY - The user has 90 calendar days to remove their money from their balance before we fully close their account. This can be done through sending from their balance to themselves and others or spending with their card. The user will still be able to order new cards, convert between balances, open and close balances, and download balance statements. After 90 calendar days, the account will move into a DEACTIVATED state.
- DEACTIVATED - The user's account is deactivated and they will not be able to perform any actions on their account. The end-user tokens will be revoked and you will receive a 401 Unauthorized response for API calls.

{% img src="/images/diagrams/user-deactivation-flow.png" alt="User state change flow diagram" /%}

Endpoint: POST users#state-change

## Header parameters:

  - `X-Signature-SHA256` (string)
    RSA-SHA256 signature of the request body, Base64 encoded. Verify this against the Wise public key to ensure the request is authentic and has not been tampered with.
    Example: "t7FMhk3OARMgwqz0LJXO..."

  - `X-Delivery-Id` (string)
    Unique identifier for this webhook delivery attempt.
    Example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890"

  - `X-Test-Notification` (boolean)
    Present with the value true if this is a test notification sent to verify your callback URL during subscription setup.
    Example: true

## Response 200 fields (application/json):

  - `status` (string)
    Example: "ok"