diff --git a/admin/webservice/service.php b/admin/webservice/service.php
index 13f3c8d294ea4..0abf9d0be023d 100644
--- a/admin/webservice/service.php
+++ b/admin/webservice/service.php
@@ -83,7 +83,7 @@
         $params = array(
             'objectid' => $servicedata->id
         );
-        $event = \core\event\webservice_service_updated::create($params);
+        $event = \core\event\webservice_service_created::create($params);
         $event->add_record_snapshot('external_services', $servicedata);
         $event->trigger();
 
@@ -98,7 +98,7 @@
         $params = array(
             'objectid' => $servicedata->id
         );
-        $event = \core\event\webservice_service_created::create($params);
+        $event = \core\event\webservice_service_updated::create($params);
         $event->add_record_snapshot('external_services', $servicedata);
         $event->trigger();
     }
diff --git a/lib/classes/event/webservice_login_failed.php b/lib/classes/event/webservice_login_failed.php
index 02c49a3443162..395e91bca3d16 100644
--- a/lib/classes/event/webservice_login_failed.php
+++ b/lib/classes/event/webservice_login_failed.php
@@ -92,6 +92,15 @@ public function set_legacy_logdata($logdata) {
     /**
      * Custom validation.
      *
+     * It is recommended to set the properties:
+     * - $other['tokenid']
+     * - $other['username']
+     *
+     * However they are not mandatory as they are not always known.
+     *
+     * Please note that the token CANNOT be specified, it is considered
+     * as a password and should never be displayed.
+     *
      * @throws \coding_exception
      * @return void
      */
@@ -100,8 +109,8 @@ protected function validate_data() {
            throw new \coding_exception('The key \'reason\' needs to be set in $other.');
         } else if (!isset($this->other['method'])) {
            throw new \coding_exception('The key \'method\' needs to be set in $other.');
-        } else if (!isset($this->other['token']) && !isset($this->other['tokenid']) && !isset($this->other['username'])) {
-           throw new \coding_exception('The keys \'username\', \'token\' or \'tokenid\' need to be set in $other.');
+        } else if (isset($this->other['token'])) {
+           throw new \coding_exception('The token cannot be set in $other.');
         }
     }
 }
diff --git a/webservice/lib.php b/webservice/lib.php
index 56d437ab2aacc..9a867d2fcdb84 100644
--- a/webservice/lib.php
+++ b/webservice/lib.php
@@ -866,8 +866,7 @@ protected function authenticate_user() {
             'context' => context_system::instance(),
             'other' => array(
                 'method' => $this->authmethod,
-                'reason' => null,
-                'token' => $this->token
+                'reason' => null
             )
         );
 
@@ -1015,8 +1014,7 @@ protected function authenticate_by_token($tokentype){
             'context' => context_system::instance(),
             'other' => array(
                 'method' => $this->authmethod,
-                'reason' => null,
-                'token' => $this->token
+                'reason' => null
             )
         );
 
diff --git a/webservice/tests/events.php b/webservice/tests/events_test.php
similarity index 95%
rename from webservice/tests/events.php
rename to webservice/tests/events_test.php
index b1961007abdfb..7152077703d8a 100644
--- a/webservice/tests/events.php
+++ b/webservice/tests/events_test.php
@@ -33,7 +33,7 @@
  * @copyright  2013 Frédéric Massart
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-class webservice_events_testcase extends advanced_testcase {
+class core_webservice_events_testcase extends advanced_testcase {
 
     public function setUp() {
         $this->resetAfterTest();
@@ -77,7 +77,7 @@ public function test_login_failed() {
             'other' => array(
                 'reason' => 'Unit Test',
                 'method' => 'Some method',
-                'token' => 'A fake token'
+                'tokenid' => '123'
             )
         );
         $event = \core\event\webservice_login_failed::create($params);
@@ -91,8 +91,16 @@ public function test_login_failed() {
         $this->assertEquals(context_system::instance(), $event->get_context());
         $this->assertEquals($params['other']['reason'], $event->other['reason']);
         $this->assertEquals($params['other']['method'], $event->other['method']);
-        $this->assertEquals($params['other']['token'], $event->other['token']);
+        $this->assertEquals($params['other']['tokenid'], $event->other['tokenid']);
         $this->assertEventLegacyLogData($fakelogdata, $event);
+
+        // We cannot set the token in the other properties.
+        $params['other']['token'] = 'I should not be set';
+        try {
+            $event = \core\event\webservice_login_failed::create($params);
+            $this->fail('The token cannot be allowed in \core\event\webservice_login_failed');
+        } catch (coding_exception $e) {
+        }
     }
 
     public function test_service_created() {