Integrations

Clerk Webhooks Guide

Clerk webhooks notify your application about user, session, organization, email, and SMS lifecycle events. These events often trigger provisioning, entitlements, audit records, workspace setup, and customer communication, so duplicate delivery and failed recovery need to be handled deliberately.

FastHook receives Clerk webhook traffic through a dedicated source, verifies Svix-compatible signatures, stores the original request, routes events to downstream destinations, and provides retry and replay tools when an identity workflow fails.

Clerk signature headers

Clerk webhook signatures are Svix-compatible. The receiver verifies the message id, timestamp, signature, and raw body with the configured whsec signing secret.

• svix-id: message id used in the signed payload.
• svix-timestamp: Unix timestamp used in the signed payload.
• svix-signature: one or more Svix signatures.

Create a Clerk source

curl -X POST "https://api.fasthook.io/v1/sources" \
  -H "Authorization: Bearer $FASTHOOK_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Clerk production",
    "type": "CLERK",
    "config": {
      "auth_type": "PROVIDER_SIGNATURE",
      "auth": {
        "provider": "CLERK",
        "webhook_signing_secret": "whsec_..."
      },
      "allowed_http_methods": ["POST", "PUT", "PATCH", "DELETE"]
    }
  }'

Route Clerk events by ownership

Production checklist

• Use a separate Clerk source per environment.
• Keep raw request bodies available for signature verification.
• Route user and organization events to separate destination branches.
• Use provider message ids as idempotency evidence.
• Retry one failed event before replaying a user lifecycle window.

Related guides

• Clerk source type reference
• Webhook signature verification
• Duplicate webhook events
• Webhook failure recovery