Integration Guide

This guide will walk you through setting up a webhook integration between Clerk and HookFlo, enabling you to receive alerts for user authentication and management events.
Clerk uses Svix to manage their webhook infrastructure, so the webhooks will include Svix-specific headers that HookFlo will validate.

Prerequisites

  • A HookFlo account with an active project
  • A Clerk account with admin access to your application
  • Basic understanding of Clerk’s authentication system

Integration Overview

The integration process follows these key steps:
  1. Set up a webhook in HookFlo
  2. Configure notification channels (email/Slack)
  3. Connect Clerk to HookFlo
  4. Configure Clerk to send webhooks
  5. Test the integration

Setting Up Your HookFlo Webhook

After logging into HookFlo, follow these steps to create and configure your Clerk webhook:
1

Create a Webhook

2

Setup Notification Channel

3

Connect your Webhook with application

Configuring Clerk

Now that your HookFlo webhook is set up, you need to configure Clerk to send events to it:
1

Create a Webhook Endpoint in Clerk

2

Get Signing Secret from Clerk

3

Configure Webhook Verification in HookFlo

Testing Your Integration

To ensure your integration is working properly:
1

Test the Webhook in Clerk

2

Verify in HookFlo

Supported Events

Clerk supports a wide range of webhook events. Here are the most commonly used categories:

User Events

  • user.created: When a new user is created
  • user.updated: When user details are changed
  • user.deleted: When a user is deleted
  • user.locked: When a user account is locked

Session Events

  • session.created: When a user signs in
  • session.removed: When a user signs out
  • session.ended: When a session expires

Authentication Events

  • emailAddress.created: When an email address is added
  • emailAddress.verified: When an email is verified
  • phoneNumber.created: When a phone number is added
  • phoneNumber.verified: When a phone is verified
  • password.created: When a password is set
  • password.reset: When a password is reset

Organization Events

  • organization.created: When a new organization is created
  • organization.updated: When an organization is updated
  • organization.deleted: When an organization is deleted
  • organizationMembership.created: When a user joins an organization
  • organizationMembership.deleted: When a user leaves an organization
For a complete list of events, refer to the Clerk Webhook Events documentation.

Webhook Headers

Clerk webhooks include these important headers that HookFlo uses for verification:
  • svix-id: A unique identifier for the webhook event
  • svix-timestamp: When the webhook was sent
  • svix-signature: A signature that proves the webhook came from Clerk

Webhook Payload Structure

Here’s an example of what the webhook payload looks like for a user.created event: 
{
  "data": {
    "id": "user_2NZrMxLQOI49IM9xmLMBB6yrY7L",
    "first_name": "John",
    "last_name": "Doe",
    "email_addresses": [
      {
        "id": "idn_2NZrMxWEDc8XVtCyD6ULe9YNdGX",
        "email_address": "john@example.com",
        "verification": {
          "status": "verified",
          "strategy": "email_code"
        }
      }
    ],
    "created_at": 1645131680,
    "updated_at": 1645131680
  },
  "object": "event",
  "type": "user.created"
}

Advanced Configuration

Troubleshooting

Example: Monitoring New User Signups

Here’s a complete example of setting up HookFlo to alert your team when new users sign up:
1

Create the Webhook in HookFlo

Follow the steps above to create a Clerk webhook in HookFlo and configure your notification channels.
2

Configure Clerk to Send User Events

  1. In your Clerk dashboard, go to Webhooks
  2. Create a new webhook using your HookFlo webhook URL
  3. Select the user.created event type
  4. Copy your webhook signing secret
  5. Add the signing secret to your HookFlo Clerk configuration
3

Test With a New User

  1. Create a new test user in your Clerk application
  2. Check your configured notification channels for alerts
  3. Verify the event appears in your HookFlo notification logs

Security Considerations

When setting up webhook integrations between Clerk and HookFlo, keep these security best practices in mind:
  • Protect your signing secret: Never expose the Clerk signing secret in client-side code
  • Validate all webhooks: Always use the signing secret to verify webhook authenticity
  • Use HTTPS only: Ensure all webhook URLs use encrypted connections
  • Implement proper access controls: Limit who can view sensitive user information
  • Monitor webhook activity: Regularly review webhook events for suspicious patterns

Congratulations! 🎉

You’ve successfully set up real-time authentication event tracking and alerting between Clerk and HookFlo in just a few minutes. Your team can now receive immediate notifications about important user events, helping you respond quickly to critical situations. Need more help? Contact our support team or join our Discord forum or DM me directly on X.