Clerk
Point Clerk's webhooks at Invoance and every organization in your app starts accumulating signed, independently verifiable audit events (sign-ins, membership changes, role updates) before your team writes a line of instrumentation. Every delivery is verified against its Svix signature before anything is trusted.
Set up
- Create the integration in Dashboard → Audit Logs → Integrations (provider: Clerk) and copy the webhook URL. It is shown once and stored hashed.
- In the Clerk Dashboard, open Configure → Webhooks → Add endpoint and paste the URL.
- Subscribe to the events you want from the table below; start with the core set.
- Copy the endpoint's signing secret (
whsec_…) into the integration. If you ever rotate it in Clerk, use Roll secret on the source; the URL stays the same and nothing else changes.
Event map
Verified events are translated into a clean audit vocabulary, Ed25519-signed, and sealed into each organization's gap-free sequence, identical to events sent via the API. Provider events carry the end-customer organization; unknown orgs are auto-created (up to your plan's limit) with their real names.
| Clerk event | Becomes | Organization | Tier |
|---|---|---|---|
| organizationMembership.created | member.added | embedded organization (auto-creates it, with name) | core |
| organizationMembership.deleted | member.removed | embedded organization | core |
| organizationMembership.updated | role.changed (role kept in metadata) | embedded organization | core |
| organization.created | organization.created | the organization itself | core |
| user.created | user.created | none → org-less policy | core |
| user.deleted | user.deleted | none → org-less policy | core |
| session.revoked | session.revoked | session's active organization (nullable) | core |
| session.created | user.signed_in | session's active organization (nullable) | high-volume |
| session.removed | user.signed_out | session's active organization (nullable) | high-volume |
| user.updated | user.updated | none → org-less policy | high-volume |
High-volume tier: session.created fires on every sign-in, session.removed on sign-outs and session expiry, and user.updated on any User-object change including backend metadata writes. They count against your monthly signed-event allotment, so subscribe deliberately. session.ended is intentionally not mapped: a single sign-out fires both it and session.removed, which would double-count.
Response codes, retry behavior, quota rules, and org routing are shared by every provider and documented under delivery semantics on the Integrations overview. Once events are flowing, the quick start shows how to instrument your product's own actions with one call each.