TheBenDev · BBruington · Apr 12, 2026 · Apr 12, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ env:
   BUN_VERSION: "1.3.10"
   AUTH_PRIVATE_KEY_PEM: "mock"
   CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
-  CLERK_WEBHOOK_SECRET: ${{ secrets.CLERK_WEBHOOK_SECRET }}
+  CLERK_WEBHOOK_SIGNING_SECRET: ${{ secrets.CLERK_WEBHOOK_SIGNING_SECRET }}
   DATABASE_URL: "postgresql://user:password@localhost:5432/dbname"
   DISCORD_API_KEY: ${{ secrets.DISCORD_API_KEY }}
   DISCORD_TOKEN: ${{ secrets.DISCORD_TOKEN }}

diff --git a/apps/web/.env.example b/apps/web/.env.example
@@ -14,7 +14,7 @@ DATABASE_URL=postgresql://postgres:postgres@localhost:5432/party_planner
 
 # Clerk Authentication (Private) - Get from Clerk Dashboard
 CLERK_SECRET_KEY=sk_test_*********
-CLERK_WEBHOOK_SECRET=whsec_************
+CLERK_WEBHOOK_SIGNING_SECRET=whsec_***********
 
 # Resend API - Get from resend.com
 RESEND_API_KEY=re_************

diff --git a/apps/web/src/env.ts b/apps/web/src/env.ts
@@ -21,7 +21,7 @@ export const env = createEnv({
 	server: {
 		AUTH_PRIVATE_KEY_PEM: z.string(),
 		CLERK_SECRET_KEY: z.string(),
-		CLERK_WEBHOOK_SECRET: z.string(),
+		CLERK_WEBHOOK_SIGNING_SECRET: z.string(),
 		DATABASE_URL: z
 			.string()
 			.default(

diff --git a/apps/web/src/routes/api.webhooks.clerk.ts b/apps/web/src/routes/api.webhooks.clerk.ts
@@ -1,31 +1,20 @@
-import type { WebhookEvent } from "@clerk/backend";
+import {
+	verifyWebhook,
+	type WebhookEvent,
+} from "@clerk/tanstack-react-start/webhooks";
 import { createFileRoute } from "@tanstack/react-router";
-import { Webhook } from "svix";
-import { env } from "@/env";
 import { serverClient } from "@/lib/serverClient";
 
 export const Route = createFileRoute("/api/webhooks/clerk")({
 	server: {
 		handlers: {
 			POST: async ({ request }) => {
-				const payload = await request.text();
-
-				const svixId = request.headers.get("svix-id");
-				const svixTimestamp = request.headers.get("svix-timestamp");
-				const svixSignature = request.headers.get("svix-signature");
-				if (!(svixId && svixTimestamp && svixSignature)) {
-					return new Response("Missing svix headers", { status: 400 });
-				}
-				const wh = new Webhook(env.CLERK_WEBHOOK_SECRET);
 				let evt: WebhookEvent;
-
 				try {
-					evt = wh.verify(payload, {
-						"svix-id": svixId,
-						"svix-signature": svixSignature,
-						"svix-timestamp": svixTimestamp,
-					}) as WebhookEvent;
-				} catch (_) {
+					evt = await verifyWebhook(request);
+				} catch (error) {
+					// biome-ignore lint/suspicious/noConsole: This is ok for now
+					console.error(error);
 					return new Response("Invalid signature", { status: 400 });
 				}
 				switch (evt.type) {