Svix (generic)
One mode for every SaaS that ships webhooks via Svix
Svix is the hosted webhook platform behind a long list of modern SaaS products — Clerk, Resend, Orb, Knock, Humanloop, Dub, Beam, and many more. They all sign with the same headers (svix-id, svix-timestamp, svix-signature), so one Wexio mode covers every Svix-powered provider.
If your sender is Svix-powered but has a dedicated preset (Clerk, Resend…), use the dedicated preset — it ships with provider-specific hint text. For other Svix senders, use this generic guide.
Provider docs: Setting up webhooks in Svix
How to tell if a provider uses Svix
Look at the signature headers on their webhook documentation. If you see all three:
svix-idsvix-timestampsvix-signature(with one or morev1,<base64>entries)
…they're using Svix. The signing secret usually starts with whsec_.
Known Svix-powered providers (non-exhaustive): Clerk, Resend, Orb, Knock, Humanloop, Dub, Beam, plus any SaaS that lists "powered by Svix" in their webhook docs.
Setup
1. Wexio connection
New connection → Inbound → Svix preset (or pick Auth mode: Svix manually).
2. Provider-side config
In the provider's dashboard, create a webhook / endpoint / subscription pointing at the Wexio URL. The provider displays the signing secret — copy it (usually whsec_…) into Wexio's Signing secret field.
3. Contact resolution
Provider-specific — look at a sample payload (Capture schema → inject a sample, or let a real event land) and pick the field that matches a Wexio contact.
4. Capture schema, bind a flow
Standard flow. Branch on the provider's event type field.
Timestamp Tolerance
Svix rejects (and Wexio mirrors) signatures older than ±5 minutes. Providers rotate signing secrets by delivering multiple v1,<base64> values — Wexio accepts any matching v1 entry during the rotation window.
Troubleshooting
| Symptom | Fix |
|---|---|
UNAUTHORIZED: Svix signature mismatch | You copied the wrong secret. The one that starts with whsec_ is correct; do not paste the whole whsec_<base64> string minus the prefix — keep the whsec_ prefix |
UNAUTHORIZED: Svix timestamp outside ±5 min tolerance | Old replay; let the provider stop retrying |
| Multiple signature lines in header | Normal during rotation — Wexio accepts any match |