Clerk
// pages/api/webhooks/clerk.ts
import { Webhook } from "svix";
import { headers } from "next/headers";
export async function POST(req: Request) {
const headersList = await headers();
const svixId = headersList.get("svix-id");
const svixTimestamp = headersList.get("svix-timestamp");
const svixSignature = headersList.get("svix-signature");
if (!svixId || !svixTimestamp || !svixSignature) {
return new Response("Missing svix headers", { status: 400 });
}
const body = await req.text();
const payload = JSON.parse(body);
if (payload.type === "user.created") {
const email = payload.data.email_addresses?.[0]?.email_address;
if (email) {
try {
const r = await fetch(
`https://api.disposableguard.com/v1/check?email=${encodeURIComponent(email)}`,
{
headers: {
Authorization: `Bearer ${process.env.DG_KEY}`,
},
}
);
if (r.ok && (await r.json()).is_disposable) {
// Delete the user via Clerk API
// await clerkClient.users.deleteUser(payload.data.id);
}
} catch {
// fail-open
}
}
}
return new Response("", { status: 200 });
}Notes
Set up a Clerk webhook pointing to this endpoint. For real-time blocking, use a pre-signup form check instead.