Validating Webhook Requests

Overview

Webhook requests from automations and integrations include five specific headers that help you identify and validate the authenticity of each call.

Header	Description
X-ClarusWMS-Domain	The base URL that initiated the webhook call (your login URL)
X-ClarusWMS-API-Domain	The API URL linked to the domain
X-ClarusWMS-Subdomain	The subdomain part of the URL (e.g., `customer`)
X-ClarusWMS-Automation-ID	The unique ID of the automation that triggered the webhook (e.g., `43`)
X-ClarusWMS-Integration-ID	The ID of the linked integration (only included if applicable, e.g., `723`)

Check X-ClarusWMS-Domain

Verify the origin of the request matches your expected base URL.

Check X-ClarusWMS-API-Domain

Confirm the associated API endpoint matches the originating domain.

Check X-ClarusWMS-Subdomain

Pinpoint the specific subdomain from which the call originated.

Check X-ClarusWMS-Automation-ID

Trace which automation initiated the call using its unique ID.

Check X-ClarusWMS-Integration-ID

If present, identify the specific integration involved.

Validate authenticity

Use the combined header values to confirm the request is genuine and from a trusted source.

These headers are essential for confirming that a webhook request to your URL is legitimate and has not been spoofed.

⌘I