I have the default vercel deployment protection enabled for my preview deployments, but I’d love to open up access to my webhooks so that I can test critical workflows before pushing to prod. E.g. I have a staging version of my Neon database and I want to test user creation/deletion/etc, which rely on webhooks coming in from Clerk.
Right now the protection blocks my webhooks and I don’t see a way to allow them through. Is there any way to whitelist certain api paths? I know I can diable protection entirely but I’d rather just whitelist specific paths.
Current: Webhooks are protected by vercel deployment protection, so all automated webhooks (e.g. those coming in from Clerk) are blocked (they return a big HTML page).
Expected: Provide a workaround so that I can allow specific API paths without protection)
For your use case, you can use Deployment Protection Exceptions to allow specific API paths without disabling protection entirely. This feature allows you to specify preview domains that should be exempt from deployment protection.
To implement this:
Add your webhook endpoint as a Deployment Protection Exception. For example: api-webhooks.your-preview-domain.vercel.app
This specific domain will become publicly accessible, bypassing the project’s deployment protection settings.
