Modern Authentication for AI applications

Bot and abuse protection included in every plan. Industry-forward pricing, like only charging for users after their first day of activity. And more.

Get started

Bot and abuse protection

We focus on blocking bad actors, so you can focus on innovating with AI.

Clerk deploys advanced bot and multi-account protection to detect and neutralize attacks in real time. Dramatically reduce fraudulent sign-ups with our continually updated machine learning.

Get started

  • Fingerprinting

    Network and device analysis provide an invisible barrier to authenticate humans and filter out automated access attempts.

  • CAPTCHA

    Cloudflare Turnstile is built-in and completely invisible for 99.9% of users, only appearing when extra verification is needed.

  • Rate Limiting

    When humans circumvent CAPTCHAs simply by being human, IP rate limits are a simple yet effective backstop against free trial abuse.

  • Disposable Email Detection

    Stop fraudulent sign-ups by blocking high-risk disposable email domains, or limit email subaddresses that leverage the "+" separator.

Galileo AI

Migrating our authentication to Clerk was a breeze. We loved the white-glove support, bot detection, and clear pricing that scales effectively with our growth.

Arnaud BenardCo-Founder / Galileo AI

First day free

We only want to charge for users who are truly active.

First Day Free means no charges for users who sign-up but never return. Users are only counted as active when they come back after 24 hours.

Get started

Session Management

Fully managed infrastructure, with sub-millisecond authentication

Clerk securely manages the full session lifecycle, with features like active device monitoring, session revocation, and sub-millisecond authentication.

Get started

  • Low latency

    Don’t let auth slow your critical path. Let us obsess about the complexities of session management infrastructure, so you don’t have to. Clerk’s session architecture is purpose-built for extreme performance and low-latency across the globe.

  • Stop account takeovers in their tracks

    Clerk provides features like session revocation out of the box. It’s time-consuming to build features that help you stay secure – let us fixate on assessing and protecting against the latest threats, so you can focus on your core product.

  • Multi-account, multi-device, multi-session

    Multi-account, multi-device, multi-session by default. Clerk’s session management allows users to sign into and switch between multiple accounts, creating seamless separation between business and personal contexts.

Clerk components

Pre-built components, customized and deployed in minutes

Simply add <SignIn />, <SignUp />, <UserButton />, <UserProfile /> to implement complete user management. Keep the default styling or bring your own CSS, and deploy everything on your own domain – making it easier on you and your users.

Social SSO

Authentication your users want, configured with a single click

Clerk’s high-conversion Social SSO is engineered to optimize developer and end-user experience. Simply select the providers you want to enable and help your users sign up at least 1.3x faster.

Advanced Security

Enterprise-ready security, out of the box

Clerk enables you to integrate an enterprise-ready solution, where security, privacy, and compliance are not only a top priority, but our crucial responsibility.

Get started

  • Pen test & source code review

    Clerk’s third-party testing and assessments are guided by the OWASP Testing Guide, the OWASP Application Security Verification Standard, and the NIST Technical Guide to Information Security Testing and Assessment.

  • XSS leak protection

    Clerk ensures that credentials cannot be leaked during XSS attacks by using HttpOnly cookies for authenticated requests to our Frontend API in order to minimize potential attack surface area.

  • CSRF protection

    Clerk configures cookies with the SameSite flag in order to configure tokens in a way that protects against Cross Site Request Forgery (CSRF) attacks.

  • Session fixation protection

    Clerk protects against hijacking of user sessions via session fixation by resetting the session token each time a user signs in or out of a browser, meaning that old session tokens are invalidated when the session is reset, and they can no longer be used for authentication.

  • Password protection and rules

    To ensure that passwords are effective, Clerk contracts with HaveIBeenPwned to review prospective passwords and uses NIST guidelines to determine the character rules. To ensure that passwords are kept safe once they are set, Clerk leverages bcrypt, an industry standard hashing algorithm for storage.

  • Session leak protection

    To protect against session leaks, Clerk sets multiple independent cookies (one for the main domain and one for the subdomain), rather than sharing cookies across subdomains. This means that an attack on Clerk cannot be chained into an attack on your application.

Start now, no strings attached.

Integrate complete user management in minutes. Free for your first 10,000 monthly active users and 100 monthly active orgs. No credit card required.

Start building