Skip to main content

Clerk Changelog

Subscribe to RSS

API Keys Public Beta

Category
Product
Published

Allow your users to create API keys that delegate access to your application's API on their behalf.

API keys are now available for authorization, with management built-in to the prebuilt components. This feature is part of the machine authentication suite.

Zero-Code UI Components

When you enable API keys in the Clerk Dashboard, an API Keys tab appears in your <UserProfile /> and <OrganizationProfile /> components. Users can then create, view, and revoke their API keys.

You can also use the standalone <APIKeys /> component anywhere in your application:

import { APIKeys } from '@clerk/nextjs'

export default function Page() {
  return <APIKeys />
}

Backend SDK Integration

You can also create and manage API keys programmatically using the Backend SDK, with control over scopes, claims, and expiration:

const apiKey = await clerkClient.apiKeys.create({
  name: 'Production API Key',
  subject: 'user_xxx', // or 'org_xxx' for organization keys
  scopes: ['read:data', 'write:data'],
  secondsUntilExpiration: 86400, // optional: expires in 24 hours
})

// Store apiKey.secret immediately - it's only shown once!

Verify API Keys in Your Routes

Use the auth() helper to verify API keys in your backend. An example of this using Next.js is shown below:

import { auth } from '@clerk/nextjs/server'
import { NextResponse } from 'next/server'

export async function GET() {
  const { isAuthenticated, userId, scopes } = await auth({
    acceptsToken: 'api_key',
  })

  if (!isAuthenticated) {
    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
  }

  // Check scopes for fine-grained access control
  if (!scopes?.includes('read:data')) {
    return NextResponse.json({ error: 'Missing required scope' }, { status: 403 })
  }

  return NextResponse.json({ userId })
}

Key Features

  • User & Organization scoped — Keys maintain identity context, always tied to a user or organization
  • Instant revocation — API keys use opaque tokens (not JWTs), enabling immediate invalidation
  • Scopes — Define exactly what each key can access
  • Custom claims — Store additional metadata on keys (backend SDK only)
  • Optional expiration — Set TTL or keep keys long-lived

Pricing

API keys are free to use during the beta period. After general availability, they'll move to a simple usage-based pricing model:

  • $0.001 per key creation
  • $0.0001 per key verification

Billing isn't live yet — we'll provide at least 30 days' notice before billing begins. We'll also provide usage stats and monitoring in the Dashboard before then, so you'll have complete visibility over your usage and costs.

Get Started Today

Ready to let your users create API keys? Check out these resources:

  • API keys guide — Complete walkthrough of enabling and using API keys
  • Backend SDK reference — Full API for creating, listing, verifying, and revoking keys
  • Dashboard — Enable API keys for your application
  • Tutorial — Build a SaaS application with Clerk and API keys, step by step

We'd love to hear your feedback as you try out API keys. Your input during the beta period will help us refine the feature. Have questions or suggestions? Reach out through our feedback portal or join the discussion in our Discord community.

Contributors
Jeff Escalante
Robert Soriano
Brandon Romano
Ben Werner
Bruno Lin

Share this article

Prebuilt Android Components

Category
android
Published

Ready-to-use authentication views for Android apps.

We're excited to introduce prebuilt UI views that make it incredibly easy to add authentication flows to your Android applications.

These new Android views provide complete authentication experiences out of the box, eliminating the need to build custom sign-in and user management interfaces from scratch. With just a few lines of code, you can now add authentication and user management to your Android app that matches Material Design standards and includes advanced features like multi-factor authentication, social sign-in, and comprehensive user profile management.

AuthView - Complete Authentication Flow

The AuthView provides a comprehensive authentication experience supporting both sign-in and sign-up flows, multi-factor authentication, password reset, account recovery and more.

The AuthView renders a comprehensive authentication interface that handles both user sign-in and sign-up flows.
HomeView.kt
import androidx.compose.runtime.Composable
import androidx.compose.ui.Modifier
import androidx.compose.ui.Alignment
import androidx.compose.ui.layout.fillMaxSize
import androidx.lifecycle.compose.collectAsStateWithLifecycle
import com.clerk.api.Clerk
import com.clerk.ui.auth.AuthView
import com.clerk.ui.userbutton.UserButton

@Composable
fun HomeView() {
  val user by Clerk.userFlow.collectAsStateWithLifecycle()
  Box(
    modifier = Modifier.fillMaxSize(),
    contentAlignment = Alignment.Center,
  ) {
      if (user != null) {
        UserButton()
      } else {
        AuthView()
      }
   }
}

UserButton - Profile Access Made Simple

The UserButton displays the current user's profile image in a circular button and opens the full user profile when tapped.

The UserButton is a circular button that displays the signed-in user's profile image.
HomeView.kt
import androidx.compose.material3.TopAppBar
import com.clerk.ui.userbutton.UserButton

TopAppBar(title = {}, actions = { UserButton() })

UserProfileView - Comprehensive Account Management

The UserProfileView provides a complete interface for users to manage their accounts, including personal information, security settings, account switching, and sign-out functionality.

The UserProfileView renders a comprehensive user profile interface that displays user information and provides account management options.
ProfileView.kt
import androidx.compose.runtime.Composable
import androidx.compose.ui.Modifier
import androidx.compose.ui.Alignment
import androidx.compose.ui.layout.fillMaxSize
import androidx.lifecycle.compose.collectAsStateWithLifecycle
import com.clerk.api.Clerk
import com.clerk.ui.userprofile.UserProfileView

@Composable
fun ProfileView() {
  val user by Clerk.userFlow.collectAsStateWithLifecycle()
  Box(
    modifier = Modifier.fillMaxSize(),
    contentAlignment = Alignment.Center,
  ) {
      if (user != null) {
        UserProfileView()
      }
   }
}

ClerkTheme - Customization

The new theming system allows you to customize the appearance of all Clerk views to match your app's design.

MyApplication.kt
import android.app.Application
import androidx.compose.ui.graphics.Color
import com.clerk.ui.theme.ClerkTheme
import com.clerk.ui.theme.ClerkColors
import com.clerk.api.Clerk

class MyApplication : Application() {

  override fun onCreate() {
    super.onCreate()
      Clerk.initialize(
        this,
        key,
        options = ClerkConfigurationOptions(enableDebugMode = true),
        theme = ClerkTheme(colors = ClerkColors(primary = Color.Red)),
      )
  }
}

Light and Dark Mode Support

All Clerk Android views automatically support both light and dark mode appearance, adapting seamlessly to the user's system preferences.

Light Mode Dark Mode

Breaking changes

The Clerk Android SDK has been split into two packages:

  • com.clerk:clerk-api - The core Clerk SDK for authentication and user management. (This was previously called com.clerk:clerk-android)
  • com.clerk:clerk-ui - The Clerk UI components for authentication and user management.

The com.clerk:clerk-ui pulls the com.clerk:clerk-api package as a dependency, so you only need to add the com.clerk:clerk-ui package to your dependencies if you're using the Clerk UI components.

Getting Started

To get started follow the Quickstart Guide and see the views docs:

Feedback

We're excited to see what you build with these new views! Share your feedback and join the conversation in our Discord community.

Contributor
Sam Wolfand

Share this article

Debug logs for enterprise connections

Category
SSO
Published

Debug logs for enterprise connections are now available in the Dashboard, making it easier to diagnose and resolve IdP configuration issues.

When configuring SAML or OIDC connections, you can now view detailed error logs directly in the Dashboard.

Each error log includes the error code, message, and actionable guidance on how to resolve the issue.

For more information on common SSO errors, check out our documentation.

Contributors
Tu Nguyen
Laura Beatris

Share this article

Vercel SSO Provider

Category
SSO
Published

Enable users to sign in to your application using their Vercel accounts.

Vercel is now available as a built-in SSO provider, allowing users to sign in to your application using their Vercel accounts.

Visit the setup guide to configure Sign in with Vercel for your application.

Contributors
Bryce Kalow
Kevin Wang
Mitch Vostrez
Railly Hugo

Share this article

Enable organizations from your app during development

Category
Organizations
Published

You can now enable Organizations directly in your app during development, without navigating to the Clerk Dashboard.

Prompt to enable organizations feature in development

When you first use organization components or hooks in a development instance, Clerk will automatically prompt you to enable Organizations. The prompt includes a toggle to allow personal accounts and a link to the Dashboard for advanced configuration.

This reduces friction when building B2B applications — no more context switching between your code editor and the Dashboard just to enable a feature.

Contributors
Laura Beatris
Alex Carpenter
Tony Gines
Tu Nguyen

Share this article

Manage organization roles and permissions through Clerk's API

Category
Organizations
Published

Build custom role based access control (RBAC) systems by managing organization roles and permissions via an API.

You can now completely manage permissions and roles through the Clerk Backend API. Build sophisticated access control systems tailored to your application's needs — whether you're syncing roles from external systems, automating permission assignments, or creating custom admin interfaces.

What's new

The following endpoints are now available on Clerk's backend API:

Organization Permissions

EndpointDescription
GET /v1/organization_permissionsList all permissions with pagination and filtering
POST /v1/organization_permissionsCreate a new permission
GET /v1/organization_permissions/{permission_id}Retrieve a specific permission
PATCH /v1/organization_permissions/{permission_id}Update a permission
DELETE /v1/organization_permissions/{permission_id}Delete a permission

Organization Roles

EndpointDescription
GET /v1/organization_rolesList all roles
POST /v1/organization_rolesCreate a new role
GET /v1/organization_roles/{role_id}Retrieve a specific role
PATCH /v1/organization_roles/{role_id}Update a role
DELETE /v1/organization_roles/{role_id}Delete a role

Role Permissions

EndpointDescription
POST /v1/organization_roles/{role_id}/permissions/{permission_id}Assign a permission to a role
DELETE /v1/organization_roles/{role_id}/permissions/{permission_id}Remove a permission from a role

Getting started

Visit the API reference for detailed documentation on request parameters and response formats.

Contributors
Gabriel Melo
Nicolas Lopes

Share this article