Express Quickstart
Before you start
Example repository
Learn how to integrate Clerk into your Express backend for secure user authentication and management. This guide covers backend implementation only and requires a Clerk frontend SDK in order for any of this to work.
Install @clerk/express
Clerk's Express SDK ships with a variety of helpers for the backend to make user authentication easier.
To get started using Clerk with Express, add the SDK to your project:
npm install @clerk/expressyarn add @clerk/expresspnpm add @clerk/expressAdd the following keys to your .env file. These keys can always be retrieved from the API keys page in the Clerk Dashboard.
- In the Clerk Dashboard, navigate to the API keys page.
- In the Quick Copy section, copy your Clerk Publishable and Secret Keys.
- Paste your keys into your
.envfile.
The final result should resemble the following:
CLERK_PUBLISHABLE_KEY=YOUR_PUBLISHABLE_KEY
CLERK_SECRET_KEY=YOUR_SECRET_KEYThis guide uses dotenv to load the environment variables. Run the following command to install it:
npm install dotenvyarn add dotenvpnpm add dotenvAdd clerkMiddleware() to your application
The clerkMiddleware() function checks the request's cookies and headers for a session JWT and, if found, attaches the Auth object to the request object under the auth key.
import 'dotenv/config'
import express from 'express'
import { clerkMiddleware } from '@clerk/express'
const app = express()
app.use(clerkMiddleware())
app.listen(3000, () => {
console.log(`Example app listening at http://localhost:${PORT}`)
})Protect your routes using requireAuth()
To protect your routes, use the requireAuth() middleware. This middleware functions similarly to clerkMiddleware(), but also protects your routes by redirecting unauthenticated users to the sign-in page.
In the following example, requireAuth() is used to protect the /protected route. If the user is not authenticated, they are redirected to the '/sign-in' route. If the user is authenticated, the req.auth object is used to get the userId, which is passed to clerkClient.users.getUser() to fetch the current user's User object.
import 'dotenv/config'
import express from 'express'
import { clerkClient, requireAuth } from '@clerk/express'
const app = express()
app.get('/protected', requireAuth({ signInUrl: '/sign-in' }), async (req, res) => {
const { userId } = req.auth
const user = await clerkClient.users.getUser(userId)
return res.json({ user })
})
app.get('/sign-in', (req, res) => {
// Assuming you have a template engine installed and are using a Clerk JavaScript SDK on this page
res.render('sign-in')
})
app.listen(3000, () => {
console.log(`Example app listening at http://localhost:${PORT}`)
})Use middleware to protect routes
Learn how to protect specific routes from unauthenticated users.
Protect routes based on authorization status
Learn how to protect a route based on both authentication and authorization status.
Express SDK reference
Learn more about additional Express SDK methods.
Deploy to Production
Learn how to deploy your Clerk app to production.
Feedback
Last updated on