Express Quickstart
Before you start
Example repository
Learn how to integrate Clerk into your Express backend for secure user authentication and management. This guide focuses on backend implementation and requires a Clerk frontend SDK to function correctly.
Install @clerk/express
The Clerk Express SDK provides a range of backend utilities to simplify user authentication and management in your application.
Run the following command to install the SDK:
npm install @clerk/expressyarn add @clerk/expresspnpm add @clerk/expressbun add @clerk/expressAdd the following keys to your .env file. These keys can always be retrieved from the API keys page in the Clerk Dashboard.
- In the Clerk Dashboard, navigate to the API keys page.
- In the Quick Copy section, copy your Clerk Publishable and Secret Keys.
- Paste your keys into your
.envfile.
The final result should resemble the following:
CLERK_PUBLISHABLE_KEY=YOUR_PUBLISHABLE_KEY
CLERK_SECRET_KEY=YOUR_SECRET_KEYThis guide uses dotenv to load the environment variables. Run the following command to install it:
npm install dotenvyarn add dotenvpnpm add dotenvbun add dotenvAdd clerkMiddleware() to your app
The clerkMiddleware() function checks the request's cookies and headers for a session JWT and, if found, attaches the Auth object to the request object under the auth key.
import 'dotenv/config'
import express from 'express'
import { clerkMiddleware } from '@clerk/express'
const app = express()
const PORT = 3000
app.use(clerkMiddleware())
// Start the server and listen on the specified port
app.listen(PORT, () => {
console.log(`Example app listening at http://localhost:${PORT}`)
})Protect your routes using requireAuth()
To protect your routes, use the requireAuth() middleware. This middleware functions similarly to clerkMiddleware(), but also protects your routes by redirecting unauthenticated users to the sign-in page.
In the following example, requireAuth() is used to protect the /protected route. If the user isn't authenticated, they're redirected to the homepage. If the user is authenticated, the getAuth() function is used to get the userId, which is passed to clerkClient.users.getUser() to fetch the current user's User object.
import 'dotenv/config'
import express from 'express'
import { clerkClient, requireAuth, getAuth } from '@clerk/express'
const app = express()
const PORT = 3000
// Use requireAuth() to protect this route
// If user isn't authenticated, requireAuth() will redirect back to the homepage
app.get('/protected', requireAuth(), async (req, res) => {
// Use `getAuth()` to get the user's `userId`
const { userId } = getAuth(req)
// Use Clerk's JavaScript Backend SDK to get the user's User object
const user = await clerkClient.users.getUser(userId)
return res.json({ user })
})
// Start the server and listen on the specified port
app.listen(PORT, () => {
console.log(`Example app listening at http://localhost:${PORT}`)
})Add global TypeScript type (optional)
If you're using TypeScript, add a global type reference to your project to enable auto-completion and type checking for the auth object in Express request handlers.
- In your application's root folder, create a
types/directory. - Inside this directory, create a
globals.d.tsfile with the following code.
/// <reference types="@clerk/express/env" />Use middleware to protect routes
Learn how to protect specific routes from unauthenticated users.
Protect routes based on authorization status
Learn how to protect a route based on both authentication and authorization status.
Express SDK reference
Learn more about additional Express SDK methods.
Deploy to Production
Learn how to deploy your Clerk app to production.