Clerk's JavaScript Backend SDK

Clerk's JavaScript Backend SDK exposes the Backend API⁠ resources and low-level authentication utilities for JavaScript environments, making it easier to integrate Clerk into your server-side applications.

Installation

Follow the instructions in the quickstart

to add the JS Backend SDK to your project.

Resources

The SDK is organized around resources, such as Users and Organizations. Each resource provides a set of operations (for example, creating, listing, or updating) that map directly to the Backend API. Each section below highlights the primary resources available in the SDK. For a complete list of resources and operations, see the Backend API reference⁠.

Users

The User resource provides operations for creating, retrieving, and managing users within your application. Most operations return, or work directly with, the Backend User object, which represents a user who has successfully signed up to your application. It holds information about a user, such as their unique identifier, name, email addresses, phone numbers, and more.

Organizations

The Organization resource provides operations for creating, retrieving, and managing organizations within your application. Most operations return, or work directly with, the following Backend objects:

• Organization object holds information about an organization.
• OrganizationInvitation object is the model around an organization invitation.
• OrganizationMembership object is the model around an organization membership entity and describes the relationship between users and organizations.

Billing

The Billing resource provides operations for creating and managing subscriptions plans and features within your application. Most operations return, or work directly with, the following Backend objects:

• CommerceSubscription object holds information about a subscription, as well as methods for managing it.
• CommerceSubscriptionItem object holds information about a subscription item, as well as methods for managing it.
• CommercePlan object holds information about a plan, as well as methods for managing it.
• Feature object represents a feature of a subscription plan.

Allowlist identifiers

The Allowlist Identifier resource allows you to control who can sign up or sign in to your application, by restricting access based on the user's email address or phone number. Most operations return, or work directly with, the Backend AllowlistIdentifier object, which represents an identifier that has been added to the allowlist of your application.

Domains

The Domain resource allows you to manage the domains associated with your Clerk instance. Each domain contains information about the URLs where Clerk operates and the required CNAME targets.

Sessions

The Session resource provides operations for creating, retrieving, and managing sessions within your application. Sessions are created when a user successfully goes through the sign-in or sign-up flows. Most operations return, or work directly with, the Backend Session object, which is an abstraction over an HTTP session and models the period of information exchange between a user and the server.

Clients

The Client resource provides operations for creating, retrieving, and managing clients within your application. Most operations return, or work directly with, the Backend Client object, which tracks authenticated sessions for a given device or software accessing your application, such as your web browser, native application, or Chrome Extension.

Invitations

The Invitation resource allows you to manage invitations for your application. Invitations allow you to invite someone to sign up to your application, via email. Most operations return, or work directly with, the Backend Invitation object, which represents an invitation that has been sent to a potential user.

Redirect URLs

The Redirect URL resource allows you to manage the redirect URLs associated with your Clerk instance. Redirect URLs are whitelisted URLs that facilitate secure authentication flows in native applications, such as React Native or Expo. In these contexts, Clerk ensures that security-critical nonces are passed only to the whitelisted URLs. Most operations return, or work directly with, the Backend RedirectURL object, which holds information about a redirect URL.

Email addresses

The Email Address resource allows you to manage email addresses associated with your users. Email addresses are one of the identifiers used to provide identification for users. They must be verified to ensure that they are assigned to their rightful owners. Most operations return, or work directly with, the Backend EmailAddress object, which holds all necessary state around the verification process.

Phone numbers

The Phone Number resource allows you to manage phone numbers associated with your users. Phone numbers can be used as a proof of identification for users, or simply as a means of contacting users. They must be verified to ensure that they are assigned to the rightful owners. Most operations return, or work directly with, the Backend PhoneNumber object, which holds all necessary state around the verification process.

SAML connections

The SAML Connection resource allows you to manage SAML connections associated with your organizations. A SAML Connection holds configuration data required for facilitating a SAML SSO flow between your Clerk Instance (SP) and a particular SAML IdP. Most operations return, or work directly with, the Backend SamlConnection object, which holds information about a SAML connection for an organization.

Sign-in tokens

The Sign-in Token resource allows you to create and manage sign-in tokens for your application. Sign-in tokens are JWTs that can be used to sign in to an application without specifying any credentials. A sign-in token can be used at most once and can be consumed from the Frontend API using the ticket strategy.

Testing tokens

The Testing Token resource allows you to create and manage testing tokens for your application. Testing tokens allow you to bypass bot detection mechanisms that protect Clerk applications from malicious bots, ensuring your end-to-end test suites run smoothly. Without Testing tokens, you may encounter "Bot traffic detected" errors in your requests.

M2M tokens

The M2M Token resource allows you to create and manage machine-to-machine (M2M) tokens for your application. M2M tokens allow you to manage authentication between machines. It is intended primarily as a method for authenticating requests between different backend services within your own infrastructure.

OAuth applications

The OAuth Application resource allows you to create and manage OAuth applications for your Clerk instance. OAuth applications contain data for clients using Clerk as an OAuth2 identity provider. Most operations return, or work directly with, the Backend OAuthApplication object, which holds information about an OAuth application.

Authentication utilities

In addition to the resources listed above, the JS Backend SDK also provides low-level authentication utilities that can be used to verify Clerk-generated tokens and authenticate requests from your frontend:

• authenticateRequest(): Authenticates a token passed from the frontend.
• verifyToken(): Verifies a Clerk-generated token signature.
• verifyWebhook(): Verifies the authenticity of a webhook request using Svix.