Clerk's JavaScript Backend SDK
Clerk's JavaScript Backend SDK exposes the Backend API resources and low-level authentication utilities for JavaScript environments, making it easier to integrate Clerk into your server-side applications.
Installation
Follow the instructions in the quickstart to add the JS Backend SDK to your project.
Resources
The SDK is organized around resources, such as Users and Organizations. Each resource provides a set of operations (for example, creating, listing, or updating) that map directly to the Backend API. Each section below highlights the primary resources available in the SDK. For a complete list of resources and operations, see the Backend API reference.
Users
The User resource provides operations for creating, retrieving, and managing users within your application. Most operations return, or work directly with, the Backend User object, which represents a user who has successfully signed up to your application. It holds information about a user, such as their unique identifier, name, email addresses, phone numbers, and more.
Organizations
The Organization resource provides operations for creating, retrieving, and managing organizations within your application. Most operations return, or work directly with, the following Backend objects:
- Organizationobject holds information about an organization.
- OrganizationInvitationobject is the model around an organization invitation.
- OrganizationMembershipobject is the model around an organization membership entity and describes the relationship between users and organizations.
Billing
The Billing resource provides operations for creating and managing subscriptions plans and features within your application. Most operations return, or work directly with, the following Backend objects:
- CommerceSubscriptionobject holds information about a subscription, as well as methods for managing it.
- CommerceSubscriptionItemobject holds information about a subscription item, as well as methods for managing it.
- CommercePlanobject holds information about a plan, as well as methods for managing it.
- Featureobject represents a feature of a subscription plan.
Allowlist identifiers
The Allowlist Identifier resource allows you to control who can sign up or sign in to your application, by restricting access based on the user's email address or phone number. Most operations return, or work directly with, the Backend AllowlistIdentifier object, which represents an identifier that has been added to the allowlist of your application.
Domains
The Domain resource allows you to manage the domains associated with your Clerk instance. Each domain contains information about the URLs where Clerk operates and the required CNAME targets.
Sessions
The Session resource provides operations for creating, retrieving, and managing sessions within your application. Sessions are created when a user successfully goes through the sign-in or sign-up flows. Most operations return, or work directly with, the Backend Session object, which is an abstraction over an HTTP session and models the period of information exchange between a user and the server.
Clients
The Client resource provides operations for creating, retrieving, and managing clients within your application. Most operations return, or work directly with, the Backend Client object, which tracks authenticated sessions for a given device or software accessing your application, such as your web browser, native application, or Chrome Extension.
Invitations
The Invitation resource allows you to manage invitations for your application. Invitations allow you to invite someone to sign up to your application, via email. Most operations return, or work directly with, the Backend Invitation object, which represents an invitation that has been sent to a potential user.
Redirect URLs
The Redirect URL resource allows you to manage the redirect URLs associated with your Clerk instance. Redirect URLs are whitelisted URLs that facilitate secure authentication flows in native applications, such as React Native or Expo. In these contexts, Clerk ensures that security-critical nonces are passed only to the whitelisted URLs. Most operations return, or work directly with, the Backend RedirectURL object, which holds information about a redirect URL.
Email addresses
The Email Address resource allows you to manage email addresses associated with your users. Email addresses are one of the identifiers used to provide identification for users. They must be verified to ensure that they are assigned to their rightful owners. Most operations return, or work directly with, the Backend EmailAddress object, which holds all necessary state around the verification process.
Phone numbers
The Phone Number resource allows you to manage phone numbers associated with your users. Phone numbers can be used as a proof of identification for users, or simply as a means of contacting users. They must be verified to ensure that they are assigned to the rightful owners. Most operations return, or work directly with, the Backend PhoneNumber object, which holds all necessary state around the verification process.
SAML connections
The SAML Connection resource allows you to manage SAML connections associated with your organizations. A SAML Connection holds configuration data required for facilitating a SAML SSO flow between your Clerk Instance (SP) and a particular SAML IdP. Most operations return, or work directly with, the Backend SamlConnection object, which holds information about a SAML connection for an organization.
Sign-in tokens
The Sign-in Token resource allows you to create and manage sign-in tokens for your application. Sign-in tokens are JWTs that can be used to sign in to an application without specifying any credentials. A sign-in token can be used at most once and can be consumed from the Frontend API using the ticket strategy.
Testing tokens
The Testing Token resource allows you to create and manage testing tokens for your application. Testing tokens allow you to bypass bot detection mechanisms that protect Clerk applications from malicious bots, ensuring your end-to-end test suites run smoothly. Without Testing tokens, you may encounter "Bot traffic detected" errors in your requests.
M2M tokens
The M2M Token resource allows you to create and manage machine-to-machine (M2M) tokens for your application. M2M tokens allow you to manage authentication between machines. It is intended primarily as a method for authenticating requests between different backend services within your own infrastructure.
OAuth applications
The OAuth Application resource allows you to create and manage OAuth applications for your Clerk instance. OAuth applications contain data for clients using Clerk as an OAuth2 identity provider. Most operations return, or work directly with, the Backend OAuthApplication object, which holds information about an OAuth application.
Authentication utilities
In addition to the resources listed above, the JS Backend SDK also provides low-level authentication utilities that can be used to verify Clerk-generated tokens and authenticate requests from your frontend:
- authenticateRequest(): Authenticates a token passed from the frontend.
- verifyToken(): Verifies a Clerk-generated token signature.
- verifyWebhook(): Verifies the authenticity of a webhook request using Svix.
Feedback
Last updated on