Docs

Express Quickstart

You will learn the following:

  • Install @clerk/express
  • Set your Clerk API keys
  • Add clerkMiddleware() to your application
  • Protect your routes using requireAuth()

Learn how to integrate Clerk into your Express backend for secure user authentication and management. This guide covers backend implementation only and requires a Clerk frontend SDK in order for any of this to work.

Install @clerk/express

Clerk's Express SDK ships with a variety of helpers for the backend to make user authentication easier.

To get started using Clerk with Express, add the SDK to your project:

terminal
npm install @clerk/express
terminal
yarn add @clerk/express
terminal
pnpm add @clerk/express
.env
CLERK_PUBLISHABLE_KEY=YOUR_PUBLISHABLE_KEY
CLERK_SECRET_KEY=YOUR_SECRET_KEY

This guide uses dotenv to load the environment variables. Install the package by running the following command:

terminal
npm install dotenv
terminal
yarn add dotenv
terminal
pnpm add dotenv

Add clerkMiddleware() to your application

The clerkMiddleware() function checks the request's cookies and headers for a session JWT and, if found, attaches the Auth object to the request object under the auth key.

index.ts
import 'dotenv/config'
import express from 'express'
import { clerkMiddleware } from '@clerk/express'

const app = express()

app.use(clerkMiddleware())

app.listen(3000, () => {
  console.log(`Example app listening at http://localhost:${PORT}`)
})

Protect your routes using requireAuth()

To protect your routes, use the requireAuth() middleware. This middleware functions similarly to clerkMiddleware(), but also protects your routes by redirecting unauthenticated users to the sign-in page.

In the following example, requireAuth() is used to protect the /protected route. If the user is not authenticated, they are redirected to the '/sign-in' route. If the user is authenticated, the req.auth object is used to get the userId, which is passed to clerkClient.users.getUser() to fetch the current user's User object.

index.ts
import 'dotenv/config'
import express from 'express'
import { clerkClient, requireAuth } from '@clerk/express'

const app = express()

app.get('/protected', requireAuth({ signInUrl: '/sign-in' }), (req, res) => {
  const { userId } = req.auth
  const user = await clerkClient.users.getUser(userId)
  return res.json({ user })
})

app.get('/sign-in', (req, res) => {
  // Assuming you have a template engine installed and are using a Clerk JavaScript SDK on this page
  res.render('sign-in')
})

app.listen(3000, () => {
  console.log(`Example app listening at http://localhost:${PORT}`)
})

Use middleware to protect routes

Learn how to protect specific routes from unauthenticated users.

Protect routes based on authorization status

Learn how to protect a route based on both authentication and authorization status.

Express SDK reference

Learn more about additional Express SDK methods.

Deploy to Production

Learn how to deploy your Clerk app to production.

Feedback

What did you think of this content?

Last updated on