Clerk · Authentication Profile

Clerk Com Authentication

Authentication

Clerk secures its APIs with apiKey and http across 5 declared security schemes, as derived from its OpenAPI definitions.

AuthenticationAuthorizationB2B SaaSCIAMIdentity ManagementMFAOAuthOpenID ConnectOrganizationsPasskeysSAMLSecuritySessionsSSOUser Management
Methods: apiKey, http Schemes: 5 OAuth flows: API key in: cookie, query

Security Schemes

bearerAuth http
scheme: bearer
ProductionBrowser apiKey
· in: cookie (__client)
DevBrowser apiKey
· in: query (__dev_session)
ProductionNativeFlag apiKey
· in: query (_is_native)
ClientCredentials http
scheme: basic

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/clerk-backend-api-openapi.yml, openapi/clerk-frontend-api-openapi.yml, openapi/clerk-platform-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - cookie
  - query
schemes:
- name: bearerAuth
  type: http
  scheme: bearer
  bearerFormat: sk_<environment>_<secret value>
  description: Secret key, obtained under "API Keys" in the Clerk Dashboard.
  sources:
  - openapi/clerk-backend-api-openapi.yml
  - openapi/clerk-frontend-api-openapi.yml
  - openapi/clerk-platform-api-openapi.yml
- name: ProductionBrowser
  type: apiKey
  in: cookie
  parameter: __client
  description: |-
    The Client API token sent in the form of a browser cookie.

    Used to authenticate production browser applications.
  sources:
  - openapi/clerk-frontend-api-openapi.yml
- name: DevBrowser
  type: apiKey
  in: query
  parameter: __dev_session
  description: |-
    A Dev Browser API token sent as a query parameter.

    Used to authenticate only dev instances.

    To generate a dev instance API token you must first make a request to `/v1/dev_browser`
    and copy it from the response.
  sources:
  - openapi/clerk-frontend-api-openapi.yml
- name: ProductionNativeFlag
  type: apiKey
  in: query
  parameter: _is_native
  description: |-
    If sent and the value is true, it instructs the server to parse the API token from the `Authorization` header.

    It should always be set to true when using the `Authorization` header authentication strategy.
  sources:
  - openapi/clerk-frontend-api-openapi.yml
- name: ClientCredentials
  type: http
  scheme: basic
  description: HTTP Basic Authentication using Client ID as username and Client Secret as password.
  sources:
  - openapi/clerk-frontend-api-openapi.yml