Skip to Content
You are viewing a beta version of Clerk Docs
Visit the latest docs
Clerk logo

Clerk Docs

Ctrl + K
Go to clerk.com

authenticateRequest()

Authenticates a token passed from the frontend. Networkless if the secretKey or jwtKey are provided. Otherwise, performs a network call to retrieve the JWKS from Clerk's Backend API.

function authenticateRequest: (request: Request, options: AuthenticateRequestOptions) => Promise<RequestState>;

authenticateRequest() parameters

NameTypeDescription
requestRequestRequest object
options?AuthenticateRequestOptionsOptional options to configure the authentication.

AuthenticateRequestOptions

NameTypeDescription
secretKey?stringThe Clerk secret key from the API Keys(opens in a new tab) page in the Clerk Dashboard.
publishableKey?stringThe Clerk publishable key from the API Keys(opens in a new tab) page in the Clerk Dashboard.
domain?stringThe domain for the application. For development, you can pass the localhost your application is running on. For example: localhost:3001
isSatellite?booleanSet to true if the instance is a satellite domain in a multi-domain setup.
proxyUrl?stringThe proxy URL from a multi-domain setup.
signInUrl?stringThe sign-in URL from a multi-domain setup. It's recommended to use the environment variable instead.
afterSignInUrl?stringThe URL to navigate after sign-in completion. Defaults to /. It's recommended to use the environment variable instead.
signUpUrl?stringIt's recommended to use sign-up URL from a multi-domain setup. Use the environment variable instead.
afterSignUpUrl?stringThe URL to navigate after sign-up completion. Defaults to /. It's recommended to use the environment variable instead.
jwtKey?stringThe PEM public key from the API Keys(opens in a new tab) page -> Advanced -> JWT public key section of the Clerk Dashboard. It's recommended to use the environment variable instead.
audience?string | string[]A string or list of audiences(opens in a new tab).
authorizedPartiesstring[]
clockSkewInMs?numberSpecifies the allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms (5 seconds).
jwksCacheTtlInMs?numberSpecifies the allowed time (in milliseconds) the JWKs are considered valid in cache . Defaults to 3600_000 ms (1 hour).
skipJwksCache?booleanA flag to skip ignore cache and always fetch JWKs before each jwt verification.

authenticateRequest() example

Takes the token passed by the frontend as a Bearer token in the Authorization header, and performs a networkless authenication. This will verify if the user is signed into the application or not.

import { clerkClient } from '@clerk/nextjs/server' import { NextRequest, NextResponse } from 'next/server' export async function GET(req: NextRequest) { const { isSignedIn } = await clerkClient.authenticateRequest(req) if ( !isSignedIn ) { return NextResponse.json({ status: 401 }) } // Perform protected actions return NextResponse.json({ message: "This is a reply" }) }

Last updated on March 8, 2024

What did you think of this content?

Clerk © 2024