Query structured spec data via REST or MCP. Get exactly what your agent needs.
https://api.clerk.com/v1
/actor_tokens
Create an actor token that can be used to impersonate the given user.
The actor parameter needs to include at least a “sub” key whose value is the ID of the actor (impersonating) user.
application/json
ActorTokensCreateTokenRequest
| Property | Type | Required |
|---|---|---|
| actor | object | required |
| user_id | string | required |
| expires_in_seconds | integer | optional |
| session_max_duration_in_seconds | integer | optional |
Success
Request was not successful
Payment required
Invalid request parameters
POST /actor_tokens
/actor_tokens/{actor_token_id}/revoke
Revokes a pending actor token.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| actor_token_id | path | required | string | The ID of the actor token to be revoked. |
Success
Request was not successful
Resource not found
POST /actor_tokens/{actor_token_id}/revoke
/allowlist_identifiers
Create an identifier allowed to sign up to an instance
application/json
AllowlistBlocklistAddIdentifierToAllowListRequest
| Property | Type | Required |
|---|---|---|
| notify | boolean | optional |
| identifier | string | required |
Success
Request was not successful
Payment required
Invalid request parameters
POST /allowlist_identifiers
/blocklist_identifiers
Create an identifier that is blocked from accessing an instance
application/json
AllowlistBlocklistAddIdentifierRequest
| Property | Type | Required |
|---|---|---|
| identifier | string | required |
Success
Request was not successful
Payment required
Invalid request parameters
POST /blocklist_identifiers
/instance/change_domain
Change the domain of a production instance.
Changing the domain requires updating the DNS records accordingly, deploying new SSL certificates, updating your Social Connection’s redirect URLs and setting the new keys in your code.
WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur.
application/json
BetaFeaturesUpdateInstanceDomainRequest
| Property | Type | Required |
|---|---|---|
| home_url | string | optional |
Accepted
Request was not successful
Request was not successful
POST /instance/change_domain
/clients/verify
Verifies the client in the provided token
Parameters.
application/json
ClientsVerifyClientTokenRequest
| Property | Type | Required |
|---|---|---|
| token | string | optional |
Success
Request was not successful
Authentication invalid
Resource not found
POST /clients/verify
/domains
Add a new domain for your instance.
Useful in the case of multi-domain instances, allows adding satellite domains to an instance.
The new domain must have a name. The domain name can contain the port for development instances, like localhost:3000.
At the moment, instances can have only one primary domain, so the is_satellite parameter must be set to true.
If you’re planning to configure the new satellite domain to run behind a proxy, pass the proxy_url parameter accordingly.
application/json
DomainsAddSatelliteDomainRequest
| Property | Type | Required |
|---|---|---|
| name | string | required |
| proxy_url | string | optional |
| is_satellite | boolean | required |
A domain
Request was not successful
Request was not successful
Invalid request parameters
POST /domains
/templates/{template_type}/{slug}/preview
Returns a preview of a template for a given template_type, slug and body
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| template_type | path | required | string | The type of template to preview |
| slug | path | required | string | The slug of the template to preview |
Required parameters
application/json
EmailSmsTemplatesPreviewTemplateRequest
| Property | Type | Required |
|---|---|---|
| body | string | optional |
| subject | string | optional |
| from_email_name | string | optional |
OK
Request was not successful
Authentication invalid
Resource not found
Invalid request parameters
POST /templates/{template_type}/{slug}/preview
/templates/{template_type}/{slug}/revert
Reverts an updated template to its default state
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| template_type | path | required | string | The type of template to revert |
| slug | path | required | string | The slug of the template to revert |
Success
Request was not successful
Authentication invalid
Payment required
Resource not found
POST /templates/{template_type}/{slug}/revert
/templates/{template_type}/{slug}/toggle_delivery
Toggles the delivery by Clerk for a template of a given type and slug.
If disabled, Clerk will not deliver the resulting email or SMS.
The app developer will need to listen to the email.created or sms.created webhooks in order to handle delivery themselves.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| template_type | path | required | string | The type of template to toggle delivery for |
| slug | path | required | string | The slug of the template for which to toggle delivery |
application/json
EmailSmsTemplatesToggleDeliveryByTypeAndSlugRequest
| Property | Type | Required |
|---|---|---|
| delivered_by_clerk | boolean | optional |
Success
Request was not successful
Authentication invalid
Resource not found
POST /templates/{template_type}/{slug}/toggle_delivery
/email_addresses
Create a new email address
application/json
EmailAddressesCreateNewAddressRequest
| Property | Type | Required |
|---|---|---|
| primary | boolean | optional |
| user_id | string | optional |
| verified | boolean | optional |
| email_address | string | optional |
Success
Request was not successful
Authentication invalid
Authorization invalid
Resource not found
Invalid request parameters
POST /email_addresses
/invitations
Creates a new invitation for the given email address and sends the invitation email.
Keep in mind that you cannot create an invitation if there is already one for the given email address.
Also, trying to create an invitation for an email address that already exists in your application will result to an error.
Required parameters
application/json
InvitationsCreateNewInvitationRequest
| Property | Type | Required |
|---|---|---|
| notify | boolean | optional |
| redirect_url | string | optional |
| email_address | string | required |
| ignore_existing | boolean | optional |
| public_metadata | object | optional |
Success
Request was not successful
Invalid request parameters
POST /invitations
/invitations/{invitation_id}/revoke
Revokes the given invitation.
Revoking an invitation will prevent the user from using the invitation link that was sent to them.
However, it doesn’t prevent the user from signing up if they follow the sign up flow.
Only active (i.e. non-revoked) invitations can be revoked.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| invitation_id | path | required | string | The ID of the invitation to be revoked |
Success
Request was not successful
Resource not found
POST /invitations/{invitation_id}/revoke
/jwt_templates
Create a new JWT template
application/json
JwtTemplatesCreateTemplateRequest
| Property | Type | Required |
|---|---|---|
| name | string | optional |
| claims | object | optional |
| lifetime | number | optional |
| signing_key | string | optional |
| signing_algorithm | string | optional |
| allowed_clock_skew | number | optional |
| custom_signing_key | boolean | optional |
Success
Request was not successful
Payment required
Invalid request parameters
POST /jwt_templates
/oauth_applications
Creates a new OAuth application with the given name and callback URL for an instance.
The callback URL must be a valid url.
All URL schemes are allowed such as http://, https://, myapp://, etc…
application/json
OAuthApplicationsCreateNewApplicationRequest
| Property | Type | Required |
|---|---|---|
| name | string | required |
| public | boolean | optional |
| scopes | string | optional |
| callback_url | string | required |
An OAuth application with client secret
Request was not successful
Authorization invalid
Invalid request parameters
POST /oauth_applications
/oauth_applications/{oauth_application_id}/rotate_secret
Rotates the OAuth application’s client secret.
When the client secret is rotated, make sure to update it in authorized OAuth clients.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| oauth_application_id | path | required | string | The ID of the OAuth application for which to rotate the client secret |
An OAuth application with client secret
Authorization invalid
Resource not found
POST /oauth_applications/{oauth_application_id}/rotate_secret
/organizations/{organization_id}/invitations
Creates a new organization invitation and sends an email to the provided email_address with a link to accept the invitation and join the organization.
You can specify the role for the invited organization member.
New organization invitations get a “pending” status until they are revoked by an organization administrator or accepted by the invitee.
The request body supports passing an optional redirect_url parameter.
When the invited user clicks the link to accept the invitation, they will be redirected to the URL provided.
Use this parameter to implement a custom invitation acceptance flow.
You must specify the ID of the user that will send the invitation with the inviter_user_id parameter.
That user must be a member with administrator privileges in the organization.
Only “admin” members can create organization invitations.
You can optionally provide public and private metadata for the organization invitation.
The public metadata are visible by both the Frontend and the Backend whereas the private ones only by the Backend.
When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| organization_id | path | required | string | The ID of the organization for which to send the invitation |
application/json
OrganizationInvitationsCreateAndSendRequest
| Property | Type | Required |
|---|---|---|
| role | string | required |
| redirect_url | string | optional |
| email_address | string | required |
| inviter_user_id | string | required |
| public_metadata | object | optional |
| private_metadata | object | optional |
An organization invitation
Request was not successful
Authorization invalid
Resource not found
Invalid request parameters
POST /organizations/{organization_id}/invitations
/organizations/{organization_id}/invitations/bulk
Creates new organization invitations in bulk and sends out emails to the provided email addresses with a link to accept the invitation and join the organization.
You can specify a different role for each invited organization member.
New organization invitations get a “pending” status until they are revoked by an organization administrator or accepted by the invitee.
The request body supports passing an optional redirect_url parameter for each invitation.
When the invited user clicks the link to accept the invitation, they will be redirected to the provided URL.
Use this parameter to implement a custom invitation acceptance flow.
You must specify the ID of the user that will send the invitation with the inviter_user_id parameter. Each invitation
can have a different inviter user.
Inviter users must be members with administrator privileges in the organization.
Only “admin” members can create organization invitations.
You can optionally provide public and private metadata for each organization invitation. The public metadata are visible
by both the Frontend and the Backend, whereas the private metadata are only visible by the Backend.
When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| organization_id | path | required | string | The organization ID. |
application/json
OrganizationInvitationsBulkCreateAndSendRequest
of object
| Property | Type | Required |
|---|---|---|
| role | string | required |
| redirect_url | string | optional |
| email_address | string | required |
| inviter_user_id | string | required |
| public_metadata | object | optional |
| private_metadata | object | optional |
A list of organization invitations
Request was not successful
Authorization invalid
Resource not found
Invalid request parameters
POST /organizations/{organization_id}/invitations/bulk
/organizations/{organization_id}/invitations/{invitation_id}/revoke
Use this request to revoke a previously issued organization invitation.
Revoking an organization invitation makes it invalid; the invited user will no longer be able to join the organization with the revoked invitation.
Only organization invitations with “pending” status can be revoked.
The request needs the requesting_user_id parameter to specify the user which revokes the invitation.
Only users with “admin” role can revoke invitations.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| organization_id | path | required | string | The organization ID. |
| invitation_id | path | required | string | The organization invitation ID. |
application/json
OrganizationInvitationsRevokeInvitationRequest
| Property | Type | Required |
|---|---|---|
| requesting_user_id | string | required |
An organization invitation
Request was not successful
Authorization invalid
Resource not found
POST /organizations/{organization_id}/invitations/{invitation_id}/revoke
/organizations/{organization_id}/memberships
Adds a user as a member to the given organization.
Only users in the same instance as the organization can be added as members.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| organization_id | path | required | string | The ID of the organization where the new membership will be created |
application/json
OrganizationMembershipsAddUserToOrganizationRequest
| Property | Type | Required |
|---|---|---|
| role | string | required |
| user_id | string | required |
Success
Request was not successful
Authorization invalid
Resource not found
Invalid request parameters
POST /organizations/{organization_id}/memberships
/organizations
Creates a new organization with the given name for an instance.
In order to successfully create an organization you need to provide the ID of the User who will become the organization administrator.
You can specify an optional slug for the new organization.
If provided, the organization slug can contain only lowercase alphanumeric characters (letters and digits) and the dash “-“.
Organization slugs must be unique for the instance.
You can provide additional metadata for the organization and set any custom attribute you want.
Organizations support private and public metadata.
Private metadata can only be accessed from the Backend API.
Public metadata can be accessed from the Backend API, and are read-only from the Frontend API.
application/json
OrganizationsCreateNewOrganizationRequest
| Property | Type | Required |
|---|---|---|
| name | string | required |
| slug | string | optional |
| created_by | string | required |
| public_metadata | object | optional |
| private_metadata | object | optional |
| max_allowed_memberships | integer | optional |
An organization
Request was not successful
Authorization invalid
Invalid request parameters
POST /organizations
/phone_numbers
Create a new phone number
application/json
PhoneNumbersCreateNewPhoneNumberRequest
| Property | Type | Required |
|---|---|---|
| primary | boolean | optional |
| user_id | string | optional |
| verified | boolean | optional |
| phone_number | string | optional |
| reserved_for_second_factor | boolean | optional |
Success
Request was not successful
Authentication invalid
Authorization invalid
Resource not found
Invalid request parameters
POST /phone_numbers
/proxy_checks
This endpoint can be used to validate that a proxy-enabled domain is operational.
It tries to verify that the proxy URL provided in the parameters maps to a functional proxy that can reach the Clerk Frontend API.
You can use this endpoint before you set a proxy URL for a domain. This way you can ensure that switching to proxy-based
configuration will not lead to downtime for your instance.
The proxy_url parameter allows for testing proxy configurations for domains that don’t have a proxy URL yet, or operate on
a different proxy URL than the one provided. It can also be used to re-validate a domain that is already configured to work with a proxy.
application/json
ProxyChecksVerifyProxyConfigurationRequest
| Property | Type | Required |
|---|---|---|
| domain_id | string | optional |
| proxy_url | string | optional |
Health check information about a domain’s proxy configuration validation attempt.
Request was not successful
Invalid request parameters
POST /proxy_checks
/redirect_urls
Create a redirect URL
application/json
RedirectUrLsCreateNewUrlRequest
| Property | Type | Required |
|---|---|---|
| url | string | optional |
Success
Request was not successful
Invalid request parameters
POST /redirect_urls
/saml_connections
Create a new SAML Connection.
application/json
SamlConnectionsBetaCreateNewConnectionRequest
| Property | Type | Required |
|---|---|---|
| name | string | required |
| domain | string | required |
| provider | string | required |
| idp_sso_url | string | optional |
| idp_metadata | string | optional |
| idp_entity_id | string | optional |
| idp_certificate | string | optional |
| idp_metadata_url | string | optional |
| attribute_mapping | object | optional |
| └ user_id | string | optional |
| └ last_name | string | optional |
| └ first_name | string | optional |
| └ email_address | string | optional |
A SAML Connection
Payment required
Authorization invalid
Invalid request parameters
POST /saml_connections
/sessions/{session_id}/revoke
Sets the status of a session as “revoked”, which is an unauthenticated state.
In multi-session mode, a revoked session will still be returned along with its client object, however the user will need to sign in again.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| session_id | path | required | string | The ID of the session |
Success
Request was not successful
Authentication invalid
Resource not found
POST /sessions/{session_id}/revoke
/sessions/{session_id}/tokens/{template_name}
Creates a JSON Web Token(JWT) based on a session and a JWT Template name defined for your instance
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| session_id | path | required | string | The ID of the session |
| template_name | path | required | string | The name of the JWT Template defined in your instance (e.g. |
OK
Authentication invalid
Resource not found
POST /sessions/{session_id}/tokens/{template_name}
/sign_in_tokens
Creates a new sign-in token and associates it with the given user.
By default, sign-in tokens expire in 30 days.
You can optionally supply a different duration in seconds using the expires_in_seconds property.
application/json
SigninTokensCreateTokenRequest
| Property | Type | Required |
|---|---|---|
| user_id | string | optional |
| expires_in_seconds | integer | optional |
Success
Resource not found
Invalid request parameters
POST /sign_in_tokens
/sign_in_tokens/{sign_in_token_id}/revoke
Revokes a pending sign-in token
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| sign_in_token_id | path | required | string | The ID of the sign-in token to be revoked |
Success
Request was not successful
Resource not found
POST /sign_in_tokens/{sign_in_token_id}/revoke
/users
Creates a new user. Your user management settings determine how you should setup your user model.
Any email address and phone number created using this method will be marked as verified.
Note: If you are performing a migration, check out our guide on zero downtime migrations.
A rate limit rule of 20 requests per 10 seconds is applied to this endpoint.
application/json
UsersCreateNewUserRequest
| Property | Type | Required |
|---|---|---|
| password | string | optional |
| username | string | optional |
| last_name | string | optional |
| created_at | string | optional |
| first_name | string | optional |
| external_id | string | optional |
| totp_secret | string | optional |
| web3_wallet | array | optional |
| backup_codes | array | optional |
| phone_number | array | optional |
| email_address | array | optional |
| password_digest | string | optional |
| password_hasher | string | optional |
| public_metadata | object | optional |
| unsafe_metadata | object | optional |
| private_metadata | object | optional |
| skip_password_checks | boolean | optional |
| skip_password_requirement | boolean | optional |
Success
Request was not successful
Authentication invalid
Authentication invalid
Invalid request parameters
POST /users
/users/{user_id}/ban
Marks the given user as banned, which means that all their sessions are revoked and they are not allowed to sign in again.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | The ID of the user to ban |
Success
Payment required
POST /users/{user_id}/ban
/users/{user_id}/lock
Marks the given user as locked, which means they are not allowed to sign in again until the lock expires.
Lock duration can be configured in the instance’s restrictions settings.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | The ID of the user to lock |
Success
Authorization invalid
POST /users/{user_id}/lock
/users/{user_id}/profile_image
Update a user’s profile image
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | The ID of the user to update the profile image for |
multipart/form-data
UsersSetProfileImageRequest
| Property | Type | Required |
|---|---|---|
| file | string | optional |
Success
Request was not successful
Request was not successful
Request was not successful
POST /users/{user_id}/profile_image
/users/{user_id}/unban
Removes the ban mark from the given user.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | The ID of the user to unban |
Success
Payment required
POST /users/{user_id}/unban
/users/{user_id}/unlock
Removes the lock from the given user.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | The ID of the user to unlock |
Success
Authorization invalid
POST /users/{user_id}/unlock
/users/{user_id}/verify_password
Check that the user’s password matches the supplied input.
Useful for custom auth flows and re-verification.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | The ID of the user for whom to verify the password |
application/json
UsersVerifyPasswordRequest
| Property | Type | Required |
|---|---|---|
| password | string | required |
The provided password was correct.
The user does not have a password set.
The user does not exist.
The provided password was incorrect.
Request was not successful
POST /users/{user_id}/verify_password
/users/{user_id}/verify_totp
Verify that the provided TOTP or backup code is valid for the user.
Verifying a backup code will result it in being consumed (i.e. it will
become invalid).
Useful for custom auth flows and re-verification.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | The ID of the user for whom to verify the TOTP |
application/json
UsersVerifyTotpRequest
| Property | Type | Required |
|---|---|---|
| code | string | required |
The provided TOTP or backup code was correct.
The user does not have TOTP configured for their account.
The user does not exist.
The provided TOTP or backup code was incorrect.
Request was not successful
POST /users/{user_id}/verify_totp
/webhooks/svix
Create a Svix app and associate it with the current instance
Response that contains a temporary Svix URL to access management dashboard
Request was not successful
POST /webhooks/svix
/webhooks/svix_url
Generate a new url for accessing the Svix’s management dashboard for that particular instance
Response that contains a temporary Svix URL to access management dashboard
Request was not successful
POST /webhooks/svix_url
ActorToken
{
"type": "object",
"required": [
"object",
"id",
"user_id",
"actor",
"status",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string"
},
"url": {
"type": "string",
"nullable": true
},
"actor": {
"type": "object"
},
"token": {
"type": "string",
"nullable": true
},
"object": {
"enum": [
"actor_token"
],
"type": "string"
},
"status": {
"enum": [
"pending",
"accepted",
"revoked"
],
"type": "string"
},
"user_id": {
"type": "string"
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation.\n"
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of last update.\n"
}
}
}
ActorTokensCreateTokenRequest
{
"type": "object",
"required": [
"user_id",
"actor"
],
"properties": {
"actor": {
"type": "object",
"example": {
"sub": "user_2OEpKhcCN1Lat9NQ0G6puh7q5Rb"
},
"description": "The actor payload. It needs to include a sub property which should contain the ID of the actor.\nThis whole payload will be also included in the JWT session token."
},
"user_id": {
"type": "string",
"description": "The ID of the user that can use the newly created sign in token."
},
"expires_in_seconds": {
"type": "integer",
"default": 3600,
"description": "Optional parameter to specify the life duration of the actor token in seconds.\nBy default, the duration is 1 hour."
},
"session_max_duration_in_seconds": {
"type": "integer",
"default": 1800,
"description": "The maximum duration that the session which will be created by the generated actor token should last.\nBy default, the duration of a session created via an actor token, lasts 30 minutes."
}
}
}
Admin
{
"type": "object",
"required": [
"status",
"strategy"
],
"properties": {
"status": {
"enum": [
"verified"
],
"type": "string"
},
"attempts": {
"type": "integer",
"nullable": true
},
"strategy": {
"enum": [
"admin"
],
"type": "string"
},
"expire_at": {
"type": "integer",
"nullable": true
}
}
}
AllowlistBlocklistAddIdentifierRequest
{
"type": "object",
"required": [
"identifier"
],
"properties": {
"identifier": {
"type": "string",
"description": "The identifier to be added in the block-list.\nThis can be an email address, a phone number or a web3 wallet."
}
}
}
AllowlistBlocklistAddIdentifierToAllowListRequest
{
"type": "object",
"required": [
"identifier"
],
"properties": {
"notify": {
"type": "boolean",
"default": false,
"description": "This flag denotes whether the given identifier will receive an invitation to join the application.\nNote that this only works for email address and phone number identifiers."
},
"identifier": {
"type": "string",
"description": "The identifier to be added in the allow-list.\nThis can be an email address, a phone number or a web3 wallet."
}
}
}
AllowlistBlocklistListAllowedIdentifiersResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AllowlistIdentifier"
}
}
AllowlistIdentifier
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"object": {
"enum": [
"allowlist_identifier"
],
"type": "string",
"description": "String representing the object's type. Objects of the same type share the same value.\n"
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation\n"
},
"identifier": {
"type": "string",
"description": "An email address or a phone number.\n"
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of last update.\n"
},
"instance_id": {
"type": "string"
},
"invitation_id": {
"type": "string"
},
"identifier_type": {
"enum": [
"email_address",
"phone_number",
"web3_wallet"
],
"type": "string"
}
}
}
BetaFeaturesUpdateInstanceDomainRequest
{
"type": "object",
"properties": {
"home_url": {
"type": "string",
"description": "The new home URL of the production instance e.g. https://www.example.com"
}
}
}
BetaFeaturesUpdateInstanceSettingsRequest
{
"type": "object",
"properties": {
"test_mode": {
"type": "boolean",
"nullable": true,
"description": "Toggles test mode for this instance, allowing the use of test email addresses and phone numbers.\nDefaults to true for development instances."
},
"from_email_address": {
"type": "string",
"nullable": true,
"description": "The local part of the email address from which authentication-related emails (e.g. OTP code, magic links) will be sent.\nOnly alphanumeric values are allowed.\nNote that this value should contain only the local part of the address (e.g. `foo` for `foo@example.com`)."
},
"progressive_sign_up": {
"type": "boolean",
"nullable": true,
"description": "Enable the Progressive Sign Up algorithm. Refer to the [docs](https://clerk.com/docs/upgrade-guides/progressive-sign-up) for more info."
},
"session_token_template": {
"type": "string",
"nullable": true,
"description": "The name of the JWT Template used to augment your session tokens. To disable this, pass an empty string."
},
"restricted_to_allowlist": {
"type": "boolean",
"default": false,
"nullable": true,
"description": "Whether sign up is restricted to email addresses, phone numbers and usernames that are on the allowlist."
},
"enhanced_email_deliverability": {
"type": "boolean",
"nullable": true,
"description": "The \"enhanced_email_deliverability\" feature will send emails from \"verifications@clerk.dev\" instead of your domain.\nThis can be helpful if you do not have a high domain reputation."
}
}
}
BetaFeaturesUpdateInstanceSettingsResponse
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"object": {
"enum": [
"instance_settings"
],
"type": "string",
"description": "String representing the object's type. Objects of the same type share the same value."
},
"from_email_address": {
"type": "string"
},
"progressive_sign_up": {
"type": "boolean"
},
"restricted_to_allowlist": {
"type": "boolean"
},
"enhanced_email_deliverability": {
"type": "boolean"
}
}
}
BetaFeaturesUpdateProductionInstanceDomainRequest
{
"type": "object",
"properties": {
"home_url": {
"type": "string",
"description": "The new home URL of the production instance e.g. https://www.example.com"
}
}
}
BlocklistIdentifier
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"object": {
"enum": [
"blocklist_identifier"
],
"type": "string",
"description": "String representing the object's type. Objects of the same type share the same value.\n"
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation\n"
},
"identifier": {
"type": "string",
"description": "An email address, email domain, phone number or web3 wallet.\n"
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of last update.\n"
},
"instance_id": {
"type": "string"
},
"identifier_type": {
"enum": [
"email_address",
"phone_number",
"web3_wallet"
],
"type": "string"
}
}
}
BlocklistIdentifiers
{
"type": "object",
"required": [
"data",
"total_count"
],
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/BlocklistIdentifier"
}
},
"total_count": {
"type": "integer",
"format": "int64",
"description": "Total number of blocklist identifiers\n"
}
}
}
CNameTarget
{
"type": "object",
"required": [
"host",
"value",
"required"
],
"properties": {
"host": {
"type": "string"
},
"value": {
"type": "string"
},
"required": {
"type": "boolean",
"description": "Denotes whether this CNAME target is required to be set in order for the domain to be considered deployed.\n"
}
}
}
ClerkError
{
"type": "object",
"required": [
"message",
"long_message",
"code"
],
"properties": {
"code": {
"type": "string"
},
"meta": {
"type": "object"
},
"message": {
"type": "string"
},
"long_message": {
"type": "string"
},
"clerk_trace_id": {
"type": "string"
}
}
}
ClerkErrors
{
"type": "object",
"required": [
"errors"
],
"properties": {
"meta": {
"type": "object"
},
"errors": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClerkError"
}
}
}
}
Client
{
"type": "object",
"required": [
"object",
"id",
"session_ids",
"sessions",
"sign_in_id",
"sign_up_id",
"last_active_session_id",
"updated_at",
"created_at"
],
"properties": {
"id": {
"type": "string",
"description": "String representing the identifier of the session.\n"
},
"object": {
"enum": [
"client"
],
"type": "string",
"description": "String representing the object's type. Objects of the same type share the same value.\n"
},
"sessions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Session"
}
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation.\n"
},
"sign_in_id": {
"type": "string",
"nullable": true
},
"sign_up_id": {
"type": "string",
"nullable": true
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of last update.\n"
},
"session_ids": {
"type": "array",
"items": {
"type": "string"
}
},
"last_active_session_id": {
"type": "string",
"nullable": true,
"description": "Last active session_id.\n"
}
}
}
ClientsListSortedByCreationDateResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/Client"
}
}
ClientsVerifyClientTokenRequest
{
"type": "object",
"properties": {
"token": {
"type": "string",
"description": "A JWT Token that represents the active client."
}
}
}
DeletedObject
{
"type": "object",
"required": [
"object",
"deleted"
],
"properties": {
"id": {
"type": "string"
},
"slug": {
"type": "string"
},
"object": {
"type": "string"
},
"deleted": {
"type": "boolean"
}
}
}
Domain
{
"type": "object",
"required": [
"object",
"id",
"name",
"is_satellite",
"frontend_api_url",
"development_origin"
],
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"object": {
"enum": [
"domain"
],
"type": "string"
},
"proxy_url": {
"type": "string",
"nullable": true
},
"is_satellite": {
"type": "boolean"
},
"cname_targets": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CNameTarget"
},
"nullable": true
},
"frontend_api_url": {
"type": "string"
},
"development_origin": {
"type": "string"
},
"accounts_portal_url": {
"type": "string",
"nullable": true,
"description": "Null for satellite domains.\n"
}
}
}
Domains
{
"type": "object",
"required": [
"data",
"total_count"
],
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Domain"
}
},
"total_count": {
"type": "integer",
"format": "int64",
"description": "Total number of domains\n"
}
}
}
DomainsAddSatelliteDomainRequest
{
"type": "object",
"required": [
"name",
"is_satellite"
],
"properties": {
"name": {
"type": "string",
"description": "The new domain name. Can contain the port for development instances."
},
"proxy_url": {
"type": "string",
"description": "The full URL of the proxy which will forward requests to the Clerk Frontend API for this domain. Applicable only to production instances."
},
"is_satellite": {
"enum": [
true
],
"type": "boolean",
"description": "Marks the new domain as satellite. Only `true` is accepted at the moment."
}
}
}
DomainsUpdateDomainRequest
{
"type": "object",
"properties": {
"name": {
"type": "string",
"nullable": true,
"description": "The new domain name. For development instances, can contain the port,\ni.e `myhostname:3000`. For production instances, must be a valid FQDN,\ni.e `mysite.com`. Cannot contain protocol scheme."
},
"proxy_url": {
"type": "string",
"nullable": true,
"description": "The full URL of the proxy that will forward requests to Clerk's Frontend API.\nCan only be updated for production instances."
}
}
}
EmailAddress
{
"type": "object",
"required": [
"object",
"email_address",
"verification",
"linked_to",
"reserved",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string"
},
"object": {
"enum": [
"email_address"
],
"type": "string",
"description": "String representing the object's type. Objects of the same type share the same value.\n"
},
"reserved": {
"type": "boolean"
},
"linked_to": {
"type": "array",
"items": {
"$ref": "#/components/schemas/IdentificationLink"
}
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation\n"
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation\n"
},
"verification": {
"type": "object",
"oneOf": [
{
"$ref": "#/components/schemas/OTP"
},
{
"$ref": "#/components/schemas/Admin"
},
{
"$ref": "#/components/schemas/Oauth"
}
],
"nullable": true
},
"email_address": {
"type": "string"
}
}
}
EmailAddressesCreateNewAddressRequest
{
"type": "object",
"properties": {
"primary": {
"type": "boolean",
"nullable": true,
"description": "Create this email address as the primary email address for the user.\nDefault: false, unless it is the first email address."
},
"user_id": {
"type": "string",
"description": "The ID representing the user"
},
"verified": {
"type": "boolean",
"nullable": true,
"description": "When created, the email address will be marked as verified."
},
"email_address": {
"type": "string",
"description": "The new email address. Must adhere to the RFC 5322 specification for email address format."
}
}
}
EmailAddressesUpdateAddressRequest
{
"type": "object",
"properties": {
"primary": {
"type": "boolean",
"nullable": true,
"description": "Set this email address as the primary email address for the user."
},
"verified": {
"type": "boolean",
"nullable": true,
"description": "The email address will be marked as verified."
}
}
}
EmailSmsTemplatesListSortedByPositionResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/Template"
}
}
EmailSmsTemplatesPreviewTemplateRequest
{
"type": "object",
"properties": {
"body": {
"type": "string",
"description": "The template body before variable interpolation"
},
"subject": {
"type": "string",
"nullable": true,
"description": "The email subject.\nApplicable only to email templates."
},
"from_email_name": {
"type": "string",
"description": "The local part of the From email address that will be used for emails.\nFor example, in the address 'hello@example.com', the local part is 'hello'.\nApplicable only to email templates."
}
}
}
EmailSmsTemplatesPreviewTemplateResponse
{
"type": "object",
"example": {},
"properties": {}
}
EmailSmsTemplatesToggleDeliveryByTypeAndSlugRequest
{
"type": "object",
"properties": {
"delivered_by_clerk": {
"type": "boolean",
"nullable": true,
"description": "Whether Clerk should deliver emails or SMS messages based on the current template"
}
}
}
EmailSmsTemplatesUpdateTemplateByTypeAndSlugRequest
{
"type": "object",
"properties": {
"body": {
"type": "string",
"description": "The template body before variable interpolation"
},
"name": {
"type": "string",
"description": "The user-friendly name of the template"
},
"markup": {
"type": "string",
"nullable": true,
"description": "The editor markup used to generate the body of the template"
},
"subject": {
"type": "string",
"nullable": true,
"description": "The email subject.\nApplicable only to email templates."
},
"from_email_name": {
"type": "string",
"description": "The local part of the From email address that will be used for emails.\nFor example, in the address 'hello@example.com', the local part is 'hello'.\nApplicable only to email templates."
},
"delivered_by_clerk": {
"type": "boolean",
"nullable": true,
"description": "Whether Clerk should deliver emails or SMS messages based on the current template"
}
}
}
IdentificationLink
{
"type": "object",
"required": [
"type",
"id"
],
"properties": {
"id": {
"type": "string"
},
"type": {
"enum": [
"oauth_google",
"oauth_mock",
"saml"
],
"type": "string"
}
}
}
InstanceRestrictions
{
"type": "object",
"properties": {
"object": {
"enum": [
"instance_restrictions"
],
"type": "string",
"description": "String representing the object's type. Objects of the same type share the same value."
},
"allowlist": {
"type": "boolean"
},
"blocklist": {
"type": "boolean"
},
"block_email_subaddresses": {
"type": "boolean"
}
}
}
InstanceSettingsUpdateInstanceSettingsRequest
{
"type": "object",
"properties": {
"hibp": {
"type": "boolean",
"nullable": true,
"description": "Whether the instance should be using the HIBP service to check passwords for breaches"
},
"test_mode": {
"type": "boolean",
"nullable": true,
"description": "Toggles test mode for this instance, allowing the use of test email addresses and phone numbers.\nDefaults to true for development instances."
},
"support_email": {
"type": "string",
"nullable": true
},
"cookieless_dev": {
"type": "boolean",
"deprecated": true,
"description": "Whether the instance should operate in cookieless development mode (i.e. without third-party cookies).\nDeprecated: Please use `url_based_session_syncing` instead."
},
"allowed_origins": {
"type": "array",
"items": {
"type": "string"
},
"description": "For browser-like stacks such as browser extensions, Electron, or Capacitor.js the instance allowed origins need to be updated with the request origin value.\nFor Chrome extensions popup, background, or service worker pages the origin is chrome-extension://extension_uiid. For Electron apps the default origin is http://localhost:3000. For Capacitor, the origin is capacitor://localhost."
},
"clerk_js_version": {
"type": "string",
"nullable": true
},
"development_origin": {
"type": "string",
"nullable": true
},
"url_based_session_syncing": {
"type": "boolean",
"description": "Whether the instance should use URL-based session syncing in development mode (i.e. without third-party cookies)."
},
"enhanced_email_deliverability": {
"type": "boolean",
"nullable": true,
"description": "The \"enhanced_email_deliverability\" feature will send emails from \"verifications@clerk.dev\" instead of your domain.\nThis can be helpful if you do not have a high domain reputation."
}
}
}
InstanceSettingsUpdateOrganizationSettingsRequest
{
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"nullable": true
},
"creator_role_id": {
"type": "string",
"description": "Specify what the default organization role is for an organization creator."
},
"domains_enabled": {
"type": "boolean",
"nullable": true
},
"admin_delete_enabled": {
"type": "boolean",
"nullable": true
},
"domains_default_role_id": {
"type": "string",
"description": "Specify what the default organization role is for the organization domains."
},
"max_allowed_memberships": {
"type": "integer",
"nullable": true
},
"domains_enrollment_modes": {
"type": "array",
"items": {
"type": "string"
},
"description": "Specify which enrollment modes to enable for your Organization Domains.\nSupported modes are 'automatic_invitation' & 'automatic_suggestion'."
}
}
}
InstanceSettingsUpdateRestrictionsRequest
{
"type": "object",
"properties": {
"allowlist": {
"type": "boolean",
"nullable": true
},
"blocklist": {
"type": "boolean",
"nullable": true
},
"block_email_subaddresses": {
"type": "boolean",
"nullable": true
},
"block_disposable_email_domains": {
"type": "boolean",
"nullable": true
}
}
}
Invitation
{
"type": "object",
"required": [
"object",
"id",
"email_address",
"status",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string"
},
"url": {
"type": "string",
"nullable": true
},
"object": {
"enum": [
"invitation"
],
"type": "string"
},
"status": {
"enum": [
"pending",
"accepted",
"revoked"
],
"type": "string",
"example": "pending"
},
"revoked": {
"type": "boolean",
"example": false
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation.\n"
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of last update.\n"
},
"email_address": {
"type": "string",
"format": "email"
},
"public_metadata": {
"type": "object"
}
}
}
InvitationsCreateNewInvitationRequest
{
"type": "object",
"required": [
"email_address"
],
"properties": {
"notify": {
"type": "boolean",
"default": true,
"nullable": true,
"description": "Optional flag which denotes whether an email invitation should be sent to the given email address.\nDefaults to true."
},
"redirect_url": {
"type": "string",
"description": "Optional URL which specifies where to redirect the user once they click the invitation link.\nThis is only required if you have implemented a [custom flow](https://clerk.com/docs/authentication/invitations#custom-flow) and you're not using Clerk Hosted Pages or Clerk Components."
},
"email_address": {
"type": "string",
"description": "The email address the invitation will be sent to"
},
"ignore_existing": {
"type": "boolean",
"default": false,
"nullable": true,
"description": "Whether an invitation should be created if there is already an existing invitation for this email address, or it's claimed by another user."
},
"public_metadata": {
"type": "object",
"description": "Metadata that will be attached to the newly created invitation.\nThe value of this property should be a well-formed JSON object.\nOnce the user accepts the invitation and signs up, these metadata will end up in the user's public metadata."
}
}
}
InvitationsListAllNonRevokedResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/Invitation"
}
}
InvitationsRevokeInvitationResponse
{
"allOf": [
{
"$ref": "#/components/schemas/Invitation"
},
{
"type": "object",
"properties": {
"status": {
"enum": [
"revoked"
],
"type": "string",
"example": "revoked"
},
"revoked": {
"enum": [
true
],
"type": "boolean",
"example": true
}
}
}
]
}
JWTTemplate
{
"type": "object",
"required": [
"object",
"id",
"name",
"claims",
"lifetime",
"allowed_clock_skew",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"claims": {
"type": "object"
},
"object": {
"enum": [
"jwt_template"
],
"type": "string"
},
"lifetime": {
"type": "integer"
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation.\n"
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of last update.\n"
},
"signing_algorithm": {
"type": "string"
},
"allowed_clock_skew": {
"type": "integer"
},
"custom_signing_key": {
"type": "boolean"
}
}
}
JwtTemplatesCreateTemplateRequest
{
"type": "object",
"properties": {
"name": {
"type": "string",
"nullable": false,
"description": "JWT template name"
},
"claims": {
"type": "object",
"nullable": false,
"description": "JWT template claims in JSON format"
},
"lifetime": {
"type": "number",
"maximum": 315360000,
"minimum": 30,
"nullable": true,
"description": "JWT token lifetime"
},
"signing_key": {
"type": "string",
"nullable": true,
"description": "The custom signing private key to use when minting JWTs"
},
"signing_algorithm": {
"type": "string",
"nullable": true,
"description": "The custom signing algorithm to use when minting JWTs"
},
"allowed_clock_skew": {
"type": "number",
"maximum": 300,
"minimum": 0,
"nullable": true,
"description": "JWT token allowed clock skew"
},
"custom_signing_key": {
"type": "boolean",
"nullable": false,
"description": "Whether a custom signing key/algorithm is also provided for this template"
}
}
}
JwtTemplatesListAllTemplatesResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/JWTTemplate"
}
}
JwtTemplatesUpdateTemplateByIdRequest
{
"type": "object",
"properties": {
"name": {
"type": "string",
"nullable": false,
"description": "JWT template name"
},
"claims": {
"type": "object",
"nullable": false,
"description": "JWT template claims in JSON format"
},
"lifetime": {
"type": "number",
"maximum": 315360000,
"minimum": 30,
"nullable": true,
"description": "JWT token lifetime"
},
"signing_key": {
"type": "string",
"nullable": true,
"description": "The custom signing private key to use when minting JWTs"
},
"signing_algorithm": {
"type": "string",
"nullable": true,
"description": "The custom signing algorithm to use when minting JWTs"
},
"allowed_clock_skew": {
"type": "number",
"maximum": 300,
"minimum": 0,
"nullable": true,
"description": "JWT token allowed clock skew"
},
"custom_signing_key": {
"type": "boolean",
"nullable": false,
"description": "Whether a custom signing key/algorithm is also provided for this template"
}
}
}
OAuthApplication
{
"type": "object",
"required": [
"object",
"id",
"instance_id",
"name",
"public",
"client_id",
"scopes",
"callback_url",
"authorize_url",
"token_fetch_url",
"user_info_url",
"created_at",
"updated_at"
],
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"object": {
"enum": [
"oauth_application"
],
"type": "string"
},
"public": {
"type": "boolean"
},
"scopes": {
"type": "string"
},
"client_id": {
"type": "string"
},
"created_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of creation.\n"
},
"updated_at": {
"type": "integer",
"format": "int64",
"description": "Unix timestamp of last update.\n"
},
"instance_id": {
"type": "string"
},
"callback_url": {
"type": "string"
},
"authorize_url": {
"type": "string"
},
"user_info_url": {
"type": "string"
},
"token_fetch_url": {
"type": "string"
}
}
}
OAuthApplicationWithSecret
{
"allOf": [
{
"$ref": "#/components/schemas/OAuthApplication"
},
{
"type": "object",
"properties": {
"client_secret": {
"type": "string",
"description": "Empty if public client.\n"
}
}
}
]
}
OAuthApplications
{
"type": "object",
"required": [
"data",
"total_count"
],
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/OAuthApplication"
}
},
"total_count": {
"type": "integer",
"format": "int64",
"description": "Total number of OAuth applications\n"
}
}
}
OAuthApplicationsCreateNewApplicationRequest
{
"type": "object",
"required": [
"name",
"callback_url"
],
"properties": {
"name": {
"type": "string",
"description": "The name of the new OAuth application"
},
"public": {
"type": "boolean",
"description": "If true, this client is public and cannot securely store a client secret.\nOnly the authorization code flow with proof key for code exchange (PKCE) may be used.\nPublic clients cannot be updated to be confidential clients, and vice versa."
},
"scopes": {
"type": "string",
"default": "profile email",
"example": "profile email public_metadata",
"description": "Define the allowed scopes for the new OAuth applications that dictate the user payload of the OAuth user info endpoint. Available scopes are `profile`, `email`, `public_metadata`, `private_metadata`. Provide the requested scopes as a string, separated by spaces."
},
"callback_url": {
"type": "string",
"description": "The callback URL of the new OAuth application"
}
}
}
OAuthApplicationsUpdateApplicationRequest
{
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "The new name of the OAuth application"
},
"scopes": {
"type": "string",
"default": "profile email",
"example": "profile email public_metadata private_metadata",
"description": "Define the allowed scopes for the new OAuth applications that dictate the user payload of the OAuth user info endpoint. Available scopes are `profile`, `email`, `public_metadata`, `private_metadata`. Provide the requested scopes as a string, separated by spaces."
},
"callback_url": {
"type": "string",
"description": "The new callback URL of the OAuth application"
}
}
}
| Version | Endpoints | Schemas | Ingested | Status |
|---|---|---|---|---|
| v1 | 109 | 112 | 2026-05-11 | current |
| v1 | 109 | 112 | 2026-04-16 |