README

clerkinc/backend-php

Changelog · Ask a Question

Overview

Clerk is the easiest way to add authentication and user management to your application. To gain a better understanding of the Clerk Backend API, refer to the Backend API documentation.

Summary

Clerk Backend API: The Clerk REST Backend API, meant to be accessed by backend servers.

Versions

When the API changes in a way that isn't compatible with older versions, a new version is released. Each version is identified by its release date, e.g. 2025-04-10. For more information, please see Clerk API Versions.

Please see https://clerk.com/docs for more information.

More information about the API can be found at https://clerk.com/docs

Table of Contents

• clerkinc/backend-php
  • Overview
  • SDK Installation
  • Usage
  • SDK Example Usage
  • Request Authentication
  • Authentication
  • Available Resources and Operations
  • Retries
  • Error Handling
  • Server Selection
• Development
  • Maturity
  • Support
  • Contributing
  • Security
  • License

SDK Installation

The SDK relies on Composer to manage its dependencies.

To install the SDK and add it as a dependency to an existing composer.json file:

composer require "clerkinc/backend-php"

Usage

Retrieve your Backend API key from the API Keys screen in your Clerk dashboard and set it as an environment variable in a .env file:

CLERK_PUBLISHABLE_KEY=pk_*******
CLERK_SECRET_KEY=sk_******

SDK Example Usage

Example

declare(strict_types=1);

require 'vendor/autoload.php';

use Clerk\Backend;

$sdk = Backend\ClerkBackend::builder()
    ->setSecurity(
        '<YOUR_BEARER_TOKEN_HERE>'
    )
    ->build();



$response = $sdk->emailAddresses->get(
    emailAddressId: '<id>'
);

if ($response->emailAddress !== null) {
    // handle response
}

Request Authentication

Use the authenticateRequest method to authenticate a request from your app's frontend (when using a Clerk frontend SDK) to Clerk's Backend API. For example the following utility function checks if the user is effectively signed in:

use GuzzleHttp\Psr7\Request;
use Clerk\Backend\Helpers\Jwks\AuthenticateRequestOptions;
use Clerk\Backend\Helpers\Jwks\AuthenticateRequest;
use Clerk\Backend\Helpers\Jwks\RequestState;

class UserAuthentication
{
    public static function isSignedIn(Request $request): bool
    {
        $options = new AuthenticateRequestOptions(
            secretKey: getenv("CLERK_SECRET_KEY"),
            authorizedParties: ["https://example.com"]
        );

        $requestState = AuthenticateRequest::authenticateRequest($request, $options);

        return $requestState->isSignedIn();
    }
}

If the request is correctly authenticated, the token's payload is made available in $requestState->payload. Otherwise the reason for the token verification failure is given by requestState->errorReason.

Authentication

Per-Client Security Schemes

This SDK supports the following security scheme globally:

To authenticate with the API the bearerAuth parameter must be set when initializing the SDK. For example:

declare(strict_types=1);

require 'vendor/autoload.php';

use Clerk\Backend;

$sdk = Backend\ClerkBackend::builder()
    ->setSecurity(
        '<YOUR_BEARER_TOKEN_HERE>'
    )
    ->build();



$response = $sdk->miscellaneous->getPublicInterstitial(
    request: $request
);

if ($response->statusCode === 200) {
    // handle response
}

Available Resources and Operations

Retries

Some of the endpoints in this SDK support retries. If you use the SDK without any configuration, it will fall back to the default retry strategy provided by the API. However, the default retry strategy can be overridden on a per-operation basis, or across the entire SDK.

To change the default retry strategy for a single API call, simply provide an Options object built with a RetryConfig object to the call:

declare(strict_types=1);

require 'vendor/autoload.php';

use Clerk\Backend;
use Clerk\Backend\Utils\Retry;

$sdk = Backend\ClerkBackend::builder()->build();



$response = $sdk->miscellaneous->getPublicInterstitial(
    request: $request,
    options: Utils\Options->builder()->setRetryConfig(
        new Retry\RetryConfigBackoff(
            initialInterval: 1,
            maxInterval:     50,
            exponent:        1.1,
            maxElapsedTime:  100,
            retryConnectionErrors: false,
        ))->build()
);

if ($response->statusCode === 200) {
    // handle response
}

If you'd like to override the default retry strategy for all operations that support retries, you can pass a RetryConfig object to the SDKBuilder->setRetryConfig function when initializing the SDK:

declare(strict_types=1);

require 'vendor/autoload.php';

use Clerk\Backend;
use Clerk\Backend\Utils\Retry;

$sdk = Backend\ClerkBackend::builder()
    ->setRetryConfig(
        new Retry\RetryConfigBackoff(
            initialInterval: 1,
            maxInterval:     50,
            exponent:        1.1,
            maxElapsedTime:  100,
            retryConnectionErrors: false,
        )
  )
    ->build();



$response = $sdk->miscellaneous->getPublicInterstitial(
    request: $request
);

if ($response->statusCode === 200) {
    // handle response
}

Error Handling

Handling errors in this SDK should largely match your expectations. All operations return a response object or throw an exception.

By default an API error will raise a Errors\SDKException exception, which has the following properties:

When custom error responses are specified for an operation, the SDK may also throw their associated exception. You can refer to respective Errors tables in SDK docs for more details on possible exception types for each operation. For example, the delete method throws the following exceptions:

Example

declare(strict_types=1);

require 'vendor/autoload.php';

use Clerk\Backend;
use Clerk\Backend\Models\Errors;

$sdk = Backend\ClerkBackend::builder()
    ->setSecurity(
        '<YOUR_BEARER_TOKEN_HERE>'
    )
    ->build();

try {
    $response = $sdk->awsCredentials->delete(
        id: '<id>'
    );

    if ($response->deletedObject !== null) {
        // handle response
    }
} catch (Errors\ClerkErrorsThrowable $e) {
    // handle $e->$container data
    throw $e;
} catch (Errors\SDKException $e) {
    // handle default exception
    throw $e;
}

Server Selection

Override Server URL Per-Client

The default server can be overridden globally using the setServerUrl(string $serverUrl) builder method when initializing the SDK client instance. For example:

declare(strict_types=1);

require 'vendor/autoload.php';

use Clerk\Backend;

$sdk = Backend\ClerkBackend::builder()
    ->setServerURL('https://api.clerk.com/v1')
    ->build();



$response = $sdk->miscellaneous->getPublicInterstitial(
    request: $request
);

if ($response->statusCode === 200) {
    // handle response
}

Development

Maturity

This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.

Support

You can get in touch with us in any of the following ways:

• Join the official community Clerk Discord server
• Create a GitHub Discussion
• Contact options listed on Clerk Support page

Contributing

We're open to all community contributions!

Security

clerkinc/backend-php follows good practices of security, but 100% security cannot be assured.

clerkinc/backend-php is provided "as is" without any warranty. Use at your own risk.

For more information and to report security issues, please refer to the security documentation.

License

This project is licensed under the MIT license.

See LICENSE for more information.