║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║

---

title: Express Quickstart description: Learn how to use Clerk to quickly and easily add secure authentication and user management to your Express server. sdk: expressjs

<TutorialHero exampleRepo={[ { title: "Express Quickstart Repo", link: "https://github.com/clerk/clerk-express-quickstart" } ]} beforeYouStart={[ { title: "Set up a Clerk application", link: "/docs/getting-started/quickstart/setup-clerk", icon: "clerk", }, { title: "Create a Express application", link: "https://expressjs.com/en/starter/installing.html", icon: "expressjs", } ]} />

Learn how to integrate Clerk into your Express backend for secure user authentication and management. This guide focuses on backend implementation and requires a Clerk frontend SDK to function correctly.

<Steps> ## Install `@clerk/express`

The Clerk Express SDK provides a range of backend utilities to simplify user authentication and management in your application.

Run the following command to install the SDK:

<CodeBlockTabs options={["npm", "yarn", "pnpm", "bun"]}> bash {{ filename: 'terminal' }} npm install @clerk/express

```bash {{ filename: 'terminal' }}
yarn add @clerk/express
```

```bash {{ filename: 'terminal' }}
pnpm add @clerk/express
```

```bash {{ filename: 'terminal' }}
bun add @clerk/express
```

</CodeBlockTabs>

Set your Clerk API keys

<SignedIn> Add the following keys to your `.env` file. These keys can always be retrieved from the [**API keys**](https://dashboard.clerk.com/~/api-keys) page in the Clerk Dashboard. </SignedIn> <SignedOut> 1. In the Clerk Dashboard, navigate to the [**API keys**](https://dashboard.clerk.com/~/api-keys) page. 1. In the **Quick Copy** section, copy your Clerk Publishable and Secret Keys. 1. Paste your keys into your `.env` file.

The final result should resemble the following:

</SignedOut>

CLERK_PUBLISHABLE_KEY={{pub_key}}
CLERK_SECRET_KEY={{secret}}

This guide uses dotenv to load the environment variables. Run the following command to install it:

<CodeBlockTabs options={["npm", "yarn", "pnpm", "bun"]}> bash {{ filename: 'terminal' }} npm install dotenv

```bash {{ filename: 'terminal' }}
yarn add dotenv
```

```bash {{ filename: 'terminal' }}
pnpm add dotenv
```

```bash {{ filename: 'terminal' }}
bun add dotenv
```

</CodeBlockTabs>

Add clerkMiddleware() to your app

The clerkMiddleware() function checks the request's cookies and headers for a session JWT and, if found, attaches the Auth{{ target: '_blank' }} object to the request object under the auth key.

import 'dotenv/config'
import express from 'express'
import { clerkMiddleware } from '@clerk/express'

const app = express()
const PORT = 3000

app.use(clerkMiddleware())

// Start the server and listen on the specified port
app.listen(PORT, () => {
  console.log(`Example app listening at http://localhost:${PORT}`)
})

Protect your routes using requireAuth()

To protect your routes, use the requireAuth() middleware. This middleware functions similarly to clerkMiddleware(), but also protects your routes by redirecting unauthenticated users to the sign-in page.

In the following example, requireAuth() is used to protect the /protected route. If the user isn't authenticated, they're redirected to the homepage. If the user is authenticated, the getAuth() function is used to get the userId, which is passed to clerkClient.users.getUser(){{ target: '_blank' }} to fetch the current user's User object.

import 'dotenv/config'
import express from 'express'
import { clerkClient, requireAuth, getAuth } from '@clerk/express'

const app = express()
const PORT = 3000

// Use requireAuth() to protect this route
// If user isn't authenticated, requireAuth() will redirect back to the homepage
app.get('/protected', requireAuth(), async (req, res) => {
  // Use `getAuth()` to get the user's `userId`
  const { userId } = getAuth(req)

  // Use Clerk's JS Backend SDK to get the user's User object
  const user = await clerkClient.users.getUser(userId)

  return res.json({ user })
})

// Start the server and listen on the specified port
app.listen(PORT, () => {
  console.log(`Example app listening at http://localhost:${PORT}`)
})

Add global TypeScript type (optional)

If you're using TypeScript, add a global type reference to your project to enable auto-completion and type checking for the auth object in Express request handlers.

1. In your application's root folder, create a types/ directory.
2. Inside this directory, create a globals.d.ts file with the following code.

/// <reference types="@clerk/express/env" />

</Steps>

Next steps

<Cards> - [Use middleware to protect routes](/docs/reference/express/overview#require-auth) - Learn how to protect specific routes from unauthenticated users.

---

• Protect routes based on authorization status
• Learn how to protect a route based on both authentication and authorization status.

---

• Express SDK reference
• Learn more about additional Express SDK methods.

---

• Deploy to Production
• Learn how to deploy your Clerk app to production. </Cards>

║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║
║