clerk-authClerk auth with API Keys beta (Dec 2025), Next.js 16 proxy.ts (March 2025 CVE context), API version 2025-11-10 breaking changes, clerkMiddleware() options, webhooks, production considerations (GCP outages), and component reference. Prevents 15 documented errors. Use when: API keys for users/orgs, Next.js 16 middleware filename, troubleshooting JWKS/CSRF/JWT/token-type-mismatch errors, webhook verification, user type inconsistencies, or testing with 424242 OTP.
Install via ClawdBot CLI:
clawdbot install veeramanikandanr48/clerk-authGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Generated Mar 21, 2026
A B2B SaaS platform needs to provide API keys for users and organizations to enable programmatic access to their services. This skill helps implement secure API key generation, management, and verification, ensuring proper token-type handling and preventing unauthorized access. It supports user-scoped and org-scoped keys with built-in UI components for self-service management.
An e-commerce site uses Clerk for user authentication and must integrate with billing APIs for subscription management. This skill addresses breaking changes in API version 2025-11-10, such as endpoint updates from /commerce/ to /billing/, ensuring smooth migration and preventing errors in payment processing. It also handles webhook verification for transaction events.
A company upgrading to Next.js 16 needs to secure their authentication middleware against vulnerabilities like the March 2025 CVE that allowed bypass via HTTP headers. This skill guides renaming middleware.ts to proxy.ts and implementing clerkMiddleware with proper matchers, preventing authorization bypass and ensuring compliance with latest security practices.
A mobile application requires secure OAuth flows for social logins without storing client secrets. This skill enables PKCE support for custom OIDC providers, enhancing security for native apps by preventing token interception. It also helps troubleshoot JWT and token-type-mismatch errors common in mobile environments.
An enterprise uses Clerk for internal admin dashboards where administrators manage user accounts, including forcing password resets for compromised credentials. This skill provides tools for user type consistency, organization reporting, and handling production issues like GCP outages, ensuring reliable access control and audit trails.
Monetize API access by charging for API key creation and verification. This model leverages Clerk's API keys beta, with pricing at $0.001 per key creation and $0.0001 per verification, generating revenue from developers and organizations needing programmatic integration. It scales with user adoption and usage volume.
Offer tiered subscription plans with authentication features, using Clerk's billing APIs for managing plans and statements. Revenue comes from monthly or annual subscriptions, with breaking changes handled to ensure billing continuity. This model suits platforms requiring user management and recurring payments.
Provide services to help clients upgrade to Next.js 16 and migrate to API version 2025-11-10, addressing breaking changes and preventing documented errors. Revenue is generated through project-based fees or hourly rates for troubleshooting JWKS, CSRF, and token issues, targeting businesses undergoing tech stack updates.
💬 Integration Tip
Always update to @clerk/[email protected]+ for Next.js 16 compatibility and use proxy.ts instead of middleware.ts to avoid security vulnerabilities. Test API key verification and webhooks in staging before production deployment.
Scored Apr 15, 2026
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
gws CLI: Shared patterns for authentication, global flags, and output formatting.
Set up Gmail API access via gog CLI with manual OAuth flow. Use when setting up Gmail integration, renewing expired OAuth tokens, or troubleshooting Gmail authentication on headless servers.
Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically
Self-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js. Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits, Expo crashes, additionalFields bugs.
Zoho People API integration with managed OAuth. Manage employees, departments, designations, attendance, and leave. Use this skill when users want to read, create, update, or query HR data like employees, departments, designations, and forms in Zoho People. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway). Requires network access and valid Maton API key.