Clerk + Centrali

Add auth to your backend — without building auth

Use Clerk for authentication. Use Centrali for your backend. They work together out of the box.

No user duplication. No token exchange. Just pass your JWT.

How it works

You don't manage users or sessions — your auth provider does. Centrali just verifies access. That's BYOT (Bring Your Own Token). Keep using Clerk for login, and Centrali validates the token to control access to your data. No migration, no lock-in.

  1. 1User signs in with Clerk
  2. 2Your app gets a JWT from Clerk
  3. 3You pass that JWT to Centrali
  4. 4Centrali validates it and enforces access
1

Initialize the SDK with Clerk

Connect your Clerk auth to the Centrali SDK using the getToken callback.

import { CentraliSDK } from '@centrali-io/centrali-sdk'
import { useAuth } from '@clerk/react'

const { getToken } = useAuth()

const centrali = new CentraliSDK({
  baseUrl: 'https://centrali.io',
  workspaceId: 'my-workspace',
  getToken: () => getToken()
})

// Your requests are now authenticated
const records = await centrali.queryRecords('users')

Every request now carries your Clerk token. Centrali validates it automatically.

2

Register Clerk in the Centrali Console

Tell Centrali to trust tokens from your Clerk instance. This is a one-time setup.

  1. 1Go to Settings → Auth Providers → New Provider
  2. 2Select "Clerk" as the provider type
  3. 3Enter your Clerk Issuer URL (from Clerk Dashboard → API Keys)
  4. 4Add your allowed audiences
  5. 5Map claims to Centrali attributes (e.g., email → user_email, org_id → organization_id)

Centrali now validates Clerk JWTs and extracts user attributes for access control.

3

Query data with auth

Your authenticated requests now work with Centrali's access policies.

// Server-side (Next.js API route)
import { auth } from '@clerk/nextjs/server'
import { CentraliSDK } from '@centrali-io/centrali-sdk'

export async function GET() {
  const { getToken } = await auth()
  const token = await getToken()

  const centrali = new CentraliSDK({
    baseUrl: 'https://centrali.io',
    workspaceId: 'my-workspace',
    token
  })

  const orders = await centrali.queryRecords('orders')
  return Response.json(orders.data)
}

That's it — your backend is now fully authenticated. Users only see data they're authorized to access.

Works with any auth provider

This guide uses Clerk, but Centrali works with any provider that issues JWTs.

ClerkAuth0OktaKeycloakSupabaseFirebase AuthCustom JWT

Same setup — just swap the provider in the console.

Start your backend in minutes

No credit card. No setup. Just run the CLI and start building.

npx @centrali-io/create-centrali-app --template saas

Takes less than 5 minutes to get started.