Authentication

How authentication works across the Golden Suite API. Protected endpoints require a Clerk-issued JWT passed as a Bearer token in the Authorization header.

Authentication

The Golden Suite API uses Clerk-issued JWTs for authentication. All endpoints marked [AUTH] require a valid token.

Getting a Token

In the frontend, use the useAuth hook from Clerk to obtain a short-lived JWT:

import { useAuth } from "@clerk/nextjs";

const { getToken } = useAuth();
const token = await getToken();

Using the Token

Pass the token in the Authorization header as a Bearer token:

curl -X GET https://backend-production-5c86.up.railway.app/api/sources \
  -H "Authorization: Bearer <token>"

Error Responses

StatusMeaningWhen
401 UnauthorizedMissing or invalid tokenNo Authorization header, expired token, or malformed JWT
403 ForbiddenInsufficient permissionsValid token but the user lacks access to the requested resource
Was this page helpful?
Edit this page on GitHub