OpenTraceOpentraceDocs
Dashboard
DocsAPI ReferenceAuthentication

Authentication

Opentrace uses Clerk for authentication. All API requests require a valid Bearer token.

How It Works

  1. Users authenticate via Clerk (email, Google, etc.) in the frontend
  2. Clerk issues a JWT (JSON Web Token) upon successful sign-in
  3. The frontend includes this token in all API requests as a Bearer token
  4. The backend verifies the token using Clerk's public keys
  5. If valid, the request proceeds with the authenticated user's context

Making Authenticated Requests

Include the JWT token in the Authorization header:

bash
curl -X GET https://api.opentrace.online/api/projects \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

Token Validation

The backend uses Clerk's verification middleware to validate tokens. Every API endpoint (except health checks) requires authentication. Invalid or expired tokens return:

json
{
  "detail": "Unauthorized"
}

HTTP Status: 401 Unauthorized

Note

Tokens are short-lived and automatically refreshed by the Clerk frontend SDK. You don't need to manage token refresh manually if using the Opentrace web app.

User Provisioning

When a user signs in for the first time, a Clerk webhook automatically provisions them in the Opentrace database. The webhook is triggered on the user.created event and creates a row in the users table with the Clerk user ID and email.

Was this page helpful?
PreviousRAG Settings