OSS Program: Get Tinybird credits for your open source project. Apply now.Apply now
PricingDocs
Bars
Sign inSign up
Product []
PricingDocs
Resources []
Back to templates

Clerk JWT

Build multi-tenant apps with Clerk and Tinybird

DemoVideoFork
Clerk JWT

This is a template for a Next.js app that uses Clerk for authentication and multi-tenant Tinybird real-time analytics applications.

Getting Started

  1. Create a new Clerk application
  2. Create a new Tinybird workspace
  3. Create an .env file from the .env.example file and fill in the values
  4. Run npm install
  5. Run npm run dev

In Clerk (Dashboard > Configure > JWT templates) choose the Tinybird JWT template:

Modify the claims to your needs:

Copy
{
	"name": "frontend_jwt",
	"limits": {
		"rps": 10
	},
	"scopes": [
		{
			"type": "PIPES:READ",
			"resource": "<YOUR-TINYBIRD-PIPE-NAME>",
			"fixed_params": {
				"org": "{{org.slug}}",
				"user": "{{user.id}}"
			}
		}
	],
	"workspace_id": "<YOUR-TINYBIRD-WORKSPACE-ID>"
}
  • Use your Tinybird admin token as signking key.
  • Add as many scopes as needed, use fixed params to filter your Tinybird API endpoints.
  • Configure fixed_params to match the parameter names and values in your Tinybird API endpoints.

Example:

Copy
NODE endpoint
SQL >
    SELECT * FROM ds
    WHERE 1
    {\% if defined(org) %}
        AND org = {{String(org)}}
    {\% end %}
    {\% if defined(user) %}
        AND user = {{String(user)}}
    {\% end %}

TYPE endpoint

On your application request a token to Clerk using the tinybird template, where tinybird is the name you gave to the template.

Copy
  const authentication = await auth()
  const { userId, sessionId, getToken } = authentication
  const token = await getToken({ template: "tinybird" })

  fetch('https://api.tinybird.co/v0/pipes/your_pipe.json', {
  headers: {
    Authorization: `Bearer ${token}`
  }
})

How it works

On Sign In, the app authenticates with Clerk, the middleware picks up the session and creates a multi-tenant Tinybird JWT token using the tinybird JWT template from Clerk, finally adds the token to the response headers to be used by the application.

Use the token to query Tinybird as the authenticated user.

User management

  • Use Clerk to manage users and organizations.
  • Assign organizations to users and define organization permissions.
  • Use those organization permissions to create multi-tenant Tinybird JWT tokens using the fixed_params feature.

Contributing

Please open an issue or submit a pull request.

Support

Join the Tinybird Slack community to get help with your project.

Learn more about Tinybird JWT tokens and Clerk.

Skip the infra work. Deploy your first ClickHouse
project now

Get started for freeRead the docs

Product /

ProductWatch the demoPricingSecurityRequest a demo

Company /

About UsPartnersShopCareers

Features /

Managed ClickHouseStreaming IngestionSchema IterationConnectorsInstant SQL APIsBI & Tool ConnectionsTinybird CodeTinybird AIHigh AvailabilitySecurity & Compliance

Support /

DocsSupportTroubleshootingCommunityChangelog

Resources /

ObservabilityBlogCustomer StoriesTemplatesTinybird BuildsTinybird for StartupsRSS FeedNewsletter

Integrations /

Apache KafkaConfluent CloudRedpandaGoogle BigQuerySnowflakePostgres Table FunctionAmazon DynamoDBAmazon S3

Use Cases /

User-facing dashboardsReal-time Change Data Capture (CDC)Gaming analyticsWeb analyticsReal-time personalizationUser-generated content (UGC) analyticsContent recommendation systemsVector search
All systems operational

Copyright © 2025 Tinybird. All rights reserved

Terms & conditionsCookiesTrust CenterCompliance Helpline
Tinybird wordmark