\{ apiUrl?: string; apiVersion?: string; audience?: string \| string[]; authorizedParties?: string[]; clockSkewInMs?: number; jwksCacheTtlInMs?: number; jwtKey?: string; secretKey?: string; skipJwksCache?: boolean; \} | Options including secretKey for BAPI authorization |
+| `options.apiUrl?` | `string` | The [Clerk Backend API](/docs/reference/backend-api){{ target: '_blank' }} endpoint. Defaults to `'https://api.clerk.com'`. |
+| `options.apiVersion?` | `string` | The version passed to the Clerk API. Defaults to `'v1'`. |
+| `options.audience?` | string \| string[] | A string or list of [audiences](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). If passed, it is checked against the `aud` claim in the token. |
+| `options.authorizedParties?` | string[] | An allowlist of origins to verify against, to protect your application from the subdomain cookie leaking attack. Example: `['http://localhost:3000', 'https://example.com']`. |
+| `options.clockSkewInMs?` | `number` | Specifies the allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to `5000`. |
+| `options.jwksCacheTtlInMs?` | `number` | **Deprecated.** This cache TTL will be removed in the next major version. Specifying a cache TTL is a no-op. |
+| `options.jwtKey?` | `string` | Used to verify the session token in a networkless manner. Supply the PEM public key from the **[**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page -> Show JWT public key -> PEM Public Key** section in the Clerk Dashboard. **It's recommended to use [the environment variable](/docs/guides/development/clerk-environment-variables) instead.** For more information, refer to [Manual JWT verification](/docs/guides/sessions/manual-jwt-verification). |
+| `options.secretKey?` | `string` | The Clerk Secret Key from the [**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page in the Clerk Dashboard. |
+| `options.skipJwksCache?` | `boolean` | A flag to ignore the JWKS cache and always fetch JWKS before each JWT verification. |
## Returns
diff --git a/clerk-typedoc/backend/verify-token.mdx b/clerk-typedoc/backend/verify-token.mdx
index f723647902..7aab94ce0f 100644
--- a/clerk-typedoc/backend/verify-token.mdx
+++ b/clerk-typedoc/backend/verify-token.mdx
@@ -2,20 +2,26 @@
> This is a lower-level method intended for more advanced use-cases. It's recommended to use [`authenticateRequest()`](/docs/reference/backend/authenticate-request), which fully authenticates a token passed from the `request` object.
```ts
-function verifyToken(
- token: string,
- options: VerifyTokenOptions,
-): Promise{ apiUrl?: string; apiVersion?: string; audience?: string | string[]; authorizedParties?: string[]; clockSkewInMs?: number; jwksCacheTtlInMs?: number; jwtKey?: string; secretKey?: string; skipJwksCache?: boolean; }): Promise\{ apiUrl?: string; apiVersion?: string; audience?: string \| string[]; authorizedParties?: string[]; clockSkewInMs?: number; jwksCacheTtlInMs?: number; jwtKey?: string; secretKey?: string; skipJwksCache?: boolean; \} | Options for verifying the token. |
+| `options.apiUrl?` | `string` | The [Clerk Backend API](/docs/reference/backend-api){{ target: '_blank' }} endpoint. Defaults to `'https://api.clerk.com'`. |
+| `options.apiVersion?` | `string` | The version passed to the Clerk API. Defaults to `'v1'`. |
+| `options.audience?` | string \| string[] | A string or list of [audiences](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). If passed, it is checked against the `aud` claim in the token. |
+| `options.authorizedParties?` | string[] | An allowlist of origins to verify against, to protect your application from the subdomain cookie leaking attack. Example: `['http://localhost:3000', 'https://example.com']`. |
+| `options.clockSkewInMs?` | `number` | Specifies the allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to `5000`. |
+| `options.jwksCacheTtlInMs?` | `number` | **Deprecated.** This cache TTL will be removed in the next major version. Specifying a cache TTL is a no-op. |
+| `options.jwtKey?` | `string` | Used to verify the session token in a networkless manner. Supply the PEM public key from the **[**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page -> Show JWT public key -> PEM Public Key** section in the Clerk Dashboard. **It's recommended to use [the environment variable](/docs/guides/development/clerk-environment-variables) instead.** For more information, refer to [Manual JWT verification](/docs/guides/sessions/manual-jwt-verification). |
+| `options.secretKey?` | `string` | The Clerk Secret Key from the [**API keys**](https://dashboard.clerk.com/last-active?path=api-keys) page in the Clerk Dashboard. |
+| `options.skipJwksCache?` | `boolean` | A flag to ignore the JWKS cache and always fetch JWKS before each JWT verification. |
## Example
diff --git a/clerk-typedoc/types/sign-in-future-resource.mdx b/clerk-typedoc/types/sign-in-future-resource.mdx
index b98a5fe064..a19c5433ac 100644
--- a/clerk-typedoc/types/sign-in-future-resource.mdx
+++ b/clerk-typedoc/types/sign-in-future-resource.mdx
@@ -25,6 +25,7 @@ and the creation of a new session.
| `mfa.verifyBackupCode` | (params: SignInFutureBackupCodeVerifyParams) => Promise\<\{ error: unknown; \}\> | Used to verify a backup code as a second factor to sign-in |
| `mfa.verifyPhoneCode` | (params: SignInFutureMFAPhoneCodeVerifyParams) => Promise\<\{ error: unknown; \}\> | Used to verify a phone code sent as a second factor to sign-in |
| `mfa.verifyTOTP` | (params: SignInFutureTOTPVerifyParams) => Promise\<\{ error: unknown; \}\> | Used to verify a TOTP code as a second factor to sign-in |
+| `passkey` | (params?: SignInFuturePasskeyParams) => Promise\<\{ error: unknown; \}\> | Initiates a passkey-based authentication flow, enabling users to authenticate using a previously registered passkey. When called without parameters, this method requires a prior call to `SignIn.create({ strategy: 'passkey' })` to initialize the sign-in context. This pattern is particularly useful in scenarios where the authentication strategy needs to be determined dynamically at runtime. |
| `password` | (params: SignInFuturePasswordParams) => Promise\<\{ error: unknown; \}\> | Used to submit a password to sign-in. |
| `phoneCode` | \{ sendCode: (params: SignInFuturePhoneCodeSendParams) => Promise\<\{ error: unknown; \}\>; verifyCode: (params: SignInFuturePhoneCodeVerifyParams) => Promise\<\{ error: unknown; \}\>; \} | - |
| `phoneCode.sendCode` | (params: SignInFuturePhoneCodeSendParams) => Promise\<\{ error: unknown; \}\> | Used to send a phone code to sign-in |