ClawBox Docs

Auth and Security

  • Public developer routes require app-scoped API keys.
  • Portal server routes use signed internal portal headers and ownership checks.
  • Internal billing endpoints are not in public OpenAPI docs.
  • Secrets stay in secret manager and never reach browser code.

Portal auth

The portal uses Clerk for user auth, then calls BFF routes.
BFF routes call Rust API routes with a signed internal token.

Documentation

Practical guides for provisioning, lifecycle control, and billing-safe automation.

Billing Model

Per-minute runtime charging with idempotent, stateless processing.

On this page

Auth and SecurityPortal auth