Authentication typically happens in one of two places: the frontend checks if a user is logged in before showing protected UI, and the backend validates tokens before processing requests. There's a third option—verifying JWTs at the edge, in a Cloudflare Worker, before requests reach your backend infrastructure.
This approach rejects unauthenticated requests at the edge, preventing them from consuming backend resources. It keeps your authentication provider's secrets out of your backend infrastructure entirely. And it creates a clean separation between user authentication (handled by Clerk) and system-to-system authentication (handled by API keys). This post covers how to implement JWT verification in Cloudflare Workers using Clerk's backend SDK.