Clever Developer Docs

Clever's goal is to set the highest bar in the industry for student data privacy and security. Learn more about our security and download our whitepaper here.

Security Best Practices

Keep secrets secret

Do not sent district-app tokens or your client secret (or full authorization headers!) through email or other non-secure channels - in fact, we recommend excluding them from your code, and only loading them as environment variables.


If our team spots a token or secret that has been sent through email, we will reset the token/secret within 24 hours.

Updated about a year ago


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.