Clever Developer Docs

Clever's goal is to set the highest bar in the industry for student data privacy and security. Learn more about our security and download our whitepaper here.

Security Best Practices

Keep secrets secret

Do not sent district-app tokens or your client secret (or full authorization headers!) through email or other non-secure channels - in fact, we recommend excluding them from your code, and only loading them as environment variables.

If our team spots a token or secret that has been sent through email, we will reset the token/secret within 24 hours.


What's Next

Check out our security recommendations for each product, or jump right in to building your integration

Instant Login and the Identity API
Keeping Instant Login Secure
Secure Sync and the Data API

Security