From 1cbe4f758bd69d7cbc4fa00ccf71d0d7f2887ecd Mon Sep 17 00:00:00 2001
From: panteliselef <panteliselef@outlook.com>
Date: Fri, 28 Feb 2025 13:24:09 +0200
Subject: [PATCH 1/3] fix(backend): Remove `Authorization` header when
 `secretKey` is not required

---
 .changeset/tricky-hats-sort.md      | 5 +++++
 packages/backend/src/api/request.ts | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/tricky-hats-sort.md

diff --git a/.changeset/tricky-hats-sort.md b/.changeset/tricky-hats-sort.md
new file mode 100644
index 00000000000..5ae2274bff2
--- /dev/null
+++ b/.changeset/tricky-hats-sort.md
@@ -0,0 +1,5 @@
+---
+'@clerk/backend': patch
+---
+
+Bug fix: Properly remove `Authorization` header on requests that don't require a secret key.
diff --git a/packages/backend/src/api/request.ts b/packages/backend/src/api/request.ts
index 9745d4a1d12..3ea019e9f89 100644
--- a/packages/backend/src/api/request.ts
+++ b/packages/backend/src/api/request.ts
@@ -91,12 +91,17 @@ export function buildRequest(options: BuildRequestOptions) {
 
     // Build headers
     const headers: Record<string, any> = {
-      Authorization: `Bearer ${secretKey}`,
       'Clerk-API-Version': SUPPORTED_BAPI_VERSION,
       'User-Agent': userAgent,
       ...headerParams,
     };
 
+    if (secretKey) {
+      Object.assign(headers, {
+        Authorization: `Bearer ${secretKey}`,
+      });
+    }
+
     let res: Response | undefined;
     try {
       if (formData) {

From 7fb41be48fe5deb160e881c29fcabf9d6bfe69d0 Mon Sep 17 00:00:00 2001
From: panteliselef <panteliselef@outlook.com>
Date: Tue, 4 Mar 2025 12:33:44 +0200
Subject: [PATCH 2/3] Update packages/backend/src/api/request.ts

Co-authored-by: Bryce Kalow <bryce@clerk.dev>
---
 packages/backend/src/api/request.ts | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/packages/backend/src/api/request.ts b/packages/backend/src/api/request.ts
index 3ea019e9f89..e76cbcf4f63 100644
--- a/packages/backend/src/api/request.ts
+++ b/packages/backend/src/api/request.ts
@@ -97,9 +97,7 @@ export function buildRequest(options: BuildRequestOptions) {
     };
 
     if (secretKey) {
-      Object.assign(headers, {
-        Authorization: `Bearer ${secretKey}`,
-      });
+      headers.Authorization = `Bearer ${secretKey}`,
     }
 
     let res: Response | undefined;

From 3507c81ad89989ab5a81466d67466c194b0747f7 Mon Sep 17 00:00:00 2001
From: panteliselef <panteliselef@outlook.com>
Date: Tue, 4 Mar 2025 13:18:17 +0200
Subject: [PATCH 3/3] fix comma

---
 packages/backend/src/api/request.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/backend/src/api/request.ts b/packages/backend/src/api/request.ts
index e76cbcf4f63..b52b81edc13 100644
--- a/packages/backend/src/api/request.ts
+++ b/packages/backend/src/api/request.ts
@@ -57,6 +57,7 @@ type BuildRequestOptions = {
    */
   requireSecretKey?: boolean;
 };
+
 export function buildRequest(options: BuildRequestOptions) {
   const requestFn = async <T>(requestOptions: ClerkBackendApiRequestOptions): Promise<ClerkBackendApiResponse<T>> => {
     const {
@@ -97,7 +98,7 @@ export function buildRequest(options: BuildRequestOptions) {
     };
 
     if (secretKey) {
-      headers.Authorization = `Bearer ${secretKey}`,
+      headers.Authorization = `Bearer ${secretKey}`;
     }
 
     let res: Response | undefined;