Register your application in the Clever developer portal to receive a client_id and client_secret
Redirect users to https://clever.com/oauth/authorize with query parameters response_type=code, client_id, redirect_uri, and scope=read:user_id
Exchange the returned authorization code for a bearer token by POSTing to https://clever.com/oauth/tokens with grant_type=authorization_code, the code, and your credentials
Call GET https://api.clever.com/v3.0/me with the bearer token to resolve the user's Clever ID and type (student, teacher, district_admin)
Fetch the user's sections with GET https://api.clever.com/v3.0/users/<id>/sections or retrieve all district sections with a district-app bearer token via GET https://api.clever.com/v3.0/sections
Known gotchas
SSO bearer tokens are scoped to a single user and cannot access full district rosters; use district-app tokens (obtained via the Clever dashboard token list endpoint) for bulk Secure Sync data pulls
Clever's sandbox environment uses different client credentials from production; hard-coding sandbox IDs is a common mistake that causes silent authentication failures in production
The /v3.0/sections endpoint returns only sections that are in an 'active' status by default; sections from past terms may be excluded unless you filter by created or updated timestamps
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp