Reference / Authz

Answer an authorization check.

POST /v1/authz/check
End-user session operationId: check

Authorization

Called from the browser with the publishable application id (x-application-id); the access token lives in memory.

Request body · required

  • object string required
  • permission string required
  • subject string required

Responses

200 Verdict
{
  "data": {
    "allowed": false,
    "object": "string",
    "permission": "string",
    "subject": "string"
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}
422 Malformed object/subject/permission

Request

curl -X POST "http://localhost:8080/v1/authz/check" \
  -H "Content-Type: application/json" \
  -d '{
  "object": "document:readme",
  "permission": "edit",
  "subject": "user:alice"
}'

Try it

live request
POST http://localhost:8080/v1/authz/check

Request body

application/json