Run an authorization check.
POST
/api/check
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/api/check \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "subject_id": "user_123", "permission": "documents:doc_123:read", "tenant_id": "tenant_123" }'Authorizations
Section titled “Authorizations ”Request Body required
Section titled “Request Body required ” Media type application/json
object
Example
{ "subject_id": "user_123", "permission": "documents:doc_123:read", "tenant_id": "tenant_123"}Responses
Section titled “ Responses ”Successful JSON response.
Media type application/json
object
allowed
required
boolean
resolved_via
Array<string>
final_decision
required
string
cache_ttl
integer
key
additional properties
Example
{ "allowed": true, "resolved_via": [ "rebac" ], "final_decision": "allow", "cache_ttl": 60}