Check access against policy.
POST
/api/policy/check-access
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/api/policy/check-access \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "subjectId": "user_123", "roles": [ { "name": "editor", "scope": "global" } ], "resourceType": "document", "resourceId": "doc_123", "action": "read" }'Authorizations
Section titled “Authorizations ”Request Body required
Section titled “Request Body required ” Media type application/json
object
subjectId
string
claims
object
key
additional properties
roles
Array<object>
object
key
additional properties
resourceType
required
string
resourceId
required
string
resourceOwnerId
string
resourceOrgId
string
action
required
string
operation
string
Example
{ "subjectId": "user_123", "roles": [ { "name": "editor", "scope": "global" } ], "resourceType": "document", "resourceId": "doc_123", "action": "read"}Responses
Section titled “ Responses ”Successful JSON response.
Media type application/json
object
allowed
required
boolean
reason
string
Example
{ "allowed": true, "reason": "Matched allow rule"}