コンテンツにスキップ

Check access against policy.

POST
/api/policy/check-access
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/policy/check-access \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "subjectId": "user_123", "roles": [ { "name": "editor", "scope": "global" } ], "resourceType": "document", "resourceId": "doc_123", "action": "read" }'
Media type application/json
object
subjectId
string
claims
object
key
additional properties
roles
Array<object>
object
key
additional properties
resourceType
required
string
resourceId
required
string
resourceOwnerId
string
resourceOrgId
string
action
required
string
operation
string
Example
{
"subjectId": "user_123",
"roles": [
{
"name": "editor",
"scope": "global"
}
],
"resourceType": "document",
"resourceId": "doc_123",
"action": "read"
}

Successful JSON response.

Media type application/json
object
allowed
required
boolean
reason
string
Example
{
"allowed": true,
"reason": "Matched allow rule"
}