Check a relationship-based authorization decision.
POST
/api/rebac/check
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/api/rebac/check \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "tenant_id": "tenant_123", "user_id": "user:user_123", "relation": "viewer", "object": "document:doc_123" }'Authorizations
Section titled “Authorizations ”Request Body required
Section titled “Request Body required ” Media type application/json
object
tenant_id
required
string
user_id
required
string
relation
required
string
object
required
string
object_type
string
Example
{ "tenant_id": "tenant_123", "user_id": "user:user_123", "relation": "viewer", "object": "document:doc_123"}Responses
Section titled “ Responses ”Successful JSON response.
Media type application/json
object
allowed
required
boolean
cached
boolean
reason
string
key
additional properties
Example
{ "allowed": true, "cached": false}