Authorizing User Access
Assuming object types, users and warrants are defined for your system, you can add runtime checks to your application to check user access.
For example, you may want to check if the user identified by userId 5djfs6 can view the report with id avk2837. A warrant check for this condition will return a 200 OK if the user has access or a 401 Not Authorized if the user does not have access.
POST /v1/authorize
Parameters
| Parameter | Description | Type | Required |
|---|---|---|---|
objectType | The type of object. Must be one of your system's existing object types. | JSON body | yes |
objectId | The id of the specific object. | JSON body | yes |
relation | The relation to check for this object to subject association. The relation must be valid as per the object type definition. | JSON body | yes |
subject | The specific subject for which access will be checked. Can be a specific object by id or an objectType, objectId and relation set. | JSON body | yes |
Request
- Curl
- Node.js
- Go
- Java
- Python
- Ruby
curl "https://api.warrant.dev/v1/authorize" \
-X POST \
-H "Authorization: ApiKey YOUR_KEY" \
--data-raw \
'{
"objectType": "report",
"objectId": "avk2837",
"relation": "viewer",
"subject": {
"objectType": "user",
"objectId": "5djfs6"
}
}'
client
.isAuthorized("report", "avk2837", "viewer", "5djfs6")
.then((isAuthorized) => {
if (isAuthorized) {
// Proceed if authorized
}
})
.catch((error) => console.log(error));
isAuthorized, err := client.IsAuthorized(warrant.Warrant{
ObjectType: "report",
ObjectId: "avk2837",
Relation: "viewer",
User: warrant.WarrantUser{
UserId: "5djfs6",
},
})
if err != nil {
// Handler error
}
try {
Warrant warrantToCheck = Warrant.newUserWarrant("report", "avk2837", "viewer", "5djfs6");
boolean isAuthorized = client.isAuthorized(warrantToCheck);
} catch (WarrantException e) {
// Handle error
}
is_authorized = client.is_authorized(object_type="report", object_id="avk2837", relation="viewer", user_to_check="5djfs6")
is_authorized = Warrant::WarrantClient.is_authorized("report", "avk2837", "viewer", "5djfs6")
Response
200 OK
{
"result": "Authorized"
}