API ReferencePermissions
Check Permission
Check whether a subject has a specific permission on a resource using the Zanzibar-style ReBAC model.
Endpoint
POST /v1/permissions:checkBase URL: https://api-id.avnology.net
Authentication: API Key or OAuth token with admin:permissions:read scope
Checks whether a subject (user or group) has a specific relation on a resource. This is the core authorization primitive -- call it before every protected action.
Request
Body
| Field | Type | Required | Description |
|---|---|---|---|
namespace | string | Yes | Resource type (e.g., organizations, projects, oauth-clients) |
object | string | Yes | Resource instance ID |
relation | string | Yes | Relation to check (e.g., owner, admin, member, viewer) |
subject | string | Yes | Subject identifier (e.g., identities:usr_abc123 or groups:grp_xyz789#member) |
Example Request
curl -X POST https://api-id.avnology.net/v1/permissions:check \
-H "Authorization: Bearer ak_live_..." \
-H "Content-Type: application/json" \
-d '{
"namespace": "organizations",
"object": "org_7a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
"relation": "admin",
"subject": "identities:usr_4f18acec-2712-4be7-a9af-b063b4f6deba"
}'Response
Allowed
{
"allowed": true
}Denied
{
"allowed": false
}Errors
| Status | Code | Description |
|---|---|---|
| 400 | AVNOLOGY_AUTH_902 | Invalid namespace, relation, or subject format |
| 403 | AVNOLOGY_AUTH_100 | Insufficient permissions to perform checks |
Code Examples
JavaScript (fetch)
async function checkPermission(apiKey, namespace, object, relation, subject) {
const response = await fetch('https://api-id.avnology.net/v1/permissions:check', {
method: 'POST',
headers: { 'Authorization': `Bearer ${
Python (httpx)
import httpx
def check_permission(api_key: str, namespace: str, object_id: str, relation: str, subject: str) -> bool:
response = httpx.post("https://api-id.avnology.net/v1/permissions:check"
Go (net/http)
func checkPermission(ctx context.Context, apiKey, namespace, object, relation, subject string) (bool, error
Related
- Grant Permission -- create a permission tuple
- Revoke Permission -- remove a permission
- Expand Permission -- see the permission tree
- List Permissions -- list all tuples
- SDK:
client.permissions.check({ namespace, object, relation, subject })(TypeScript)