AuthzX
AuthzX is an authorization platform that lets you control who can do what in your application. Define subjects, resources, roles, groups, and policies — then check access with a single API call.
What AuthzX does
- Evaluate access — Ask "Can subject X perform action Y on resource Z?" and get a yes/no answer with the reason.
- Three access paths — Role-based (RBAC), group-based, and direct assignment. All evaluated in a single request.
- Multi-tenant — Each tenant gets isolated authorization data. One API key per tenant.
- Policy engine — Declarative policy evaluation with sub-millisecond latency.
How it works
Your App → POST /evaluate → AuthzX → allowed: true/false
- You set up your authorization model in the AuthzX Console — namespaces, resource types, resources, subjects, roles, groups, and policies.
- Your application calls the
/evaluateendpoint with a subject, resource, and action. - AuthzX evaluates all applicable policies and returns whether access is allowed or denied, along with the reason.
Integration
Your application only needs to call one endpoint:
curl -X POST https://api.authzx.com/policy-srv/v1/evaluate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"subject": { "id": "user-123", "type": "user" },
"resource": { "type": "document", "id": "doc-456" },
"action": "read"
}'
Response:
{
"allowed": true,
"reason": "Policy 'editors-can-read' grants access",
"policy_id": "pol-789",
"access_path": "role"
}
Next steps
- Quick Start — Set up your first authorization model and make your first API call.
- Core Concepts — Understand namespaces, subjects, resources, roles, groups, and policies.
- API Reference — Full API documentation for the evaluate endpoint.
- Code Examples — Integration examples in Go, Python, Node.js, Java, and cURL.