Skip to main content

AuthzX

Authorization for AI agents, services, and users. One policy model, one API, one audit trail. Natively compliant with AuthZEN 1.0.

AuthzX answers a single question at runtime: can this subject perform this action on this resource? Decisions run in the cloud or on a local agent that sits next to your service, pulls your policy bundle, and answers in sub-millisecond time.

What AuthzX does

  • POST /v1/authorize — the only endpoint your application has to call. Returns decision plus a context object with reason, access_path, and policy_id.
  • Author policies from the dashboard or as code with the Terraform provider — or send them over the REST API.
  • RBAC + ABAC + direct grants. All three access paths evaluated in one request.
  • Local agent option. Same API, sub-millisecond decisions, decisions stay on your network.
  • Dogfooded. The AuthzX admin dashboard gates its own features through a local AuthzX agent.

Three paths to get started

I want to authorize my users

Classic backend authorization — a user hits your API, you check whether they can do the thing.

Go to Quick Start, create an application, a resource, a role, a policy. Install an SDK or call /v1/authorize directly.

I want to authorize my AI agents

You have an MCP server, a LangChain tool set, or an autonomous agent. You want to gate tool calls — especially destructive ones — with policy.

Start with the MCP adapter guide. One line of integration (wrapAllTools(server)) sends each tool call through AuthzX. Tool arguments land in resource.properties, so you can write ABAC conditions like "support_rep can invoke issue_refund only if amount < 100".

I want to run the agent locally

Deploy the AuthzX agent as a sidecar. It pulls your policy bundle from the cloud, serves /v1/authorize on localhost:8181, and keeps serving from a local cache if the cloud is unreachable. Exposes Prometheus metrics at /metrics and optional structured JSON decision logs.

Under the hood

Your app  ─────►  /v1/authorize  ─────►  { decision, context: { reason, policy_id, access_path } }

                       └── cloud (api.authzx.com) or local agent (localhost:8181)

Same endpoint shape, same response, whichever you point at.

Next steps

  • Quick Start — Authorization model in 10 minutes.
  • MCP Adapter — Gate an MCP server's tool calls.
  • AuthzX Agent — Run the agent locally. Metrics, decision logs, warm cache.
  • Concepts — Authorization model, access paths, policies.
  • API Reference — Full request/response for /v1/authorize.