Skip to main content

Go SDK

Install

go get github.com/authzx/authzx-go

Quick start

package main

import (
    "context"
    "fmt"
    "log"

    authzx "github.com/authzx/authzx-go"
)

func main() {
    client := authzx.NewClient("azx_...")

    decision, err := client.Check(context.Background(),
        authzx.Subject{ID: "user-123", Type: "user"},
        authzx.Action{Name: "read"},
        authzx.Resource{ID: "doc-456", Type: "document"},
    )
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println("Decision:", decision)
}

Using with the local agent

client := authzx.NewClient("", authzx.WithBaseURL("http://localhost:8181"))

Same API, no code changes needed.

Full response

resp, err := client.Authorize(ctx, &authzx.AuthorizeRequest{
    Subject:  authzx.Subject{ID: "user-123", Type: "user", Roles: []string{"editor"}},
    Resource: authzx.Resource{ID: "doc-456", Type: "document"},
    Action:   authzx.Action{Name: "read"},
    Context:  map[string]interface{}{"ip": "10.0.0.1"},
})
// resp.Decision, resp.Context.Reason, resp.Context.PolicyID, resp.Context.AccessPath

net/http middleware

mux := http.NewServeMux()
mux.Handle("/documents/",
    client.HTTPMiddleware("document", "read", "X-User-ID")(handler),
)

Extracts subject ID from the X-User-ID header and checks authorization before calling your handler.

Gin middleware

func AuthzMiddleware(client *authzx.Client, resourceType, action string) gin.HandlerFunc {
    return func(c *gin.Context) {
        decision, err := client.Check(c.Request.Context(),
            authzx.Subject{ID: c.GetHeader("X-User-ID"), Type: "user"},
            authzx.Action{Name: action},
            authzx.Resource{Type: resourceType, ID: c.Param("id")},
        )
        if err != nil || !decision {
            c.AbortWithStatusJSON(403, gin.H{"error": "forbidden"})
            return
        }
        c.Next()
    }
}

router.GET("/documents/:id", AuthzMiddleware(client, "document", "read"), handler)

Options

authzx.NewClient(apiKey,
    authzx.WithBaseURL("http://localhost:8181"),
    authzx.WithHTTPClient(customClient),
    authzx.WithTimeout(5 * time.Second),
    authzx.WithRetries(3),
)

Error handling

resp, err := client.Authorize(ctx, req)
if err != nil {
    if authzx.IsAuthError(err) {
        // 401 — invalid API key
    }
    if authzx.IsServerError(err) {
        // 5xx — server error (already retried)
    }
}

Types

TypeFields
SubjectID, Type (required), Properties (alias: Attributes), Roles
ResourceID, Type (required), Properties (alias: Attributes)
ActionName
AuthorizeRequestSubject, Resource, Action, Context
AuthorizeResponseDecision, Context
ResponseContextReason, PolicyID, AccessPath