> ## Documentation Index
> Fetch the complete documentation index at: https://www.osohq.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Post authorize
> Determines whether or not an actor can take an action on a resource, based on a combination of authorization data and policy logic.
## OpenAPI
````yaml /reference/openapi.json post /authorize
openapi: 3.1.0
info:
title: Oso Cloud HTTP API
version: 0.1.0
description: >-
Oso Cloud exposes an HTTP API that you can use to make queries directly,
without using one of the clients.
For endpoints that require
authentication, pass your API key as an HTTP Bearer Auth payload.
For
example, using curl: curl -H "Authorization: Bearer
$OSO_AUTH" https://cloud.osohq.com/api/
servers:
- url: https://api.osohq.com/api/
security: []
paths:
/authorize:
post:
tags:
- Check API
description: >-
Determines whether or not an actor can take an action on a resource,
based on a combination of authorization data and policy logic.
operationId: post_authorize
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthorizeQuery'
required: true
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/AuthorizeResult'
default:
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError'
security:
- ApiKey: []
x-codeSamples:
- lang: javascript
label: Node.js
source: |
import { Oso } from 'oso-cloud';
const apiKey = process.env.OSO_CLOUD_API_KEY;
const oso = new Oso("https://cloud.osohq.com", apiKey);
// Basic authorization check
const alice = { type: "User", id: "alice" };
const repository = { type: "Repository", id: "anvils" };
const authorized = await oso.authorize(alice, "read", repository);
if (!authorized) {
throw new Error("Access denied");
}
// With context facts for additional information
const issue = { type: "Issue", id: "123" };
const contextAuthorized = await oso.authorize(
alice,
"read",
issue,
[["has_relation", issue, "parent", repository]] // Context facts
);
- lang: python
label: Python
source: |
import os
from oso_cloud import Oso, Value
oso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY', None))
# Basic authorization check
alice = Value("User", "alice")
repository = Value("Repository", "anvils")
if not oso.authorize(alice, "read", repository):
raise Exception("Action is not allowed")
# With context facts
issue = Value("Issue", "123")
authorized = oso.authorize(
alice,
"read",
issue,
context_facts=[("has_relation", issue, "parent", repository)]
)
- lang: go
label: Go
source: >
package main
import (
"log"
"os"
oso "github.com/osohq/go-oso-cloud/v2"
)
func main() {
apiKey := os.Getenv("OSO_CLOUD_API_KEY")
osoClient := oso.NewClient("https://cloud.osohq.com", apiKey)
// Basic authorization check
user := oso.NewValue("User", "alice")
repository := oso.NewValue("Repository", "anvils")
allowed, err := osoClient.Authorize(user, "read", repository)
if err != nil {
log.Fatal(err)
}
if !allowed {
return fmt.Errorf("access denied")
}
// With context facts
issue := oso.NewValue("Issue", "123")
contextFacts := []oso.Fact{
oso.NewFact("has_relation", issue, oso.String("parent"), repository),
}
allowed, err = osoClient.AuthorizeWithContext(user, "read", issue,
contextFacts)
}
- lang: java
label: Java
source: |
package com.mycompany;
import java.io.IOException;
import com.osohq.oso_cloud.Oso;
import com.osohq.oso_cloud.api.ApiException;
import com.osohq.oso_cloud.api.Value;
public class App {
public static void main(String[] args) {
String apiKey = System.getenv("OSO_CLOUD_API_KEY");
Oso oso = new Oso(apiKey);
try {
// Basic authorization check
Value alice = new Value("User", "alice");
Value repository = new Value("Repository", "anvils");
boolean authorized = oso.authorize(alice, "read", repository);
if (!authorized) {
throw new RuntimeException("Access denied");
}
// With context facts for additional information
Value issue = new Value("Issue", "123");
boolean contextAuthorized = oso.authorize(alice, "read", issue,
Arrays.asList(Arrays.asList("has_relation", issue, "parent", repository)));
} catch (IOException | ApiException e) {
System.err.println("Error: " + e.getMessage());
}
}
}
- lang: ruby
label: Ruby
source: >
require 'oso-cloud'
api_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)
oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key:
api_key)
# Basic authorization check
alice = OsoCloud::Value.new(type: "User", id: "alice")
repository = OsoCloud::Value.new(type: "Repository", id: "anvils")
authorized = oso.authorize(alice, "read", repository)
raise "Access denied" unless authorized
# With context facts
issue = OsoCloud::Value.new(type: "Issue", id: "123")
context_authorized = oso.authorize(alice, "read", issue,
context_facts: [["has_relation", issue, "parent", repository]])
- lang: csharp
label: C#
source: >
using OsoCloud;
string? apiKey =
Environment.GetEnvironmentVariable("OSO_CLOUD_API_KEY");
var oso = new Oso("https://api.osohq.com", apiKey);
// Basic authorization check
var alice = new Value("User", "alice");
var repository = new Value("Repository", "anvils");
bool authorized = await oso.Authorize(alice, "read", repository);
if (!authorized) {
throw new UnauthorizedAccessException("Access denied");
}
// With context facts for additional information
var issue = new Value("Issue", "123");
bool contextAuthorized = await oso.Authorize(alice, "read", issue,
contextFacts: new[] { new[] { "has_relation", issue, "parent", repository } });
components:
schemas:
AuthorizeQuery:
type: object
required:
- action
- actor_id
- actor_type
- resource_id
- resource_type
properties:
actor_type:
type: string
actor_id:
type: string
action:
type: string
resource_type:
type: string
resource_id:
type: string
context_facts:
default: []
type: array
items:
$ref: '#/components/schemas/Fact'
AuthorizeResult:
type: object
required:
- allowed
properties:
allowed:
type: boolean
ApiError:
type: object
required:
- message
properties:
message:
type: string
Fact:
description: 'A pattern object for matching authorization-relevant data, ie: facts.'
type: object
required:
- args
- predicate
properties:
predicate:
type: string
args:
type: array
items:
$ref: '#/components/schemas/Value'
Value:
type: object
properties:
type:
type: string
nullable: true
id:
type: string
nullable: true
securitySchemes:
ApiKey:
description: Requires an API key to access.
type: http
scheme: bearer
bearerFormat: Bearer e_0123_123_token0123
````