> ## Documentation Index > Fetch the complete documentation index at: https://www.osohq.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Post evaluate query local > Fetches a SQL query that can be run against your database to answer arbitrary questions about authorization. ## OpenAPI ````yaml post /evaluate_query_local openapi: 3.1.0 info: title: Oso Cloud HTTP API version: 0.1.0 description: >-

Oso Cloud exposes an HTTP API that you can use to make queries directly, without using one of the clients.

For endpoints that require authentication, pass your API key as an HTTP Bearer Auth payload.

For example, using curl: curl -H "Authorization: Bearer $OSO_AUTH" https://cloud.osohq.com/api/

servers: - url: https://api.osohq.com/api/ security: [] paths: /evaluate_query_local: post: tags: - Local Check API description: >- Fetches a SQL query that can be run against your database to answer arbitrary questions about authorization. operationId: post_evaluate_query_local requestBody: content: application/json: schema: $ref: '#/components/schemas/LocalQuery' required: true responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/LocalQueryResult' default: description: '' content: application/json: schema: $ref: '#/components/schemas/ApiError' security: - ApiKey: [] x-codeSamples: - lang: javascript label: Node.js source: | import { Oso } from 'oso-cloud'; const apiKey = process.env.OSO_CLOUD_API_KEY; const oso = new Oso("https://cloud.osohq.com", apiKey); // Generate SQL for field-level authorization const actor = { type: "User", id: "alice" }; const resource = { type: "Issue", id: "123" }; const field = "description"; const sqlQuery = await oso.buildQuery([ "allow_field", actor, "read", resource, field ]).evaluateLocalSelect({ field_name: field }); // Execute field authorization query const fieldResult = await sql.raw(sqlQuery).execute(db); - lang: python label: Python source: | from oso_cloud import Oso, Value import os from sqlalchemy import text from oso_cloud import Oso, Value oso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY', None)) # Generate SQL for field-level authorization actor = Value("User", "alice") resource = Value("Issue", "123") field = "description" sql_query = oso.build_query(( "allow_field", actor, "read", resource, field )).evaluate_local_select({"field_name": field}) # Execute field authorization query field_result = session.execute(text(sql_query)).fetchall() - lang: go label: Go source: > package main import ( "log" "os" oso "github.com/osohq/go-oso-cloud/v2" ) func main() { apiKey := os.Getenv("OSO_CLOUD_API_KEY") osoClient := oso.NewClient("https://cloud.osohq.com", apiKey) // Generate SQL for field-level authorization actor := oso.NewValue("User", "alice") resource := oso.NewValue("Issue", "123") fieldVar := oso.NewVariable("field") sqlQuery, err := osoClient.BuildQuery( oso.NewQueryFact("allow_field", actor, oso.String("read"), resource, fieldVar), ).EvaluateLocalSelect(map[string]oso.Variable{"field_name": fieldVar}) if err != nil { log.Fatal(err) } // Execute field authorization query var fieldResult []map[string]interface{} db.Raw(sqlQuery).Scan(&fieldResult) } - lang: java label: Java source: | package com.mycompany; import java.io.IOException; import java.util.List; import java.util.Map; import com.osohq.oso_cloud.Oso; import com.osohq.oso_cloud.api.ApiException; import com.osohq.oso_cloud.api.Value; public class App { public static void main(String[] args) { String apiKey = System.getenv("OSO_CLOUD_API_KEY"); Oso oso = new Oso(apiKey); try { // Generate SQL for field-level authorization Value actor = new Value("User", "alice"); Value resource = new Value("Issue", "123"); String field = "description"; String sqlQuery = oso.buildQuery("allow_field", actor, "read", resource, field) .evaluateLocalSelect(Map.of("field_name", field)); // Execute field authorization query List> fieldResult = entityManager.createNativeQuery(sqlQuery) .getResultList(); } catch (IOException | ApiException e) { System.err.println("Error: " + e.getMessage()); } } } - lang: ruby label: Ruby source: > require 'oso-cloud' api_key = ENV.fetch('OSO_CLOUD_API_KEY', nil) oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key: api_key) # Generate SQL for field-level authorization actor = OsoCloud::Value.new(type: "User", id: "alice") resource = OsoCloud::Value.new(type: "Issue", id: "123") field = "description" sql_query = oso.build_query(["allow_field", actor, "read", resource, field]) .evaluate_local_select({"field_name" => field}) # Execute field authorization query field_result = ActiveRecord::Base.connection.execute(sql_query) - lang: csharp label: C# source: > using OsoCloud; using System.Collections.Generic; string? apiKey = Environment.GetEnvironmentVariable("OSO_CLOUD_API_KEY"); var oso = new Oso("https://api.osohq.com", apiKey); // Generate SQL for field-level authorization var actor = new Value("User", "alice"); var resource = new Value("Issue", "123"); string field = "description"; string sqlQuery = await oso.BuildQuery("allow_field", actor, "read", resource, field) .EvaluateLocalSelect(new Dictionary { { "field_name", field } }); // Execute field authorization query var fieldResult = await context.Database.SqlQueryRaw(sqlQuery).ToListAsync(); components: schemas: LocalQuery: type: object required: - data_bindings - mode - query properties: query: $ref: '#/components/schemas/Query' data_bindings: type: string mode: $ref: '#/components/schemas/LocalQueryMode' LocalQueryResult: type: object required: - sql properties: sql: type: string ApiError: type: object required: - message properties: message: type: string Query: description: A generic query comprising 1+ predicates conjuncted together. type: object required: - calls - constraints - context_facts - predicate properties: predicate: description: >- Predicate name and variable names. INVARIANT: all variable names must exist in `constraints`. This ensures that all variables at least have a type. type: array items: - type: string - type: array items: type: string maxItems: 2 minItems: 2 calls: description: >- Predicate name and variable names. INVARIANT: all variable names must exist in `constraints`. This ensures that all variables at least have a type. type: array items: type: array items: - type: string - type: array items: type: string maxItems: 2 minItems: 2 constraints: description: >- Map of variable names to their type and value(s). Every variable is at least typed and may also be constrained to a set of values. type: object additionalProperties: $ref: '#/components/schemas/Constraint' context_facts: type: array items: $ref: '#/components/schemas/ConcreteFact' LocalQueryMode: oneOf: - type: object required: - mode - query_vars_to_output_column_names properties: mode: type: string enum: - select query_vars_to_output_column_names: type: object additionalProperties: type: string - type: object required: - mode - output_column_name - query_var properties: mode: type: string enum: - filter query_var: type: string output_column_name: type: string Constraint: description: >- Constraints on a variable. All variables must have a type, and they may also be constrained to a set of values. type: object required: - type properties: type: description: The type of the variable. type: string ids: description: >- The possible values of the variable. `None` means the variable can be any value. `Some(["foo"])` means the variable must be exactly `"foo"`. `Some(["foo", "bar"])` means the variable can be either `"foo"` or `"bar"`. The latter is how we represent `In` expressions in the new Query API. type: array items: type: string nullable: true ConcreteFact: description: >- A specific piece of authorization-relevant data, ie: a fact. `ConcreteFact`s are suitable for storing in the database, since they represent the information in a specific, fully-qualified fact. To represent the set of facts matching a pattern instead, see [`Fact`]. type: object required: - args - predicate properties: predicate: type: string args: type: array items: $ref: '#/components/schemas/TypedId' TypedId: type: object required: - id - type properties: type: type: string id: type: string securitySchemes: ApiKey: description: Requires an API key to access. type: http scheme: bearer bearerFormat: Bearer e_0123_123_token0123 ````