Skip to main content is the permissions infrastructure for the internet. A fullstack authorization solution enabling developers to bake-in access-control into their products within minutes and have them ready for future demands from customers and regulation.

Our developer SDK integrates with your app and enables you to add declarative permission checks that are as easy to use as feature flags.

Our solution is built upon strong open source foundations, enables Git-Ops out of the box, and goes far beyond enforcement - providing seamless access control experiences meant for humans that simply work out-of-the-box: User Management, API Key management, Audit, User impersonation and so on.

Solution diagram

Get Started with :

  1. Set up an account at
  2. Configure your projects, tenants, users, roles, and policy via the web UI (policy-editor) or API
  3. Integrate into your application by deploying the SDK and/or the PDP microservice
  4. Enforce, monitor, audit, and upgrade access as you need Support and Help

We are always eager to talk to fellow developers, and we'd be happy to help with anything regarding, OPA+OPAL, and/or IAM in general.

๐Ÿ’ฌ Slack Community

The easiest way to reach out to us is via our Slack community - you're welcome to join, ask questions, and see what others are asking / working on.


๐Ÿ‘ฉโ€๐Ÿ’ป Github

We use Github to manage support tickets, ongoing design discussions, and product roadmap.

You're welcome to join the conversation and open issues (bug reports, feature requests) and discussions (general questions / thoughts) across our suite of products:

๐Ÿ“ง Email, and Zoom

Got a more specific question? You can reach out to us via classic email at Want to dive deeper with our team? You can even schedule a Zoom call with us.

Why did we create

We at the team have been building software for decades, working in dozens of companies of all sizes.
We had one thing in common in all of these companies: we wrote, refactored, and debugged the same access-control code.

While access-control, permissions, and authorization requests are core to the product, they are also not unique to a specific product!
This is a good thing: they share the same core principles and are being written over and over for no good reason.
We always wanted it to be plug&play and easily upgradeable without changing our code.
That's what we've built for you at - the permissions infrastructure for the internet.