ReBAC API Calls
Everything can can be done in the UI, can also be managed directly via the API. Here is a reference to all the ReBAC API calls current available.
Creating resource roles
The Resource Roles API endpoint lets you manage and query roles associated with specific resources in your application or system.
Base URL
https://api.permit.io/v2/schema/{proj_id}/{env_id}/resources/{resource_id}/roles
Example
- cURL
- Node.js
curl https://api.permit.io/v2/schema/$permit_project/$permit_env/resources/folder/roles/editor \
-X PATCH \
-H "Authorization: Bearer $permit_sdk_api_key" \
-H "Content-Type: application/json" \
-d '{
"granted_to": {
"users_with_role": [
{
"linked_by_relation": "account",
"on_resource": "account",
"role": "admin"
},
{
"linked_by_relation": "parent",
"on_resource": "folder",
"role": "editor"
}
]
}
}'
await permit.api.resourceRoles.update("folder", "editor", {
granted_to: {
users_with_role: [
{
linked_by_relation: "account",
on_resource: "account",
role: "admin",
},
{
linked_by_relation: "parent",
on_resource: "folder",
role: "editor",
},
],
},
});
Creating resource relations
Base URL
https://api.permit.io/v2/schema/{proj_id}/{env_id}/resources/{resource_id}/relations
Example
- Python
- Node.js
await permit.api.resource_relations.create(
"file",
{
"key": "parent",
"name": "Parent",
"subject_resource": "folder",
}
)
await permit.api.resourceRelations.create("file", {
key: "parent",
name: "Parent",
subject_resource: "folder",
});
Creating resource instances
Base URL
https://api.permit.io/v2/facts/{proj_id}/{env_id}/resource_instances
Example
- cURL
- Node.js
await permit.api.resourceInstances.create({
resource: "file",
key: "2023_report",
tenant: "default",
});
Assigning roles to users
Base URL
Example
- cURL
- Node.js
curl https://api.permit.io/v2/facts/$permit_project/$permit_env/resource_instances \
-X POST \
-H "Authorization: Bearer $permit_sdk_api_key" \
-H "Content-Type: application/json" \
-d '{
"resource": "file",
"key": "2023_report",
"tenant": "default"
}'
await permit.api.roleAssignments.assign({
user: "john@acme.com",
role: "viewer",
resource_instance: "file:2023_report",
});
Creating relationship tuples
Base URL
https://api.permit.io/v2/facts/{proj_id}/{env_id}/relationship_tuples
Example
- cURL
- Node.js
curl https://api.permit.io/v2/facts/$permit_project/$permit_env/role_assignments \
-X POST \
-H "Authorization: Bearer $permit_sdk_api_key" \
-H "Content-Type: application/json" \
-d '{
"user": "john@acme.com",
"role": "viewer",
"resource_instance": "file:2023_report"
}'
await permit.api.relationshipTuples.create({
subject: "folder:finance",
relation: "parent",
object: "file:2023_report",
});
Creating role derivation
Base URL
https://api.permit.io/v2/schema/{proj_id}/{env_id}/resources/{resource_id}/roles/{role_id}/implicit_grants
Example
- cURL
- Node.js
curl https://api.permit.io/v2/schema/$permit_project/$permit_env/resources/file/roles/editor \
-X PATCH \
-H "Authorization: Bearer $permit_sdk_api_key" \
-H "Content-Type: application/json" \
-d '{
"granted_to": {
"users_with_role": [
{
"linked_by_relation": "parent",
"on_resource": "folder",
"role": "editor"
}
]
}
}'
await permit.api.resourceRoles.update("file", "editor", {
granted_to: {
users_with_role: [
{
linked_by_relation: "parent",
on_resource: "folder",
role: "editor",
},
],
},
});