Skip to main content
Version: 2.0.0

Load Custom Data Sources into OPAL (and your PDP)

OPAL Scope Config (custom data sources)

With the new Scope Config API, you can set your own data sources for your GitOps policy, and combine's ease of use, with OPAL's customizability.

Use the{proj_id}/{env_id}/opal_scope to modify the OPAL Scope used. (you can get the environment and project id with API requests note that you need org level API key to access those, you can create one here )

By default, Permit loads data about users, roles, and so on to OPA from the Permit cloud. You can use this API to load additional data sources to use in your custom policy.

In this example, we will load data about countries of the world of

Set custom data sources using the API:

curl --location --request PUT '[{project_id}/{env_id}/opal_scope](' \

--header 'Content-Type: application/json' \

--header 'Accept: application/json' \

--header 'Authorization: Bearer permit_key_***' \

--data '{

"data": {

"entries": [


"url": "<>",

"dst_path": "/countries",

"config": {

"headers": {

"Accept": "application/json"







In order to see the new data you can request the data path from your local PDP like this

curl --location --request GET 'http://localhost:8181/v1/data' \

--header 'Authorization: Bearer permitkey {{secret}}'

API Docs for Scope Request (API still in beta):

You can view the full OPAL Scope documentation here:

Custom scopes are supported from PDP **v0.2.15, **so you may need to run: docker pull permitio/pdp-v2:latest

And the following flag needs to be enabled when you run the container:


E.G if you run it with docker:

docker run -e PDPAPI_KEY=permit_key*** -e OPAL_SPLIT_ROOT_DATA=1 permitio/pdp-v2:latest

This is it, you now have a running instance of PDP with custom scopes!

You can also use the custom data source in your rego like this (if you have the gitops feature enabled for you):

data.countries[0].capital == "Bridgetown"