Skip to main content
Version: 2.0.0

How do I use FoAz?

Quick Overview


info

The current interface experience are likely to change im the near future. This feature is still in early access.

Setting it up

  1. To find detailed instructions on how to fetch the JWKS, refer to the corresponding guide provided by your authentication provider. You can find a summary for the mosty popular authentication porvider here.

  2. Configure your JWKS with Permit, so it will be able to verify your user JWTs for you.

  3. Configure the Protected API call with Permit, and set a secret for it. This makes sure Permit will only call APIs you defined.

  4. Map the API call to a resource / action, so you can use the policy-editor to define permissions for it. This makes sure Permit will only call API when you allow them.

Login your frontend user with Permit

Permit.io's Frontend SDK provides a login method to which you pass your user's JWT.

Calling an API via Permit

After the login, we can now invoke the Permit SDK with an Axios like interface.

See an example below using Twilio with basic HTTP authentication.

note

Bearer Token, and Cookie authentication are similarly supported.

// Send an SMS with Twilio via a Permit FoAz protected API call
// `{{}}` used to template and render secrets into the call at the secure proxy
permit.proxy.post(
'https://api.twilio.com/2010-04-01/Accounts/{{accountSID}}/Messages.json?Body=hello&To=555&From=1337',
// Templates to be loaded with actual secrets at proxy.permit.io prior to the actual call to Twilio
auth: {
username: "{{accountSID}}"
password: "{{twilioAuthToken}}"
}
}).then((res) => {
console.log(res, 'res');
}).catch((err) => {
console.log(err);
});