How does Permit.io work?
Permit.io is a Plug & Play App-Level Authorization. It allows you to create enforcements in your Frontend or Backend, and control everything via a no-code UI.
Permit.io is built with security by design, and with every turn and point where security measures can be implemented, they are. A significant portion of the security architecture is provided through the OPAL architecture.
Connectivity Diagram
Security Key Points
All connections are SSL encrypted (HTTPS and SSH for Git)
All PDP connections are outgoing, i.e. the PDP is the initiator of all the connections both to the Permit cloud and to any data-source you choose to configure.
Only exception is queries sent to the PDP (e.g. queries from the Permit SDKs)
By default no data is uploaded to the Permit cloud (all needed can be hosted locally in the PDPs); only meta-data [e.g. user object GUIDs] are uploaded.