Skip to main content
Version: 2.0.0

How does Permit.io work?

Permit.io is a Plug & Play App-Level Authorization. It allows you to create enforcements in your Frontend or Backend, and control everything via a no-code UI.

Permit.io is built with security by design, and with every turn and point where security measures can be implemented, they are. A significant portion of the security architecture is provided through the OPAL architecture.

Connectivity Diagram

Connectivity Map Diagram

Security Key Points

  • All connections are SSL encrypted (HTTPS and SSH for Git)

  • All PDP connections are outgoing, i.e. the PDP is the initiator of all the connections both to the Permit cloud and to any data-source you choose to configure.

  • Only exception is queries sent to the PDP (e.g. queries from the Permit SDKs)

  • By default no data is uploaded to the Permit cloud (all needed can be hosted locally in the PDPs); only meta-data [e.g. user object GUIDs] are uploaded.