Skip to main content

Run Local Authorization Microservice

Running a local authorization microservice (PDP) provides significant benefits for your application's performance, security, and reliability. This guide will help you understand and set up local authorization in your application.

Why Run Authorization Locally?

Running authorization locally through a Policy Decision Point (PDP) offers several key advantages:

1. Lightning-Fast Performance

Experience zero network latency with all decisions made locally within your infrastructure. Process thousands of requests per second with sub-millisecond latency, ensuring every millisecond counts for user-facing applications while minimizing external API calls.

2. Enhanced Security

Keep sensitive data never leaving your infrastructure while maintaining data residency requirements. Enjoy full control over your authorization layer with encrypted communication between your application and the local PDP.

3. Improved Reliability

Maintain business continuity with a system that works even if cloud services are down. Operate independently for critical decisions with full control over your authorization infrastructure and built-in failover capabilities.

4. Advanced Policy Support

Support all policy types including RBAC, ABAC, and ReBAC. Handle sophisticated authorization scenarios with instantly reflected policy changes and flexible configuration options.

Running the Authorization Microservice

1

Pull the Docker Container

First, pull the latest PDP container from Docker Hub:

docker pull permitio/pdp-v2:latest
note

If you haven't installed Docker yet, get it here.

2

Run the Container

Launch the PDP container with your API key:

docker run -it -p 7766:7000 \
--env PDP_DEBUG=True \
--env PDP_API_KEY=<YOUR_API_KEY> \
permitio/pdp-v2:latest

The container will expose the PDP on localhost:7766, ready to handle authorization requests.

tip

You can verify the container is running and check its status with:

docker ps
docker logs <container_id>
3

Advanced Configuration Options

Debug Mode

Enable detailed logging for troubleshooting:

docker run -it -p 7766:7000 \
--env PDP_DEBUG=True \
--env PDP_API_KEY=<YOUR_API_KEY> \
--env PDP_OPA_DECISION_LOG_CONSOLE=True \
permitio/pdp-v2:latest

This configuration provides:

Detailed Decision Logs: Comprehensive logging of all authorization decisions and their outcomes.

Performance Metrics: Real-time monitoring of system performance and resource usage.

Error Tracking: Detailed information about any errors or issues that occur.

Policy Evaluation Details: In-depth information about how policies are being evaluated.

Custom Port Configuration

Change the default ports to match your infrastructure:

docker run -it -p 7766:7000 -p 8181:8181 \
--env PDP_API_KEY=<YOUR_API_KEY> \
permitio/pdp-v2:latest

The container exposes two ports:

  • 7766: The main PDP API port
  • 8181: The OPA API port for direct policy queries
tip

You can interact directly with the OPA API on port 8181 for advanced policy queries and debugging.

Decision Log Settings

Fine-tune logging behavior for your needs:

docker run -it -p 7766:7000 \
--env PDP_API_KEY=<YOUR_API_KEY> \
--env PDP_OPA_DECISION_LOG_ENABLED=True \
--env PDP_OPA_DECISION_LOG_MIN_DELAY=1 \
permitio/pdp-v2:latest

Monitoring and Debugging

1

Health Checks

Monitor your PDP's health status through the health endpoint:

http://localhost:7766/health

Get real-time information about your container status, policy sync status, and connection health while tracking resource utilization metrics to optimize performance.

2

Metrics

Access detailed performance metrics through the metrics endpoint:

http://localhost:7766/metrics

Monitor request latency and decision counts while analyzing cache hit rates and error rates to identify and resolve performance issues.

3

API Documentation

View the complete PDP API documentation through the ReDoc interface:

http://localhost:7766/redoc

Browse all available endpoints with their request/response formats, learn about authentication methods, and review comprehensive error handling procedures.

What did you learn?

From this walkthrough, you've learned:

  • How to set up and run a local authorization microservice
  • Configure advanced PDP options for your specific needs
  • Monitor and debug your authorization layer
  • Access detailed metrics and health information
FUN FACT!

A well-configured local PDP can handle thousands of authorization decisions per second with sub-millisecond latency, making it perfect for high-performance applications. Some of our customers process millions of decisions daily with a single PDP instance!

What's next? 🎉

  • Create user and resource attributes
  • Define your first User and Resource Sets
  • Create your ABAC policy rules

Great job! You're now running local authorization.