Skip to main content
Version: 2.0.0

Ruby Quickstart

In this tutorial, we will show you how to integrate with your application in just a few simple steps.

Setup your PDP (Policy Decision Point) Container

We provide you with a Policy-Decision-Point - aka an authorization microservice, as a container for you to use. Please follow the steps below to install and run the container on your local machine.

1. Pull our PDP container from Docker Hub

If you do not have Docker installed as of yet, click here to install Docker.

docker pull permitio/pdp-v2:latest

2. Get the API key

Navigate to the Projects page with the web interface. Find the active environment that is marked with a green dot on the icon. Copy the Secret Key.

In the left navigation panel inside the app, click on your user icon and copy the SDK API Key.

Copy secret key from Projects management

Alternatively, you can navigate to the Projects panel, and underneath an existing project, for each environment, you will be able to access and copy an environment specific SDK API Key.


The SDK API KEY that is available for you to copy from your main user icon is the API Key that reflect the current project and the current environement you are in.

For each environment, you also have the option to Rotate the API Key, revoking access to the old API key and issuing a new one.


If there are any permission checks left in your code that are still using the old API key, they will immediately be denied. Your end users could potentially lose access.

Copy secret key from user menu

3. Run the container

Remember to replace <YOUR_API_KEY> with the Secret Key you have just obtained in the previous step.

docker run -p 7766:7000 --env PDP_API_KEY=<YOUR_API_KEY> permitio/pdp-v2:latest

Congratulations! You should now have a PDP container running. You can always check the status of the container by typing docker ps in your terminal.

Let's now add the Permit SDK to your app or use the following demo example below.

Add the SDK to your Ruby code

Initialise the Ruby SDK and check for permissions.

  1. Install the SDK for Ruby
gem install permit-sdk
  1. Import the SDK into your code
require 'permit-sdk'
  1. Create a new instance of the SDK.
    You can find instructions on getting a secret API key in the previous section.
require 'permit-sdk'
permit ="TOKEN", "localhost:7766") # the PDP url is optional

Check for permissions using the SDK

You can run a permission check with permit.check(). You need to pass 3 arguments to the function:

  • user: a unique user that identifies the user doing the action - this can be created using hash or a string.
  • action: the action performed, as string.
  • resource: the resource the action is performed on - this can be created using a hash or a string.

In the following examples we are checking that a user with the unique key can create a document resource.

Here is an example using strings:

require 'permit-sdk'
permit ="TOKEN", "localhost:7766") # the PDP url is optional

permitted = permit.check("", "create" , "document")
if permitted
puts " is permitted to create a document"
puts " is not permitted to create a document"

And here is an example using Hash objects:

require 'permit-sdk'
permit ="TOKEN", "localhost:7766") # the PDP url is optional

user_hash = {"key": "", "first_name": "john", "last_name": "doe", "email": ""}
resource_hash = {"type": "document", "tenant": "default"}
permitted = permit.check(user_hash, "create" , resource_hash)
if permitted
puts " is permitted to create a document"
puts " is not permitted to create a document"

Usually instead of an email you'd use the unique identifier provided by your chosen authentication solution. You can also pass the entire decoded JWT, to include attributes about the user.


In cases where you are dealing with more than one tenant in your application, Permit.check() can pass the tenant as part of the resource like we showed before in the Hash objects example.

The tenant passed in needs to be either the tenant id or the tenant key.

You can use the list_tenants API to get the ids and keys set for your tenants.

tenant: a unique tenant id or tenant key that you have defined within Permit.

if permit.check("user", "action", { "key": "resource", "tenant": "tenant" })
# Allow to close document

Check permissions against ABAC policies

Above we have checked for permissions against an RBAC policy - but what if we have an ABAC policy we want to run a permission check for? An ABAC policy is made up of User Sets and Resource Sets, which you can read more about here.

With ABAC we define conditions based on pre-configured attributes.

If we are running a permit.check() for an ABAC policy, we replace the userId and the resource with objects, containing attributes.

if permit.check(user, 'close', { "key": "resource", "attributes": {"hasApproval": "true"} })
# Allow to close document

Permission checks are being run against the PDP container that's running locally on your machine - offering minimal latency and without leaving your network.

This means that your user data never goes outside your system, keeping security high.

Full app example

Assuming a Ruby app made up of a single file, with the permit-sdk and webrick gem packages installed with the following command :

gem install permit-sdk webrick

Here is a full example of a Ruby app that uses the SDK to check for permissions:

require 'webrick'
require 'permit'

permit ="<YOUR_API_KEY>")

server = 4000)

server.mount_proc '/' do |_, res|
res['Content-Type'] = 'application/json'

permitted = permit.check("", "read", "document")
if permitted
res.status = 200
res.body = { result: " is PERMITTED to read document!" }.to_json
res.status = 403
res.body = { result: " is NOT PERMITTED to read document" }.to_json

trap 'INT' do server.shutdown end