Never Build
Permissions Again

Plug & Play App-Level Authorization. Enforce in Frontend or Backend, control via No-Code UI Elements.

Enforce using

Now available: AWS Cedar support

Multiple policy-engine support

Use the right tool for the right task. Use the right language for the right policy.
Say no to Lock-in. Mix and match the policy engines you need.

Permit.io supports OPA's Rego and now adds AWS' Cedar, and Amazon Verified Permissions.
Generate Policy as code directly into Git, and deploy in realtime into the agent in your app.

Learn More

Policy Editor Interface

Our Policy Editor makes granting a permission as easy as checking a checkbox.

Makes granting permissions as easy as checking a box

Manage and edit your policies with in seconds instead of days
Work with a simple UI, API, or directly with rego code.
Enable multi-tenancy, RBAC, ABAC, ReBAC, and more with a single streamlined interface.
Provide low-code/no-code interfaces for non-technical users.
Ensure future requirements are met with policy as code.
Get Git Ops support out-of-the-box

Check it out

Elements: Embeddable access control elements - Ready to use

Empower your end users with fully featured interfaces
Delegate control within safe boundaries
Fully Customizable
5 Minute setup
Webhook notifications
Learn all about Permit Elements at permit.io/elements

Check it out

Decouple Policy from Code

Checking permissions is as easy as permit.check(). Integrate in your code, middelware, mesh, or API gateway- with ease.

Slide to see your code before and after Permit.io

// Gather all the needed objects for the permission check
// Complete user object from DB (based on session object, only 3 DB queries...)
const user = new User(session);
const doc =  new Document(undefined, undefined, session.url);
// The 'fancy' home-brewed auth-z layer (Someone wrote 3 years ago) 
AllowedDocType allowedDocTypes = new AllowedDocType(user.role);
// Query Stripe for live data (hope it's not too slow)
const isPaying = (await stripeWrapper.get_billing_status(user.email)) == STRIPE_PAYING;

if (user.role == ADMIN || 
( user.geo == "US" && 
allowedDocTypes.includes(doc.type) && 
isPaying && 
user.role == EDITOR || user.role == VIEWER)){
 // allow access
}

import { Permit } from "permitio";

const permit = new Permit({
  token: "[YOUR_API_KEY]",
});

if (await permit.check(user, "view", `doc:${doc.id}`)) {
   // allowed to close issue
}

Before

After

import { Permit } from "permitio";

const permit = new Permit({
  token: "[YOUR_API_KEY]",
});

if (await permit.check(user, "view", `doc:${doc.id}`)) {
   // allowed to close issue
}

// Gather all the needed objects for the permission check
// Complete user object from DB (based on session object, only 3 DB queries...)
const user = new User(session);
const doc =  new Document(undefined, undefined, session.url);
// The 'fancy' home-brewed auth-z layer (Someone wrote 3 years ago) 
AllowedDocType allowedDocTypes = new AllowedDocType(user.role);
// Query Stripe for live data (hope it's not too slow)
const isPaying = (await stripeWrapper.get_billing_status(user.email)) == STRIPE_PAYING;

if (user.role == ADMIN || 
( user.geo == "US" && 
allowedDocTypes.includes(doc.type) && 
isPaying && 
user.role == EDITOR || user.role == VIEWER)){
 // allow access
}

Before

After

Add permit to your product Read the SDK Docs

ABAC and ReBAC with Low Code

Powerful Attribute & Relationship Based Access Controls made simple

Scale seamlessly from RBAC to ABAC and ReBAC as your permissions needs grow
Save significant time and complexity versus building and maintaining yourself
Simplify for your non technical stakeholders with no code interfaces available out of the box
Gain flexibility beyond what is possible with RBAC with very little effort Address all of the different use cases for your customers with comprehensive controls
Learn all about Attribute Based Access Control at permit.io/abac

Get Started

Manage Users According to Your Needs
A no-code interface for simple user management
Create an organization hierarchy as you see fit
Use groups to control access
Assign roles and permissions easily
Integrate to your email provider and send automated invites
Audit Application Policies and Decisions
Ensure your policies are protecting you and your operations.
Get a full audit of every authorization decision
Monitor the decisions your authorization policies made
Track whether authorization was permitted or denied, to who and why
Optimize policies to increase security confidence
Performance You Can Build On
Permit.io lets you build and scale with zero network latency.
Avg. 1 ms per query (OPA-based)
Milliseconds for policy and data event update propagation (OPAL-based)
Maintain system performance thanks to our hybrid model with a local sidecar

What the great people from Honeycomb have to say

Leverage the Power of Open Source

Permit.io is powered by OPA, OPAL, and Zanzibar

Enjoy the power and knowledge of thousands of engineers worldwide
Contribute and help shape the solution to your needs
Work with the developer community
Battle tested performance - ready for prod
Join us.

Check it out

Connect Seamlessly to Your Authentication

Bake-in authorization in minutes. Simply plug-in on top of your existing AuthN solution (e.g. Auth0, Cognito).

Moving to modern authorization for microservices is no easy feat, but OPAL made it easy. When I was learning and exploring replicator solutions for OPA myself in my free time, I found that OPAL is a very mature solution for the open-policy administration layer and beyond. Their community support is on another level, responding quickly to any question.
Hongbo Miao, Senior Software Engineer, Tesla
I have had the pleasure to deep dive with the Permit.io team and discuss our PoC. I was impressed with the team's knowledge of multiple Auth solutions. They explained various options with their pros and cons. Very smart and capable team.
Pawel Englert, Tech Lead, Beekeeper.io
Building authorization for Buzzer’s call-rep on-demand service was a challenging task, but with Permit.io we were able to get it up and running end-to-end in just a few days.
We now have 3 engineers who built services on top of Permit.io - all of which constantly keep telling me how happy they are with the solution, and how easy it was to use. We’ve probably already saved months of work thanks to the platform.
Matan Bakshi, Founder & CTO, Buzzer.ai
At Granulate we optimize our customers’ most critical systems; as a result, getting access control right is of the highest importance. Full stack permissions as a service allow our developers to focus on their core product, knowing that access control will work well both for our teams and the end customer. I was extremely impressed both by Permit.io’s technology and its dedication to customer service.
Tal Saiag, Founder & CTO, Granulate.io
At Epsagon (acquired by Cisco) we are no strangers to the complexity of microservices.
Access control demands of microservices are never-ending, so they require a modern stack that can quickly adapt to the most demanding tech and security needs. Permit.io provided us with a secure end-to-end authorization solution that saved us months of engineering work.
Ran Ribenzaft , Epsagon CTO, Cisco
When we build applications, secure access is at the forefront of our minds.
Application authorization is a huge pain point for companies, as one of the largest and most rapidly expanding attack surfaces. I was excited to discover Permit.io, which, to date, provides the most advanced authorization solution, based on open-source standards and supporting multiple policy models.
Barak Schoster Goihman, Senior Director, Palo-Alto Networks
Been using Permit with our project- It's exactly what I wanted. ... It's a small integration, using only granular authorizations. Great job! Be sure I'll keep following the project as it goes on, and keep using it!
Hugo Beaujour, Backend Engineer , Medicalib
Our system is built on dozens of roles and actions that allow full flexibility and serve each of our customers, agents, and partners, as well as our own teams, with the right actions. Permit allows us to maintain the complexity and fine tuning with minimal effort on the code and easy configuration. The team at Permit is fantastic, real experts, with endless willingness to help. I was amazed by their openness to feedback and how quickly they evolved their product from very good to excellent. Watch video now >>>
Nimrod Sadot, Co-founder and CTO, Honeycomb Insurance
OPAL has been a godsend for supporting dynamic OPA data and policy updates. It saves you from the hassle of creating and managing your own bundle server, and the updates can be done seamlessly REST API, a Github Policy Repo that is actively monitored, which are a couple of many other supported ways. The response time of decision requests, and the sync time between server workers, and clients is almost instantaneous.
To add a few words about the support from Permit.io team - they have always been proactive in understanding my questions (as silly as they may be sometimes) and providing the right answers/solutions. I greatly appreciate their timely help and support despite their busy schedule.
Giving OPAL a try is a no-brainer when looking for alternatives to traditional bundle servers. And the best part, OPAL is improving day by day, gathering more and more users!
Jayanth Vhavle Software Engineer | at Walmart Global Tech India, Walmart