We are thrilled to announce the launch of a game-changing new feature for Permit.io -Ā Frontend-only-Authorization (FoAz). FoAz is a breakthrough technology that empowers frontend developers to use sensitive APIs directly from the frontend, without requiring any backend code, while maintaining the highest level of security.
FoAz is designed to solve two key problems faced by modern application developers. Firstly, it allows developers to "slap on permissions" on existing services that don't have an authorization layer yet, require better policy models (e.g. RBAC, ABAC, ReBAC), or enhanced permission granularity.
To achieve this, FoAz acts as a proxy service that accepts incoming API calls from the frontend. The API Calls are checked against their assigned policies and the current identity (in the form of the application's own JWT). Then, only if allowed, secrets for the target are added, and the target service is called.
Secondly, FoAz allows frontend applications to call services directly without having to add backend glue-code. For example, an app wanting to send an SMS can call Twilio without the need for backend engineering. The same goes for other services like OpenAI, Stripe, Mailgun, and many more API-driven services.
FoAz is a game-changer - saving frontend developers a ton of time and dramatically improving their velocity while taking shift-left even further to the left, finally empowering frontend engineers to take charge of application security. FoAz is built on the low-code interfaces of Permit.io, especially the Permit Policy Editor, which generates policy as code.
We are excited to share FoAz with everyone as a ready-to-use SaaS service, but more importantly, as an open-source standard and spec. With FoAz, frontend developers can now work independently without having to rely on backend engineers, giving them greater autonomy, and enabling them to build and deploy new features faster and more securely.
Permit.io is committed to providing cutting-edge technologies that empower developers, and FoAz is another example of our commitment to innovation. We can't wait to see what developers create using FoAz, and we invite you to try it out for yourselves and join us on this exciting journey!
Written by
Or Weis
Co-Founder / CEO at Permit.io