Thread

Rafael Rozon

Developer

Apr 2, 2018

Role Based Access Control/ACL via REST API?

Hi,

Does anyone know any company/service/library that offers Access Control Lists or Role Based Access Control via a REST API?

Thank you!

#rest-api #javascript

Responses(2)

Rafael Rozon

Developer

Apr 6, 2018

So, I quick update on this. My colleagues suggested these libraries:

Manage Role-Based Access Control with the REST API

Athenz

Apache Fortress

I think Athenz is particularly interesting. But it may be a bit overkill for a little application. And I haven't found any company or online service that provides this functionality, unfortunately.

Xingheng Wang

Co-founder Moesif.com (API analytics). Previous Microsoft & Zynga. CS from MIT.

Apr 3, 2018

Try JWT. The roles and permission is in the token itself.

Or if you want to more traditional way to look up permission in a database, be sure to think through the performance issues:

Here is a pro and cons of different approaches:

moesif.com/blog/technical/restful-apis/Authorizat…

Thank you Xingheng Wang for your answer. What I'm looking for is more about managing users permission through a rest api, because I don't want to build it myself. Ideally, I'd like some endpoints that would allow me to create a permission group, add permissions to the group, create a user group, associate user groups with permission groups, and then users to user groups. Nothing crazy complicated. Then, having that information, I could use JWT to pass it around.

Search Hashnode

Role Based Access Control/ACL via REST API?

Responses(2)

Recent threads