FGA Endpoints
Fine-Grained Authorization — relationship-based access control for agents, users, and resources.
Write Tuples
POST /api/v1/fga/tuples
Create authorization relationships (tuples).
Headers
Authorization: Bearer <apiKey>X-Bulwark-Tenant: <tenant-id>
Body
{
"writes": [
{
"user": "user:usr_01j",
"relation": "owner",
"object": "document:doc_abc"
},
{
"user": "agent:agent_01j",
"relation": "viewer",
"object": "document:doc_abc"
}
]
}
Response 200
{
"data": {
"written": 2
}
}
Delete Tuples
DELETE /api/v1/fga/tuples
Body
{
"deletes": [
{
"user": "agent:agent_01j",
"relation": "viewer",
"object": "document:doc_abc"
}
]
}
Response 200
{
"data": {
"deleted": 1
}
}
Check Access
POST /api/v1/fga/check
Check whether a user or agent has a specific relation to an object.
Body
{
"user": "agent:agent_01j",
"relation": "viewer",
"object": "document:doc_abc"
}
Response 200
{
"data": {
"allowed": true
}
}
Batch Check
POST /api/v1/fga/batch-check
Check multiple relationships at once.
Body
{
"checks": [
{ "user": "agent:agent_01j", "relation": "viewer", "object": "document:doc_abc" },
{ "user": "agent:agent_01j", "relation": "editor", "object": "document:doc_abc" }
]
}
Response 200
{
"data": {
"results": [
{ "allowed": true },
{ "allowed": false }
]
}
}
Filter Objects
POST /api/v1/fga/filter
Return only the objects from a list that a user has access to.
Body
{
"user": "agent:agent_01j",
"relation": "viewer",
"type": "document",
"objects": ["document:doc_abc", "document:doc_xyz", "document:doc_123"]
}
Response 200
{
"data": {
"allowed": ["document:doc_abc", "document:doc_123"]
}
}
List Objects
POST /api/v1/fga/list-objects
Return all objects of a type that a user has a specific relation to.
Body
{
"user": "agent:agent_01j",
"relation": "viewer",
"type": "document"
}
Response 200
{
"data": {
"objects": ["document:doc_abc", "document:doc_123"]
}
}