Ship secure authorization flows without slowing product velocity.
One policy engine for RBAC, ABAC, JWT, and OAuth2 decisions at scale — with first-class SDKs for TypeScript, Go, Python, Java (Spring Boot & Quarkus), and Rust.
< 10ms
P95 decision latency
v0.1.5
Java SDK (Maven Central)
MIT
Open-source license
Trusted by engineering teams building secure platforms
Purpose-built primitives for modern authorization systems.
Compose policy and identity decisions with an API-first model designed for reliability, velocity, and auditability.
Fine-grained authorization
Enforce policy across RBAC, ABAC, and relationship-based checks with one decision API.
Policy as code
Version and ship policy updates with Git workflows, full diff history, and safe rollouts.
Low-latency decisions
P95 under 10ms with in-memory evaluation and globally distributed edge decision caches.
Audit-ready trails
Every allow/deny result ships with traceable reasoning for compliance and incident analysis.
Event-driven sync
Replayable webhooks and event streams keep entitlements in sync across your stack.
Composable architecture
Drop-in SDKs, management APIs, and policy bundles designed for modern platform teams.
API-first core
Typed REST API and SDKs keep auth logic portable across frontend, backend, and edge runtimes.
Enterprise security
mTLS, key rotation, and signed webhook delivery hardened for regulated workloads.
Global scalability
Deploy multi-region with deterministic policy evaluation and locality-aware data replication.
Developer velocity
Local policy playground, CI checks, and generated clients ship changes faster with confidence.
Drop-in authorization for Spring Boot and Quarkus.
One Maven dependency gives you a declarative @Resource annotation that wires directly into the authorization platform — no boilerplate, no extra configuration class.
- Zero-boilerplate — annotate any method or class with @Resource
- Auto-registers resources with the authorization service on startup
- Spring Boot auto-configuration via spring.factories
- Quarkus CDI interceptor support out of the box
- Client-credentials token refresh handled automatically
- Toggle enforcement per environment with a single config flag
0.1.5
Current version
MIT
License
Java 17
Java baseline
Spring · Quarkus
Frameworks
<dependency>
<groupId>io.gitlab.ctu-iotlab</groupId>
<artifactId>com.authorization.core</artifactId>
<version>0.1.5</version>
</dependency>Designed as a control plane for distributed authorization.
Use one management API and one decision API across app backends, edge workers, and internal services.
Policy Decision Point
Stateless decision API evaluates policy bundles with deterministic outcomes and sub-10ms latency.
Policy Administration
Version policy definitions, run simulations in CI, and release safely using environment promotion.
Data Connectors
Stream principals, resources, and attributes from your source-of-truth systems with replay support.
Production hardening from day one.
Run critical permission checks with confidence across single-tenant and multi-tenant environments.
Platform guarantees
Reliability and compliance defaults suitable for SaaS and enterprise workloads.
- Regional failover with consistent policy snapshots
- At-rest and in-transit encryption with tenant-aware keying
- Signed decision logs and immutable audit history
- Rate-limiting and adaptive abuse prevention
Integrate decision checks in minutes.
Use first-party SDKs and typed clients for low-friction implementation across any stack.
import { AuthorizationClient } from "@authorization-service/sdk"
const client = new AuthorizationClient({
apiKey: process.env.AS_API_KEY!,
})
const decision = await client.decisions.check({
tenantId: "tenant_prod_42",
principal: { id: "user_123", roles: ["editor"] },
resource: { type: "document", id: "doc_91" },
action: "read",
})
if (!decision.allow) throw new Error("Forbidden")Consistent API ergonomics in every language.
Unified concepts across SDKs make it simple for polyglot teams. The Java SDK adds a unique annotation-first model for Spring Boot and Quarkus.
Official SDKs
Generated clients, typed request models, retries, and observability hooks.
Built for teams that care about velocity and correctness.
Ship secure authorization without forcing every product team to become policy experts.
CLI and local playground
Test policy scenarios locally before they hit production traffic.
Typed API schemas
OpenAPI and SDK generation keep consumers and backend contracts aligned.
Policy CI checks
Block breaking policy changes with deterministic simulation tests.
Simple plans from startup to enterprise.
Start free, scale with usage, and move to enterprise controls when you need advanced governance.
Starter
$0
For prototypes and side projects.
- Up to 100K checks/month
- 1 project
- Community support
Growth
$199
For production SaaS teams.
- Up to 20M checks/month
- Unlimited projects
- SAML + SCIM
- Priority support
Enterprise
Custom
For regulated and large-scale environments.
- Dedicated regions
- Advanced compliance controls
- Private networking
- 24/7 support SLA
Adopted by platform and security engineers.
“Authorization Service gave our platform team a single control plane for every permission decision.”
Lena D.Staff Engineer, Atlas Commerce
“We replaced fragmented access checks with auditable policy workflows in under two weeks.”
Mikael R.Head of Security, Northstar AI
“The SDK ergonomics and docs quality are exactly what a developer platform should feel like.”
Priya S.Principal Engineer, Nova Cloud
Ready to centralize authorization across your platform?
Start free, integrate in one afternoon, and scale to billions of decisions with built-in observability and policy governance.