POST
/api/v1/checkEvaluate access
Evaluate whether a subject is authorized to perform an action on a resource. Runs the full RBAC → ABAC pipeline and returns a decision with evaluation trace.
Auth:Bearer JWT or X-Service-Api-Key
Request Body
json
{
"subject": "user:alice@acme.com",
"resource": "billing:invoice:inv_9f3a2b1c",
"action": "read",
"domain": "acme-corp",
"attributes": {
"user": {
"department": "finance",
"clearance": "L3"
},
"resource": {
"owner_org": "acme-corp",
"classification": "internal"
}
}
}Response
json
{
"decision": "ALLOW",
"latencyMs": 12,
"correlationId": "corr_7f3a2b1c9e4d5f6a",
"matchedPolicies": [
{
"id": "pol_abc123",
"name": "finance-read-policy",
"type": "abac",
"effect": "allow",
"priority": 10
}
]
}Example Request
bash
curl -X POST https://api.permix.io/api/v1/check \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"subject": "user:alice@acme.com",
"resource": "billing:invoice:inv_9f3a2b1c",
"action": "read",
"attributes": {
"user": { "department": "finance" }
}
}'Try it
Permix REST API · v1.0
View full spec