Skip to main content


The Authorizer uses the Open Policy Agent (OPA) to compute a decision based on a policy, user context, and data.

An application can interact with the Authorizer through a set of gRPC or HTTPS REST APIs.

The Topaz authorizer is deployed as a sidecar (or as a local service), right next to your application.

Authorizer API categories

The Authorizer provides the following APIs to calling applications.

  • Authorization (authz) - perform authorization queries
  • Policies (policies) - return information about loaded policies
  • Information (info) - return build information

The REST APIs are all exposed with the /api/v2 URL prefix. By default, the Topaz REST APIs are hosted on https://localhost:8383. For example, the policies REST API can be called in the following way:

curl -k https://localhost:8383/api/v2/policies

By default, the gRPC APIs are hosted on localhost:8282. grpcui represents a convenient way to browse the gRPC APIs:

brew install grpcui

grpcui --insecure localhost:8282