The Authorizer uses the Open Policy Agent (OPA) to compute a decision based on a policy, user context, and data.
An application can interact with the Authorizer through a set of gRPC or HTTPS REST APIs.
The Topaz authorizer is deployed as a sidecar (or as a local service), right next to your application.
Authorizer API categories
The Authorizer provides the following APIs to calling applications.
- Authorization (
authz) - perform authorization queries
- Policies (
policies) - return information about loaded policies
- Information (
info) - return build information
The REST APIs are all exposed with the
/api/v2 URL prefix. By default, the Topaz REST APIs are hosted on
https://localhost:8383. For example, the
policies REST API can be called in the following way:
curl -k https://localhost:8383/api/v2/policies
By default, the gRPC APIs are hosted on
grpcui represents a convenient way to browse the gRPC APIs:
brew install grpcui
grpcui --insecure localhost:8282