Skip to main content
POST
/
v1beta1
/
check
Check Permission
curl --request POST \
  --url https://api.example.com/v1beta1/check \
  --header 'Content-Type: application/json' \
  --data '
{
  "permission": "<string>",
  "resource": "<string>",
  "object_id": "<string>",
  "object_namespace": "<string>"
}
'
{
  "status": true
}
Checks if the authenticated principal (user or service account) has the required permission to access a specific resource. Returns true if permitted, false otherwise. Frontier extracts the principal from:
  • Current logged-in session cookie
  • Client ID and secret (for service users)
  • Access token

​
Body

​
permission
string
required
The permission name to check.Examples: get, list, compute.instance.create
​
resource
string
Resource identifier in one of these formats:
  • namespace:uuid - For organization or project by ID
  • namespace:name - For organization or project by name
  • namespace:urn - For a resource under a project
You can use aliases org or project instead of full namespace.Examples:
  • organization:92f69c3a-334b-4f25-90b8-4d4f3be6b825
  • app/project:project-name
  • compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825
​
object_id
string
deprecated
Deprecated. Use resource field instead.
​
object_namespace
string
deprecated
Deprecated. Use resource field instead.

​
Response

​
status
boolean
Whether the principal has the requested permission
  • true - Permission granted
  • false - Permission denied
curl -X POST 'https://frontier.example.com/v1beta1/check' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
    "permission": "compute.instance.get",
    "resource": "compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825"
  }'

​
Request Example

{
  "permission": "compute.instance.get",
  "resource": "compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825"
}

​
Response Example

{
  "status": true
}

​
Usage Notes

  • The endpoint automatically audits all permission checks
  • Audit logs record both successful and failed permission checks
  • For batch permission checks, use the /v1beta1/batch-check endpoint instead

Build docs developers (and LLMs) love

Get started for freeTalk to us