Skip to main content

Ory Keto API

Download OpenAPI specification:Download

E-mail: hi@ory.sh License: Apache 2.0

Documentation for all of Ory Keto's REST APIs. gRPC is documented separately.

relationship

Delete Relationships

Use this endpoint to delete relationships

query Parameters
namespace
string

Namespace of the Relationship

object
string

Object of the Relationship

relation
string

Relation of the Relationship

subject_id
string

SubjectID of the Relationship

subject_set.namespace
string

Namespace of the Subject Set

subject_set.object
string

Object of the Subject Set

subject_set.relation
string

Relation of the Subject Set

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Patch Multiple Relationships

Use this endpoint to patch one or more relationships.

Request Body schema: application/json
Array
action
string
Enum: "insert" "delete"
object (relationship)

Relationship

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "error": {
    }
}

Create a Relationship

Use this endpoint to create a relationship.

Request Body schema: application/json
namespace
string

Namespace to query

object
string

Object to query

relation
string

Relation to query

subject_id
string

SubjectID to query

Either SubjectSet or SubjectID can be provided.

object (subjectSet)

Responses

Request samples

Content type
application/json
{
  • "namespace": "string",
  • "object": "string",
  • "relation": "string",
  • "subject_id": "string",
  • "subject_set": {
    }
}

Response samples

Content type
application/json
{
  • "namespace": "string",
  • "object": "string",
  • "relation": "string",
  • "subject_id": "string",
  • "subject_set": {
    }
}

Query namespaces

Get all namespaces

Responses

Response samples

Content type
application/json
{
  • "namespaces": [
    ]
}

Check the syntax of an OPL file

The OPL file is expected in the body of the request.

Request Body schema: text/plain
string (checkOplSyntaxBody)

Ory Permission Language Document

Responses

Response samples

Content type
application/json
{
  • "errors": [
    ]
}

Query relationships

Get all relationships that match the query. Only the namespace field is required.

query Parameters
page_token
string
page_size
integer <int64>
namespace
string

Namespace of the Relationship

object
string

Object of the Relationship

relation
string

Relation of the Relationship

subject_id
string

SubjectID of the Relationship

subject_set.namespace
string

Namespace of the Subject Set

subject_set.object
string

Object of the Subject Set

subject_set.relation
string

Relation of the Subject Set

Responses

Response samples

Content type
application/json
{
  • "next_page_token": "string",
  • "relation_tuples": [
    ]
}

metadata

Check HTTP Server Status

This endpoint returns a HTTP 200 status code when Ory Keto is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.

Responses

Response samples

Content type
application/json
{
  • "status": "string"
}

Check HTTP Server and Database Status

This endpoint returns a HTTP 200 status code when Ory Keto is up running and the environment dependencies (e.g. the database) are responsive as well.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of Ory Keto, the health status will never refer to the cluster state, only to a single instance.

Responses

Response samples

Content type
application/json
{
  • "status": "string"
}

Return Running Software Version.

This endpoint returns the version of Ory Keto.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance.

Responses

Response samples

Content type
application/json
{
  • "version": "string"
}

permission

Check a permission

To learn how relationship tuples and the check works, head over to the documentation.

query Parameters
namespace
string

Namespace of the Relationship

object
string

Object of the Relationship

relation
string

Relation of the Relationship

subject_id
string

SubjectID of the Relationship

subject_set.namespace
string

Namespace of the Subject Set

subject_set.object
string

Object of the Subject Set

subject_set.relation
string

Relation of the Subject Set

max-depth
integer <int64>

Responses

Response samples

Content type
application/json
{
  • "allowed": true
}

Check a permission

To learn how relationship tuples and the check works, head over to the documentation.

query Parameters
max-depth
integer <int64>
Request Body schema: application/json
namespace
string

Namespace to query

object
string

Object to query

relation
string

Relation to query

subject_id
string

SubjectID to query

Either SubjectSet or SubjectID can be provided.

object (subjectSet)

Responses

Request samples

Content type
application/json
{
  • "namespace": "string",
  • "object": "string",
  • "relation": "string",
  • "subject_id": "string",
  • "subject_set": {
    }
}

Response samples

Content type
application/json
{
  • "allowed": true
}

Check a permission

To learn how relationship tuples and the check works, head over to the documentation.

query Parameters
namespace
string

Namespace of the Relationship

object
string

Object of the Relationship

relation
string

Relation of the Relationship

subject_id
string

SubjectID of the Relationship

subject_set.namespace
string

Namespace of the Subject Set

subject_set.object
string

Object of the Subject Set

subject_set.relation
string

Relation of the Subject Set

max-depth
integer <int64>

Responses

Response samples

Content type
application/json
{
  • "allowed": true
}

Check a permission

To learn how relationship tuples and the check works, head over to the documentation.

query Parameters
max-depth
integer <int64>
Request Body schema: application/json
namespace
string

Namespace to query

object
string

Object to query

relation
string

Relation to query

subject_id
string

SubjectID to query

Either SubjectSet or SubjectID can be provided.

object (subjectSet)

Responses

Request samples

Content type
application/json
{
  • "namespace": "string",
  • "object": "string",
  • "relation": "string",
  • "subject_id": "string",
  • "subject_set": {
    }
}

Response samples

Content type
application/json
{
  • "allowed": true
}

Expand a Relationship into permissions.

Use this endpoint to expand a relationship tuple into permissions.

query Parameters
namespace
required
string

Namespace of the Subject Set

object
required
string

Object of the Subject Set

relation
required
string

Relation of the Subject Set

max-depth
integer <int64>

Responses

Response samples

Content type
application/json
{
  • "children": [
    ],
  • "tuple": {
    },
  • "type": "union"
}