Ory Keto API
Download OpenAPI specification:Download
Documentation for all of Ory Keto's REST APIs. gRPC is documented separately.
Delete Relationships
Use this endpoint to delete relationships
query Parameters
namespace | string Namespace of the Relationship |
object | string Object of the Relationship |
relation | string Relation of the Relationship |
subject_id | string SubjectID of the Relationship |
subject_set.namespace | string Namespace of the Subject Set |
subject_set.object | string Object of the Subject Set |
subject_set.relation | string Relation of the Subject Set |
Responses
Response samples
- 400
- default
{- "error": {
- "code": 404,
- "debug": "SQL field \"foo\" is not a bool.",
- "details": {
- "property1": null,
- "property2": null
}, - "id": "string",
- "message": "The resource could not be found",
- "reason": "User with ID 1234 does not exist.",
- "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
- "status": "Not Found"
}
}
Patch Multiple Relationships
Use this endpoint to patch one or more relationships.
Request Body schema: application/json
action | string Enum: "insert" "delete" |
object (relationship) Relationship |
Responses
Request samples
- Payload
[- {
- "action": "insert",
- "relation_tuple": {
- "namespace": "string",
- "object": "string",
- "relation": "string",
- "subject_id": "string",
- "subject_set": {
- "namespace": "string",
- "object": "string",
- "relation": "string"
}
}
}
]
Response samples
- 400
- 404
- default
{- "error": {
- "code": 404,
- "debug": "SQL field \"foo\" is not a bool.",
- "details": {
- "property1": null,
- "property2": null
}, - "id": "string",
- "message": "The resource could not be found",
- "reason": "User with ID 1234 does not exist.",
- "request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
- "status": "Not Found"
}
}
Create a Relationship
Use this endpoint to create a relationship.
Request Body schema: application/json
namespace | string Namespace to query |
object | string Object to query |
relation | string Relation to query |
subject_id | string SubjectID to query Either SubjectSet or SubjectID can be provided. |
object (subjectSet) |
Responses
Request samples
- Payload
{- "namespace": "string",
- "object": "string",
- "relation": "string",
- "subject_id": "string",
- "subject_set": {
- "namespace": "string",
- "object": "string",
- "relation": "string"
}
}
Response samples
- 201
- 400
- default
{- "namespace": "string",
- "object": "string",
- "relation": "string",
- "subject_id": "string",
- "subject_set": {
- "namespace": "string",
- "object": "string",
- "relation": "string"
}
}
Check the syntax of an OPL file
The OPL file is expected in the body of the request.
Request Body schema: text/plain
Ory Permission Language Document
Responses
Response samples
- 200
- 400
- default
{- "errors": [
- {
- "end": {
- "Line": 0,
- "column": 0
}, - "message": "string",
- "start": {
- "Line": 0,
- "column": 0
}
}
]
}
Query relationships
Get all relationships that match the query. Only the namespace field is required.
query Parameters
page_token | string |
page_size | integer <int64> |
namespace | string Namespace of the Relationship |
object | string Object of the Relationship |
relation | string Relation of the Relationship |
subject_id | string SubjectID of the Relationship |
subject_set.namespace | string Namespace of the Subject Set |
subject_set.object | string Object of the Subject Set |
subject_set.relation | string Relation of the Subject Set |
Responses
Response samples
- 200
- 404
- default
{- "next_page_token": "string",
- "relation_tuples": [
- {
- "namespace": "string",
- "object": "string",
- "relation": "string",
- "subject_id": "string",
- "subject_set": {
- "namespace": "string",
- "object": "string",
- "relation": "string"
}
}
]
}
Check HTTP Server Status
This endpoint returns a HTTP 200 status code when Ory Keto is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working.
If the service supports TLS Edge Termination, this endpoint does not require the
X-Forwarded-Proto
header to be set.
Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.
Responses
Response samples
- 200
{- "status": "string"
}
Check HTTP Server and Database Status
This endpoint returns a HTTP 200 status code when Ory Keto is up running and the environment dependencies (e.g. the database) are responsive as well.
If the service supports TLS Edge Termination, this endpoint does not require the
X-Forwarded-Proto
header to be set.
Be aware that if you are running multiple nodes of Ory Keto, the health status will never refer to the cluster state, only to a single instance.
Responses
Response samples
- 200
- 503
{- "status": "string"
}
Return Running Software Version.
This endpoint returns the version of Ory Keto.
If the service supports TLS Edge Termination, this endpoint does not require the
X-Forwarded-Proto
header to be set.
Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance.
Responses
Response samples
- 200
{- "version": "string"
}
Check a permission
To learn how relationship tuples and the check works, head over to the documentation.
query Parameters
namespace | string Namespace of the Relationship |
object | string Object of the Relationship |
relation | string Relation of the Relationship |
subject_id | string SubjectID of the Relationship |
subject_set.namespace | string Namespace of the Subject Set |
subject_set.object | string Object of the Subject Set |
subject_set.relation | string Relation of the Subject Set |
max-depth | integer <int64> |
Responses
Response samples
- 200
- 400
- 403
- default
{- "allowed": true
}
Check a permission
To learn how relationship tuples and the check works, head over to the documentation.
query Parameters
max-depth | integer <int64> |
Request Body schema: application/json
namespace | string Namespace to query |
object | string Object to query |
relation | string Relation to query |
subject_id | string SubjectID to query Either SubjectSet or SubjectID can be provided. |
object (subjectSet) |
Responses
Request samples
- Payload
{- "namespace": "string",
- "object": "string",
- "relation": "string",
- "subject_id": "string",
- "subject_set": {
- "namespace": "string",
- "object": "string",
- "relation": "string"
}
}
Response samples
- 200
- 400
- 403
- default
{- "allowed": true
}
Check a permission
To learn how relationship tuples and the check works, head over to the documentation.
query Parameters
namespace | string Namespace of the Relationship |
object | string Object of the Relationship |
relation | string Relation of the Relationship |
subject_id | string SubjectID of the Relationship |
subject_set.namespace | string Namespace of the Subject Set |
subject_set.object | string Object of the Subject Set |
subject_set.relation | string Relation of the Subject Set |
max-depth | integer <int64> |
Responses
Response samples
- 200
- 400
- default
{- "allowed": true
}
Check a permission
To learn how relationship tuples and the check works, head over to the documentation.
query Parameters
max-depth | integer <int64> |
Request Body schema: application/json
namespace | string Namespace to query |
object | string Object to query |
relation | string Relation to query |
subject_id | string SubjectID to query Either SubjectSet or SubjectID can be provided. |
object (subjectSet) |
Responses
Request samples
- Payload
{- "namespace": "string",
- "object": "string",
- "relation": "string",
- "subject_id": "string",
- "subject_set": {
- "namespace": "string",
- "object": "string",
- "relation": "string"
}
}
Response samples
- 200
- 400
- default
{- "allowed": true
}
Expand a Relationship into permissions.
Use this endpoint to expand a relationship tuple into permissions.
query Parameters
namespace required | string Namespace of the Subject Set |
object required | string Object of the Subject Set |
relation required | string Relation of the Subject Set |
max-depth | integer <int64> |
Responses
Response samples
- 200
- 400
- 404
- default
{- "children": [
- { }
], - "tuple": {
- "namespace": "string",
- "object": "string",
- "relation": "string",
- "subject_id": "string",
- "subject_set": {
- "namespace": "string",
- "object": "string",
- "relation": "string"
}
}, - "type": "union"
}