1. Examples
  3. OpenFGA Authorization

OpenFGA Authorization

Implement fine-grained authorization with relationship-based access control.

Deploy to Zuplo
Deploy to Zuplo

Prerequisite: You need a Zuplo account to run this example. Sign up for free

This sample demonstrates how to use OpenFGA from a custom Zuplo policy to authorize access to a resource.

Prerequisites

In order to use this sample, you will need to configuration an authorization policy. This sample is setup with the Zuplo Auth0 authentication policy, but you can use any authentication or custom authentication policy. You will need to configure the policy with your own identity provider.

You will also need an OpenFGA service. You can run OpenFGA locally as shown in the documentation. When running locally, in order to use this sample, you'll want to use Zuplo Local Development.

OpenFGA Policy

The custom policy is configured to read configuration from the x-authorization extension in the OpenAPI definition. The configuration of that property is a JSON object with the following properties:

  • relation: The relation of the user to the resource. This is the value of the relation property in the OpenFGA policy.
  • objectType: The type of the resource. This is used to build the object property in the OpenFGA policy. For example, if this property is set as document, then the object property in the OpenFGA policy will be document:{id} where the value of {id} comes from the URL .
  • objectParam: The name of the parameter in the request that contains the resource identifier. For example, if your url is /docs/{id}, then the value of this property should be id.
JSONjson
"x-authorization": {
  "relation": "reader",
  "objectType": "document",
  "objectParam": "id"
},

The policy will then use the relation, object and objectType properties to build the OpenFGA policy and authorize the request. For example, if user auth0|123 calls the url /docs/456 the policy will check the following tuple results in a valid access check:

JSONjson
{
  "user": "user:auth0|123",
  "relation": "reader",
  "object": "document:456"
}

If the user is authorized as a reader on that document, the request will be allowed. Otherwise, it will be denied.

Use this example locally

To develop with this example locally, you can create a new Zuplo project using our CLI

Terminalbash
npx create-zuplo-api@latest my-api --example open-fga

Then, in the project directory run the following commands:

Terminalbash
npm install
npm run dev

Quick Links

View on GitHubDocumentation

Run Locally

Clone and run this example:

npx create-zuplo-api --example openfga

On This Page

Related Examples

Explore more examples in this category

Idempotency Keys

Programmability

Prevent duplicate API requests and ensure safe retries for payments and critical operations.

View Example

Custom Rate Limiting

Programmability

Customize the error response users see when they hit your API rate limits.

View Example

Custom Modules

Programmability

Use npm packages and third-party libraries in your Zuplo handlers and policies.

View Example

Dynamic Rate Limits

Programmability

Set different rate limits based on user subscription tier or API key metadata.

View Example
Check all of our Examples

Scale your APIs with
confidence.

Start for free or book a demo with our team.
Book a demoStart for Free
SOC 2 TYPE 2High Performer Spring 2025Momentum Leader Spring 2025Best Estimated ROI Spring 2025Easiest To Use Spring 2025Fastest Implementation Spring 2025

Get Updates From Zuplo

Zuplo logo
© 2026 zuplo. All rights reserved.
Products & Features
API ManagementAI GatewayMCP ServersMCP GatewayDeveloper PortalRate LimitingOpenAPI NativeGitOpsProgrammableAPI Key ManagementMulti-cloudAPI GovernanceMonetizationSelf-Serve DevX
Developers
DocumentationBlogLearning CenterCommunityChangelogIntegrations
Product
PricingSupportSign InCustomer Stories
Company
About UsMedia KitCareersStatusTrust & Compliance
Privacy PolicySecurity PoliciesTerms of ServiceTrust & Compliance
Docs
Pricing
Sign Up
Login
ContactBook a demoFAQ
Zuplo logo
DocsPricingSign Up
Login