Check permissions
Visibility: public · internal ( OpenAPI Custom Extension: x-visibility )
Evaluate whether the authenticated principal (or a specified subject) is allowed to perform one or more actions on target resources. Supports both single and bulk checks in a single request.
Self-check — When no subject is specified, the caller's own permissions are evaluated. Useful for frontends that need to show/hide UI elements based on the current user's access.
Subject check — Tenant administrators can evaluate permissions for another principal by specifying a subject. Non-admin callers specifying a subject other than themselves receive 403.
Results are returned positionally — results[i] corresponds to checks[i].
Authorization
bearerAuth Bearer token authentication using OAuth2/OIDC tokens
In: header
Request Body
application/json
Principal to evaluate. Can be a user ID, API key ID, or service account clientId. If omitted, defaults to the authenticated caller. Only tenant administrators can specify a subject other than themselves.
List of permission checks to evaluate. Each check specifies an action and a target resource. Maximum 100 checks per request.
1 <= items <= 100Response Body
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://api.k0rdent.ai/v1/regions/global/auth/check" \ -H "Content-Type: application/json" \ -d '{ "checks": [ { "action": "compute.instances.create", "resource": "proj-abc123" } ] }'{
"results": [
{
"allowed": true
}
]
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}{
"error": {
"code": 0,
"message": "string",
"details": [
{}
]
}
}How is this guide?