AimableDocs
DocsAPI Reference

Space Authorization

Introduction to Space Authorization

Space Authorization is a crucial component in managing access control within the FastAPI platform. It ensures that users or systems have the necessary permissions to perform actions within specific spaces. This domain is essential for maintaining security and operational integrity, as it allows for fine-grained control over who can access or modify resources within a given space.

Key Concepts and Entities

Space

A "space" is a logical grouping of resources or functionalities within the FastAPI platform. Each space is identified by a unique space_id.

Permission Key

The permission_key is a string that represents a specific permission or action that can be performed within a space. Examples include read, write, or admin.

Principal ID

The principal_id represents the user or system entity requesting access. It is optional but can be used to specify which entity's permissions are being checked.

API Key

The X-API-Key is an optional header used for authenticating API requests. It is crucial for ensuring that only authorized entities can make requests to the API.

Common Workflows

Checking Space Permissions

A typical workflow involves checking whether a particular principal has a specific permission within a space. This is done using the /v1/spaces/{space_id}/authorization/check endpoint. The process generally follows these steps:

  1. Identify the space_id for the space you want to check permissions in.
  2. Determine the permission_key for the action you want to verify.
  3. Optionally, specify the principal_id if you need to check permissions for a specific user or system.
  4. Make a GET request to the endpoint with the necessary parameters.

Practical Examples

Example: Check if a User Can Read a Space

To check if a user with a specific principal_id has read access to a space, you can use the following curl command:

curl -X GET "https://api.example.com/v1/spaces/12345/authorization/check?permission_key=read&principal_id=user-67890" \
-H "X-API-Key: your-api-key"

Example: Check if Any User Can Write to a Space

If you want to check if any user can write to a space without specifying a principal_id, use:

curl -X GET "https://api.example.com/v1/spaces/12345/authorization/check?permission_key=write" \
-H "X-API-Key: your-api-key"

Important Considerations

Authentication

While the X-API-Key is optional, it is highly recommended to include it in your requests to authenticate and authorize your API calls. This helps prevent unauthorized access and ensures that your requests are processed securely.

Error Handling

When making requests to the authorization endpoint, be prepared to handle errors such as 401 Unauthorized or 403 Forbidden. These errors indicate issues with authentication or insufficient permissions, respectively.

Performance and Rate Limiting

Consider the potential impact of frequent permission checks on your application's performance. Implement caching strategies where appropriate to minimize redundant API calls and adhere to any rate limits imposed by the API.

By understanding and utilizing the space-authorization domain effectively, developers can ensure robust access control and security within their applications.