Integrate Cerbos with FastAPI for powerful authorization
Implement roles and context aware access control in your application by integrating Cerbos with FastAPI.
What is Cerbos?
Cerbos is open source, decoupled access control for your application enabling you to implement fine-grained permissions in minutes.
Agile
Define and evolve complex policies without requiring a release cycle
Compliance
Meet your compliance requirements with a full audit trail of policies, permissions, access to resources
Enterprise
Be enterprise ready and meet your customer's organizational requirements with ease
Proactive
Coming soon: SIEM integrations and anomaly detection and recommendations of policy changes
Extend FastAPI Roles
Fine grained access controls extending the roles defined in FastAPI
Enrich with Context
Request time attribute based authorization enables more contextual access controls
Avoid Token Bloat
Independent authorization logic avoids bloated tokens and workarounds
How to integrate Cerbos with a FastAPI Server
Implementing Cerbos with Python and FastAPI is easy. You can use the SDKs provided by Cerbos to call out to the Policy Decision Point (PDP) from a middleware or a handler, passing along context about the principal (user) making the request, the resource they are trying to access and the action they are trying to perform. Based on the policies and the context, the Cerbos will determine if the request is authorized or not - if it is, then you can continue to process the request otherwise return an error.
Cerbos and FastAPI Code Example
Cerbos provides a convinient way to integrate with a Python FastAPI Server. You can use the SDKs provided by Cerbos to call out to the Policy Decision Point (PDP). The code below demonstrates how to setup the Cerbos SDK and check permissions inside a GET handler.
from fastapi import FastAPI
from cerbos.sdk.model import *
from cerbos.sdk.client import AsyncCerbosClient
app = FastAPI()
@app.get("/expense/{id}")
async def getExpenseById(id):
# Pass the user making the request to Cerbos
principal = Principal(
"john",
roles={"user"},
attr={"department": "marketing", "region": "EMEA"},
)
# Pass the resource to Cerbos
resource = Resource(
"expense1",
"expense",
attr={
"department": "marketing",
"region": "EMEA",
"amount": 10000
"ownerId": "john",
"status": "PENDING",
"createdAt": "2022-08-23T11:30:13.661Z",
},
)
# Connect to the Cerbos PDP
async with AsyncCerbosClient("http://localhost:3592") as c:
# Check access to the resource
allowed = await c.is_allowed("view", p, r)
if allowed:
return {"data": resource}
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="Unauthorized"
)Why Cerbos?
Simple
Define access policies using human-readable YAML. No need to master a new policy language.
Super-charged Roles
Dynamically derive new roles based on contextual information. Don't be limited to what your IdP provides.
Context-aware
Make use of context such as IP address and time of day to make realtime access decisions
Ultrafast API
Access decisions in milliseconds.
GitOps
Develop, test, and deploy policies just as you do with your source code.
Multiple Environments
Built-in policy versioning to support canary deployments and different environments.
Cloud Native
Containerised deployment as a microservice or a sidecar. REST and gRPC interfaces. Top-notch observability.
Audit Logs
Capture every decision and analyze them later.
Community
Leverage our community for examples and help.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team