Best Practices

Cloud-native / microservice-based products are complex. Building access control and managing permissions for them is only getting worse by the pull request.

Centralized IAM, and the benefits of implementing it in your organization. 

What changed, both in terms of the challenges and the solutions, and how we can adapt to these changes?

A guide to figuring out which data fetching method is best for you, with full knowledge of each method’s ‘Good, Bad, and Ugly’ aspects.

An Intellyx BrainBlog by Jason Bloomberg, for Permit.io

Understanding the balance between a good experience for the development team and minimizing security risks - and the best practices for achieving it.

Cloud-based SaaS solutions need multi-tenancy. What is Multitenancy? What we can gain from it? How to easily implement it with two simple layers?

An Intellyx BrainBlog for Permit.io by Jason English

Access control is a must in evey app, yet most developers build and rebuild it time and time again. Why? Usually, they make one of these four crucial mistakes -

What is Policy as Code, what are the benefits of implementing it, and how can we allow different stakeholders access to it?

The DRACC framework is a DevSecOps methodology which allows mapping the security posture of your application in a communicative, comprehensive way.

Every developer building an app faces the challenge of AuthZ. RBAC, ABAC, multitenancy, invites, approval flows - How do you pick the best service for it?

5 key factors for effective & scalable app authorization: simplicity, flexibility, compliance & more.

OPAL, an open-source project, complements and enhances OPA and is already being used by companies like Tesla, Cisco, and the NBA.

The recent #BingBang vulnerability discovered by the Wiz team proves once again how crucial implementing proper authorization is.

Access Control is a main concern when developing web applications - and the NSA has a lot to say about it, especially the biggest pitfall developers make. 

Best practices for implementing authorization in a microservices architecture. Learn how to create a better access control experience with Permit.io.

Explore 4 app building blocks: Authentication, Authorization, Databases & Payments. Use existing solutions for faster development & user trust.

Preventing broken access control vulnerabilities: a CISO's perspective on the components and importance of proper permission management for cloud-native apps.

Learn the best practices for implementing GitOps in your software development cycle. Read our article and adopt GitOps today to streamline your workflow.

The launch of AWS' OSS - Cedar is a tectonic shift in the IAM space. Permit.io supports with OPAL and Cedar-Agent.

What are the benefits of policy as code, and how does OPA's Rego language differ from AWS' new Cedar policy language?

Migrating from Role-based access control (RBAC) to Attribute-based access control (ABAC) can prove quite challenging - here's how you can do it painlessly.

AWS' new Cedar policy language is now open-source and live! See how you can make the best use of it with Permit.io

The latest OWASP "Top 10 API Security Risks" report once again lists "Broken Object Level Authorization" as its top 1 vulnerability. What can be done about it?

Master Nestjs app authorization with ease. Implement RBAC using Permit.io, then effortlessly scale to ABAC. Enhance security with this comprehensive guide.

Discover best practices for authorization in Python applications. Avoid anti-patterns and create better access control with RBAC and ABAC implementations.

Why and how you should enhance your application's security and compliance with authorization audit logs.

Having an authorization layer is a must. But should you build one yourself?

Authorization as a Service provides a solution for managing user access and permissions in applications. Learn when you might want to consider such a service, how it can streamline your authorization implementation, and simplify permission management.

Choosing the right policy agent to handle your authorization is not a simple task - each offers its benefits and has its drawbacks. How to choose? Read here.

Learn from a real case study how to Shift-Left in a way that will impact the product's security. Minimize friction between security and development teams.

We just launched our developer tool on Product Hunt and got 'Product of the Day'. Here's how we did it. Some useful growth hacking tips.

"Shift-Left" is great, but often results in endless tasks and tools for devs instead of addressing the real issues. How can we avoid it? Implement good DevEx.

Learn how, when, and where to use OAuth scopes for authorization. Get a clear understanding of OAuth scopes definition and their proper usage.

Protecting your user's personal medical information is vital in healthcare apps. Here's how to make sure you're doing everything to keep that data safe -

Learn how to implement proper authorization for a healthcare app with the help of Galactic Health Corporation - a Rick & Morty inspired healthcare application.

Learn how Reddit built its advanced Ad Tech authorization system with Open Policy Agent (OPA) and how you can build one yourself with OPAL!

Discover best practices for authorization in REST API. Learn about API authorization layers, actors, tools like Permit.io and OPAL.

Explore best practices for authentication and authorization in API with clear, practical examples. Including a differentiation guide, and helpful code tips.

Explore comprehensive strategies for API Security in our guide, focusing on best practices in authentication, authorization, and safeguarding applications.

Explore the process of implementing Role-Based Access Control (RBAC) in applications with policy as code, enhancing security and scalability.

If you've worked on authorization before, you know that sometimes standard policy models just aren't enough. What can we do then? Let's find out -

Learn how we use a policy-as-code platform to create a successful engineering culture of authorization and access control.

Explore how Access Request APIs simplify user access management in apps, making them efficient and adaptable to changing user requirements.

10 topics, 45 questions: Authorization is part of every app—here are the questions you NEED to ask yourself before you implement this critical security feature

Learn how to build cloud-native authorization systems with CI/CD, thorough testing, and precise modeling and implementation.

Learn best practices for managing user roles and access delegation and how to implement a cascading authorization model to enhance your app's access control.

Discover how Discord built "Access!" - a secure, user-friendly portal for managing authorization, and what should you use to cover your entire user stack.

Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) - how to make the most suitable choice for your application?

Discover how AI and authorization intersect. Learn to manage GenAI bots securely with fine-grained authorization using tools like Permit.io and Arcjet.

Developer conferences are a great way to get more eyes on your startup. In this guide, we cover everything we learned about making the most out of them

Learn how to implement hybrid cloud security using the multi-layer approach. Explore best practices with practical examples of IAM security and authorization.

Learn how to use JWT for authorization, understand the basics of what JWT is, and explore examples of proper JWT usage in authentication and authorization.

Today, we are excited to announce the launch of Permit.io’s latest feature: Permit Share-If.

Discover top open-source auth projects enhancing application security, including Hanko, Supabase, and OPAL, for robust authentication and authorization.

Learn what the latest Arc Browser vulnerability can teach us about the proper usage of row-level security.