Cerbos is an open-core, language-agnostic, scalable authorization platform that decouples access control from application code by externalizing fine-grained, context-aware permission decisions into policy-as-code. Authorization is expressed in YAML policies supporting RBAC, ABAC, PBAC, and ReBAC, evaluated by a stateless Policy Decision Point (PDP) that delivers sub-millisecond decisions at scale. The platform consists of the open-source Cerbos PDP (Apache 2.0), Cerbos Hub control plane (PAP), Cerbos Synapse enrichment layer, and PEP SDKs for Go, Java, JavaScript / TypeScript, .NET, PHP, Python, Ruby, and Rust. The PDP exposes both REST (port 3592) and gRPC (port 3593) interfaces, an Admin API, and standards- compliant OpenID AuthZEN endpoints, with query-plan adapters for Prisma and SQLAlchemy.
APIs.json: https://raw.githubusercontent.com/api-evangelist/cerbos/refs/heads/main/apis.yml
- Type: Index
- ABAC
- Access Control
- Authorization
- AuthZEN
- Open Source
- PBAC
- PDP
- Permissions
- Policy as Code
- RBAC
- ReBAC
- Zero Trust
- Created: 2026-03-25
- Modified: 2026-05-19
The Cerbos PDP REST API is the HTTP/JSON interface for sending authorization requests to a running Cerbos Policy Decision Point. It exposes CheckResources for evaluating principal-against-resource decisions, PlanResources for translating policies into resource-filter query plans, and ServerInfo for runtime metadata. An OpenAPI / Swagger specification is served by every PDP instance.
- Human URL: https://docs.cerbos.dev/cerbos/latest/api/index
- Base URL:
http://localhost:3592
- CheckResources
- PDP
- PlanResources
- REST
- Documentation
- OpenAPI — OpenAPI Specification
- Reference
- Postman Collection — Postman Collection 2.1
- Open Collection — Open Collection 1.0
The Cerbos PDP gRPC API exposes the cerbos.svc.v1.CerbosService and related management services on port 3593, with server reflection enabled. The gRPC interface is the highest-performance way to embed Cerbos as a sidecar or in-process service for service-to-service authorization.
- Human URL: https://docs.cerbos.dev/cerbos/latest/api/index
- Base URL:
localhost:3593
- gRPC
- PDP
- Protocol Buffers
- Documentation
- Protocol
- Postman Collection — Postman Collection 2.1
- Open Collection — Open Collection 1.0
Cerbos implements the OpenID AuthZEN authorization API specification, exposing standards-compliant single-evaluation, batch-evaluations, and well-known metadata endpoints so that any AuthZEN-conformant client or Policy Enforcement Point can integrate with Cerbos as the decision engine.
- AuthZEN
- OpenID
- Standards
- Documentation
- Specification
- Discovery
- Postman Collection — Postman Collection 2.1
- Open Collection — Open Collection 1.0
The Cerbos Admin API provides management capabilities such as policy add/get/list, schema management, and audit log access on the running PDP. It is intended for administrative use and is gated by HTTP Basic Auth.
- Admin
- Audit Log
- Policy Management
Cerbos Hub is the cloud-hosted Policy Administration Point (PAP) that manages policy authoring, versioning, validation, and distribution to Cerbos PDPs across environments. It also provides decision logs, collaborative policy editing, and embedded PDP delivery.
- Human URL: https://docs.cerbos.dev/cerbos-hub/
- Cloud
- Hub
- Policy Administration
- Policy Distribution
- Documentation
- Console
- Postman Collection — Postman Collection 2.1
- Open Collection — Open Collection 1.0
Cerbos Synapse is the enrichment and orchestration component that fetches identity, resource, and relationship attributes from external systems and translates infrastructure protocols (HTTP, gRPC, GraphQL) into Cerbos authorization checks for ReBAC and ABAC scenarios.
- Human URL: https://www.cerbos.dev/products/synapse
- Enrichment
- ReBAC
- Synapse
- Website
- Documentation
- Getting Started
- A P I
- OpenAPI — OpenAPI Specification
- Hub
- Git Hub
- GitHub Organization
- Source Code
- Issue Tracker
- Releases
- Blog
- Pricing
- Case Studies
- Customers
- Slack
- X (Twitter)
- YouTube
- License
- Security Policy
- Terms of Service
- Privacy Policy
- Playground
- Docker Hub
- Features
- Use Cases
- Integrations
- S D Ks
- Integrations
- Agent Skill
- L L Ms Txt
FN: Kin Lane Email: kin@apievangelist.com