Home
Guides
Help CenterSign up for Frontegg

API access control

Frontegg Entitlements

Create granular access-based rules for API routes

API access control Entitlements engine
586
Suggest Edits

API-based access control is designed to fortify your API endpoints from undesired user access. It assures that only authorized users can access specific APIs in the most granular way possible. Frontegg's Entitlements Agent (which acts as a docker container and you will configure during the flow) constantly fetches the latest policies you configure in your app and runs its logic in accordance with the queries you perform. It then decides whether your user can—or cannot—access a resource or a specific API endpoint. The following topic outlines the basics of configuring and using Frontegg's API-access protection.

🚧

Feature Requirements

The use of this feature requires the installation of Frontegg's Entitlements Agent and SDK. Check the full step-by-step instructions in this topic to learn more.

The flow works as follows:

  1. User opts to perform an action, access resource or API endpoint.
  2. The Vendor (you), uses the SDK to query the Entitlements Agent (isEntitledTo) to check whether the user can perform the action or access the resource. Entitlement queries can cover questions such as: Is the user entitled to access to this API? Is the user entitled to a feature?_Is the user entitled to a permission?.
  3. The Agent, which is constantly being updated with the latest information, replies with its decision.

Organizations can thus efficiently manage permissions and enforce feature entitlements by implementing API-based access.


How API access control works to protect your APIs

API access control in Frontegg checks a series of permissions and features when users opt to access your API endpoints. We've centralized the creation and control of your policies in one dashboard, so you can configure rules around your API endpoints and enable or devoid users of access.

Getting started with API access control

This topic will guide you through the 3 basic steps to devise your API access control:

Step 1: Creating policies - Learn how to create API routes and create rules based on user entitlements to a specific route.

Step 2: Configuring and running the Engine Configure our docker-based Entitlements Agent so it can fetch the latest information and policies you configure and utilize the Agent's powerful ability to perform data-based decisions with minimal latency.

Step 3: Installing & configuring SDK Install the required SDK to perform Entitlement-based queries when use4r opts to access entitlement-based APIs.

Updated about 2 months ago