Fine-grained Authorization (FGA) Management
Overview
The Descope FGA/Authz API endpoints allow developers to implement Relationship-based Access Control (ReBAC) and Attribute-based Access Control (ABAC) in their applications. This is part of the Descope Management API, thereby requiring Project ID and Management Key.
In your Descope console, management keys are generated from Company > Management Keys.
Project IDs are are also in the console but at Project > Project ID.
These keys will be used within the bearer token. The format is <Project ID>:<Management Key>
.
Use Cases
- Implement ReBAC
- Implement ABAC
Example - ReBAC
Delete Project POST
### Delete a project utilizing a management key. This endpoint allows you to delete a project. This action is irreversible, use with caution. ### See Also - See [Managing Environments](/customize/environments/) for details about managing environments. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`
Get Target and Resources Changes POST
### Get target and resources changes This endpoint allows you to get a list of Authz target and resources changes since a specific date. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`