POST /v1/tenants/{tenant_id}/permissions/bulk-checkThe Bulk Check API evaluates up to 100 permission pairs in one request. All checks share the same metadata context (snap token, schema version, depth) and an optional shared context object. This is particularly useful for rendering UIs where many elements need authorization gating simultaneously.
All items in a bulk-check request are evaluated against the same snapshot of your authorization data, giving you a consistent view across the entire batch.
Path Parameters The tenant identifier. Use t1 for single-tenant deployments. Must match ^([a-zA-Z0-9_\-@\.:+]{1,128}|\*)$.
Request Body Shared metadata applied to all checks in the batch. Schema version to evaluate against. Leave empty to use the latest version.
Snap token to avoid stale cache results.
Maximum recursion depth for graph traversal. Must be >= 3.
The list of permission checks to evaluate. Between 1 and 100 items. The resource being checked. Entity type as defined in your schema.
Unique identifier of the entity instance.
The permission or relation to check. Must match ^[a-zA-Z_]{1,64}$.
The subject whose access is being evaluated. Unique identifier of the subject.
Optional relation on the subject for user-set references.
Contextual data shared across all checks in the batch. Temporary relationship tuples for this request only.
Temporary attribute values for this request only.
Arbitrary key-value pairs available to rule expressions.
Response Ordered list of check results, one per item in the request. RESULT_ALLOWED or RESULT_DENIED.
Number of sub-checks performed for this item.
Example curl --location --request POST 'localhost:3476/v1/tenants/{tenant_id}/permissions/bulk-check' \ --header 'Content-Type: application/json' \ --data-raw '{ "metadata": { "snap_token": "", "schema_version": "", "depth": 20 }, "items": [ { "entity": { "type": "document", "id": "1" }, "permission": "edit", "subject": { "type": "user", "id": "1" } }, { "entity": { "type": "document", "id": "2" }, "permission": "view", "subject": { "type": "user", "id": "1" } } ] }'
Request body { "metadata" : { "snap_token" : "" , "schema_version" : "" , "depth" : 20 }, "items" : [ { "entity" : { "type" : "document" , "id" : "1" }, "permission" : "edit" , "subject" : { "type" : "user" , "id" : "1" } }, { "entity" : { "type" : "document" , "id" : "2" }, "permission" : "view" , "subject" : { "type" : "user" , "id" : "1" } } ] }
Response { "results" : [ { "can" : "RESULT_ALLOWED" , "metadata" : { "check_count" : 2 } }, { "can" : "RESULT_DENIED" , "metadata" : { "check_count" : 1 } } ] }
Error Codes HTTP Status Description 400Bad request — missing fields or more than 100 items 401Unauthorized 404Tenant not found 429Rate limit exceeded 500Internal server error
