1000

Implement authorization once

Replace complicated authorization logic with a single call and allow product owners or security teams to manage access without touching code.

dev

Join hundreds of leading companies using Cerbos

The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.
Multiservice utility provider, trusted by over 700,000 customers.
Creating a world where workplaces work better.
A leading youth culture ecommerce and content platform.
Making the world a better place to work together.
The fastest development platform.
The leading contract creation and collaboration platform.
One of the world's fastest-growing global technology services provider.
The faster, smarter way to find leveraged finance intelligence.
The only video platform designed to help salespeople break through.
People analytics platform: Fast track to the insights behind your people data.
Advanced malware and phishing analysis.
Leading search intelligence platform for the open web.
Logistics payments without the logistics.
Automated financial operations.
A react-based framework for building internal tools, rapidly.
Superpowered corporate card with built-in instalments.
The data-driven inventory management software for restaurants.
The financial operating system that automates cash.
Making the world a better place to work together.
Build and manage residential investment portfolios.
Securely manage application secrets and configurations.
A discussion-first platform without language issues.
Collaborative team design canvas that equips tech leaders to make smarter org design decisions.
The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.
Multiservice utility provider, trusted by over 700,000 customers.
Creating a world where workplaces work better.
A leading youth culture ecommerce and content platform.
Making the world a better place to work together.
The fastest development platform.
The leading contract creation and collaboration platform.
One of the world's fastest-growing global technology services provider.
The faster, smarter way to find leveraged finance intelligence.
The only video platform designed to help salespeople break through.
People analytics platform: Fast track to the insights behind your people data.
Advanced malware and phishing analysis.
Leading search intelligence platform for the open web.
Logistics payments without the logistics.
Automated financial operations.
A react-based framework for building internal tools, rapidly.
Superpowered corporate card with built-in instalments.
The data-driven inventory management software for restaurants.
The financial operating system that automates cash.
Making the world a better place to work together.
Build and manage residential investment portfolios.
Securely manage application secrets and configurations.
A discussion-first platform without language issues.
Collaborative team design canvas that equips tech leaders to make smarter org design decisions.

Implement roles and permissions in under 4 mins

Watch the Cerbos video tutorial on adding a typical CRUD policy to a simple express app in Node.

video
shield

Configuration not code

Define permissions as config outside of your application logic meaning no more code changes when requirements change

Decoupled authZ
shield

Scalable

Cerbos is containerized, stateless and has a very low resource footprint: allowing it to be scaled horizontally to handle any kind of demanding workload.

Scalability
shield

Developer Tooling

Ensure policies are production ready using first class support for GitOps including a built-in testing framework and CI/CD integration.

GitOps & CI/CD
if (await cerbos.isAllowed({ principal: user, resource, action: "edit" })) {
  // allowed
} 
if (user.email.includes("@mycompany.com") ||
  (user.company.package === "premium" && user.groups.includes("managers"))
) {
  if(user.region === resource.region) {
    // access allowed
    AuditLog.record("ALLOWED", "edit", user, resource);
  } else {
    // access denied
    AuditLog.record("DENIED", "edit", user, resource);
  }
} else {
  // access denied
  AuditLog.record("DENIED", "edit", user, resource);
}

Before

After

Why Cerbos?

shield

Simple API

Replace complicated, hardcoded permissions logic with a single API call. Easily adapt and scale your authorization logic without touching the core application.

Decoupled authZ
shield

Open source

Source code is freely available and you can harness the power of the community to get help, fix bugs and implement new features.

GitHub
shield

Control plane

Connect Cerbos PDPs to Cerbos Hub for complete policy management, collaborative workflow and streamlined deployment.

Cerbos Hub
shield

Policy-based authorization

Craft and manage authorization policies in a human-readable format. This simplifies policy creation and also facilitates easier audits by security teams.

Low-code authZ
shield

Flexible deployment options

Whether you prefer Cerbos as a sidecar, service, or function, its adaptability ensures seamless integration with your existing infrastructure.

Deployment
shield

Fine-grained access control

Achieve precise control over resource access via RBAC and ABAC policy enhancing security and ensuring compliance.

RBAC
ABAC
shield

No lock-in

Maintain full control over your authorization processes. You own where policies are stored, and deploy onto any platform, ensuring independence and portability.

No lock-in
shield

Thriving community

Join an active community of Cerbos enthusiasts. Whether you're seeking assistance or looking to contribute, you're in good company.

Slack community

Easy to integrate whether you are just starting or a large enterprise

APIs and SDKs

Implement Cerbos using its API-first approach, taking advantage of low latency gRPC or REST APIs. Integrate Cerbos with software by utilizing SDKs for popular languages, or use a simple API.

Quick start guide

Integrations

Get productive quickly using integrations with all frameworks. Example implementations available for: Graphql, Prisma, SQLAlchemy, ExpressJS, NextJS, NestJS, Remix, SvelteKit, Nuxt, FAST API.

The Cerbos ecosystem

Supported authentication providers

Use any identity provider to authenticate your users. Use Cerbos to enforce access controls. Cerbos natively supports JWT for integration with numerous authentication providers, such as: JWT, Auth0, Okta, and others.

Authentication support

Try it out

Use the Cerbos Hub Playground to prototype policies right in your browser

video

What our users say about Cerbos

avatar

Rob, Principal Engineer
@ Utility Warehouse

"It's weird to say an outside company has our back, but Cerbos does. It's the people. It's their open-source code: it's high quality, you can read it, it does what it says on the tin"

avatar

Joe, Software Engineer
@ 9fin

"It's a good feeling being able to say yes to almost any permissioning requirement." "Cerbos is small, contained and easy to implement. It 100% delivers on the promise of abstracting away the complexity of decision making."

avatar

David, Senior Software Engineer
@ Salesroom

"We're not worried about scaling because we can easily increase our load on Cerbos. It will also be easy for us to change how we're distributing policies as we reach different points of scale."

avatar

Joe, CEO & Co-Founder
@ Nook

"We went from one user - every role, to a world where there are many users - many roles. And the product, it relies on Cerbos to actually bring the value that we want to bring to customers. All of our customers are relying on Cerbos, by relying on the product, which is of course relying on Cerbos."

avatar

Chuck, Head of Engineering
@ Salesroom

"Instead of thinking of how much time Cerbos has saved us, I think about how much time it didn't cost us. It didn't cost us any time. Cerbos just works. I don't have to think about it. It's as simple as that."

avatar

Steve, Staff Engineer
@ NTWRK

"One of our big considerations was speed. We have strict latency tolerances. When it comes to Cerbos - you can call it a hundred times during a request and it doesn't matter. It's incredibly fast."

avatar

Engin, Head of Product and Growth & Co-Founder
@ Debite

"If it wasn't for Cerbos, one thing is for sure - we would've launched later than we did. As a result, we would have less customers. And the maintenance part is also very important. Our technical team would be dealing with daily stuff regarding access controls, access logs. Now, we don't have to spend any time on that."

avatar

Rounak, Founding Engineer
@ CommandK

"Cerbos policy writing is quite flexible, and deploying as a unit microservice as well. Cerbos "doesn't get in the way" once integrated, that's the best part."

avatar

Romina, Tech Lead
@ Wizeline

"It is easy to implement and provides a solution for a problem that is often not properly addressed."

avatar

Henry, CTO & Co-Founder
@ Nook

"Having the separation of the permissions from the code base just makes the code base more elegant. It makes the permissioning more elegant. It means they're centralized, so they're not tied to specific endpoints. And ultimately it means that different business owners have the ability to actually make updates."

avatar

Rasmus, CTO
@ Firtal

"Just discovered your embedded testing framework. This is probably the best balance between hyperfocused functionality and embedded tooling I've ever seen in an open source project. Damn, good work!"

Most popular resources

laptop

Cerbos Policy Decision Point

Want to run authorization yourself?

laptop

Playground

Prototype policies in your browser right now

laptop

Docs

Check out our API reference and guides

laptop

Slack community

Join our community on Slack and learn

laptop

Success stories

Stories of Cerbos in production

laptop

Speak to an engineer

Book an intro call and learn more

We use cookies and other forms of website navigational information to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted ads. Read about how we use cookies in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.