Access Control

Programmable Authorization

Decide who can call what with dynamic rules driven by credential metadata, request attributes, and your own logic — enforced at the edge.

Start for Free Read the Docs

Declarative Rules

Allow or deny by route, method, header, body shape, or credential metadata using readable JSON policies.

Role & Scope Aware

Rules can be attached to each credential and proxy separately to express least-privilege access controls cleanly and enforce them across multiple configurations.

Allow / Deny by Default

Start locked-down and open up routes explicitly, or allow all traffic by default unless a deny rule is explicitly attached to a credential or proxy.

Access Control

Authorization Without Touching Code

Express access policies in dynamic rules instead of scattering if-statements across services. Change who can call what without redeploying anything or writing any code.

Learn more in the docs

Authorization Rules

EVALUATING

tokenANY^sub$user@email.com

→ ALLOW

requestGET^/api/users(/.*)?$

→ ALLOW

requestPOST^/api/events(/.*)?$

→ ALLOW

requestANY^/api/admin(/.*)?$

→ DENY

Evaluating request…

Access Control

Connect Rules to Credentials and Proxies

Attach rules to individual credentials and proxies from a single control plane. See which rules are active on which proxies, and change access policy in seconds without redeploying anything.

Learn more in the docs

Credential Rule Matrix

LIVE

payments

analytics

staging

key_4a2f

readwrite

read

key_9c1e

read

readadmin

key_2b7d

read

readwrite

Access Control

Real-Time Telemetry

Every authorization decision is logged and can stream to your existing logging and SIEM stack. See successful and suspicious patterns the moment they emerge.

Learn more in the docs

Authorization Decisions

LIVE

CREDENTIALROUTERULEVERDICTLAT

0ALLOWED

0DENIED

0msAVG LAT

More RequestRocket Features