Authorization for Gin applications with Cerbos
Add policy-based authorization to Gin HTTP handlers and middleware using the Cerbos Go SDK. Enforce fine-grained access control at the router level without hard-coding permission logic in handlers.
Authorize at the router level
Add Cerbos checks as Gin middleware to enforce permissions before requests reach your handler functions
Use Gin context for attributes
Pass user identity and resource attributes through Gin's context, giving Cerbos the information it needs for attribute-based decisions
Decouple policy from code
Move authorization rules out of handler functions and into versioned YAML policies that can be updated without recompiling your Go application
How Cerbos works with Gin
Building authorization logic inside Gin quickly becomes a maintenance burden. Hard-coded role checks scatter across controllers and middleware, and every permission change requires a code deploy.
Cerbos replaces scattered authorization logic with a single API call. You define fine-grained policies in YAML, and the Cerbos PDP evaluates them at request time using roles, attributes, and any context you provide.
With Cerbos your Gin application stays focused on business logic while authorization policies evolve independently, managed by product or security teams without touching code.
How Cerbos works with Gin
- Add the Cerbos Go SDK to your project. Import the Cerbos client package and initialize it with the address of your Cerbos PDP instance.
- Create authorization middleware. Write a Gin middleware function that extracts the authenticated principal from the Gin context, builds a Cerbos check request, and calls the PDP before passing control to the next handler.
- Define authorization policies in YAML. Write resource and principal policies that capture your access control rules, including roles, attributes, and conditions. Store them alongside your code and version them in git.
- Cerbos evaluates policies at request time. Every authorization check is evaluated against the latest policies with sub-millisecond latency. Update rules without recompiling or redeploying your Go service.
FAQ
How do I integrate Cerbos with Gin?
Use the Cerbos Go SDK to create a client and call the Cerbos PDP from your Gin handlers or middleware. Build a middleware function that extracts the authenticated user from the Gin context, calls Cerbos to check permissions, and either allows the request to proceed or returns a 403.
Can I use Cerbos as Gin middleware?
Yes. Create a Gin middleware function that extracts the principal and resource information from the request context, calls the Cerbos PDP, and uses c.Abort() to block unauthorized requests. Attach it to specific routes or route groups. The Cerbos PDP responds in sub-millisecond time.
How does Cerbos work with Gin's context?
The Cerbos Go SDK accepts a context.Context, so it integrates naturally with Gin's request lifecycle. Pass gin.Context's underlying context to the Cerbos client, ensuring cancellation and timeouts propagate correctly.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Gin
- Single API call replaces hard-coded permission checks in Gin
- Policies updated independently of application deploys
- Authorization policies versioned and tested like source code
- Stateless PDP scales independently of the application
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.