Authorization for Hono applications with Cerbos
Add policy-based authorization to Hono routes and middleware using the Cerbos JavaScript SDK. Enforce fine-grained access control at the edge or in serverless environments.
Guard routes at the edge
Add Cerbos checks as Hono middleware to enforce permissions before requests reach your handler functions, including on edge runtimes
Context from request data
Pass user identity, request headers, and resource attributes from Hono's context to Cerbos for attribute-based authorization decisions
Decouple policy from code
Move authorization rules out of route handlers into versioned YAML policies that can be updated without redeploying your Hono application
How Cerbos works with Hono
Building authorization logic inside Hono quickly becomes a maintenance burden. Hard-coded role checks scatter across controllers and middleware, and every permission change requires a code deploy.
Cerbos replaces scattered authorization logic with a single API call. You define fine-grained policies in YAML, and the Cerbos PDP evaluates them at request time using roles, attributes, and any context you provide.
With Cerbos your Hono application stays focused on business logic while authorization policies evolve independently, managed by product or security teams without touching code.
How Cerbos works with Hono
- Add the Cerbos JavaScript SDK to your Hono project. Install the SDK and configure a Cerbos client, typically initialized at application startup.
- Call Cerbos from route handlers or middleware. Extract the authenticated user from Hono's context, build a Cerbos check request with the target resource and action, and allow or deny access based on the PDP response.
- Define authorization policies in YAML. Write resource and principal policies that capture your access control rules, including roles, attributes, and conditions. Store them alongside your code and version them in git.
- Cerbos evaluates policies at request time. Every authorization check is evaluated against the latest policies with sub-millisecond latency. Update rules without redeploying your Hono application.
FAQ
How do I integrate Cerbos with Hono?
Use the Cerbos JavaScript SDK to create a client and call the Cerbos PDP from your Hono route handlers or middleware. Extract the authenticated user from the request context, build a Cerbos check request, and gate access based on the PDP response.
Can I use Cerbos as Hono middleware?
Yes. Create a Hono middleware function that extracts principal and resource information from the context, calls the Cerbos PDP, and either allows the request to continue or returns a 403. Apply it to specific routes or route groups. The Cerbos PDP responds in sub-millisecond time.
Does Cerbos work with Hono on edge runtimes?
Yes. The Cerbos JavaScript SDK uses HTTP to communicate with the PDP, so it works in edge and serverless runtimes like Cloudflare Workers, Deno Deploy, and Vercel Edge Functions where Hono commonly runs.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Hono
- Single API call replaces hard-coded permission checks in Hono
- Policies updated independently of application deploys
- Authorization policies versioned and tested like source code
- Stateless PDP scales independently of the application
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.