Authorization for JavaScript and TypeScript applications
Add authorization to your Node.js, edge, or browser application with the Cerbos JavaScript SDK. Promise-based API with full TypeScript type definitions.
Works everywhere JavaScript runs
Use `@cerbos/grpc` for Node.js servers or `@cerbos/http` for browsers, Cloudflare Workers, Deno, and other edge runtimes
Full TypeScript support
Ships with complete TypeScript type definitions for principals, resources, and authorization responses with no extra packages needed
Promise-based async API
All SDK methods return Promises, integrating naturally with async/await patterns and modern JavaScript frameworks
What is Cerbos?
Cerbos is an enterprise authorization solution built to secure access across complex, distributed environments, SaaS products, and regulated systems.
It externalizes authorization logic from application code, making access control consistent and centrally managed across all your services. Instead of scattering permission checks throughout your codebase, you make a single API call to the Cerbos PDP.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They live outside your application and can be updated, tested, and deployed independently.
The JavaScript SDK makes integrating Cerbos straightforward, checking authorization is as simple as calling a function, and the stateless PDP scales horizontally with your infrastructure.
How to authorize with the JavaScript SDK
- Install the SDK. Run
npm install @cerbos/grpcfor Node.js ornpm install @cerbos/httpfor browsers and edge runtimes. - Initialize the Cerbos client. Create a new
GRPCorHTTPclient pointing at your Cerbos PDP instance running as a sidecar, remote service, or connected via Cerbos Hub. - Call checkResources(). Pass the principal, resource, and actions. The method returns a Promise that resolves with the authorization decision.
- Cerbos returns allow or deny. The PDP evaluates your YAML policies and returns a decision your application can enforce immediately.
FAQ
How do I use the Cerbos JavaScript SDK?
Install `@cerbos/grpc` for Node.js or `@cerbos/http` for browsers and edge runtimes. Create a client pointing at your Cerbos PDP and call checkResources() with the principal, resource, and actions. The SDK returns a Promise that resolves with the authorization decision.
Does the JavaScript SDK work in the browser?
Yes. The `@cerbos/http` package works in browsers, edge runtimes like Cloudflare Workers, and any environment that supports the Fetch API. For Node.js server applications, `@cerbos/grpc` provides a gRPC transport.
Is the JavaScript SDK open source?
Yes. All Cerbos SDKs are open source and available on GitHub. They are actively maintained and kept up to date with the latest Cerbos PDP features.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + JavaScript
- Authorization check via a single function call in JavaScript
- Policies evolve independently of application code
- Full audit trail for every authorization decision
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.