SDKs

Authorization for JavaScript and TypeScript applications

Add authorization to your Node.js, edge, or browser application with the Cerbos JavaScript SDK. Promise-based API with full TypeScript type definitions.

Works everywhere JavaScript runs

Use `@cerbos/grpc` for Node.js servers or `@cerbos/http` for browsers, Cloudflare Workers, Deno, and other edge runtimes

Full TypeScript support

Ships with complete TypeScript type definitions for principals, resources, and authorization responses with no extra packages needed

Promise-based async API

All SDK methods return Promises, integrating naturally with async/await patterns and modern JavaScript frameworks

What is Cerbos?

Cerbos is an enterprise authorization solution built to secure access across complex, distributed environments, SaaS products, and regulated systems.

It externalizes authorization logic from application code, making access control consistent and centrally managed across all your services. Instead of scattering permission checks throughout your codebase, you make a single API call to the Cerbos PDP.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They live outside your application and can be updated, tested, and deployed independently.

The JavaScript SDK makes integrating Cerbos straightforward, checking authorization is as simple as calling a function, and the stateless PDP scales horizontally with your infrastructure.

Policy-as-codeHuman-readable YAML policies managed like source code Scalable PDPStateless policy decision point with sub-millisecond latency Centralized managementManage, test, and deploy policies from a single control plane

How to authorize with the JavaScript SDK

Install the SDK. Run npm install @cerbos/grpc for Node.js or npm install @cerbos/http for browsers and edge runtimes.
Initialize the Cerbos client. Create a new GRPC or HTTP client pointing at your Cerbos PDP instance running as a sidecar, remote service, or connected via Cerbos Hub.
Call checkResources(). Pass the principal, resource, and actions. The method returns a Promise that resolves with the authorization decision.
Cerbos returns allow or deny. The PDP evaluates your YAML policies and returns a decision your application can enforce immediately.

FAQ

How do I use the Cerbos JavaScript SDK?

Install `@cerbos/grpc` for Node.js or `@cerbos/http` for browsers and edge runtimes. Create a client pointing at your Cerbos PDP and call checkResources() with the principal, resource, and actions. The SDK returns a Promise that resolves with the authorization decision.

Does the JavaScript SDK work in the browser?

Yes. The `@cerbos/http` package works in browsers, edge runtimes like Cloudflare Workers, and any environment that supports the Fetch API. For Node.js server applications, `@cerbos/grpc` provides a gRPC transport.