Cerbos authorization for React Router
Add policy-driven authorization to your React Router application with a single SDK call per loader or action.
Loader authorization
Authorize data access in loaders before rendering, ensuring users only see data they are permitted to access
Action authorization
Authorize mutations in actions with fine-grained policies based on user identity, roles, and resource attributes
Framework or library mode
Works with React Router in both framework mode and library mode using the same SDK integration
How Cerbos works with React Router
Building authorization logic inside React Router quickly becomes a maintenance burden. Hard-coded role checks scatter across controllers and middleware, and every permission change requires a code deploy.
Cerbos replaces scattered authorization logic with a single API call. You define fine-grained policies in YAML, and the Cerbos PDP evaluates them at request time using roles, attributes, and any context you provide.
With Cerbos your React Router application stays focused on business logic while authorization policies evolve independently, managed by product or security teams without touching code.
How Cerbos works with React Router
- Add the Cerbos SDK to your project, Install the Cerbos JavaScript SDK and configure the client to connect to your PDP.
- Authorize in loaders and actions, Call the Cerbos PDP from your loaders and actions, passing the user's identity and the resource being accessed.
- Define policies in YAML, Write human-readable authorization rules covering roles, attributes, and conditions, versioned alongside your code.
- Cerbos evaluates at request time, Every request is authorized against the latest policies with sub-millisecond latency, no redeploy needed.
FAQ
How do I integrate Cerbos with React Router?
Install the Cerbos JavaScript SDK and call the PDP from your loaders and actions. Each request sends the user's identity, the resource, and the action to Cerbos, which evaluates your policies and returns an allow or deny decision.
Will Cerbos slow down my React Router application?
No. The Cerbos PDP runs alongside your application as a sidecar or service and delivers sub-millisecond authorization decisions. It adds negligible latency to request processing.
Does this work with React Router v7 framework mode?
Yes. Cerbos integrates at the loader and action level, which works the same way in both React Router v7 framework mode and library mode.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + React Router
- Single API call replaces hard-coded permission checks in React Router
- Policies updated independently of application deploys
- Authorization policies versioned and tested like source code
- Stateless PDP scales independently of the application
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.