diff --git a/docs/ai-security/integrations/langchain.mdx b/docs/ai-security/integrations/langchain.mdx
index d66e91b60..c74d21b5f 100644
--- a/docs/ai-security/integrations/langchain.mdx
+++ b/docs/ai-security/integrations/langchain.mdx
@@ -627,7 +627,7 @@ user_input = "Yes" # Imagine this comes from a UI click
if user_input.strip().lower() == "yes":
schedule_response = await external_access_manager.schedule_appointment(
token=settings.test_jwt_token,
- appointment_details={"date": "2025-03-10", "time": "10:00 AM"}
+ appointment_details={"date": "2025-12-10", "time": "10:00 AM"}
)
print("Scheduling Response:", schedule_response)
```
diff --git a/docs/ai-security/integrations/mongodb-rag.mdx b/docs/ai-security/integrations/mongodb-rag.mdx
index a2b3aa498..63428d72b 100644
--- a/docs/ai-security/integrations/mongodb-rag.mdx
+++ b/docs/ai-security/integrations/mongodb-rag.mdx
@@ -109,7 +109,7 @@ Query endpoint:
```bash
curl -X POST http://localhost:8000/query \
-H "Content-Type: application/json" \
- -d '{"query": "Tell me about 2024 budget", "user_id": "user_marketing_1"}'
+ -d '{"query": "Tell me about 2026 budget", "user_id": "user_marketing_1"}'
```
Try querying as:
diff --git a/docs/api/background-tasks.mdx b/docs/api/background-tasks.mdx
index d331735f1..b8b0463e4 100644
--- a/docs/api/background-tasks.mdx
+++ b/docs/api/background-tasks.mdx
@@ -4,11 +4,7 @@ title: Background APIs
description: "Understand APIs that run in the background"
---
-# Background APIs (EAP)
-
-:::info Early Access Program
-Background APIs are part of the Early Access Program (EAP) and are subject to change.
-:::
+# Background APIs
Some APIs in Permit run in the background and can be triggered without awaiting a response.
These APIs are commonly used for operations that require scheduling, are not time-sensitive, or may take significant time to complete.
diff --git a/docs/api/v2-migration-guide.mdx b/docs/api/v2-migration-guide.mdx
index c7e506d36..03be73f9f 100644
--- a/docs/api/v2-migration-guide.mdx
+++ b/docs/api/v2-migration-guide.mdx
@@ -157,7 +157,7 @@ Obviously if you have code that interfaces directly with the Permit.io cloud API
Other than that, you'll want to switch to the new v2 PDP. It's configured exactly the same, and if you're not using Organization-scoped objects, should work identically but be a lot faster, as we've also done major optimization work on the v2 PDPs.
-Once you have the v2 PDP running in parallel to the v1 PDP, you need to switch to the v2 SDKs. For now, they're available in Python, Javascript, and .Net, with other languages becoming available in the coming weeks.
+Once you have the v2 PDP running in parallel to the v1 PDP, you need to switch to the v2 SDKs.
### Migration Order
@@ -224,7 +224,7 @@ await permit.api.sync_user(user)
With user being a dict containing the same attributes as in the REST API (in this case, only 'key' is mandatory, though usually you'd also provide either an email address or first and last names to make the decision logs more user-friendly).
-For more information, see the full documentation for [Node.js](/sdk/nodejs/quickstart-nodejs) and [Python](/sdk/python/quickstart-python). (more languages coming soon!)
+For more information, see the full documentation for [Node.js](/sdk/nodejs/quickstart-nodejs) and [Python](/sdk/python/quickstart-python).
## V1 API Deprecation
diff --git a/docs/api/working-with-abac/examples.mdx b/docs/api/working-with-abac/examples.mdx
index 738c4b882..25334fd8d 100644
--- a/docs/api/working-with-abac/examples.mdx
+++ b/docs/api/working-with-abac/examples.mdx
@@ -3,7 +3,7 @@ sidebar_position: 6
title: Condition Set Rule Examples
---
-### Example #1
+### Example
#### Students that study at Stanford University and are not part of the part-time study scheme can rent University bicycles after 5pm.
@@ -78,7 +78,3 @@ Finally, let's define our condition rule:
"resource_set": "rent_bicycle_after_5"
}
```
-
-### Example #2
-
-Coming Soon.
diff --git a/docs/concepts/pdp/configuration.mdx b/docs/concepts/pdp/configuration.mdx
index 8542ea5c2..7cb8f47d1 100644
--- a/docs/concepts/pdp/configuration.mdx
+++ b/docs/concepts/pdp/configuration.mdx
@@ -186,16 +186,6 @@ Default: `None`
The token used for centralized logging.
-#### PDP_CENTRAL_LOG_ENABLED
-
-Default: `False`
-
-Forward logs to the centralized logging service.
-
-:::danger
-This feature is deprecated and will be removed in future versions.
-:::
-
#### PDP_PING_INTERVAL
Default: `10`
@@ -342,12 +332,6 @@ Data update callbacks can increase data synchronization latency.
Optimize the callback endpoint to handle expected loads efficiently.
:::
-#### PDP_FACTDB_ENABLED
-
-Default: `False`
-
-Enable FactDB for this PDP. For more information, see the [FactDB documentation](/concepts/pdp/factdb).
-
#### PDP_CACHE_STORE
Default: `none`
diff --git a/docs/concepts/pdp/factdb.mdx b/docs/concepts/pdp/factdb.mdx
deleted file mode 100644
index 14c996c79..000000000
--- a/docs/concepts/pdp/factdb.mdx
+++ /dev/null
@@ -1,205 +0,0 @@
----
-sidebar_position: 11
-title: Local Datastore (FactDB)
----
-
-import TimelineStep from "../../../src/components/timeline/TimelineStep";
-import TimelineWrapper from "../../../src/components/timeline/TimelineWrapper";
-import CodeBlock from "../../../src/components/code-block/CodeBlock";
-
-:::danger Private Beta
-**FactDB is currently in Private Beta** and requires enablement per customer workspace.
-If you would like to participate in the Private Beta program, please contact us via [Slack](https://io.permit.io/slack).
-:::
-
-**FactDB is an embedded datastore** built to **handle massive data volumes** within the [PDP](/concepts/pdp/overview), making it
-the default choice for all new Permit customers. Designed specifically for scalability, FactDB overcomes the limitations of
-traditional solutions like OPA, whose native data handling struggles with large datasets required by organizations with **tens
-of millions of users**.
-
-To achieve this, FactDB uses an embedded SQLite database stored directly in the PDP. During a permission check, it identifies
-the user and resource involved, queries the SQLite database to extract a targeted slice of relevant data, and sends this
-refined data to **OPA** for evaluation. This process ensures fast, efficient permission evaluations while maintaining the
-scalability needed to support enterprise-level use cases.
-
-## Enabling FactDB
-
-By default, the Permit Environment has FactDB disabled. To use FactDB with your PDPs, you can enable it within the Permit
-Environment settings.
-
-:::danger Notice
-This version is available on **PDP v0.7.0** and above.
-Please make sure to upgrade **all PDPs in the environment** to the latest version to use FactDB.
-:::
-
-To enable FactDB in a Permit Environment, you'll need an [API Key](/manage-your-account/workspace-settings#api-keys).
-Once you have it, follow these steps:
-
-
-
-
-### Allow FactDB on Permit.io Environment Settings
-
-Update your environment settings to enable FactDB.
-
-
-
-:::info
-If you have existing settings in your environment, you must include them in the PATCH request.
-Check it using the following request:
-
-
-
-:::
-
-
-
-
-### Enable FactDB on your PDPs
-
-Set the `PDP_FACTDB_ENABLED=true` environment variable to enable FactDB on every PDP connected to the environment.
-
-
-
-:::info
-FactDB is currently an opt-in feature, requiring you to explicitly enable it on all PDPs in the environment.
-This is to allow environments to run [both with FactDB and without it](/concepts/pdp/factdb#running-both-factdb-and-legacy-pdps-in-the-same-environment).
-:::
-
-
-
-
-## Running both FactDB and Legacy PDPs in the same environment
-
-To simplify the migration process, you can run both FactDB-enabled PDPs and Legacy PDPs within the same environment.
-To achieve this, simply enable the following setting in the environment.
-
-
-
-With this setting enabled, you can run both FactDB PDPs with `PDP_FACTDB_ENABLED=true` and Legacy PDPs in the same environment.
-
-:::info
-We recommend you to migrate all your PDPs in the environment to FactDB.
-Please contact us on [Slack](https://io.permit.io/slack) for more information.
-:::
-
-
-
-
-## FactDB Architecture
-
-When a PDP starts, FactDB downloads the latest snapshot and keeps it up-to-date by syncing with the Permit Cloud and other
-PDPs in the environment.
-
-When the PDP receives a query, it retrieves the relevant data from FactDB and passes it to the OPA engine for policy evaluation.
-
-```mermaid
-sequenceDiagram
- participant cloud as Permit Cloud
- participant pdp as PDP
- participant factdb as FactDB
- participant opa as OPA
- cloud ->> pdp: Download Snapshot
- pdp ->> factdb: Load Snapshot
- cloud ->> factdb: Send Updates since Snapshot
- pdp ->> factdb: Query Data
- pdp ->> opa: Evaluate Policy using the Data
-```
-
-## PDP Offline Mode with FactDB
-
-FactDB can be used in conjunction with the [PDP Offline Mode](/how-to/deploy/deploy-to-production/#pdp-offline-mode) feature.
-When the PDP is in `Offline Mode`, the FactDB will boot from the locally stored disk volume, preserved from previous runs.
-
-Here is an example of how to start the PDP in `Offline Mode` with FactDB **enabled**.
-
-
-
-
-### Create a volume for the PDP backup
-
-
-
-
-
-
-### Start a new PDP container with the volume attached at `/app/backup`
-
-
-
-Let's try to run the container with no network and see how's the offline mode loads the FactsDB,
-the policies and configurations from the previous run.
-
-
-
-
-
-
-## Troubleshooting & Debugging
-
-### Refreshing Data
-
-Each time the PDP starts, it downloads the latest snapshot from the Permit Cloud and saves it in the `/app/backup/` directory.
-Restarting the PDP ensures FactDB retrieves the most up-to-date data from the Permit Cloud.
-
-### Extracting Data
-
-To extract the FactsDB store from the PDP, just mount the `/app/backup` directory to your local machine and use the data locally.
-
-
-
-Inside you can observe the data stored in the FactDB. Each database snapshot is stored in a dedicated SQLite `fact.[id].db` file.
-
-```text
-./pdp-backup
-|-- policy_store_backup.json // When Offline Mode enabled
-|-- pdp_cloud_config_backup.json // When Offline Mode enabled
-|-- factdb
-| |-- fact.[id].db
-| |-- fact.[id].db-shm
-| |-- fact.[id].db-wal
-```
-
-:::info
-This file structure is internal and may be changed in the future.
-:::
-
-### Inspecting Data
-
-You can use the SQLite3 CLI to inspect the data stored in FactDB.
-
-
-
-:::danger
-We recommend you to not modify the data stored in the FactDB directly.
-:::
-
-Here are the available table schemas:
-
-
-
-To explore the data, you can query specific tables. For example, to view the contents of the `role_assignments` table, run
-the following commands:
-
-
-
-The output will look something like this:
-
-```text
-id actor role tenant resource
-------------------------------------------- ------------ ------ ------- ---------------------
-user:alice-admin-Blog:how-to-code user:alice admin default Blog:how-to-code
-user:bob-editor-Blog:react-tutorial user:bob editor default Blog:react-tutorial
-user:charlie-viewer-Comment:great-post user:charlie viewer default Comment:great-post
-user:dan-admin-Blog:javascript-tips user:dan admin default Blog:javascript-tips
-user:eve-editor-Blog:css-tricks user:eve editor default Blog:css-tricks
-user:frank-viewer-Comment:very-helpful user:frank viewer default Comment:very-helpful
-user:grace-admin-Blog:nodejs-guide user:grace admin default Blog:nodejs-guide
-user:heidi-editor-Blog:html-basics user:heidi editor default Blog:html-basics
-user:ivan-viewer-Comment:thanks-for-sharing user:ivan viewer default Comment:thanks-for-sharing
-user:judy-admin-Blog:testing-in-js user:judy admin default Blog:testing-in-js
-```
-
-:::info
-This table schema is internal and may be changed in the future.
-:::
diff --git a/docs/concepts/pdp/overview.mdx b/docs/concepts/pdp/overview.mdx
index 5ba634669..ed68b1c95 100644
--- a/docs/concepts/pdp/overview.mdx
+++ b/docs/concepts/pdp/overview.mdx
@@ -302,33 +302,6 @@ flowchart LR
For truly massive data sets needed in the PDP, you can apply sharding to split the data between multiple PDPs within the same cluster.
-This is done by using an [Envoy Server](https://www.envoyproxy.io/docs/envoy/latest/) as proxy to route requests to the relevant PDP based on the tenant.
-For more information, see the [Sharded PDPs guide](/how-to/manage-data/pdp-sharding).
-
-```mermaid
-graph LR
- subgraph Your Network
- envoy[Envoy]
- pdp1[PDP - Shard #1]
- pdp2[PDP - Shard #2]
- app1[Service #1] -- query --> envoy
- app2[Service #2] -- query --> envoy
- envoy -->|Based on Tenant| pdp1
- envoy -->|Based on Tenant| pdp2
- end
-
- cloud[Permit.io Cloud]
- pdp1 <--> cloud
- pdp2 <--> cloud
-
- style cloud fill:#ffb381,color:#000;
- style app1 fill:#974ef2,color:#fff;
- style app2 fill:#974ef2,color:#fff;
- style pdp1 fill:#f76808,color:#fff;
- style pdp2 fill:#f76808,color:#fff;
- style envoy fill:#4e7ef2,color:#fff;
-```
-
## PDP Caching Mechanism
The PDP server includes a configurable caching mechanism that significantly improves performance by reducing redundant policy evaluations.
diff --git a/docs/embeddable-uis/element-login.mdx b/docs/embeddable-uis/element-login.mdx
index 5f061b4c7..d6f606664 100644
--- a/docs/embeddable-uis/element-login.mdx
+++ b/docs/embeddable-uis/element-login.mdx
@@ -630,7 +630,7 @@ permit.elements.logout();
```
---
-### Support for private browsing mode (EAP)
+### Support for private browsing mode
Permit Element is now compatible with private browsers, such as Chrome Incognito Mode and Safari.
diff --git a/docs/embeddable-uis/embedding-elements.mdx b/docs/embeddable-uis/embedding-elements.mdx
index b65a4d4b4..73786deaf 100644
--- a/docs/embeddable-uis/embedding-elements.mdx
+++ b/docs/embeddable-uis/embedding-elements.mdx
@@ -69,7 +69,7 @@ Make sure your Permit user key is the same as the JWT sub. You can see your Perm
Dashboard. You can see your JWT sub with sites like [jwt.io](https://jwt.io/). Just paste your JWT token into the text dialog
and check the left side of the sub field.
-For more information about the JWKS configuration, you can read the [Permit JWKS Configuration](/foaz/fetching-jwks/#what-are-jwks)
+For more information about the JWKS configuration, you can read the [Permit JWKS Configuration](/how-to/enforce-permissions/url-mapping/fetching-jwks/#what-are-jwks)
documentation.
## Installing Permit-js
diff --git a/docs/embeddable-uis/troubleshooting.mdx b/docs/embeddable-uis/troubleshooting.mdx
index efe6bf422..b452c2b07 100644
--- a/docs/embeddable-uis/troubleshooting.mdx
+++ b/docs/embeddable-uis/troubleshooting.mdx
@@ -23,7 +23,7 @@ Before diving into the specific issues, here are some general issues that you mi
In order to use Permit Elements, you must use the `permit.elements.login()` method in your frontend application with one of the supported login methods.
Read more about the supported login methods [here](/embeddable-uis/element-login).
-### đź› I don't see `/login_elements` after login -
+### I don't see `/login_elements` after login
When you are using the `permit.elements.login()` method, the user will be redirected to the `/login_elements` page after the login method is completed.
@@ -31,7 +31,7 @@ If you don't see a request to `/login_elements` in the "Network" tab, it means t
Make sure that the login method is implemented correctly in your frontend and server applications - follow the [Login Methods](/embeddable-uis/element-login) guide to make sure that the login method is implemented correctly.
-### 🛠️ Error 404/422 in login endpoint -
+### Error 404/422 in login endpoint
If you get a 404 or 422 error when you are trying to login with Permit Elements, it means that the login endpoint is not found or not implemented correctly.
@@ -48,13 +48,13 @@ app.post("/login_cookie", async (req, res) => {
});
```
-### 🛠️ Error `ERR_CONNECTION_REFUSED` -
+### Error `ERR_CONNECTION_REFUSED`
If you are seeing this error when running the login method from the frontend app, it means that the server you are using for the login-in is not running.
Make sure that the server is running and accessible from the frontend application.
-### 🛠️ CORS issues -
+### CORS issues
If you are seeing CORS issues, it means that the server you are using for the login-in is not configured to allow requests from the frontend application.
@@ -70,13 +70,13 @@ app.use(function(req, res, next) {
});
```
-### 🛠️ Error `ERR_EMPTY_RESPONSE` -
+### Error `ERR_EMPTY_RESPONSE`
This error usually occurs when the server is not sending any response back to the frontend application.
That could be due to a server error or a network issue - check the server logs for more information.
-### 🛠️ Set-Cookie Blocked -
+### Set-Cookie blocked
In some cases the Cookie that received from Permit.io server is blocked by the browser due to some browser preferences or settings.
@@ -85,7 +85,7 @@ It can happen if the browser is blocking third-party cookies or if the SameSite
To fix the blocked cookie issue - turn on the third-party cookies in the browser settings or set the SameSite attribute to "None" in the server response.
-### 🛠️ General Login Errors -
+### General login errors
You might see a `embed_error.html` page in the **"Developer Tools" -> "Network" tab** with a general error message if there is an issue with the login method.
diff --git a/docs/foaz/_category_.json b/docs/foaz/_category_.json
deleted file mode 100644
index f532bcf97..000000000
--- a/docs/foaz/_category_.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "label": "Frontend-only Authorization",
- "position": 9,
- "collapsible": true,
- "collapsed": true,
- "customProps": {
- "icon": "mac-line"
- }
-}
\ No newline at end of file
diff --git a/docs/foaz/detailed-guide.mdx b/docs/foaz/detailed-guide.mdx
deleted file mode 100644
index d1022ab48..000000000
--- a/docs/foaz/detailed-guide.mdx
+++ /dev/null
@@ -1,254 +0,0 @@
----
-sidebar_position: 5
-title: Detailed API Guide
----
-
-To use Frontend-only-Authorization (FoAz), 2 things are required:
-
-1. Creating Proxy Config object in Permit.io API
-2. Calling FoAz API from your frontend
-
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-
-
-## Creating Proxy Config object in Permit.io API
-
-Proxy Config is a Permit.io API object that contains configuration about your proxied requests.
-It is used to form a request that will be sent to our Proxy component and eventually will be proxied to your 3rd-party service.
-
-To create a Proxy Config object, you need to send a POST request to the Permit.io API with the following payload properties:
-
-- `name` - name of the Proxy Config object
-- `key` - key of the Proxy Config object (used to identify the object in Permit.io API)
-- `mapping_rules` - array of mapping rules (see below)
- - `url` - proxy configuration (see below)
- - `method` - proxy configuration (see below)
- - `resource` - proxy configuration (see below)
- - `headers` - proxy configuration
-- `jwks` - JSON Web Key Set (JWKS) object (see below)
- - `keys` - array of keys
- - `kty` - key type
- - `kid` - key id
- - `use` - key usage
- - `n` - modulus
- - `e` - exponent
-- `auth_mechanism` - The authentication mechanism used to authenticate the user - `Bearer` or `Basic`
-- `secret` - The secret that you wish to pass as the `Authorization` header to your proxied service.
-
-:::tip
-To create the Proxy Config object, send a POST request to the Permit.io API -
-`https://api.permit.io/v2/facts///proxy_configs`
-Look at the [API Reference](https://api.permit.io/v2/redoc) for more details.
-:::
-
-### Mapping Rules
-
-Mapping rule is a rule that is used to map a request to a resource and action in Permit.io.
-For example, if you want to map Stripe's Balance POST endpoint to the resource `Balance` with the action `post` in Permit.io,
-the mapping rule would look like this:
-
-```json
-{
- "url": "https://api.stripe.com/v1/balance",
- "method": "POST",
- "resource": "balance"
-}
-```
-
-Another example will be creating a mapping rule for Stripe's Customers GET endpoint:
-
-```json
-{
- "url": "https://api.stripe.com/v1/customers/{customer_id}",
- "method": "GET",
- "resource": "balance"
-}
-```
-
-:::tip
-
-Here you can see that we are using attributes in the URL.
-These attributes will be replaced with the values from the request that is sent to the Permit.io Proxy component, and will be
-covered in the [Calling FoAz API from your frontend](/foaz/detailed-guide#calling-foaz-api-from-your-frontend) section.
-
-:::
-
-### Secret
-
-The secret property is used to pass the secret that you wish to pass as the `Authorization` header to your proxied service.
-So if we are using Stripe as an example, the secret would be the Stripe API key.
-
-### Example
-
-Continuing the example from the previous section, let's say that we want to send Stripe's Balance and Customers requests directly
-from our frontend. Our Proxy Config could look like this -
-
-```
-{
- "name": "Stripe Proxy Config",
- "key": "stripe_proxy_config",
- "mapping_rules": [
- {
- "url": "https://api.stripe.com/v1/balance",
- "method": "POST",
- "resource": "balance",
- },
- {
- "url": "https://api.stripe.com/v1/customers/{customer_id}",
- "method": "GET",
- "resource": "customer",
- "headers": {
- "x-permit-example": ""
- }
- }
- ],
- "jwks": {
- "keys": [
- {
- "alg": "RS256",
- "kty": "RSA",
- "use": "sig",
- "n": "****",
- "e": "****",
- "kid": "****",
- "x5t": "****",
- "x5c": [
- "****"
- ]
- }
- ]
- },
- "auth_mechanism": "Bearer",
- "secret": ""
-}
-```
-
-## Calling FoAz API from your frontend
-
-After setting up the Proxy Config object in Permit.io API, you can start sending requests from your frontend to the Permit.io
-Proxy component! To do so, you need to send an HTTP request to the FoAz API.
-
-:::note
-
-The FoAz API is available at `https://proxy.api.permit.io/proxy/`.
-You can find the Proxy Config ID after creating the Proxy Config object in Permit.io API.
-
-:::
-
-### Request
-
-#### Parameters
-
-The FoAz API supports sending these parameters as part of your request -
-
-- `url` - _required_ - the URL of the proxied request - for example `https://api.stripe.com/v1/customers/customer_123`
-- `tenant` - the tenant of the user who sends the request in Permit.io. If not provided, the default tenant will be used.
-
-#### Methods
-
-The FoAz API supports the following HTTP methods:
-
-- GET
-- POST
-- PUT
-- PATCH
-- DELETE
-
-#### Headers
-
-You can send any headers you wish to the FoAz API as long as it's part of the mapping rule you created in the Proxy Config object.
-So if you want to send a `x-permit-example` header, you need to add it to the mapping rule in the Proxy Config object, and then
-you can send it from your frontend.
-
-#### Body
-
-The FoAz API supports sending a body in the request.
-
-### Response
-
-The FoAz API will return the response from the proxied request, exactly as it was returned from the 3rd-party service.
-
-### Example
-
-Continuing the example from the previous section, let's say that we want to send a request to Stripe's Customers endpoint.
-Our request to the FoAz API would look like this -
-
-```js
-const response = await fetch(
- "https://proxy.api.permit.io/proxy/?url=https://api.stripe.com/v1/customers/customer_123",
- {
- method: "GET",
- headers: {
- "Content-Type": "application/json",
- "x-permit-example": "example",
- },
- }
-);
-```
-
-### Example using the SDK
-
-You can also use the [PermitJS](https://www.npmjs.com/package/@permitio/permit-js) SDK to send requests to the FoAz API.
-To do so, you need to create a PermitJS client with the `proxyId` parameter and current user `token`.
-This will create a permit proxy client that will send requests to the FoAz API.
-The SDK proxy client supports the following methods:
-`GET`, `POST`, `PUT`, `PATCH`, `DELETE`
-
-This is an example of how to get SDK proxy client:
-
-```js
-import permit from "@permitio/permit-js";
-const permitStripeProxy = permit.proxy.getProxy({
- proxyId: "6b120e2ca316430b9f8ea0e1f5ec5555",
- token: userJwt,
-});
-```
-
-`POST` example:
-
-```js
-permitStripeProxy
- .post({
- url: "https://stripe.com/createPayment",
- data: { test: "tester" },
- headers: { test: "testHeader" },
- })
- .then((res: any) => {
- console.log("res", res);
- })
- .catch((err: any) => {
- console.log("err", err);
- });
-```
-
-`GET` example:
-
-```js
-permitStripeProxy
- .get({
- url: "https://stripe.com/createPayment",
- params: { test: "tester" },
- headers: { test: "testHeader" },
- })
- .then((res: any) => {
- console.log("res", res);
- })
- .catch((err: any) => {
- console.log("err", err);
- });
-```
-
-## When can I start using FoAz ?
-
-The feature is currently only available in early access to a select few.
-
-[Subscribe here to get early access](https://hello.permit.io/foaz-ea).
-
-Join the conversation in our [ Slack community](https://io.permit.io/join_community) at the
-[#frontend-only-authz](https://permit-io.slack.com/archives/C04U83ZABRD) channel.
-
-[](https://io.permit.io/join_community)
diff --git a/docs/foaz/foaz-examples.mdx b/docs/foaz/foaz-examples.mdx
deleted file mode 100644
index 7ac285224..000000000
--- a/docs/foaz/foaz-examples.mdx
+++ /dev/null
@@ -1,64 +0,0 @@
----
-sidebar_position: 7
-title: API call examples
----
-
-## Check out the FoAz Proxy Config API
-
-A Proxy Config is a Permit.io resource that defines a protected API call.
-It is used to define the API call, and the secrets that should be injected into it.
-
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-
-
-### Create a Proxy Config
-
-When creating a Proxy Config you need to provide the following information:
-
-
-
-A mapping rule is an object that defines how Permit will map the request to a resource / action.
-
-
-
-There are a few things you need to take care about, when creating a proxy config:
-
-1. The url path should be a valid openapi url with the host, for example,
-
- Proxying a request to `https://api.stripe.com/v1/customers/:id` would be `https://api.stripe.com/v1/customers/{id}`
-
-2. If you want to enforce any headers, you need to provide them in the `headers` key of the mapping rule.
-3. If you want to enforce specific query parameters, provide them in the url using ? and &. For example, if you want to enforce the `limit` query parameter, you would provide the url as `https://api.stripe.com/v1/customers?limit={limit}`
-4. If you have a url that is matched by multiple mapping rules, for example `https://api.stripe.com/v1/customers?limit={limit}` and `https://api.stripe.com/v1/customers`
- the order is randomly unless you provide the priority to the mapping rule ( the default priority used is 0 ).
-5. The auth mechanism can be either Bearer, Basic, or Headers.
- If you choose Headers, you need to provide an object with the keys being the names, and the value being the values of the headers.
- If you choose Basic, you need to provide a secret in the format of `username:password`.
- If you choose Bearer, you need to provide any secret string.
-6. If you don't provide the action to the mapping rule, the http_method will be used as default.
-
-
-
-### Edit a Proxy Config
-
-When updating a Proxy Config you need to provide the following information:
-
-
-
-There are a few things you need to take care about, when updating a proxy config:
-
-1. If you update the secret without updating the auth_mechanism notice that it should match the proxy config auth_mechanism.
-2. If you update the auth_mechanism without updating the secret notice that it should match the proxy config secret format.
-3. If you update the mapping rules, you need to provide the entire mapping rules array, and not just the updated mapping rule.
-
-
-
-### Delete a Proxy Config
-
-When deleting a Proxy Config you need to provide the following information:
-
-
diff --git a/docs/foaz/foaz-standard.mdx b/docs/foaz/foaz-standard.mdx
deleted file mode 100644
index aa2a233e7..000000000
--- a/docs/foaz/foaz-standard.mdx
+++ /dev/null
@@ -1,49 +0,0 @@
----
-sidebar_position: 8
-title: An Internet Standard
-description: An emerging internet standard
----
-
-# FoAz - An Emerging Internet Standard
-
-## Introduction
-
-**Frontend-only Authorization (FoAz)** is currently an Internet-Draft, aiming to establish an Internet standards track
-protocol for the global community. Internet-Drafts are dynamic documents under the umbrella of the Internet
-Engineering Task Force (IETF), constantly updated and improved based on community input and discussion. This
-ongoing initiative also invites groups outside the IETF to distribute and contribute to these working documents
-as Internet-Drafts.
-
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-
-
-## Working Group
-
-FoAz, as an emerging internet standard, is under the collective development of a working group. This group comprises
-an alliance of developers from multiple companies worldwide, originating from the innovative efforts at Permit Inc.
-
-This working group is open to any and all interested parties looking to contribute to the development of the FoAz
-standard. We encourage the sharing of ideas, feedback, and suggestions, which can greatly influence the progression
-and refinement of FoAz.
-
-## Join the Working Group
-
-To ensure the continual evolution and improvement of FoAz, we highly value community involvement. If you are
-interested in contributing to the FoAz standard, here are some ways to get involved:
-
-- **Join the conversation**: We have a dedicated [Slack workspace](https://io.permit.io/docs-to-slack) for our working group where you can engage in
- meaningful discussions, ask questions, and share your expertise with others.
-
-- **Provide RFC feedback**: Direct your comments and suggestions on the RFC to our [Git repository](https://github.com/permitio/foaz-site/). Pull requests
- are welcome and appreciated - they provide a great way to propose changes, improvements, or corrections to the draft.
-
-Your contributions to the FoAz standard can help shape the future of frontend authorization, enhancing the security and ease-of-use for developers worldwide. Join us as we strive to make FoAz a robust and reliable standard for the Internet community.
-
-Read more about the Frontend-only Authorization (FoAz) standard **[here](https://foaz.io/)**.
-
-This document is an Internet-Draft, calling for discussions and suggestions for improvement. The copyright belongs
-to Permit, Inc. (2023).
diff --git a/docs/foaz/overview.mdx b/docs/foaz/overview.mdx
deleted file mode 100644
index 6af29854e..000000000
--- a/docs/foaz/overview.mdx
+++ /dev/null
@@ -1,110 +0,0 @@
----
-sidebar_position: 1
-title: What is Frontend-only Authorization (FoAz)?
----
-
-
-
-
-
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-
-Frontend-only-Authorization (FoAz) is a method allowing frontend applications to enforce protected access to APIs without requiring a dedicated backend.
-FoAz allows frontend developers to securely use sensitive resources directly from the frontend, while gating for permissions and without exposing any secrets or sensitive data.
-
-
-
-
-
-## Isn't Frontend Authorization an Oxymoron ?
-
-It sure sounds like it, but no - it works, it's easy, and it's super safe.
-
-The "trick" is that it's frontend-only in the same sense that Serverless has no servers.
-There is a backend component which actually enforces the access, you just don't have to build it - Permit.io provides it for you - so you can focus on building your awesome app.
-
-## What is FoAz Good for ?
-
-Foremost FoAz is about rapid secure app development; specifically there are two core use cases.
-
-- ### Access 3rd Party Services
-
- ```mermaid
- flowchart LR
- Frontend --protected API call--> proxy.Permit.io
- proxy.Permit.io --"permit.check() + inject secrets"--> p["Protected Service (e.g. Twilio)"]
- p --response-->proxy.Permit.io
- proxy.Permit.io --response-->Frontend
- ```
-
- Web applications often consume external services to implement their features; for example an app might use Twilio to send an invite via SMS, Stripe to bill the user, AWS S3 to fetch the user profile, or Mailchimp to notify them of user activities.
- All of these would require a secret or API token; coupled with the App developers account, and would often cost money to use.
-
- Without FoAz a developer would have to deploy a backend service to accept the frontend requests, verify the session identity, check for permissions, and invoke the external API along with it's associated secret.
- With FoAz a developer can simply call the external service directly from the frontend, knowing that Permit will verify the identity, check for permissions, and add the needed secrets for them.
-
-- ### Adding Authorization on top of Your API
-
- ```mermaid
- flowchart LR
- Frontend --protected API call--> proxy.Permit.io
- proxy.Permit.io --"permit.check()"--> p["Your app [secret route]"]
- p --response-->proxy.Permit.io
- proxy.Permit.io --response-->Frontend
- ```
-
- Be it legacy code, new code, or an app still being developed, your homebrew authorization probably doesn't meet the standard you need from it.
- While we'd always encourage you to deploy Permit as part of your backend to make your application's authorization truly future-proof, we understand the importance of RND velocity.
-
- FoAz can be used to wrap and protect your API, adding more complex policies (e.g. RBAC, ABAC, ReBAC) and access-control interfaces (e.g. audit-logs, user-management), without having to change a single line of backend code.
-
- :::info
- To use this securely you still need to add a secret between Permit and your API,
- but this can even be just a separate route (e.g. `your-api.com/permit-secret-guid/resource`), or gated by a API-gateway or reverse-proxy.
- :::
-
-## How does FoAz Work?
-
-FoAz uses Permit.io as the backend component to check and enforce access to the protected API or resource.
-Permit.io acts as a proxy between your frontend, and the end resource - adding JWT verification, permission checks, and injecting the end target secrets.
-
-Arguably FoAz is actually more secure than a proprietary backend you'd build from scratch; as it ensures policies are always in place; and audit logs are automatically generated.
-
-### Communication Sequence Diagram
-
-```mermaid
-sequenceDiagram
- Your Frontend ->> Authentication Provider: login
- Authentication Provider -->> Your Frontend: JWT
- Your Frontend->> Permit.io: Login with Permit (JWT for JWT)
- Permit.io -->> Your Frontend : Permit.io JWT
- Your Frontend->> Permit.io: Protected API call
- alt allowed
- Permit.io ->> Secret Vault : load secrets into protected call
- Permit.io ->> Protected Service : actual API call
- Protected Service -->> Permit.io: response
- Permit.io -->> Your Frontend : response
- else denied
- Permit.io -->> Your Frontend : 403
- end
-```
-
-## When can I start using FoAz ?
-
-The feature is currently only available in early access to a select few.
-
-[Subscribe here to get early access](https://hello.permit.io/foaz-ea).
-
-Join the conversation in our [ Slack community](https://io.permit.io/join_community) at the [#frontend-only-authz](https://permit-io.slack.com/archives/C04U83ZABRD) channel.
-
-[](https://io.permit.io/join_community)
diff --git a/docs/foaz/using-permit-overview.mdx b/docs/foaz/using-permit-overview.mdx
deleted file mode 100644
index 3a20b7c00..000000000
--- a/docs/foaz/using-permit-overview.mdx
+++ /dev/null
@@ -1,72 +0,0 @@
----
-sidebar_position: 2
-title: Getting Started
----
-
-# How do I use FoAz?
-
-## Quick Overview
-
-
-
-
-
-
-
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-
-
-## Setting it up
-
-1. To find detailed instructions on how to fetch the JWKS, refer to the corresponding guide provided by your authentication provider.
- You can find a summary for the mosty popular authentication porvider [here](/foaz/fetching-jwks).
-
-2. [Configure](/foaz/configuring-jwks) your JWKS with Permit, so it will be able to verify your user JWTs for you.
-
-3. Configure the Protected API call with Permit, and set a secret for it. This makes sure Permit will only call
- APIs you defined.
-
-4. Map the API call to a resource / action, so you can use the policy-editor to define permissions for it.
- This makes sure Permit will only call API when you allow them.
-
-## Login your frontend user with Permit
-
-Permit.io's Frontend SDK provides a [login method](/embeddable-uis/element-login)
-to which you pass your user's JWT.
-
-## Calling an API via Permit
-
-After the login, we can now invoke the Permit SDK with an [Axios](https://www.npmjs.com/package/axios) like interface.
-
-See an example below using Twilio with basic HTTP authentication.
-
-:::note
-Bearer Token, and Cookie authentication are similarly supported.
-:::
-
-```javascript
-// Send an SMS with Twilio via a Permit FoAz protected API call
-// `{{}}` used to template and render secrets into the call at the secure proxy
-permit.proxy.post(
- 'https://api.twilio.com/2010-04-01/Accounts/{{accountSID}}/Messages.json?Body=hello&To=555&From=1337',
- // Templates to be loaded with actual secrets at proxy.permit.io prior to the actual call to Twilio
- auth: {
- username: "{{accountSID}}"
- password: "{{twilioAuthToken}}"
- }
-}).then((res) => {
- console.log(res, 'res');
-}).catch((err) => {
- console.log(err);
-});
-```
diff --git a/docs/foaz/visual-guide.mdx b/docs/foaz/visual-guide.mdx
deleted file mode 100644
index f5e77ad67..000000000
--- a/docs/foaz/visual-guide.mdx
+++ /dev/null
@@ -1,154 +0,0 @@
----
-sidebar_position: 6
-title: Working with the UI
----
-
-import copyingCode from "/static/ui-videos/foaz/copying-the-code-snippet.mp4";
-
-Frontend-only-Authorization (FoAz) is a method allowing frontend applications to enforce protected access to APIs without requiring
-a dedicated backend.
-
-FoAz allows frontend developers to securely use sensitive resources directly from the frontend, while gating for permissions and
-without exposing any secrets or sensitive data.
-
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-:::note
-Before you will be able to configure new mapping rules for your frontend-only authorization, you will need to
-**[fetch your JWKs](/foaz/fetching-jwks)** from your authentication provider and **[add the JWKs](/foaz/configuring-jwks)** to Permit.
-:::
-
-The FoAz UI is intuitive and easy to navigate, making the process of configuring new mapping rules for your frontend-only authorization
-straightforward. You can access the UI inside the Permit App [here](https://app.permit.io/foaz-proxy).
-
-Here is a visual representation of the FoAz UI for better understanding:
-
-
-
-### Mapping Rules
-
-**Mapping rules** are elegantly structured into **four distinct components**:
-
-1. The **specified API endpoint URL** to evaluate permissions prior to initiation.
-2. The designated **HTTP method** to categorize the nature of the request.
-3. The identified Permit **resource** being accessed or manipulated.
-4. The explicit **action** being undertaken on the said resource.
-
-The mapping rules feature in the FoAz UI links HTTP URLs to particular resources and actions within the Permit.io platform.
-These rules are essential for controlling access and permissions on your website or application. Each rule defines the
-association between an incoming HTTP request and the corresponding resource within your application that the request should
-interact with.
-
-
-
-By correctly setting up mapping rules, you can ensure that requests are correctly routed and that users only have access
-to the resources that they are authorized to view or modify.
-
-### Streamlining Mapping Rules with URL templating
-
-Within the FoAz UI, you have the option to integrate variables directly into the URL, utilizing a syntax denoted as `{var1}`.
-This process, referred to as URL templating, serves as a potent tool in minimizing the number of necessary mapping rules,
-thus promoting a more streamlined approach.
-
-To illustrate, consider the configuration of a URL in the following manner: `example.com/v1/{customer_id}/payments`.
-
-Here, `{customer_id}` functions as a dynamic placeholder, primed to be substituted with the actual customer ID when a
-request is initiated. This technique facilitates a more efficient system, where a solitary mapping rule can encompass
-all customers, negating the need for individual rules per customer.
-
-### Secret configuration
-
-The secret configuration is a critical part of the FoAz UI. It is where you provide the secret that can authenticate against
-the service you're proxying, for instance, if you're proxying Stripe requests, you would set your Stripe secret here.
-
-
-
-Once the secret is authorized, it will be passed as part of the modified HTTP request. The HTTP request will be adjusted
-to include authentication details, enabling the request to access the required service securely and correctly.
-
-This setup ensures the secure transmission of sensitive data and enables appropriate access control to your
-integrated third-party services.
-
-:::danger Remember
-Safeguarding these secrets is critical. Always follow best practices to keep these secrets secure and
-never expose them in places where unauthorized individuals might gain access.
-:::
-
-## Setting up the PDP
-
-To use the URL Mapping permissions check, you must first set up the PDP. You must deploy the following version of the PDP that
-supports the URL Mapping check. First pull the PDP (Policy-decision-point).
-
-```bash
-docker pull permitio/pdp-v2:0.2.19-rc.2
-```
-
-Now run the PDP locally. Remember to replace your API key with the `environment` API key in which you are building your policies.
-
-```
-docker run -it -p 7766:7000 --env PDP_API_KEY= permitio/pdp-v2:0.2.19-rc.2
-```
-
-## Checking for permissions
-
-As part of the permission check, we will be authorizing the current logged in user, and hence we will need to verify that their
-JWT matches with the previously configured JWKS (JSON Web Key Sets). We will be passing in the JWT as part of the `Authorization`
-header in our HTTP request.
-
-We then need to perform a basic fetch request, constructing our unique URL. Here is the example we will work with. Let's destructure
-it for easier understanding.
-
-```bash
-https://proxy.api.permit.io/proxy/?url=https://some-rest-api.vercel.app/api/something
-```
-
-1. The URL is composed of our `proxy URL` which directly defines the proxy API endpoint and the current mapping rule we are
- referring to, by passing in the `mapping rule id`.
-
-```bash
-https://proxy.api.permit.io/proxy/
-```
-
-2. The we are passing in a URL which is the secure endpoint that we are intending to call to retrieve sensitive data.
-
-```bash
-?url=https://some-rest-api.vercel.app/api/something
-```
-
-Now that the PDP is running, we have configured our policy within Permit, and have our logged in user synced with Permit,
-we can write fetch request, and perform this call securely vi the Permit proxy.
-
-```javascript
-const sendFoazRequest = async (req, res) => {
- // This should be the JWT fetched from your current session, depending on the AuthN provider you are using.
- const token = await getJWT();
-
- // This is the call to the desired API endpoint via the Permit authorization proxy.
- await fetch(
- "https://proxy.api.permit.io/proxy/1fc72853b4de83hdisisj3439fjkefm?url=https://some-rest-api.vercel.app/api/something",
- {
- method: "POST",
- headers: {
- "Content-Type": "application/json",
- // Passing in the current logged in user JWT as part of the Authorization header.
- Authorization: `Bearer ${token}`,
- },
- body: JSON.stringify({ secretCode: 123456 }),
- }
- )
- .then((response) => response.json())
- .then((data) => console.log(data))
- .catch((error) => console.error("Error:", error));
-};
-```
-
-## Copying the fetch request template from the UI
-
-To make it even easier for you, we already provide you with the template code snippet for the fetch request.
-
-
diff --git a/docs/how-to/build-policies/abac/defining-attributes.mdx b/docs/how-to/build-policies/abac/defining-attributes.mdx
index 0f314c7c4..d88897a41 100644
--- a/docs/how-to/build-policies/abac/defining-attributes.mdx
+++ b/docs/how-to/build-policies/abac/defining-attributes.mdx
@@ -12,6 +12,7 @@ Permit supports attributes on three different objects:
- **User Attributes** - Characteristics of the actor performing an action, to be used in dynamic roles (AKA user sets).
- **Resource Attributes** - Characteristics of the resource the action is being performed on, to be used in dynamic resources (AKA resource sets).
- **Tenant Attributes** - Characteristics of the tenant containing the actor and the resource. Can be used in user sets of users that appear in the tenant.
+- **Role Attributes** - Metadata that lives on RBAC roles. Use them to tag roles with dimensions such as tier, geography, or product area and to filter or search roles via the API (for example with the `attr_` filters in the [List Roles API](/api/examples/filter-role-associations#list-tenant-roles-filter-by-role-attributes)).
## Defining Attributes
@@ -25,9 +26,11 @@ Note that not all attribute sources are available for all attribute types, for e
### Define Stored User Attributes
-After [creating the attribute definitions](/how-to/build-policies/abac/building-abac-policy#step-1-creating-user-attributes), you can define user-specific attributes.
+After [creating the attribute definitions](/how-to/build-policies/abac/building-abac-policy#step-1-creating-user-attributes), you can define user-specific attributes via the UI or API.
-To define user-specific attributes, in the **Users** screen, click the user's options button and select **Manage Metadata**.
+**In the UI**: Go to `Directory → Tenant settings (top-right settings button) → User Attributes` to create or edit user-attribute definitions. Then, within the Directory, open an individual user and use **Edit Attributes** to set that user’s values.
+
+**Via API / SDK**: update the user object with an `attributes` payload when calling the relevant endpoint (`permit.api.users.update(...)`, `permit.api.users.sync(...)`, etc.).
From this window you can edit the user attributes as JSON.
@@ -37,13 +40,44 @@ Note that to add new attributes you need to first [create attribute definitions]
### Define Stored Tenant Attributes
-After [creating the attribute definitions](/how-to/build-policies/abac/building-abac-policy#step-2-creating-tenant-attributes), you can define tenant-specific attributes.
+After [creating the attribute definitions](/how-to/build-policies/abac/building-abac-policy#step-2-creating-tenant-attributes), you can define tenant-specific attributes either in the UI or through the API.
-To define tenant-specific attributes, in the **Users** screen, open the **tenant list**, click the tenant's **edit button**.
-
+**In the UI**: Navigate to `Directory → Tenant settings (top-right settings button) → Manage tenants`, choose the tenant, and open the **Tenant Attributes** panel to edit metadata.
-Then, select **Edit Tenant Attributes**.
-
+**Via API / SDK**:
-From this window you can edit the user attributes as JSON.
-
+```bash
+curl -X PATCH 'https://api.permit.io/v2/facts/{project_id}/{env_id}/tenants/{tenant_key}' \
+ -H 'Authorization: Bearer API_SECRET_KEY' \
+ -H 'Content-Type: application/json' \
+ -d '{
+ "attributes": {
+ "tier": "enterprise",
+ "plan_version": "2026-01"
+ }
+ }'
+```
+
+Send any metadata needed for policy decisions in the `attributes` object.
+
+### Define Role Attributes
+
+Role attributes can be defined in the UI or managed via the Roles API.
+
+**In the UI**: Go to `Directory → Tenant settings (top-right settings button) → Role Attributes` to tag roles with metadata.
+
+**Via API / SDK**: include an `attributes` object when creating or updating a role. For example:
+
+```bash
+curl -X PATCH 'https://api.permit.io/v2/schema/{project_id}/{env_id}/roles/{role_key}' \
+ -H 'Authorization: Bearer API_SECRET_KEY' \
+ -H 'Content-Type: application/json' \
+ -d '{
+ "attributes": {
+ "tier": "gold",
+ "department": "finance"
+ }
+ }'
+```
+
+Once attributes are stored, you can filter roles (for example, `?attr_tier=gold`) or retrieve the metadata through the [role APIs](/api/examples/filter-role-associations#list-tenant-roles-filter-by-role-attributes). This is especially useful when delegating tenant-specific role management or when you need to build automation around role categories.
diff --git a/docs/how-to/deploy/deploy-to-production.mdx b/docs/how-to/deploy/deploy-to-production.mdx
index 136b3f59c..812160442 100644
--- a/docs/how-to/deploy/deploy-to-production.mdx
+++ b/docs/how-to/deploy/deploy-to-production.mdx
@@ -122,8 +122,6 @@ PDP makes use of OPA to achieve very fast policy evaluation, this speed of evalu
we can suggest using the formula of _`# of policy objects X 6kb`_ (where policy objects include: users, resource instances & tenants) as a rough estimate.
For example: For environment of 100k users, 500k resource instances and 100 tenants, you'll need ~3.5Gb of memory.
-For multi-tenant environments, data / memory can be scaled horizontally by using [tenant based sharding](/how-to/manage-data/pdp-sharding).
-
### General Performance Tips
To achieve high throughput and low latency:
diff --git a/docs/how-to/enforce-permissions/all-tenants-check.mdx b/docs/how-to/enforce-permissions/all-tenants-check.mdx
index 286801e6c..cf13b98f5 100644
--- a/docs/how-to/enforce-permissions/all-tenants-check.mdx
+++ b/docs/how-to/enforce-permissions/all-tenants-check.mdx
@@ -170,9 +170,3 @@ If the check isn't allowed for that tenant, the result will be an empty list. If
you'll get a list with one item. To avoid this and make things run more smoothly,
it's better to stick with a simpler check method.
:::
-
-:::danger
-Please note that the "All Tenants Check" feature might not work correctly if you're using [PDP Sharding](/how-to/manage-data/pdp-sharding).
-This is because it only runs on one PDP instance at a time,
-and that instance only contains data for a few tenants, not all of them in the setup.
-:::
\ No newline at end of file
diff --git a/docs/how-to/enforce-permissions/authorized-users.mdx b/docs/how-to/enforce-permissions/authorized-users.mdx
index 31bb48d27..c68f5aea3 100644
--- a/docs/how-to/enforce-permissions/authorized-users.mdx
+++ b/docs/how-to/enforce-permissions/authorized-users.mdx
@@ -1,6 +1,6 @@
---
sidebar_position: 7
-title: Get resource authorized users 🚧
+title: Get resource authorized users
---
import Tabs from "@theme/Tabs";
@@ -17,9 +17,6 @@ including the user's role assignments that granted the access:
:::note PDP Version
Please note that the `permit.authorized_users` function is available starting from PDP version 0.4.0.
:::
-:::info EAP
-This feature is in EAP stage - please contact with us if you want to try it out.
-:::
## Simple Usage
@@ -140,7 +137,7 @@ curl --location 'http://localhost:7766/authorized_users' \
"tenant":"default",
"attributes": {
"cost":500,
- "create_at": 2024
+ "create_at": 2026
},
"context": {
"enable_abac_authorized_users": true
@@ -159,7 +156,7 @@ authorized_users: AuthorizedUsersResult = permit.authorized_users(
type:"Document",
attributes:{
"cost":500,
- "create_at": 2024
+ "create_at": 2026
},{
"enable_abac_authorized_users": true
}},
diff --git a/docs/how-to/enforce-permissions/bulk-check.mdx b/docs/how-to/enforce-permissions/bulk-check.mdx
index 8a4bed9a2..198361bd1 100644
--- a/docs/how-to/enforce-permissions/bulk-check.mdx
+++ b/docs/how-to/enforce-permissions/bulk-check.mdx
@@ -57,7 +57,3 @@ PDP_OPA_CLIENT_QUERY_TIMEOUT=10
For more information on system requirements and performance optimization, you can check [this documentation.](/how-to/deploy/deploy-to-production#system-requirements-and-performance-optimization)
-:::note
-While `bulkCheck` will save you time in latency, it could have an impact on performance if you're checking permissions for different tenants.
-This is because requests are split by tenant in order to reach the relevant PDP instances. This is done in order to ensure compatibility with the current [PDP Sharding](/how-to/manage-data/pdp-sharding) setup, in which an instance might only contain data for a few tenants.
-:::
diff --git a/docs/foaz/configuring-jwks.mdx b/docs/how-to/enforce-permissions/url-mapping/configuring-jwks.mdx
similarity index 67%
rename from docs/foaz/configuring-jwks.mdx
rename to docs/how-to/enforce-permissions/url-mapping/configuring-jwks.mdx
index 8702a1f5d..72fe886df 100644
--- a/docs/foaz/configuring-jwks.mdx
+++ b/docs/how-to/enforce-permissions/url-mapping/configuring-jwks.mdx
@@ -5,36 +5,29 @@ title: Configuring JWKs
# Configure your obtained JWKs in Permit
-In order to start using the Frontend-Only Authorization (FoAz) feature offered by Permit, you need to add your obtained
+In order to start using URL Mapping with Permit, you need to add your obtained
JWKs (JSON Web Keys) to the current environment for which you will be enforcing access and sending API calls directly from the frontend.
It's very simple to add the JWKs you have obtained into Permit.
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-
-
#### 1. Navigate to the Settings from the left hand navigation panel in the Permit dashboard
-
+
#### 2. Click on the JWKS Config
-
+
#### 3. Select the environment you want to configure and add your JWKs
-
+
#### Paste your whole JWKS object inside the JSON editor
You can instead set a URL with the JWKS object, make sure there is a valid JWKS object at the URL you provide with "keys" as the root object.
-
+
The object you paste in should look something like the example below, where `kid` is the unique identifier for the JWK.
diff --git a/docs/foaz/fetching-jwks.mdx b/docs/how-to/enforce-permissions/url-mapping/fetching-jwks.mdx
similarity index 100%
rename from docs/foaz/fetching-jwks.mdx
rename to docs/how-to/enforce-permissions/url-mapping/fetching-jwks.mdx
diff --git a/docs/foaz/regex-url-mapping-check.mdx b/docs/how-to/enforce-permissions/url-mapping/regex-url-mapping-check.mdx
similarity index 96%
rename from docs/foaz/regex-url-mapping-check.mdx
rename to docs/how-to/enforce-permissions/url-mapping/regex-url-mapping-check.mdx
index 7fcff21f6..8f9a99ecc 100644
--- a/docs/foaz/regex-url-mapping-check.mdx
+++ b/docs/how-to/enforce-permissions/url-mapping/regex-url-mapping-check.mdx
@@ -11,20 +11,12 @@ title: Regex URL Mapping Check
`}
-import TimelineWrapper from "../../src/components/timeline/TimelineWrapper";
-import TimelineStep from "../../src/components/timeline/TimelineStep";
+import TimelineWrapper from "@site/src/components/timeline/TimelineWrapper";
+import TimelineStep from "@site/src/components/timeline/TimelineStep";
The Regex URL Mapping Permissions Check is a powerful feature that allows you to control access to your application's endpoints based on regular expressions for complex URL patterns. This feature supports two approaches:
-
-:::warning
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing [URL Mapping](/foaz/url-mapping-check).
-:::
-
-
## Overview
Regex URL Mapping in Permit.io enables you to:
- Define complex URL patterns using regular expressions to match dynamic and flexible URL structures
diff --git a/docs/foaz/url-mapping-check.mdx b/docs/how-to/enforce-permissions/url-mapping/url-mapping-check.mdx
similarity index 68%
rename from docs/foaz/url-mapping-check.mdx
rename to docs/how-to/enforce-permissions/url-mapping/url-mapping-check.mdx
index 26a32c5fe..aed99317e 100644
--- a/docs/foaz/url-mapping-check.mdx
+++ b/docs/how-to/enforce-permissions/url-mapping/url-mapping-check.mdx
@@ -11,19 +11,12 @@ title: Simple URL Mapping Check
`}
-import TimelineWrapper from "../../src/components/timeline/TimelineWrapper";
-import TimelineStep from "../../src/components/timeline/TimelineStep";
+import TimelineWrapper from "@site/src/components/timeline/TimelineWrapper";
+import TimelineStep from "@site/src/components/timeline/TimelineStep";
The Simple URL Mapping Permissions Check is a powerful feature that allows you to control access to your application's endpoints based on URLs.
-:::note
-FoAz is deprecated and no longer supported, but it is still available at app.permit.io/foaz-proxy .
-
-For URL-Based permission - we’re introducing app.permit.io/url-mapping.
-:::
-
-
## Overview
URL Mapping in Permit.io enables you to:
@@ -32,9 +25,9 @@ URL Mapping in Permit.io enables you to:
- Extract parameters from URLs for use in permission rules
- Implement flexible and maintainable URL-based access control
-This feature is available through the FoAz UI & PDP. You can access the FoAz UI inside the Permit App [here](https://app.permit.io/foaz-proxy).
+This feature is available through the URL Mapping UI & PDP. You can access the URL Mapping UI inside the Permit App [here](https://app.permit.io/url-mapping).
-
+
## Simple URL Mapping
@@ -42,7 +35,7 @@ Simple URL Mapping uses a straightforward `{var}` syntax to define path paramete
### Basic Concepts
-In FoAz UI, you can set variables as part of the URL using the following syntax: `{var1}`. This feature is called templating the URL, and it's beneficial to reduce the overall number of mapping rules required.
+In the URL Mapping UI, you can set variables as part of the URL using the following syntax: `{var1}`. This feature is called templating the URL, and it's beneficial to reduce the overall number of mapping rules required.
For example, you might set up a URL like this: `example.com/v1/{customer_id}/payments`.
@@ -50,9 +43,9 @@ In this case, `{customer_id}` is a placeholder that will be replaced with the ac
### Setting Up Simple URL Mapping
-The mapping rules feature in the FoAz UI links HTTP URLs to particular resources and actions within the Permit.io platform. These rules are essential for controlling access and permissions on your website or application.
+The mapping rules feature in the URL Mapping UI links HTTP URLs to particular resources and actions within the Permit.io platform. These rules are essential for controlling access and permissions on your website or application.
-
+
By correctly setting up mapping rules, you can ensure that requests are correctly routed and that users only have access to the resources that they are authorized to view or modify.
diff --git a/docs/how-to/enforce-permissions/user-permissions.mdx b/docs/how-to/enforce-permissions/user-permissions.mdx
index a5c248914..e07208883 100644
--- a/docs/how-to/enforce-permissions/user-permissions.mdx
+++ b/docs/how-to/enforce-permissions/user-permissions.mdx
@@ -98,7 +98,7 @@ func main() {
-## EAP: Enabling ABAC in user permissions
+## Enabling ABAC in user permissions
The `permit.GetUserPermissions` function can also find all permitted objects based on
attribute-based rules (ABAC condition sets), however this calculation is a bit more
@@ -163,10 +163,6 @@ UserPermissions permissions = permit.getUserPermissions(
## Get user permissions directly from opa
-:::info Note
-This feature is not supported when using FactDB and should not be used with FactDB enabled on the PDP
-:::
-
:::info Info
When experiencing high load, it may be more efficient to call the OPA engine directly from the SDK.
Please note that to enable this, you will need to expose the OPA port (8181).
@@ -194,6 +190,10 @@ UserPermissions permissions = permit.getUserPermissionsFromOPA(
+:::note
+`enable_abac_user_permissions` parameter name is subject to change. Make sure to verify that the name remains accurate.
+:::
+
## Filtering out the results
You can filter the results by any one of the following:
diff --git a/docs/how-to/manage-data/loading-data.mdx b/docs/how-to/manage-data/loading-data.mdx
index e81c3e88c..ad08ec197 100644
--- a/docs/how-to/manage-data/loading-data.mdx
+++ b/docs/how-to/manage-data/loading-data.mdx
@@ -78,7 +78,6 @@ project and environment IDs in the API endpoint URL - don't worry, our guide can
Out of the box, Permit automatically pulls in details about users, roles, and more from its cloud database to the PDP's policy engine,
setting a solid foundation for your policy.
-To view the the data structure loaded into PDPs used by default check out the API reference and the example [here](https://api.permit.io/v2/redoc#tag/OPAL-Data-(-EAP-)).
-Notice that this API is in EAP stage might be subject to changes !
+To view the data structure loaded into PDPs used by default check out the API reference and the example [here](https://api.permit.io/v2/redoc#tag/OPAL-Data-(-EAP-)).
[The complete guide on how to use the Scope Config API and integrate external data sources can be found here](/how-to/manage-data/use-external-data-source#how-to-use-external-data-sources-in-permit).
diff --git a/docs/how-to/manage-data/pdp-sharding.mdx b/docs/how-to/manage-data/pdp-sharding.mdx
deleted file mode 100644
index f8a3db1f5..000000000
--- a/docs/how-to/manage-data/pdp-sharding.mdx
+++ /dev/null
@@ -1,429 +0,0 @@
----
-sidebar_position: 5
-title: Use Data in Scale
----
-
-import Tabs from "@theme/Tabs";
-import TabItem from "@theme/TabItem";
-
-[PDP](/overview/glossary#pdp) Sharding is a technique for scaling Policy Decision Points (PDPs) horizontally,
-by splitting the data into multiple PDPs, each responsible for a subset of your tenants.
-
-Scaling up data with PDP sharding
-
-:::danger
-This feature is deprecated and will be sunsetted on September 1st 2025.
-We are taking other and a more flexible and scalable approach for dealing with high volume, stay tuned !
-:::
-
-## When to use PDP Sharding
-
-PDP Sharding is useful when you need to scale your PDP horizontally,
-In some cases it is more cost effective to run multiple smaller PDPs, than a single large one because the policy engines
-might not handle large amount of data as quickly as you need them to.
-
-# How it works ?
-
-Each PDP is run with a specific shard ID (a number between 0 and the number of shards - 1),
-each shard will have only the data of the tenants associated with it.
-On top of your PDPs an [Envoy server](https://www.envoyproxy.io/docs/envoy/latest/) will proxy each authorization query request to handle the consistent hashing algorithm
-that will be used to map each request by its tenant to the consistent shard responsible for it.
-This is done by utilizing Envoy's native support for “Hash ring” load balancing.
-That is, choosing an upstream host using a consistent hashing algorithm (“Ketama”).
-
-Data changes tracked by Permit.io are propagated to the specific PDP shard that is responsible for associated with them. The same consistent hashing algorithm will be used to map the data to the correct shard.
-
-## Basic Architecture
-
-The flow of an authorization request will be as follows:
-
-
-To achieve sharding, multiple PDPs should be run.
-Currently, a predetermined number of PDPs is assumed, although dynamic scaling would be available soon as well (upcoming feature).
-
-For each SDK query to reach the correct PDP instance (holding the shard that has the correct tenant id), we are using Envoy.
-The SDK is configured with Envoy’s address as its PDP, and Envoy forwards the requests based on the Tenant ID to the corresponding PDP.
-Permit.io's backend uses that very same sharding algorithm, Thus both the locally deployed Envoy proxy and the Permit.io backend are mapping the same tenant ids to the same shard ids.
-
-## Quickstart
-
-An Envoy container with a custom configuration should be deployed next to the set of PDPs.
-See quick guide [here](https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/run-envoy#override-the-default-configuration).
-The following steps will guide you through the process of setting up 7 shards PDP cluster with Envoy:
-
-1. Create the envoy configuration file named `envoy_custom.yaml` :
-
- ```yaml
- admin:
- address:
- socket_address: { address: 0.0.0.0, port_value: 9901 }
- static_resources:
- listeners:
- - name: sdk_requests
- address:
- socket_address: { address: 0.0.0.0, port_value: 10000 }
- filter_chains:
- - filters:
- - name: envoy.filters.network.http_connection_manager
- typed_config:
- "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
- stat_prefix: ingress_http
- codec_type: AUTO
- route_config:
- name: local_route
- virtual_hosts:
- - name: local_service
- domains: ["*"]
- routes:
- - match: { prefix: "/" }
- route:
- cluster: pdp_cluster
- hash_policy:
- - header:
- header_name: X-Tenant-Id
- http_filters:
- - name: envoy.filters.http.router
- typed_config:
- "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
- clusters:
- - name: pdp_cluster
- connect_timeout: 1s
- type: STRICT_DNS
- lb_policy: RING_HASH
- ring_hash_lb_config:
- maximum_ring_size: 1024
- dns_lookup_family: V4_ONLY
- load_assignment:
- cluster_name: pdp_cluster
- endpoints:
- - lb_endpoints:
- - endpoint:
- address:
- socket_address:
- address: pdp-shard-0
- port_value: 7000
- metadata:
- filter_metadata:
- envoy.lb:
- hash_key: "0"
- - endpoint:
- address:
- socket_address:
- address: pdp-shard-1
- port_value: 7000
- metadata:
- filter_metadata:
- envoy.lb:
- hash_key: "1"
- - endpoint:
- address:
- socket_address:
- address: pdp-shard-2
- port_value: 7000
- metadata:
- filter_metadata:
- envoy.lb:
- hash_key: "2"
- - endpoint:
- address:
- socket_address:
- address: pdp-shard-3
- port_value: 7000
- metadata:
- filter_metadata:
- envoy.lb:
- hash_key: "3"
- - endpoint:
- address:
- socket_address:
- address: pdp-shard-4
- port_value: 7000
- metadata:
- filter_metadata:
- envoy.lb:
- hash_key: "4"
- - endpoint:
- address:
- socket_address:
- address: pdp-shard-5
- port_value: 7000
- metadata:
- filter_metadata:
- envoy.lb:
- hash_key: "5"
- - endpoint:
- address:
- socket_address:
- address: pdp-shard-6
- port_value: 7000
- metadata:
- filter_metadata:
- envoy.lb:
- hash_key: "6"
- ```
-
-2. Perform HTTP request to notify a migration to sharded PDP cluster is being made ( this request must be done with env level api-key ), the response json will contain a `client_secret` that should be used in the next steps as the new cluster PDP_API_KEY:
-
- ```bash
- curl https://api.permit.io/v2/pdps/{proj_id}/{env_id}/configs/migrate-shards \
- -X POST \
- -H "Authorization: Bearer " \
- -H "Content-Type: application/json" \
- -d '{
- "num_shards": 7
- }'
- ```
-
-3. Copy the following docker-compose file to your local machine and replace the `` with your API key and `` with the path to the envoy configuration file you created in step 1:
-
- ```yaml
- version: "3.9"
- networks:
- pdp-net:
- name: pdp-net
- services:
- envoy-proxy:
- image: envoyproxy/envoy:v1.26-latest
- networks:
- - pdp-net
- ports:
- - "9901:9901"
- - "10000:10000"
- volumes:
- - ":/conf"
- command:
- - "-c /conf/envoy_custom.yaml"
- pdp-shard-0:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=0
- ports:
- - "18180:8181"
- pdp-shard-1:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=1
- ports:
- - "18181:8181"
- pdp-shard-2:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=2
- ports:
- - "18182:8181"
- pdp-shard-3:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=3
- ports:
- - "18183:8181"
- pdp-shard-4:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=4
- ports:
- - "18184:8181"
- pdp-shard-5:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=5
- ports:
- - "18185:8181"
- pdp-shard-6:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=6
- ports:
- - "18186:8181"
- ```
-
-4. Execute the docker-compose file using the following command:
-
- ```bash
- docker-compose up
- ```
-
-5. Perform HTTP request to notify a migration to sharded PDP cluster is being made ( this request must be done with env level api-key ), the response json will contain a `client_secret` that should be used in the next steps as the new cluster PDP_API_KEY:
-
- ```bash
- curl https://api.permit.io/v2/pdps/{proj_id}/{env_id}/configs/migrate-shards \
- -X POST \
- -H "Authorization: Bearer " \
- -H "Content-Type: application/json" \
- -d '{
- "num_shards": 7
- }'
- ```
-
-6. Copy the following docker-compose file to your local machine and replace the `` with your API key and `` with the path to the envoy configuration file you created in step 1:
-
- ```yaml
- version: "3.9"
- networks:
- pdp-net:
- name: pdp-net
- services:
- envoy-proxy:
- image: envoyproxy/envoy:v1.26-latest
- networks:
- - pdp-net
- ports:
- - "9901:9901"
- - "10000:10000"
- volumes:
- - ":/conf"
- command:
- - "-c /conf/envoy_custom.yaml"
- pdp-shard-0:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=0
- ports:
- - "18180:8181"
- pdp-shard-1:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=1
- ports:
- - "18181:8181"
- pdp-shard-2:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=2
- ports:
- - "18182:8181"
- pdp-shard-3:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=3
- ports:
- - "18183:8181"
- pdp-shard-4:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=4
- ports:
- - "18184:8181"
- pdp-shard-5:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=5
- ports:
- - "18185:8181"
- pdp-shard-6:
- image: permitio/pdp-v2:0.2.19-rc.1
- networks:
- - pdp-net
- environment:
- - PDP_API_KEY=
- - PDP_SHARD_ID=6
- ports:
- - "18186:8181"
- ```
-
-7. Execute the docker-compose file using the following command:
-
- ```bash
- docker-compose up
- ```
-
-Finally you can send an authorization check request to the Envoy container:
-
-
-
-
-```bash
-curl http://localhost:10000/allowed \
- -X POST \
- -H "X-Tenant-Id: default" \
- -H "Authorization: Bearer " \
- -H "Content-Type: application/json" \
- -d '{
- "user": {
- "key": "user@example.com"
- },
- "resource": {
- "tenant": "default",
- "type": "document",
- },
- "action": "read"
- }'
-```
-
-
-
-
-```python
-await permit.check(
- # user
- "user@example.com",
- # action
- "read",
- # resource
- {
- "type": "document",
- "tenant": "default",
- },
-)
-```
-
-
-
-
-```javascript
-await permit.check(
- // user
- "user@example.com",
- // action
- "read",
- // resource
- {
- type: "document",
- tenant: "default",
- }
-);
-```
-
-
-
-
-**Note:** Sharded PDPs are currently available only for early-access-program customers, make sure to [contact us](https://io.permit.io/docs-to-slack) to get access to it.
diff --git a/docs/how-to/manage-data/use-external-data-source.mdx b/docs/how-to/manage-data/use-external-data-source.mdx
index c8b961371..1e1ef2596 100644
--- a/docs/how-to/manage-data/use-external-data-source.mdx
+++ b/docs/how-to/manage-data/use-external-data-source.mdx
@@ -13,14 +13,7 @@ project and environment IDs in the API endpoint URL - don't worry, our guide can
Out of the box, Permit automatically pulls in details about users, roles, and more from its cloud database to the PDP's policy engine,
setting a solid foundation for your policy.
-To view the the data structure loaded into PDPs used by default check out the API reference and the example [here]().
-Notice that this API is in EAP stage might be subject to changes !
-
-:::danger EAP
-
-Notice that this API is in EAP stage might be subject to changes !
-
-:::
+To view the data structure loaded into PDPs used by default check out the API reference and the example [here]().
## How to use External Data Sources in Permit
diff --git a/docs/how-to/use-audit-logs/debug-mode.mdx b/docs/how-to/use-audit-logs/debug-mode.mdx
index d9403e797..f9f1b85a8 100644
--- a/docs/how-to/use-audit-logs/debug-mode.mdx
+++ b/docs/how-to/use-audit-logs/debug-mode.mdx
@@ -80,20 +80,9 @@ To do se you can use the following guide:
:::note
Updating the configuration via the API will affect all PDPs using the updated PDP Configuration in the environment.
The PDP Config the PDP is using is determined based on the API Key the PDP runs with.
-
:::
-### Through the UI (Coming Soon)
-
-Another option to enable Debug Mode is through Permit's UI. To do that:
-
-1. Go to your Permit dashboard and make sure you have the relevant project and environment selected.
-2. Next, go to the **Audit Log** screen.
-3. In the top right corner, click on **Settings**.
-4. Click the toggle to change the default Debug Mode behavior on the PDPs in this environment.
-
-
:::note Default Behavior & Superseding Hierarchy
The configuration hierarchy for Debug Mode is as follows:
- If no configuration was set, the PDP will show debug information.
diff --git a/docs/integrations/gitops/custom_policy.mdx b/docs/integrations/gitops/custom_policy.mdx
index 27816f2c2..6d3fa5d0f 100644
--- a/docs/integrations/gitops/custom_policy.mdx
+++ b/docs/integrations/gitops/custom_policy.mdx
@@ -23,7 +23,7 @@ In some specific cases, you might want to create a special `Deny` rule that trum
For example, let's say we want to restrict access to a role `tmp-admin` only to a certain time boundary. This means that even if the configured policy returns `true`, the `Deny` rule will block access outside the allocated time.
## Writing Custom Policy
-Permit.io supports two open-source policy engines: OPA, and Cedar (More coming soon) to keep policy configuration flexible.
+Permit.io supports two open-source policy engines: OPA, and Cedar to keep policy configuration flexible.
Each engine has a Policy language to write policies: Rego and Cedar (respectively). This article will show an example of writing custom Rego code to extend Permit.io's policy configuration.
The first step to create custom policies is enabling the GitOps feature. This will allow you to create custom code.
diff --git a/docs/integrations/policy-engines/overview.mdx b/docs/integrations/policy-engines/overview.mdx
index 63b7b32bc..6c71aa7a2 100644
--- a/docs/integrations/policy-engines/overview.mdx
+++ b/docs/integrations/policy-engines/overview.mdx
@@ -24,11 +24,6 @@ Cedar agent is the easiest way to deploy and run Cedar.
-### Permit-Cedar Early Access
-
-Permit.io with Cedar is open to the public in [early-access](https://io.permit.io/permit-cedar-eap) - to secure your spot and to start having Permit.io generate and manage Cedar code for you, [fill out this form](https://io.permit.io/permit-cedar-eap), or reach out to us in our [Slack community](https://io.permit.io/community) (#cedar channel).
-
:::info
-Additional support for more policy languages and engines is coming soon.
-Join our [Slack community](https://io.permit.io/community) to learn about and suggest more
+We continually evaluate additional policy languages and engines. Join our [Slack community](https://io.permit.io/community) to follow updates or suggest the next integration.
:::
diff --git a/docs/manage-your-account/creating-environments.mdx b/docs/manage-your-account/creating-environments.mdx
index 060f3c76b..97da93c0c 100644
--- a/docs/manage-your-account/creating-environments.mdx
+++ b/docs/manage-your-account/creating-environments.mdx
@@ -54,7 +54,7 @@ curl 'https://api.permit.io/v2/projects//envs' \
```
-## Coping / Merging Environments (EAP)
+## Coping / Merging Environments
Environments can be copied into new environments or existing environments.
This is useful when you want to manage changes to the **Policy**, like adding a Resource, Role or Condition Set, in a controlled manner.
@@ -81,11 +81,6 @@ After testing the changes, we've merged the Development environment back into th
This way, you can manage changes to your policy, such as code changes in your CI/CD pipelines.
Read more about [Policy Life Cycle with Permit](/how-to/SDLC/CI-CD).
-:::info Early Access Program
-This feature is in **EAP** stage, which means it's in early access and might have some limitations.
-We recommend you test it in a non-production environment before using it in production.
-:::
-
### Copy Environments via API
You can copy an environment into a new environment or an existing environment via the API.
@@ -104,7 +99,7 @@ curl --location 'https://api.permit.io/v2/projects/{project_id}/envs/{env_id}/co
Read more about copying environments in the [API Documentation](https://api.permit.io/v2/redoc#tag/Environments/operation/copy_environment).
-### Copy Environment - Background API (EAP)
+### Copy Environment - Background API
For large environments, copying environments can take some time.
You can use the Background API to copy environments asynchronously.
@@ -146,7 +141,9 @@ When copying environments, the marked objects below are copied:
- [ ] Condition Sets Inheritance
- [x] Custom Policies [*](#custom-policies)
-
+
+
+### Custom Policies
When [using GitOps](/integrations/gitops/custom_policy) with a Custom Git Repository,
**all files** under the Environment's branch are copied into the new Environment's branch, including all Custom `.rego` Policy files.
diff --git a/docs/manage-your-account/workspace-settings.mdx b/docs/manage-your-account/workspace-settings.mdx
index e0687608a..fb880b11a 100644
--- a/docs/manage-your-account/workspace-settings.mdx
+++ b/docs/manage-your-account/workspace-settings.mdx
@@ -122,3 +122,9 @@ Environment-level API keys are automatically generated for new environments.
+
+## Data Processing Addendum (DPA)
+
+Permit offers a standard [Data Processing Addendum](https://www.permit.io/legal/data-processing-addendum) that you can review and adopt immediately. Enterprise and Pro (for an additional fee) customers can request a tailored DPA by contacting support or their customer success manager.
+
+You are never required to store personally identifiable information (PII) inside Permit’s control plane. You can rely entirely on opaque user identifiers, and if you must work with PII you can keep it solely on your self-hosted PDPs.
diff --git a/docs/overview/connecting-your-app.mdx b/docs/overview/connecting-your-app.mdx
index cb695502c..dcb190cef 100644
--- a/docs/overview/connecting-your-app.mdx
+++ b/docs/overview/connecting-your-app.mdx
@@ -64,6 +64,4 @@ Don't see logs? Use the **[troubleshooting](/how-to/use-audit-logs/troubleshooti
-:::note
-More SDK functionality coming soon.
-:::
+
diff --git a/docs/overview/how-does-it-work.mdx b/docs/overview/how-does-it-work.mdx
index 391503fd1..d9eef089e 100644
--- a/docs/overview/how-does-it-work.mdx
+++ b/docs/overview/how-does-it-work.mdx
@@ -73,8 +73,8 @@ Permit’s PDP consists of a **Policy Engine** and the **OPAL Client**:
which the policy engine interprets, providing a decision to any authorization query it is presented with.
Permit is [policy engine agnostic](/integrations/policy-engines/overview),
- currently supporting [Open Policy Agent](https://github.com/open-policy-agent/opa) and [AWS’ Cedar](https://github.com/cedar-policy),
- (With support for more policy engines coming soon), allowing you to choose the one most suitable for your needs.
+ currently supporting [Open Policy Agent](https://github.com/open-policy-agent/opa) and [AWS’ Cedar](https://github.com/cedar-policy),
+ allowing you to choose the one most suitable for your needs.
- **The OPAL Client** is deployed alongside the policy agent and keeps it up to date with the latest policy and data.
It does so by subscribing to topic-based Pub/Sub updates for both data and policy.
diff --git a/docs/sdk/rust/_category_.json b/docs/sdk/rust/_category_.json
index 4cc400f5f..4d873a5fc 100644
--- a/docs/sdk/rust/_category_.json
+++ b/docs/sdk/rust/_category_.json
@@ -1,5 +1,5 @@
{
- "label": "Rust (Coming Soon)",
+ "label": "Rust",
"position": 8,
"link": {
"type": "generated-index",
diff --git a/docs/sdk/rust/quickstart-rust.mdx b/docs/sdk/rust/quickstart-rust.mdx
deleted file mode 100644
index b5019c9d1..000000000
--- a/docs/sdk/rust/quickstart-rust.mdx
+++ /dev/null
@@ -1,11 +0,0 @@
-# Rust Quickstart
-
-Rust SDK for Permit.io is coming soon!
-We are planning to release the Rust SDK in the coming weeks (Q1 2024) and this page will be updated with the latest information.
-For now, you can use the [Permit.io REST API](https://api.permit.io/v2/redoc) to integrate Permit.io into your Rust application.
-
-:::tip Come Chat With Us!
-You can contact us in our Slack Community for any questions or feedback here -
-
-**[Join Our Slack Community!](https://permit-io.slack.com/join/shared_invite/zt-nz6yjgnp-RlP9rtOPwO0n0aH_vLbmBQ#/shared-invite/email)**
-:::
\ No newline at end of file
diff --git a/docusaurus.config.js b/docusaurus.config.js
index e93e60fdb..67858d6e4 100644
--- a/docusaurus.config.js
+++ b/docusaurus.config.js
@@ -180,10 +180,14 @@ const config = {
from: "/tutorials/deploying/overview",
to: "/how-to/deploy/overview",
},
- // FOAZ FIX
+ // Legacy URL Mapping redirect
{
from: "/frontend-only-authz/overview",
- to: "/foaz/overview",
+ to: "/how-to/enforce-permissions/url-mapping/url-mapping-check",
+ },
+ {
+ from: "/foaz/overview",
+ to: "/how-to/enforce-permissions/url-mapping/url-mapping-check",
},
{
from: "/features/policy-editor/editor-overview",
@@ -355,10 +359,6 @@ const config = {
from: "/features/loading-data/via-opal",
to: "/how-to/manage-data/loading-data",
},
- {
- from: "/concepts/pdp-sharding",
- to: "/how-to/manage-data/pdp-sharding",
- },
// Docs restructure iteration 1 - 5th March 2024
{
from: ["/getting-started/quickstart", "/overview/permit-demo"],
@@ -524,7 +524,7 @@ const config = {
{ from: "/category/elements", to: "/embeddable-uis/overview" },
{ from: "/category/erlang-beta", to: "/sdk/erlang/quickstart-erlang" },
{ from: "/category/php-beta", to: "/sdk/php/quickstart-php" },
- { from: "/category/rust-coming-soon", to: "/sdk/rust/quickstart-rust" },
+ { from: "/category/rust-coming-soon", to: "/sdk/sdks-overview" },
{
from: "/category/kotlin-beta",
to: "/sdk/kotlin/quickstart-kotlin",
diff --git a/sidebars.js b/sidebars.js
index c5d5c6fbf..5726bf523 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -329,15 +329,22 @@ const sidebars = {
},
items: [
"concepts/pdp/configuration",
- "concepts/pdp/factdb",
"how-to/manage-data/local-facts-uploader",
],
},
"how-to/enforce-permissions/check",
"how-to/enforce-permissions/bulk-check",
"how-to/enforce-permissions/data-filtering",
- "foaz/url-mapping-check",
- "foaz/regex-url-mapping-check",
+ {
+ type: "category",
+ label: "URL-based enforcement",
+ items: [
+ "how-to/enforce-permissions/url-mapping/url-mapping-check",
+ "how-to/enforce-permissions/url-mapping/regex-url-mapping-check",
+ "how-to/enforce-permissions/url-mapping/fetching-jwks",
+ "how-to/enforce-permissions/url-mapping/configuring-jwks",
+ ],
+ },
{
type: "category",
label: "Permission Queries",
@@ -383,7 +390,6 @@ const sidebars = {
"how-to/manage-data/use-external-data-source",
"how-to/manage-data/local-facts-uploader",
"how-to/bulk-operations",
- "how-to/manage-data/pdp-sharding",
],
},
],
@@ -430,11 +436,6 @@ const sidebars = {
},
],
},
- {
- type: "category",
- label: "Managed Frontend Deployment",
- items: [{ type: "autogenerated", dirName: "foaz" }],
- },
{
type: "doc",
label: "Policy Decision Point (PDP)",
@@ -649,11 +650,6 @@ const sidebars = {
id: "sdk/cpp/quickstart-cpp",
label: "C++ (Beta)",
},
- {
- type: "doc",
- id: "sdk/rust/quickstart-rust",
- label: "Rust (Coming Soon)",
- },
{
type: "doc",
id: "sdk/sdks-overview",
@@ -752,7 +748,6 @@ const sidebars = {
items: ["authentication/cognito/cognito-demo-app"],
},
"authentication/stytch/permit-integration",
- "authentication/fusionauth",
"authentication/supertokens",
"authentication/hankopermit",
"authentication/logto",
diff --git a/src/components/home-page/home-cards-links.js b/src/components/home-page/home-cards-links.js
index 66f19fb99..979fd2e65 100644
--- a/src/components/home-page/home-cards-links.js
+++ b/src/components/home-page/home-cards-links.js
@@ -204,7 +204,7 @@ export const enforcementRow = [
},
{
type: "link",
- href: "/foaz/url-mapping-check/",
+ href: "/how-to/enforce-permissions/url-mapping/url-mapping-check",
label: "URL Mapping",
svgIcon: ,
description: "Map and secure routes with access control",
diff --git a/src/sdks/factDB/allow-factdb-env/example.bash b/src/sdks/factDB/allow-factdb-env/example.bash
deleted file mode 100644
index 71ef7e91c..000000000
--- a/src/sdks/factDB/allow-factdb-env/example.bash
+++ /dev/null
@@ -1,8 +0,0 @@
-curl -X PATCH 'https://api.permit.io/v2/projects/{proj_id}/envs/{env_id}' \
- -H 'Content-Type: application/json' -H 'Accept: application/json' \
- -H 'Authorization : Bearer {api_key}' \
- --data-raw '{
- "settings": {
- "factdb_enabled":true
- }
- }'
\ No newline at end of file
diff --git a/src/sdks/factDB/available-table-schema/example.bash b/src/sdks/factDB/available-table-schema/example.bash
deleted file mode 100644
index 13ad2f290..000000000
--- a/src/sdks/factDB/available-table-schema/example.bash
+++ /dev/null
@@ -1,2 +0,0 @@
-> .tables
-# instances relationship_tuples user_tenant_assoc offsets role_assignments users
\ No newline at end of file
diff --git a/src/sdks/factDB/enable-factdb-pdp/example.bash b/src/sdks/factDB/enable-factdb-pdp/example.bash
deleted file mode 100644
index a8a933901..000000000
--- a/src/sdks/factDB/enable-factdb-pdp/example.bash
+++ /dev/null
@@ -1,5 +0,0 @@
-docker run -it -p 7766:7000 \
- --name pdp-online \
- --env PDP_API_KEY= \
- --env PDP_FACTDB_ENABLED=true \
- permitio/pdp-v2:latest
\ No newline at end of file
diff --git a/src/sdks/factDB/existing-settings/example.bash b/src/sdks/factDB/existing-settings/example.bash
deleted file mode 100644
index d0ca89ca4..000000000
--- a/src/sdks/factDB/existing-settings/example.bash
+++ /dev/null
@@ -1,2 +0,0 @@
-curl -X GET 'https://api.permit.io/v2/projects/{proj_id}/envs/{env_id}' \
- -H 'Accept: application/json' -H 'Authorization : Bearer {api_key}'
\ No newline at end of file
diff --git a/src/sdks/factDB/extracting-data/example.bash b/src/sdks/factDB/extracting-data/example.bash
deleted file mode 100644
index 48b69c494..000000000
--- a/src/sdks/factDB/extracting-data/example.bash
+++ /dev/null
@@ -1,6 +0,0 @@
-docker run -it -p 7766:7000 \
- --env PDP_API_KEY= \
- --env PDP_FACTDB_ENABLED=true \
- --env PDP_ENABLE_OFFLINE_MODE=true \
- -v ./pdp-backup:/app/backup:rw \
- permitio/pdp-v2:latest
\ No newline at end of file
diff --git a/src/sdks/factDB/factdb-legacy/example.bash b/src/sdks/factDB/factdb-legacy/example.bash
deleted file mode 100644
index b312c14f2..000000000
--- a/src/sdks/factDB/factdb-legacy/example.bash
+++ /dev/null
@@ -1,9 +0,0 @@
-curl -X PATCH 'https://api.permit.io/v2/projects/{proj_id}/envs/{env_id}' \
- -H 'Content-Type: application/json' -H 'Accept: application/json' \
- -H 'Authorization : Bearer {api_key}' \
- --data-raw '{
- "settings": {
- "factdb_enabled":true,
- "allow_legacy_data_store":true
- }
- }'
\ No newline at end of file
diff --git a/src/sdks/factDB/inspecting-data-inside/example.bash b/src/sdks/factDB/inspecting-data-inside/example.bash
deleted file mode 100644
index e971d140f..000000000
--- a/src/sdks/factDB/inspecting-data-inside/example.bash
+++ /dev/null
@@ -1,3 +0,0 @@
-> .mode column
-> .headers on
-> SELECT id, actor, role, tenant, resource FROM role_assignments LIMIT 10;
\ No newline at end of file
diff --git a/src/sdks/factDB/inspecting-data/example.bash b/src/sdks/factDB/inspecting-data/example.bash
deleted file mode 100644
index 11648a203..000000000
--- a/src/sdks/factDB/inspecting-data/example.bash
+++ /dev/null
@@ -1 +0,0 @@
-sqlite3 ./pdp-backup/factdb/fact.[id].db
\ No newline at end of file
diff --git a/src/sdks/factDB/start-new-pdp-network-none/example.bash b/src/sdks/factDB/start-new-pdp-network-none/example.bash
deleted file mode 100644
index 5f9668331..000000000
--- a/src/sdks/factDB/start-new-pdp-network-none/example.bash
+++ /dev/null
@@ -1,8 +0,0 @@
-docker run -it -p 7766:7000 \
- --name pdp-offline \
- --network none \
- --env PDP_API_KEY= \
- --env PDP_FACTDB_ENABLED=true \
- --env PDP_ENABLE_OFFLINE_MODE=true \
- -v pdp-offline-backup:/app/backup:rw \
- permitio/pdp-v2:latest
\ No newline at end of file
diff --git a/src/sdks/factDB/start-new-pdp-with-volume/example.bash b/src/sdks/factDB/start-new-pdp-with-volume/example.bash
deleted file mode 100644
index 9b3117ff7..000000000
--- a/src/sdks/factDB/start-new-pdp-with-volume/example.bash
+++ /dev/null
@@ -1,7 +0,0 @@
-docker run -it -p 7766:7000 \
- --name pdp-online \
- --env PDP_API_KEY= \
- --env PDP_FACTDB_ENABLED=true \
- --env PDP_ENABLE_OFFLINE_MODE=true \
- -v pdp-offline-backup:/app/backup:rw \
- permitio/pdp-v2:latest
\ No newline at end of file
diff --git a/src/sdks/factDB/volume-for-pdp-backup/example.bash b/src/sdks/factDB/volume-for-pdp-backup/example.bash
deleted file mode 100644
index 29be8b2c6..000000000
--- a/src/sdks/factDB/volume-for-pdp-backup/example.bash
+++ /dev/null
@@ -1 +0,0 @@
-docker volume create pdp-offline-backup
\ No newline at end of file
diff --git a/static/img/abac/user-attributes-json-1.png b/static/img/abac/user-attributes-json-1.png
index d0321f339..fa7359b1f 100644
Binary files a/static/img/abac/user-attributes-json-1.png and b/static/img/abac/user-attributes-json-1.png differ
diff --git a/static/img/foaz/foaz-create-proxy-config-example.png b/static/img/foaz/foaz-create-proxy-config-example.png
deleted file mode 100644
index 0e1272e13..000000000
Binary files a/static/img/foaz/foaz-create-proxy-config-example.png and /dev/null differ
diff --git a/static/img/foaz/foaz-create-proxy-config.png b/static/img/foaz/foaz-create-proxy-config.png
deleted file mode 100644
index c5a030a88..000000000
Binary files a/static/img/foaz/foaz-create-proxy-config.png and /dev/null differ
diff --git a/static/img/foaz/foaz-delete-proxy-config.png b/static/img/foaz/foaz-delete-proxy-config.png
deleted file mode 100644
index 3d04c1a69..000000000
Binary files a/static/img/foaz/foaz-delete-proxy-config.png and /dev/null differ
diff --git a/static/img/foaz/foaz-get-proxy-config.png b/static/img/foaz/foaz-get-proxy-config.png
deleted file mode 100644
index e4b5c010d..000000000
Binary files a/static/img/foaz/foaz-get-proxy-config.png and /dev/null differ
diff --git a/static/img/foaz/foaz-mapping-rule.png b/static/img/foaz/foaz-mapping-rule.png
deleted file mode 100644
index dc0331bc8..000000000
Binary files a/static/img/foaz/foaz-mapping-rule.png and /dev/null differ
diff --git a/static/img/foaz/foaz-ui-old.png b/static/img/foaz/foaz-ui-old.png
deleted file mode 100644
index dc3eb1772..000000000
Binary files a/static/img/foaz/foaz-ui-old.png and /dev/null differ
diff --git a/static/img/foaz/foaz-update-proxy-config-example.png b/static/img/foaz/foaz-update-proxy-config-example.png
deleted file mode 100644
index 6d03a049b..000000000
Binary files a/static/img/foaz/foaz-update-proxy-config-example.png and /dev/null differ
diff --git a/static/img/foaz/foaz-update-proxy-config.png b/static/img/foaz/foaz-update-proxy-config.png
deleted file mode 100644
index 55f69d097..000000000
Binary files a/static/img/foaz/foaz-update-proxy-config.png and /dev/null differ
diff --git a/static/img/foaz/foaz.png b/static/img/foaz/foaz.png
deleted file mode 100644
index 02dba6a0e..000000000
Binary files a/static/img/foaz/foaz.png and /dev/null differ
diff --git a/static/img/foaz/secret-config.png b/static/img/foaz/secret-config.png
deleted file mode 100644
index 8b23438d8..000000000
Binary files a/static/img/foaz/secret-config.png and /dev/null differ
diff --git a/static/img/foaz/foaz-4.png b/static/img/url-mapping/json-editor.png
similarity index 100%
rename from static/img/foaz/foaz-4.png
rename to static/img/url-mapping/json-editor.png
diff --git a/static/img/foaz/foaz-2.png b/static/img/url-mapping/jwks-config.png
similarity index 100%
rename from static/img/foaz/foaz-2.png
rename to static/img/url-mapping/jwks-config.png
diff --git a/static/img/foaz/mapping-rules.png b/static/img/url-mapping/mapping-rules.png
similarity index 100%
rename from static/img/foaz/mapping-rules.png
rename to static/img/url-mapping/mapping-rules.png
diff --git a/static/img/foaz/foaz-3.png b/static/img/url-mapping/select-env.png
similarity index 100%
rename from static/img/foaz/foaz-3.png
rename to static/img/url-mapping/select-env.png
diff --git a/static/img/foaz/foaz-1.png b/static/img/url-mapping/settings.png
similarity index 100%
rename from static/img/foaz/foaz-1.png
rename to static/img/url-mapping/settings.png
diff --git a/static/img/foaz/foaz-ui.png b/static/img/url-mapping/ui.png
similarity index 100%
rename from static/img/foaz/foaz-ui.png
rename to static/img/url-mapping/ui.png
diff --git a/versioned_docs/version-1.0.0/features/coming-soon.mdx b/versioned_docs/version-1.0.0/features/coming-soon.mdx
deleted file mode 100644
index cbe168b2c..000000000
--- a/versioned_docs/version-1.0.0/features/coming-soon.mdx
+++ /dev/null
@@ -1,106 +0,0 @@
----
-sidebar_position: 5
-title: Coming Soon
----
-
-import NoZoomImage from "@site/src/components/NoZoomImage";
-
-# Features - Coming Soon! đź“…
-
-There are **so many** experiences needed for common access-controls in products, and we are making our best
-efforts to add the incredible features step-by-step.
-
-Below are a few of the features we are currently working on.
-
-
Smash the Like button!
-
-Click the **Like button** to help us prioritize our work on these features.
-
-## Current Approved Features 🔑
-
-### API Key Management
-
-Access to your product shouldn't be limited to humans.
-With this feature add **API Key Management** to your product with ease, and enable
-your developers to **create**, **rollout**, **delete** and **assign** different permissions for different API Keys,
-providing secure developer access.
-
-
-
-
-### Impersonation
-
-More often than not, you need to see your application with the eyes of your users.
-Impersonation provides an easy to use "**view as**" capability.
-
-
-
-
-### Permission Requests
-
-Allow your users to **request permissions** to features, resources or other assets they don't have access to.
-Manage requests across the application in your back-office, and allow users with the correct permissions to approve those requests.
-
-
-
-
-### Approval Flows
-
-Access shouldn't be flat - protect critical paths with approval flows.
-**Require users** to ask for **additional approval** from their team as part of a process (e.g. manager approving employee submissions).
-
-
-
-
-
Do you need or want to suggest a feature? We want to hear from you!
-
-
đź’¬ Slack Community
-
-The easiest way to **[reach out to us is via our Slack community](https://io.permit.io/docs-to-slack)** - you're welcome to join, ask questions, and see what others are asking / working on.
-
-
-
-
📧 Email & Zoom
-
-Do you have a more specific question? You can reach out to us via classic email at **[support@permit.io](mailto:support@permit.io)**.
-Want a deep dive with our team? You can even **[schedule a Zoom call with us](https://calendly.com/permitio/meeting)**.
diff --git a/versioned_docs/version-1.0.0/tutorials/quickstart.mdx b/versioned_docs/version-1.0.0/tutorials/quickstart.mdx
index 5f22ce85d..a86bba9ec 100644
--- a/versioned_docs/version-1.0.0/tutorials/quickstart.mdx
+++ b/versioned_docs/version-1.0.0/tutorials/quickstart.mdx
@@ -49,7 +49,3 @@ Don't see logs? Use the **[troubleshooting](/1.0.0/features/Audit%20Logs/trouble
:::
-
-:::note
-More SDK functionality coming soon.
-:::
diff --git a/versioned_sidebars/sidebars.js b/versioned_sidebars/sidebars.js
index 41dc08090..701cd438e 100644
--- a/versioned_sidebars/sidebars.js
+++ b/versioned_sidebars/sidebars.js
@@ -157,16 +157,6 @@ const sidebars = {
},
],
},
- {
- type: "doc",
- id: "features/FoAz",
- label: "Frontend-only Authz (FoAz)",
- },
- {
- type: "doc",
- id: "features/coming-soon",
- label: "Coming Soon",
- },
],
},
{
@@ -194,11 +184,6 @@ const sidebars = {
id: "concepts/pdp",
label: "Policy Decision Point",
},
- {
- type: "doc",
- id: "concepts/pdp-sharding",
- label: "PDP Sharding",
- },
],
},
{
diff --git a/versioned_sidebars/version-1.0.0-sidebars.json b/versioned_sidebars/version-1.0.0-sidebars.json
index 4d5256254..607bacac1 100644
--- a/versioned_sidebars/version-1.0.0-sidebars.json
+++ b/versioned_sidebars/version-1.0.0-sidebars.json
@@ -45,12 +45,8 @@
"type": "autogenerated",
"dirName": "features/Audit Logs"
}
- ]
- },
- {
- "type": "doc",
- "id": "version-1.0.0/features/coming-soon"
- }
+ ]
+ }
]
},
{
-