Skip to content
Kilpi
Docs
Protecting actions

Protecting actions

Protecting actions

Protecting actions is simple with Kilpi. You have two options: use the throw -based protection API or the manual protection API. Read more about the APIs.

Examples

With throw -based API.

export async function deleteComment(commentId: string) {
  await Kilpi.authorize("comments:delete", { commentId });
  await db.deleteComment(commentId);
}

With manual API.

export async function deleteComment(commentId: string) {
  if (!(await Kilpi.isAuthorized("comments:delete", { commentId }))) {
    return;
  }
  await db.deleteComment(commentId);
}
Home Docs Articles

Getting started

Introduction Quickstart Project structure Examples Gradual adoption Support development Usage on client

Installation

Express Hono Koa Nest.js Next Oak

Concepts

Authorization object Hooks Plugin Policy Protected query Scope Subject

Guides

Protection basics Apply to UI Protecting actions Protecting pages Protecting queries

Reference

createKilpi createKilpiClient

Plugins

Audit Plugin Endpoint Plugin React Client Plugin React RSC Plugin

Advanced

ABAC RBAC ReBAC Permissions