PxPermix
Developer-first authorization platformJava SDK v0.1.5 now available

Ship secure authorization flows without slowing product velocity.

One policy engine for RBAC, ABAC, JWT, and OAuth2 decisions at scale — with first-class SDKs for TypeScript, Go, Python, Java (Spring Boot & Quarkus), and Rust.

< 10ms

P95 decision latency

v0.1.5

Java SDK (Maven Central)

MIT

Open-source license

Start with Quick StartJava SDK docs
1@RestController
2public class ProjectController {
3 
4 @GetMapping("/projects/{id}")
5 @Resource(
6 name = "project:read",
7 defaultRoles = {"admin", "viewer"}
8 )
9 public Project getProject(
10 @PathVariable String id
11 ) {
12 return projectService.findById(id);
13 }
14}
Live product preview

One control plane for every authorization decision

Browse policies, test decisions, provision tenants, and connect identity providers — all from one console. Click any item below to walk through it.

permix.dev/admin

ABAC Policies

38 active · evaluated per request

Step 1 / 5
  • invoice:read
    allowp=10
    user.department == "Finance"
  • project:deploy
    allowp=50
    env in ["staging", "dev"]
  • admin:*
    denyp=100
    user.suspended == true
  • report:export
    allowp=25
    user.clearance_level >= 3

Decisions

live
  • user_a14f
    invoice:read · read
    2.1ms
  • svc_8x21
    admin:delete · delete
    1.4ms
  • user_b09c
    project:deploy · deploy
    3.2ms
  • user_c2e7
    report:export · export
    1.8ms
  • svc_5n08
    tenant:write · write
    1.1ms

Throughput

48k/s

P95

2.4ms

Allow rate

92%

Tenants

8

Mode: saas|Casbin v2 · ABAC engine v1.0All systems operational

Trusted by engineering teams building secure platforms

Nova Cloud
Acme Infra
Vector Labs
Northstar AI
Mercury Fintech
Atlas Commerce
Features

Purpose-built primitives for modern authorization systems.

Compose policy and identity decisions with an API-first model designed for reliability, velocity, and auditability.

RBAC + ABAC in one engine

Casbin RBAC and a JSON attribute engine run on every check call. One API, two models, zero compromise.

Attribute-based conditions

Build AND/OR condition trees against any namespaced attribute — department, clearance level, resource classification.

Low-latency decisions

In-process policy cache per tenant. P95 ABAC evaluation under 2ms for up to 500 active policies.

SaaS & self-hosted modes

Single binary, two modes. SaaS gives every tenant its own JWKS validator and data isolation. Self-hosted is zero-config.

Kubernetes-ready health probes

Built-in /healthz/live and /healthz/ready check PostgreSQL and Casbin. No sidecar required.

Composable SDK ecosystem

Java SDK for Spring Boot and Quarkus. TypeScript, Go, and Python clients ship with typed request models and retries.

Provider-agnostic JWT

Validates RS256 and ES256 tokens from any OIDC provider — Keycloak, Auth0, Okta, or your own. Per-issuer ValidatorCache in SaaS mode.

Tenant isolation at the DB layer

Every resource, policy, and rule row carries tenant_id. SaaS-mode queries always include WHERE tenant_id = ? — no cross-tenant bleed.

Soft-delete audit trail

ABAC policies are never hard-deleted. deleted_at timestamps give you a full history for compliance and incident analysis.

Java SDK auto-registers

On startup, authorization-core scans all @Resource methods and POSTs them to the platform. Roles and policies are managed centrally.

authorization-core — Java SDK
Java & JVM support

Drop-in authorization for Spring Boot and Quarkus.

One Maven dependency gives you a declarative @Resource annotation that wires directly into the authorization platform — no boilerplate, no extra configuration class.

  • Zero-boilerplate — annotate any method or class with @Resource
  • Auto-registers resources with Permix on startup
  • Spring Boot auto-configuration via spring.factories
  • Quarkus CDI interceptor support out of the box
  • Client-credentials token refresh handled automatically
  • Toggle enforcement per environment with a single config flag
Read Java SDK docsMaven Central

0.1.5

Current version

MIT

License

Java 17

Java baseline

Spring · Quarkus

Frameworks

<dependency>
  <groupId>io.gitlab.ctu-iotlab</groupId>
  <artifactId>com.authorization.core</artifactId>
  <version>0.1.5</version>
</dependency>
API-first architecture

Designed as a control plane for distributed authorization.

Use one management API and one decision API across app backends, edge workers, and internal services.

Policy Decision Point

Stateless decision API evaluates policy bundles with deterministic outcomes and sub-10ms latency.

Policy Administration

Version policy definitions, run simulations in CI, and release safely using environment promotion.

Data Connectors

Stream principals, resources, and attributes from your source-of-truth systems with replay support.

Security and scalability

Production hardening from day one.

Run critical permission checks with confidence across single-tenant and multi-tenant environments.

Platform guarantees

Reliability and compliance defaults suitable for SaaS and enterprise workloads.

  • Regional failover with consistent policy snapshots
  • At-rest and in-transit encryption with tenant-aware keying
  • Signed decision logs and immutable audit history
  • Rate-limiting and adaptive abuse prevention
Code examples

Integrate decision checks in minutes.

Use first-party SDKs and typed clients for low-friction implementation across any stack.

import { PermixClient } from "@permix/sdk"

const client = new PermixClient({
  apiKey: process.env.PERMIX_API_KEY!,
})

const decision = await client.decisions.check({
  tenantId: "tenant_prod_42",
  principal: { id: "user_123", roles: ["editor"] },
  resource: { type: "document", id: "doc_91" },
  action: "read",
})

if (!decision.allow) throw new Error("Forbidden")
SDK support

Consistent API ergonomics in every language.

Unified concepts across SDKs make it simple for polyglot teams. The Java SDK adds a unique annotation-first model for Spring Boot and Quarkus.

Explore all SDKsJava SDK

Official SDKs

Generated clients, typed request models, retries, and observability hooks.

TypeScriptnpm
Gogo get
Pythonpip
Java (Spring Boot)maven
Java (Quarkus)maven
Rustcargo
cURL / HTTPrest
Developer experience

Built for teams that care about velocity and correctness.

Ship secure authorization without forcing every product team to become policy experts.

CLI and local playground

Test policy scenarios locally before they hit production traffic.

Typed API schemas

OpenAPI and SDK generation keep consumers and backend contracts aligned.

Policy CI checks

Block breaking policy changes with deterministic simulation tests.

Pricing

Simple plans from startup to enterprise.

Start free, scale with usage, and move to enterprise controls when you need advanced governance.

Starter

$0

For prototypes and side projects.

  • Up to 100K checks/month
  • 1 project
  • Community support
Start free

Growth

$199

For production SaaS teams.

  • Up to 20M checks/month
  • Unlimited projects
  • SAML + SCIM
  • Priority support
Book a demo

Enterprise

Custom

For regulated and large-scale environments.

  • Dedicated regions
  • Advanced compliance controls
  • Private networking
  • 24/7 support SLA
Talk to sales
What teams say

Adopted by platform and security engineers.

Permix gave our platform team a single control plane for every permission decision.

Lena D.Staff Engineer, Atlas Commerce

We replaced fragmented access checks with auditable policy workflows in under two weeks.

Mikael R.Head of Security, Northstar AI

The SDK ergonomics and docs quality are exactly what a developer platform should feel like.

Priya S.Principal Engineer, Nova Cloud

Ready to centralize authorization across your platform?

Start free, integrate in one afternoon, and scale to billions of decisions with built-in observability and policy governance.

Build your first policyRead API docs