The Authorization API

Your app's authorization is now fully programmable, observable, testable, and documented.

Platform Engineering Teams 🤍 Oso

Your authorization is complex

  • Authorization code is ad hoc, fragile, and all over the place
  • You have complex use cases like hierarchical models, fine-grained authorization, and custom roles
  • You have multiple services or microservices
Read about why authorization is hard

Oso is
Authorization as a Service

  • Authorization API – testable, debuggable, observable system
  • Central place for all authorization logic and data
  • List filtering
  • RBAC, ReBAC,  ABAC – and fully extensible
  • Cloud, hybrid, or on-prem for 99.99% uptime and <10 ms latency

How Oso Cloud works


Model your domain

  • Lay out who's allowed to do what in the Oso Modeler
  • Start with primitives for common patterns like multi-tenancy and Admins
  • Preview code


  • Write tests via assertions
  • Debug failed tests using Explain
  • Get suggestions for how to fix broken tests


  • Integrate the Oso Cloud SDK (Python, Node.js, Go, Ruby, .NET)
  • Send authorization data
  • Make authorization checks

Learn authorization best practices

Read a series of technical guides that explains how to build authorization into an app, including architecture, modeling patterns, enforcement, and more — whether you use Oso or not.
Read Authorization Academy

Platform Engineering Teams 🤍 Oso

Will Flynt
Principal Engineer, Amazon

“I'm sold on this way ahead for the known future. Oso has nailed the abstractions. That’s the hardest part to get right, and the hardest part to change later.”

Nicholas Matison
Senior Engineer, Wayfair

“We needed to manage authorization across all of our new microservices. The answer was the Oso authorization framework."

Brian Scanlan
Engineer, Intercom

“Oso is excellent and well worth taking a look at...As we moved upmarket, being able to consistently and accurately implement authz features helped us move a lot faster - and resolved a never ending source of bugs and confusion.”

Derick Matamoros
Lead Engineer, Oyster HR

“It used to take us months to add new roles. Using Oso has enabled us to reduce that time a ton. The Oso team has also been very helpful, making our migration super smooth.”

Jiří Brunclík,
VP Engineering, Productboard

"We reviewed multiple solutions - Oso came out on top for its superior developer experience, scalable and consistent performance, and the flexibility to match all our needs.”

Ali Ziel
Engineer, Spruce

“Our experience with Oso Cloud has been great – both the product and the team behind it. Its flexibility and how powerful it is are what stand out.”

Raven Jiang
CTO, Arc

"Oso has the most intuitive model; it’s the most mature, with the best tooling and docs; and the support has been unreal.”

Andrew McClain
Founding Engineer, Sesh

“Oso gives us everything we need to solve authorization – conceptually and implementation-wise. It's just the right amount of magic."

KC Chintalapati
Engineer, Fiddler

“Oso was the fastest path to building roles and has been incredible – easy to wrap our heads around, great docs, and makes life much simpler.”

Let's see some code.