API Reference: Write Namespace Configuration

A write namespace configuration request is used to create or updated the configuration for a namespace in an Authzed Tenant.

Writing a namespace configuration is typically the first API call made to Authzed after the creation of a tenant.

warning

Note that a write namespace configuration will overwrite any existing namespace with the same name in the tenant.

gRPC Endpoint#

NamespaceService.WriteConfig

Request#

Parameters#

NameTypeRequired
configNamespaceDefinitionYes

Request Definition#

message WriteConfigRequest {
NamespaceDefinition config = 2;
}
message NamespaceDefinition {
string name = 1;
repeated Relation relation = 2;
}
Remaining Protocol Buffers for definining namespaces
message Relation {
string name = 1;
UsersetRewrite userset_rewrite = 2;
}
message UsersetRewrite {
oneof rewrite_operation {
SetOperation union = 1;
SetOperation intersection = 2;
SetOperation exclusion = 3;
}
}
message SetOperation {
message Child {
message This {}
oneof child_type {
This _this = 1;
ComputedUserset computed_userset = 2;
TupleToUserset tuple_to_userset = 3;
UsersetRewrite userset_rewrite = 4;
}
}
repeated Child child = 1;
}
message TupleToUserset {
message Tupleset { string relation = 1; }
Tupleset tupleset = 1;
ComputedUserset computed_userset = 2;
}
message ComputedUserset {
enum Object { TUPLE_OBJECT = 0; TUPLE_USERSET_OBJECT = 1; }
Object object = 1;
string relation = 2;
}

Request Example#

{
config: {
name: "tenantslug/document"
relation: [
{
name: "viewer"
}
]
}
}

Response#

The response of a write namespace configuration call will contain the initial Zookie for the namespace.

Response Definition#

message WriteConfigResponse { Zookie revision = 1; }
message Zookie { string token = 1; }

Response Example#

{
revision { token: "CAESAggB" }
}

Errors#

  • INVALID_ARGUMENT: a provided value has failed to semantically validate

For more generic failures, see the gRPC Status Code documentation.

Code Samples#

Code Sample Parameter Values
Parameter NameValueDescription
Tenant SlugThe slug for your tenant
TokenYour token
NamespaceThe namespace to be written
Relation NameThe name of a relation for the namespace
grpcurl -rpc-header "authorization: Bearer t_my_token" -d \
'{
"config": {
"name": "someslug/resource",
"relation": [
{ "name": "viewer" }
]
}
}' \
grpc.authzed.com:443 NamespaceService.WriteConfig