Concepts: Zookie

A Zookie is an opaque cookie passed to and from the Authzed API to ensure that permissions are not stale when checked against specific objects.

Zookies are passed from Write calls to clients and sent back from clients to Authzed in Check and Expand calls.

Why is a Zookie needed?#

A Zookie is necessary for Authzed to ensure that the New Enemy Problem cannot occur.


Zookies also allow Authzed to optimize the lookup of permissions: if the relations or objects have not changed in some time and by knowing that we have the sufficiently fresh copy of the permissions in a local cache, Authzed can use the cache rather than fetching from another node.

Storing and Using Zookies#

It is generally recommend to store the Zookie returned by Write next to the object in your own database, and then to give it back to the Authzed API on all Check and Expand calls for that object.