Frontegg
Frontegg Entitlements Agent (PDP)

The Frontegg Entitlements Agent is a Policy Decision Point (PDP) that runs locally inside customer infrastructure to evaluate entitlements with millisecond latency. Default listen port 8181. Java and Node.js bindings ship as separate SDKs.
Documentation GitHub OpenAPI
OpenAPI Specification

openapi: 3.0.0
paths:
  /v1/data/e10s/features/is_entitled_to_input_feature:
    post:
      operationId: OpenApiPDPController_isEntitledToFeature
      summary: Is Entitled to Feature
      description: Check whether a specific account (tenant) or user is entitled to access a requested feature based on their permissions, attributes, and entitlement configuration.
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              properties:
                input:
                  properties:
                    subjectContext:
                      $ref: '#/components/schemas/SubjectContext'
                    requestContext:
                      $ref: '#/components/schemas/IsEntitledToFeatureDto'
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PDPResponse'
      tags:
      - Entitlements Check
  /v1/data/e10s/permissions/is_entitled_to_input_permission:
    post:
      operationId: OpenApiPDPController_isEntitledToPermission
      summary: Is Entitled to Permission
      description: Check whether a specific user is entitled to access a requested permission based on their role assignments and account (tenant) configuration.
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              properties:
                input:
                  properties:
                    subjectContext:
                      $ref: '#/components/schemas/SubjectContext'
                    requestContext:
                      $ref: '#/components/schemas/IsEntitledToPermissionDto'
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PDPResponse'
      tags:
      - Entitlements Check
  /v1/data/e10s/routes/is_entitled_to_input_route:
    post:
      operationId: OpenApiPDPController_isEntitledToRoute
      summary: Is Entitled to Route
      description: Check whether a specific account (tenant) or user is entitled to access a requested route based on the HTTP method, path, and their associated permissions or feature entitlements.
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              properties:
                input:
                  properties:
                    subjectContext:
                      $ref: '#/components/schemas/SubjectContext'
                    requestContext:
                      $ref: '#/components/schemas/IsEntitledToRouteDto'
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PDPResponse'
      tags:
      - Entitlements Check
info:
  title: Entitlements Agent (PDP)
  description: 'The endpoints in this section pertain to the usage of an Entitlements Agent. When your application or service needs to verify entitlements, it can query the Entitlements Agent directly via HTTP.


    These endpoints can be integrated into any backend framework, enabling you to leverage entitlements for advanced authorization needs.'
  version: '1.0'
servers:
- url: http://{host}:{port}
  variables:
    host:
      default: localhost
    port:
      default: '8181'
components:
  schemas:
    IsEntitledToFeatureDto:
      type: object
      properties:
        featureKey:
          type: string
          example: example-feature-key
      required:
      - featureKey
    SubjectContext:
      type: object
      properties:
        userId:
          type: string
          example: 6c2ce177-66cd-4163-a012-b7833255a490
        tenantId:
          type: string
          example: f21ca66c-d23b-496f-b805-121ed37eb46a
        permissions:
          example:
          - example.permission.read
          - example.permission.write
          type: array
          items:
            type: string
        attributes:
          type: object
          example:
            exampleAttribute: example-value
      required:
      - tenantId
    EntitlementsResult:
      type: object
      properties:
        justification:
          type: string
          enum:
          - MISSING_FEATURE
          - MISSING_PERMISSION
          - PLAN_EXPIRED
          - MISSING_ROUTE
          - ROUTE_DENIED
          example: MISSING_FEATURE
        monitoring:
          type: boolean
        result:
          type: boolean
          example: false
      required:
      - result
    PDPResponse:
      type: object
      properties:
        decision_id:
          type: string
          example: df5dae62-be02-4333-bbe1-f7220e13c6c3
        metrics:
          type: object
        result:
          $ref: '#/components/schemas/EntitlementsResult'
      required:
      - decision_id
      - metrics
      - result
    IsEntitledToPermissionDto:
      type: object
      properties:
        permissionKey:
          type: string
          example: example.permission.read
      required:
      - permissionKey
    IsEntitledToRouteDto:
      type: object
      properties:
        method:
          type: string
          enum:
          - GET
          - POST
          - PUT
          - PATCH
          - DELETE
          - '*'
          example: GET
        path:
          type: string
          example: /example
      required:
      - method
      - path
x-tagGroups: []
Frontegg Entitlements Agent (PDP)

Documentation

Specifications

Other Resources

OpenAPI Specification
