Skip to main content

Authorization

Nullplatform uses role-based access control (RBAC).

πŸ’‘ The key idea is simple: a role defines what actions are allowed, and a grant attaches that role to a user at a specific resource.

How authorization works​

  • Users – Every action is initiated by a user (a person or a machine user).
  • Actions – Each API endpoint maps to an action (for example, scope:read).
  • Roles – A role is a bundle of actions assigned to a user.
  • Grants – A grant attaches a role to a user at a specific resource (NRN). Without a grant, the role doesn’t apply.

Roles​

Every user has one or more roles that regulate which actions that user can execute. We have roles for managers, developers, operations, security, CI, and more.

You can read more about this in the Roles docs.

Grants and permissions​

Grants are what turn roles into actual access. A single user can hold multiple grants, each tied to a specific NRN. Grants also apply to child resources under the NRN.

For more information on how to manage grants, see Grants and permissions.

API keys for machine users​

If you have a system that will interact with nullplatform programmatically (for example, a CI workflow), you need to create an API key with the appropriate roles. See:

Access tokens​

Most API endpoints require an access token sent in the HTTP header:

Authorization: Bearer <your-access-token>

The way you obtain the token depends on the type of user.

Human users​

To retrieve your personal access token:

  1. Log in to nullplatform.
  2. Click your user menu (the circle with your initials/user avatar) in the top-right corner.
  3. From the dropdown menu, select Copy personal access token.
Deprecation notice

The legacy Chrome extension used to retrieve the token is deprecated and no longer maintained or supported.

Machine users​

Machine users (scripts, automations, or integrations) must authenticate using an API key and obtain access tokens from it.

See the API keys docs to learn how to generate and use API keys.