Installing the Authorization Extension v2


Currently, we provide two ways of implementing role-based access control (RBAC), which you can use in place of or in combination with your API's own internal access control system:

We are expanding our Authorization Core feature set to match the functionality of the Authorization Extension and expect a final release in 2019. Our new core RBAC implementation improves performance and scalability and will eventually provide a more flexible RBAC system than the Authorization Extension.

For now, both implement the key features of RBAC and allow you to restrict the custom scopes defined for an API to those that have been assigned to the user as permissions. For a comparison, see Authorization Core vs. Authorization Extension.

Migrating from Version 1 to Version 2 is a breaking change

One of the major changes between versions 1 and 2 of the Authorization Extension is the removal of the Applications section. This section was removed to simplify its inherent complexity, such as when it was used to define a policy for access control. The desired approach for such use cases is to use rules.

Upgrade the Extension Version

To upgrade the Authorization Extension, go to Extensions section of the dashboard and click Installed Extensions.

On the Authorization Extension row, you'll see a link that will begin the upgrade process to the latest version.