Skip to main content
Version: 2.x (Latest)

Protocols & Admin API

Added in @authorizerdev/authorizer-js for Authorizer 2.3.0-rc.9.

Protocol selection

The Authorizer client can talk to the server over two wire protocols. graphql is the default and is 100% backward compatible — existing code keeps working unchanged.

protocolTransportNotes
'graphql'POST /graphqlDefault.
'rest'Typed POST/GET /v1/... routesSame flat responses as GraphQL.

No gRPC in JS. Browsers cannot speak raw gRPC. Passing protocol: 'grpc' throws a clear error at construction time. Use the Go or Python SDKs for gRPC.

As of 2.3.0-rc.9 all public methods work over both protocols, and both return identical flat response shapes.

import { Authorizer } from '@authorizerdev/authorizer-js'

const authRef = new Authorizer({
  authorizerURL: 'YOUR_AUTHORIZER_URL',
  redirectURL: window.location.origin,
  clientID: 'YOUR_CLIENT_ID',
  protocol: 'rest', // 'graphql' (default) | 'rest'
})

await authRef.login({ email: 'user@example.com', password: 'Abc@123' })

OAuth endpoints (/oauth/token, /oauth/revoke) always use REST regardless of the selected protocol.

Admin client

The admin API is a separate client, AuthorizerAdmin, constructed with the admin secret (the value of --admin-secret). Admin auth is sent on every call as the x-authorizer-admin-secret header.

Keep the admin secret on the server side — never ship it to a browser bundle.

import { AuthorizerAdmin } from '@authorizerdev/authorizer-js'

const admin = new AuthorizerAdmin({
  authorizerURL: 'https://your-instance.authorizer.dev',
  adminSecret: 'YOUR_ADMIN_SECRET',
  protocol: 'graphql', // 'graphql' (default) | 'rest'
})

// List users
const { data, errors } = await admin.users()
if (!errors?.length) {
  data.users.forEach((u) => console.log(u.email))
}

Config

KeyDescription
authorizerURLBase URL of your Authorizer instance.
adminSecretValue of --admin-secret, sent as x-authorizer-admin-secret.
protocol'graphql' (default) or 'rest'. gRPC is not supported.

Admin methods

Each method declares which protocols support it. Calling a method on an unsupported protocol returns a clear error rather than emitting a 404.

⚠ Destructive: deleteUser, deleteWebhook, deleteEmailTemplate, fgaWriteModel (overwrites the model), fgaDeleteTuples, and fgaReset (wipes all FGA data) permanently change or remove data.

Auth, session & meta

MethodDescriptionrestgql
adminLoginExchange the admin secret for a session.
adminLogoutEnd the admin session.
adminSessionGet the current admin session.
adminMetaServer metadata / feature flags.

Users & access

MethodDescriptionrestgql
usersList users (paginated).
userGet a single user.
updateUserUpdate a user.
deleteUserDelete a user.
verificationRequestsList pending verification requests.
revokeAccessRevoke a user's access.
enableAccessRe-enable a user's access.
inviteMembersInvite members by email.

Webhooks

MethodDescriptionrestgql
addWebhookCreate a webhook.
updateWebhookUpdate a webhook.
deleteWebhookDelete a webhook.
getWebhookGet a single webhook.
webhooksList webhooks.
webhookLogsList webhook delivery logs.
testEndpointSend a test event to a webhook.

Email templates

MethodDescriptionrestgql
addEmailTemplateCreate an email template.
updateEmailTemplateUpdate an email template.
deleteEmailTemplateDelete an email template.
emailTemplatesList email templates.

Audit

MethodDescriptionrestgql
auditLogsList audit logs.

FGA admin

MethodDescriptionrestgql
fgaGetModelGet the current FGA model.
fgaWriteModelWrite/overwrite the FGA model.
fgaWriteTuplesWrite relationship tuples.
fgaDeleteTuplesDelete relationship tuples.
fgaReadTuplesRead relationship tuples.
fgaListUsersList users with a relation to an object.
fgaExpandExpand a relation into its userset.
fgaResetReset all FGA data.

GraphQL-only extras

These have no REST equivalent and work over GraphQL only:

MethodDescription
adminSignupBootstrap the first admin.
updateEnvUpdate server environment/config.
generateJWTKeysGenerate a new JWT signing key pair.