Skip to main content
POST
/
orgs
/
{org_id}
/
iam
/
check
cURL
curl --request POST \
  --url https://api.timbal.ai/orgs/{org_id}/iam/check \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "checks": [
    {
      "action": "<string>",
      "resource": "<string>"
    }
  ],
  "user_id": "<string>"
}
'
{
  "results": [
    {
      "action": "<string>",
      "matched_allows": [
        {
          "role_id": "<string>",
          "role_name": "<string>",
          "attachment_scope": "<string>",
          "grant_resource": "<string>"
        }
      ],
      "matched_denies": [
        {
          "role_id": "<string>",
          "role_name": "<string>",
          "attachment_scope": "<string>",
          "grant_resource": "<string>"
        }
      ],
      "resource": "<string>"
    }
  ],
  "user_id": "<string>"
}

Authorizations

Authorization
string
header
required

Timbal API key. Obtain your API key from the Timbal platform settings. See Authentication for more information.

Path Parameters

org_id
string
required

Body

application/json
checks
object[]
required

(action, resource?) tuples to evaluate. Capped at 50. An empty list is rejected — almost always a client bug.

user_id
string | null

Target user to evaluate. Defaults to the caller. Passing another user's id requires the users.read grant on this org.

Response

Per-check decisions + matched grants

results
object[]
required

One result per input check, in input order.

user_id
string
required

Echoes the evaluated user id (input or caller).