Authorization Series — Pt 2: Securing HTTP APIs with RBAC rules

bachiauth0 profile image Bachi Updated on ・1 min read

Editor's Note: This is the second, technical post in a 3-part series on focusing on Authorization. Stay tuned for the last part in this series, focusing on dynamic authorization.

TL;DR: In this article, you will learn how you can leverage Auth0's RBAC (Role-Based Access Control) feature to handle end-user authorization in your APIs. The article will start by proposing a simple scenario where you could use RBAC to secure API endpoints; then, it will show how you can map this scenario in your Auth0 dashboard and how you can implement it on a Node.js and Express API. Although the samples shown here use this specific combination of technologies (Node.js and Express), you will see that the solution is easy to implement and that you can translate it to any other platform you might be using.

Important Note: This article takes advantage of the Groups feature that is currently in beta testing. To get access to this feature, please, follow the instructions on the New Beta Program for Authorization Groups announcement.

Continue Reading 📖

Posted on by:


Auth0 offers an identity and access management solution that works out of the box from day one, with the ability to customize, extend, and build new features when you need them. Identity might be complex, but dealing with it shouldn’t be.


Editor guide