Skip to main content


In this document you can find code examples for the Ory Permissions Go SDK.


Missing an example? Please create a feature request and it will be added here.

You can find more examples of SDK usage in the auto-generated documentation client-go.

Ory Permissions exposes two APIs for integration


Installation REST API

go get

Installation gRPC API

go get

REST API examples

As an example, let's create the following minimal permission rules. These just contain a User and Blog namespace as well as the view permission for the Blog namespace.

import { Namespace, SubjectSet, Context } from "@ory/keto-namespace-types"

class User implements Namespace { }

class Blog implements Namespace {
related: {
viewers: User[]

permits = {
view: (ctx: Context): boolean =>

If you want to learn more about creating permission rules read the Create a permission model guide.

CreateRelationship and CheckPermission

The following code creates and checks the following permission:


This means Bob can view the secret_post in the Blog namespace.

  1. Export your API Key as "ORY_API_KEY"
  2. Run the example and send the request with go run main.go
package main

import (

ory ""

// Use this context to access Ory APIs which require an Ory API Key.
var oryAuthedContext = context.WithValue(context.Background(), ory.ContextAccessToken, os.Getenv("ORY_API_KEY"))
var namespace = "Blog"
var object = "secret_post"
var relation = "view"
var subjectId = "Bob"

func main() {
payload := ory.CreateRelationshipBody{
Namespace: &namespace,
Object: &object,
Relation: &relation,
SubjectId: &subjectId,
configuration := ory.NewConfiguration()
configuration.Servers = []ory.ServerConfiguration{
URL: "", // Write API
ory := ory.NewAPIClient(configuration)
_, r, err := ory.RelationshipApi.CreateRelationship(oryAuthedContext).CreateRelationshipBody(payload).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
panic("Encountered error: " + err.Error())
fmt.Println("Successfully created tuple")
check, r, err := ory.PermissionApi.CheckPermission(oryAuthedContext).
if err != nil {
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
panic("Encountered error: " + err.Error())
if check.Allowed {
fmt.Println(*&subjectId + " can " + *&relation + " the " + *&object)