Skip to main content


In this document you can find code examples for the Ory Keto Go SDK.


Missing an example? Please create a feature request and it will be added here.

You can find more examples of SDK usage in the auto-generated documentation keto-client-go.

Ory Keto exposes two APIs for integration


Installation gRPC API

go get

Installation REST API

go get

REST API examples

As an example, let's create the following minimal permission rules. These just contain a User and Blog namespace as well as the view permission for the Blog namespace.

import { Namespace, SubjectSet, Context } from "@ory/keto-namespace-types"

class User implements Namespace { }

class Blog implements Namespace {
related: {
viewers: User[]

permits = {
view: (ctx: Context): boolean =>

If you want to learn more about creating permission rules read the Create a permission model guide.

CreateRelationship and CheckPermission

The following code creates and checks the following permission:


This means Bob can view the secret_post in the Blog namespace.

package main

import (

ory ""

// Use this context to access Ory APIs which require an Ory API Key.
var namespace = "Blog"
var object = "secret_post"
var relation = "view"
var subjectId = "Bob"

func main() {
payload := ory.CreateRelationshipBody{
Namespace: &namespace,
Object: &object,
Relation: &relation,
SubjectId: &subjectId,
configuration := ory.NewConfiguration()
configuration.Servers = []ory.ServerConfiguration{
URL: "", // Write API
writeClient := ory.NewAPIClient(configuration)
_, r, err := writeClient.RelationshipApi.CreateRelationship(context.Background()).CreateRelationshipBody(payload).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
panic("Encountered error: " + err.Error())
fmt.Println("Successfully created tuple")
configuration.Servers = []client.ServerConfiguration{
URL: "", // Read API
readClient := client.NewAPIClient(configuration)

check, r, err := readClient.PermissionApi.CheckPermission(context.Background()).
if err != nil {
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
panic("Encountered error: " + err.Error())
if check.Allowed {
fmt.Println(*&subjectId + " can " + *&relation + " the " + *&object)