Grants
POST /v1/grants
Section titled “POST /v1/grants”Create a grant. Idempotent: if the tuple already exists, the call succeeds and the existing grant is returned.
Request
{ "subject": "user:alice", "relation": "owner", "object": "document:42"}Response 201 (created) or 200 (already existed)
{ "grant_id": "grnt_01HXYZ...", "subject": "user:alice", "relation": "owner", "object": "document:42", "created_at": "2026-04-14T10:22:00Z"}DELETE /v1/grants
Section titled “DELETE /v1/grants”Revoke a grant. Body identifies the tuple to remove; no path parameter.
Request
{ "subject": "user:alice", "relation": "owner", "object": "document:42"}Response 204 — grant removed. Response 404 — grant did not exist.
Revocation deletes exactly one tuple. To remove every relation a subject holds on an object, revoke each relation explicitly.