SDKs and APIs

SAPL provides multiple ways to connect applications to a Policy Decision Point (PDP).

APIs

• HTTP API: A network API for any programming language. Supports streaming (Server-Sent Events), one-shot (JSON), and multi-subscription endpoints.
• Java API: A reactive API based on Project Reactor for embedding a PDP directly in Java applications or connecting to a remote PDP server.

Framework SDKs

• Spring: Annotation-driven and filter-based authorization for Spring Security and Spring WebFlux.
• NestJS: Guards and decorators for NestJS applications.
• Django: Decorators for Django views and services.
• Flask: Decorators for Flask routes and services.
• FastAPI: Decorators for FastAPI endpoints with async and streaming support.
• Tornado: Decorators for Tornado handlers with async and streaming support.
• FastMCP: Middleware and per-component authorization for MCP servers.
• .NET: Attributes and customizers for ASP.NET Core applications.

All SDKs and APIs expose the same authorization semantics: single subscriptions (streaming and one-shot) and multi-subscriptions (streaming and one-shot batch).