Setup SDK Client for Store
This article explains how to build an OpenFGA client by using the SDKs.
The first step is to ensure that you have created a store by following these steps.
Next, depending on the authentication scheme you want to use, there are different ways to build the client.
Using No Authentication
This is a simple setup but it is not recommended for production use.
- Node.js
- Go
- .NET
- Python
const { OpenFgaApi } = require('@openfga/sdk'); // OR import { OpenFgaApi } from '@openfga/sdk';
const openFga = new OpenFgaApi({
apiScheme: process.env.FGA_API_SCHEME, // Optional. Can be "http" or "https". Defaults to "https"
apiHost: process.env.FGA_API_HOST, // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
storeId: process.env.FGA_STORE_ID
});
import (
openfga "github.com/openfga/go-sdk"
"os"
)
func main() {
configuration, err := openfga.NewConfiguration(openfga.Configuration{
ApiScheme: os.Getenv("FGA_API_SCHEME"), // Optional. Can be "http" or "https". Defaults to "https"
ApiHost: os.Getenv("FGA_API_HOST"), // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
StoreId: os.Getenv("FGA_STORE_ID"),
})
if err != nil {
// .. Handle error
}
apiClient := openfga.NewAPIClient(configuration)
}
using OpenFga.Sdk.Api;
using OpenFga.Sdk.Configuration;
using Environment = System.Environment;
namespace ExampleApp;
class MyProgram {
static async Task Main() {
var configuration = new Configuration() {
ApiScheme = Environment.GetEnvironmentVariable("FGA_API_SCHEME"), // Optional. Can be "http" or "https". Defaults to "https"
ApiHost = Environment.GetEnvironmentVariable("FGA_API_HOST"), // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
StoreId = Environment.GetEnvironmentVariable("FGA_STORE_ID")
};
var fgaClient = new OpenFgaApi(configuration);
}
}
import os
import openfga_sdk
from openfga_sdk.api import open_fga_api
configuration = openfga_sdk.Configuration(
api_scheme = os.environ.get('FGA_API_SCHEME')
api_host = os.environ.get('FGA_API_HOST'),
store_id = os.environ.get('FGA_STORE_ID')
)
# Create an instance of the API class
fga_client_instance = open_fga_api.OpenFgaApi(openfga_sdk.ApiClient(configuration))
Using Shared Key Authentication
If you want to use shared key authentication, you need to generate a random string that will work as secret and set that key when building your OpenFGA server. Then, when building the client, set it as environment variable FGA_BEARER_TOKEN
.
Warning
If you are going to use this setup in production, you should enable TLS in your OpenFGA server. Please see the Production Checklist.
- Node.js
- Go
- .NET
- Python
const { CredentialsMethod, OpenFgaApi } = require('@openfga/sdk'); // OR import { CredentialsMethod, OpenFgaApi } from '@openfga/sdk';
const openFga = new OpenFgaApi({
apiScheme: process.env.FGA_API_SCHEME, // optional, defaults to "https"
apiHost: process.env.FGA_API_HOST, // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
storeId: process.env.FGA_STORE_ID, // optional, not needed for `CreateStore` and `ListStores`, required before calling for all other methods
credentials: {
method: CredentialsMethod.ApiToken,
config: {
token: process.env.FGA_BEARER_TOKEN,
},
}
});
import (
openfga "github.com/openfga/go-sdk"
"os"
)
func main() {
configuration, err := openfga.NewConfiguration(openfga.Configuration{
ApiScheme: os.Getenv("FGA_API_SCHEME"), // optional, defaults to "https"
ApiHost: os.Getenv("FGA_API_HOST"), // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
StoreId: os.Getenv("FGA_STORE_ID"), // optional, not needed for `CreateStore` and `ListStores`, required before calling for all other methods
Credentials: &credentials.Credentials{
Method: credentials.CredentialsMethodApiToken,
Config: {
ApiToken: os.Getenv("FGA_BEARER_TOKEN"), // will be passed as the "Authorization: Bearer ${ApiToken}" request header
},
},
})
if err != nil {
// .. Handle error
}
apiClient := openfga.NewAPIClient(configuration)
}
using OpenFga.Sdk.Api;
using OpenFga.Sdk.Configuration;
using Environment = System.Environment;
namespace ExampleApp;
class MyProgram {
static async Task Main() {
var configuration = new Configuration() {
ApiScheme = Environment.GetEnvironmentVariable("FGA_API_SCHEME"), // optional, defaults to "https"
ApiHost = Environment.GetEnvironmentVariable("FGA_API_HOST"), // required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
StoreId = Environment.GetEnvironmentVariable("FGA_STORE_ID"), // optional, not needed for `CreateStore` and `ListStores`, required before calling for all other methods
Credentials = new Credentials() {
Method = CredentialsMethod.ApiToken,
Config = new CredentialsConfig() {
ApiToken = Environment.GetEnvironmentVariable("FGA_BEARER_TOKEN")
},
},
};
var fgaClient = new OpenFgaApi(configuration);
}
}
import os
import openfga_sdk
from openfga_sdk.api import open_fga_api
from open_fga_api.credentials import Credentials, CredentialConfiguration
credentials = Credentials(method='api_token',
configuration=CredentialConfiguration(api_token=os.environ.get(FGA_BEARER_TOKEN)))
configuration = openfga_sdk.Configuration(
api_scheme = os.environ.get(FGA_API_SCHEME), # optional, defaults to "https"
api_host = os.environ.get(FGA_API_HOST), # required, define without the scheme (e.g. api.openfga.example instead of https://api.openfga.example)
store_id = os.environ.get(FGA_STORE_ID), # optional, not needed for `CreateStore` and `ListStores`, required before calling for all other methods
credentials = credentials)
# Create an instance of the API class
fga_client_instance = open_fga_api.OpenFgaApi(openfga_sdk.ApiClient(configuration))