Secure your Express application APIs in minutes with Amazon Verified Permissions
Security Blog
This article discusses how to secure Express.js application APIs using Amazon Verified Permissions and the new @verifiedpermissions/authorization-clients-js package. The key highlights include:
- Externalizing authorization logic from application code
- Using Cedar policy language for defining fine-grained permissions
- Integrating with Verified Permissions in six key steps:
- Creating a policy store
- Adding authorization middleware packages
- Creating and deploying a Cedar schema
- Creating and deploying Cedar policies
- Connecting policy store to OIDC identity provider
- Updating application code to authorize API access
- Implementing role-based access control for different user groups
- Simplifying permissions management and reducing custom authorization code
The example uses a Pet Store application to demonstrate how to restrict API access based on user roles like administrators, employees, and customers.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 17
2025
2025
Express.js developers can now add authorization in minutes with Amazon Verified Permissions
Jun 16
2025
2025
Secure your Express application APIs in 5 minutes with Cedar
Jun 7
2024
2024
Amazon API Gateway customers can easily secure APIs using Amazon Verified Permissions
Mar 26
2024
2024
Use Amazon Verified Permissions for fine-grained authorization at scale
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.