Skip to main content

REST API Integrations

OPA’s REST API is the foundation for many integrations. Public examples are listed below.

Kubernetes Admission Control

Kubernetes Admission Control

The Kubernetes API server can be configured to use OPA as an admission controller. Creating a ValidatingWebhookConfiguration resource can be used to query OPA for policy decisions.

View Details
Container Network Authorization with Envoy

Container Network Authorization with Envoy

The opa-envoy-plugin project uses the REST API to allow and deny requests routed via an Envoy proxy.

Read about this integration in the OPA Docs.

View Details
Authorization for Spring Security

Authorization for Spring Security

OPA Spring Security uses the REST API to query OPA about authz decisions. See an example application in OPA's contrib repo.

View Details
Kafka Topic Authorization

Kafka Topic Authorization

This project implements a custom Kafka authorizer that uses OPA to make authorization decisions by calling the REST API.

Installation and configuration instructions are available in the project's README.

View Details
PHP OPA Library

PHP OPA Library

This library provides a PHP wrapper around the OPA REST API. It can update policies and query for decisions. See the project README for various examples.

View Details
Strimzi (Apache Kafka on Kubernetes)

Strimzi (Apache Kafka on Kubernetes)

Strimzi can be configured to use OPA via the REST API as the Kafka authorizer using this project.

View Details
Authorization Integration with Apache APISIX

Authorization Integration with Apache APISIX

Apache APISIX routes can be configured to call an OPA instance over the REST API. This blog post explains how such a configuration can be achieved.

View Details
AWS CloudFormation Hook

AWS CloudFormation Hook

The OPA CloudFormation Hook uses AWS Lambda to consult an OPA instance using the REST API before allowing a CloudFormation stack to be created.

Read the tutorial here in the OPA documentation.

View Details
i2scim.io SCIM Restful User/Group Provisioning API

i2scim.io SCIM Restful User/Group Provisioning API

i2scim supports externalized access control decisions using OPA's REST API. The integration is described in the i2scim documentation.

View Details
Kubernetes Authorization

Kubernetes Authorization

The Kubernetes API server can be configured to use OPA as an authorization webhook. Such an integration can be configured by following the documentation in the contrib repo.

View Details
OPAL

OPAL

OPAL uses the OPA REST API to update the policy and data pushed down from the OPAL server. See how this works.

View Details
SPIRE

SPIRE

SPIRE can work in tandem with the Envoy proxy to integrate with the OPA REST API. See the tutorial here.

View Details
walt.id SSI Kit

walt.id SSI Kit

SSI Kit's CLI exposes policy management commands which update a local OPA instance. The feature is documented in the walt.id docs.

View Details
Boomerang Bosun Policy Gating

Boomerang Bosun Policy Gating

The Boomerang Bosun Service component interacts with an OPA instance over the REST API to evaluate policy during CICD runs.

View Details
Bottle Application Authorization

Bottle Application Authorization

This sample python application calls has a middleware to call OPA before processing each request. See the example code.

View Details
Kubernetes Admission Control using Vulnerability Scanning

Kubernetes Admission Control using Vulnerability Scanning

This example project in OPA contrib uses OPA over the REST API to enforce admission policy based on vulnerability scanning results.

View Details
Minio API Authorization

Minio API Authorization

Minio implements a native integration with OPA using the REST API. The integration is documented in the Minio docs.

View Details
NodeJS Express (build-security)

NodeJS Express (build-security)

This project provides a middleware that can query an OPA server for policy decisions. See the project's README for a js simple example.

View Details