An application can interact with the Authorizer through a set of gRPC or HTTPS REST APIs.
Creating an Aserto tenant automatically creates a corresponding Authorizer instance in the multi-tenant hosted Authorizer. Since it's a multi-tenant service, the hosted Authorizer requires authorization headers to disambiguate the tenant and provide the tenant secret (API key).
The Aserto authorizer can also be deployed as a sidecar (or as a local service), right next to your application. Since this Authorizer is a single-tenant service, it does not require authentication, besides the certificate validation mandated by HTTPS mutual TLS.
Any API call to the hosted Authorizer requires two HTTP headers:
Authorization: basic <Authorizer-API-Key>
You can find these values in the Policy settings in the Aserto Console.
The Authorizer provides the following APIs to calling applications: