Documentation Index
Fetch the complete documentation index at: https://apyguard.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Overview
The authorization matrix helps teams express expected access behavior across roles and endpoints so authorization issues can be evaluated more clearly.Configure the authorization matrix in ApyGuard
The authorization matrix is part of the authenticated testing workflow and is meant to work alongside authorization settings and credentials.- Configure the authentication settings and credentials needed for the scan.
- Open the authorization matrix section from the relevant flow.
- Review the important endpoints that should be evaluated for access control behavior.
- Assign the expected access state for each role and endpoint combination.
- Save the matrix so ApyGuard can use it during authenticated testing.
Why it matters
Authentication proves identity. Authorization determines what that identity is allowed to do. ApyGuard uses the matrix to help evaluate whether different roles behave as expected across the API surface.Typical access states
- Allowed for actions the role should be able to perform
- Forbidden for actions the role should never be able to perform
- Limited for actions with partial or conditional access
How to think about the matrix
Role-driven testing
The matrix is most useful when credentials are clearly labeled by role so expectations can be mapped accurately.
Endpoint expectations
Use the matrix to record what should happen when each role reaches a specific endpoint or action.
Best practices
- Start with critical endpoints first
- Use clear role names in credential records
- Revisit the matrix when permissions change
- Keep the matrix aligned with real product behavior