The Authorization API allows the application to make authorization decisions for the core. That is, the core asks the application to decide if a given authorization request should be allowed or denied.

The application has access to details from the authorization request through attributes. The connection on which the authorization request takes place is also available for the application, making it possible to retrieve details about the remote peer as input in the authorization decision process.

While the full Authorization API is available to the application, it is recommend to use the simpler abstractions provided by the Nabto Edge IAM module (see This enables the application to first define a simple configuration of privileges and roles - and then later to query if the current user is in a role with sufficient privileges to perform a given operation (with nm_iam_check_access).

Note: An Authorization request listener must be created to use the TCP Tunnelling feature (this is done implicitly when using the IAM module).