> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Validar permisos del usuario

> Utiliza este endpoint para comprobar si un usuario tiene permiso para ejecutar una acción específica sobre un recurso. Normalmente se usa en la autenticación M2M con Midaz.



## OpenAPI

````yaml es/openapi/v3-current/AM-auth.yaml post /v1/authorize
openapi: 3.1.0
info:
  title: Plugin de autenticación
  description: ''
  version: 2.6.7
servers:
  - url: https://auth.sandbox.lerian.net
security: []
tags:
  - name: API de autenticación
  - name: API de MFA
  - name: API de información del usuario
  - name: API de autorización
paths:
  /v1/authorize:
    post:
      tags:
        - API de autorización
      summary: Validar permisos del usuario
      description: >-
        Utiliza este endpoint para comprobar si un usuario tiene permiso para
        ejecutar una acción específica sobre un recurso. Normalmente se usa en
        la autenticación M2M con Midaz.
      parameters:
        - $ref: '#/components/parameters/AuthorizationId'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EnforcePermissionInput'
            example:
              action: post
              resource: ledger
              sub: admin
      responses:
        '200':
          description: >-
            Indica que el recurso se creó correctamente y que la operación se
            completó según lo esperado.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EnforcePermissionResult'
              examples:
                '1':
                  summary: Autorizado
                  value:
                    authorized: true
                    timestamp: '1744052319'
                '2':
                  summary: No autorizado
                  value:
                    authorized: false
                    timestamp: '1744052855'
          headers: {}
        '400':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessage'
              examples:
                Error0001:
                  $ref: '#/components/examples/Error0001'
                Error0003:
                  $ref: '#/components/examples/Error0003'
                Error0009:
                  $ref: '#/components/examples/Error0009'
          headers: {}
        '401':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessage'
              examples:
                Error0006:
                  $ref: '#/components/examples/Error0006'
                Error0007:
                  $ref: '#/components/examples/Error0007'
          headers: {}
        '403':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessage'
              examples:
                Error0008:
                  $ref: '#/components/examples/Error0008'
          headers: {}
        '404':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessage'
              examples:
                Error1015:
                  $ref: '#/components/examples/Error1015'
          headers: {}
        '500':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorMessage'
              examples:
                Error0005:
                  $ref: '#/components/examples/Error0005'
          headers: {}
      security: []
components:
  parameters:
    AuthorizationId:
      name: Authorization
      in: header
      description: Token de autorización.
      required: true
      example: 019c96a0-0a98-7287-9a31-786e0809c769
      schema:
        type: string
  schemas:
    EnforcePermissionInput:
      description: >-
        Información utilizada para validar si un usuario tiene permiso para
        realizar una acción específica sobre un recurso determinado.
      type: object
      required:
        - action
        - resource
      properties:
        action:
          type: string
          description: Operación que se ejecuta sobre el recurso.
        resource:
          type: string
          description: >-
            Recurso al que se aplica la acción, normalmente un servicio o
            dominio dentro del sistema.
        sub:
          type: string
          description: >-
            Sujeto que solicita acceso. Generalmente un `midaz_role` o un
            `user_id`. Si no se proporciona, se extrae del token.
    EnforcePermissionResult:
      description: >-
        Información devuelta como respuesta correcta del endpoint de validación
        de permisos de usuario.
      type: object
      properties:
        authorized:
          type: boolean
          description: >-
            `true` indica que el usuario está autorizado para realizar la
            acción.
        timestamp:
          type: string
          format: date-time
          description: Momento en el que se verificó el permiso.
    ErrorMessage:
      description: Mensaje de error devuelto en la respuesta.
      type: object
      properties:
        code:
          type: string
          description: Identificador único y estable del error.
        title:
          type: string
          description: Resumen breve del problema.
        message:
          type: string
          description: Orientación detallada para resolver el error.
  examples:
    Error0001:
      summary: Missing Fields in Request
      value:
        code: AUT-0001
        title: Missing Fields in Request
        message: >-
          Your request is missing one or more required fields. Please refer to
          the documentation to ensure all necessary fields are included in your
          request.
    Error0003:
      summary: Unexpected Fields in the Request
      value:
        code: AUT-0003
        title: Unexpected Fields in the Request
        message: >-
          The request body contains more fields than expected. Please send only
          the allowed fields as per the documentation. The unexpected fields are
          listed in the fields object.
    Error0009:
      summary: Bad Request
      value:
        code: AUT-0009
        title: Bad Request
        message: >-
          The server could not understand the request due to malformed syntax.
          Please check the listed fields and try again.
    Error0006:
      summary: Token Missing
      value:
        code: AUT-0006
        title: Token Missing
        message: >-
          A valid token must be provided in the request header. Please include a
          token and try again.
    Error0007:
      summary: Invalid Token
      value:
        code: AUT-0007
        title: Invalid Token
        message: >-
          The provided token is expired, invalid or malformed. Please provide a
          valid token and try again.
    Error0008:
      summary: Permission Enforcement Error
      value:
        code: AUT-0008
        title: Permission Enforcement Error
        message: >-
          The enforcer is not configured properly. Please contact your
          administrator if you believe this is an error.
    Error1015:
      summary: Enforcement Sub Not Found
      value:
        code: AUT-1015
        title: Enforcement Sub Not Found
        message: >-
          No subject was found for the provided 'sub'. Please refer to the
          enforcement documentation for guidance on the correct 'sub' value.
    Error0005:
      summary: Internal Server Error
      value:
        code: AUT-0005
        title: Internal Server Error
        message: >-
          The server encountered an unexpected error. Please try again later or
          contact support.

````