Skip to main content

How To Update Relationship Tuples

This section will illustrate how to update relationship tuples.

Before You Start

  1. You have obtained the necessary environment variables: `FGA_API_URL`, `FGA_STORE_ID`, `FGA_API_TOKEN_ISSUER`, `FGA_API_AUDIENCE`, `FGA_CLIENT_ID` and `FGA_CLIENT_SECRET`.
  2. You have installed the SDK.
  3. You have configured the authorization model.
  4. You have loaded FGA_API_URL, FGA_STORE_ID, FGA_API_TOKEN_ISSUER, FGA_API_AUDIENCE, FGA_CLIENT_ID and FGA_CLIENT_SECRET as environment variables.

Step By Step

Assume that you want to add user user:anne to have relationship reader with object document:Z

{
user: 'user:anne',
relation: 'reader',
object: 'document:Z',
}

01. Configure The Okta FGA API Client

Before calling the write API, you will need to configure the API client.

const { CredentialsMethod, OpenFgaClient } = require('@openfga/sdk'); // OR import { CredentialsMethod, OpenFgaClient } from '@openfga/sdk';

// Ensure the environment variables are set
// FGA_API_URL = 'https://api.us1.fga.dev' // 'https://api.eu1.fga.dev' for EU and 'https://api.au1.fga.dev' for AU
// FGA_STORE_ID = 'YOUR_STORE_ID' - Get this from your store settings in the dashboard, refer to the "How to get your API Keys" page
// FGA_MODEL_ID = 'YOUR_MODEL_ID' - optional, can be overridden per request, helps reduce latency
// FGA_API_TOKEN_ISSUER = 'fga.us.auth0.com'
// FGA_API_AUDIENCE = 'https://api.us1.fga.dev/' // 'https://api.eu1.fga.dev/' for EU and 'https://api.au1.fga.dev/' for AU
// FGA_CLIENT_ID = 'YOUR_CLIENT_ID' - Get this from your store settings in the dashboard, refer to the "How to get your API Keys" page
// FGA_CLIENT_SECRET = 'YOUR_CLIENT_SECRET' - Get this from your store settings in the dashboard, refer to the "How to get your API Keys" page

const fgaClient = new OpenFgaClient({
apiUrl: process.env.FGA_API_URL,
storeId: process.env.FGA_STORE_ID,
authorizationModelId: process.env.FGA_MODEL_ID,
credentials: { // Credentials are not needed if connecting to the Playground API
method: CredentialsMethod.ClientCredentials,
config: {
apiTokenIssuer: process.env.FGA_API_TOKEN_ISSUER,
apiAudience: process.env.FGA_API_AUDIENCE,
clientId: process.env.FGA_CLIENT_ID,
clientSecret: process.env.FGA_CLIENT_SECRET,
},
},
});

02. Calling Write API To Add New Relationship Tuples

To add the relationship tuples, we can invoke the write API.


await fgaClient.write({
writes: [
{"user":"user:anne","relation":"reader","object":"document:Z"}
],
}, {
authorization_model_id: "01HVMMBCMGZNT3SED4Z17ECXCA"
});

03. Calling Write API To Delete Relationship Tuples

To delete relationship tuples, we can invoke the write API.

Assume that you want to delete user user:anne's reader relationship with object document:Z

{
user: 'user:anne',
relation: 'reader',
object: 'document:Z',
}

await fgaClient.write({
deletes: [
{ user: 'user:anne', relation: 'reader', object: 'document:Z'}
],
}, {
authorization_model_id: "01HVMMBCMGZNT3SED4Z17ECXCA"
});
Managing User Access

Learn about how to give a user access to a particular object.

Managing Group Access

Learn about how to give a group of users access to a particular object.

Transactional Writes

Learn about how to update multiple relations within the same API call.

Have Feedback?

You can use any of our support channels for any questions or suggestions you may have.