Authorization

This guide explains how to set up authorization in Plandalf to control who can access your system.

Understanding Authorization with Agents

An agent in Plandalf represents a user who has permission to act on behalf of a customer. The relationship between agents and customers can be:

One-to-one: One agent per customer
Many-to-many: Multiple agents can work with multiple customers

JWT-Based Authorization

Plandalf uses JSON Web Tokens (JWT) for authorization. Here's what you need to include in your JWT:

Field	Required	Description
`sub`	Yes	Your user identifier (string)
`customer`	No	Customer identifier
`grp`	No	Group identifier
`exp`	No	Token expiration timestamp
`email`	No	User email address
`aud`	No	Set to "sandbox" for testing with 100% discount

Implementation Guide

Authorization

javascript

// Install the JWT library
npm install jsonwebtoken

// Generate your JWT
import jwt from 'jsonwebtoken';
let token = jwt.sign(claims, "<SECRET>", {algorithm: 'RS256', keyid: '<CLIENT_ID>'});

// Install the JWT library
go get -u github.com/golang-jwt/jwt/v5

// Generate your JWT
import "github.com/golang-jwt/jwt/v5"

token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
token.Header["kid"] = "<CLIENT_ID>"
signedToken, err := token.SignedString("<SECRET>")
if err != nil {
    // Handle error
}

Example JWT Payload

Here's a complete example of a JWT payload:

json

{
    "sub": "user_abc123",
    "exp": 1721234567,
    "aud": "sandbox",
    "email": "founder@plandalf.com",
    "customer": "cus_NffrFeUfNV2Hib"
}

Next Steps

After generating your JWT:

Pass the token to your frontend
Use the token to initialize the Plandalf SDK

Documentation

Authorization

Understanding Authorization with Agents

JWT-Based Authorization

Implementation Guide

Example JWT Payload

Next Steps