Cerbos Has a Free API: The Open-Source Authorization Engine That Decouples Access Control From Your Application Code

A fintech startup ships a new feature. Three days later, a junior dev discovers that any logged-in user can see other users' bank statements. The fix takes 2 hours — but the real problem is structural: authorization logic is scattered across 47 controllers. This is the exact problem Cerbos solves. What Cerbos Actually Does Cerbos is an open-source, self-hosted authorization engine that acts as a sidecar to your application. Instead of writing permission checks in your code, you define policies in YAML files. Your app sends authorization requests to Cerbos via HTTP or gRPC, and Cerbos returns allow/deny decisions in under 1ms. The key insight: policies live outside your codebase. Product managers can read them. Security teams can audit them. DevOps can deploy policy changes without touching application code. Cerbos supports RBAC, ABAC, and relationship-based access control out of the box. Cerbos is fully open-source (Apache 2.0), runs as a single binary, requires zero external dependenc