> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.astropods.com/llms.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.astropods.com/_mcp/server. # Authorize a deployment request GET https://astropods.com/api/v1/deployments/authorize Callback used by the messaging container — and by any agent that handles its own HTTP requests (e.g. a frontend agent) — to check whether an inbound request should be allowed against this deployment's grants. Authentication is the per-deployment JWT injected as `ASTRO_AUTHZ_TOKEN`. The token's `sub` claim identifies the deployment; no other deployment ID is passed in the request. Returns `200` with the decision on every authoritative answer. Identity fields are only populated when `allowed: true` — denials don't leak mapping state. Reference: https://docs.astropods.com/api-reference/astro-ai-api/deployments/authorize-deployment ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: astro-api version: 1.0.0 paths: /deployments/authorize: get: operationId: authorize-deployment summary: Authorize a deployment request description: > Callback used by the messaging container — and by any agent that handles its own HTTP requests (e.g. a frontend agent) — to check whether an inbound request should be allowed against this deployment's grants. Authentication is the per-deployment JWT injected as `ASTRO_AUTHZ_TOKEN`. The token's `sub` claim identifies the deployment; no other deployment ID is passed in the request. Returns `200` with the decision on every authoritative answer. Identity fields are only populated when `allowed: true` — denials don't leak mapping state. tags: - subpackage_deployments parameters: - name: identity_type in: query description: > `user` for a signed-in user, `slack` for a Slack user, or empty for anonymous (only valid when an `anyone` grant exists for the adapter). required: false schema: $ref: '#/components/schemas/DeploymentsAuthorizeGetParametersIdentityType' - name: identity_id in: query description: > The user id corresponding to `identity_type` — the platform user id for `user`, the Slack user id for `slack`. Must be supplied together with `identity_type`; providing one without the other returns 400. required: false schema: type: string - name: identity_scope in: query description: > Adapter-specific disambiguator for `identity_id`. For `slack`, this is the workspace `team_id` (Slack user ids are only unique within a team). Omit for `web`. required: false schema: type: string - name: adapter in: query description: The adapter handling the request. required: true schema: $ref: '#/components/schemas/DeploymentsAuthorizeGetParametersAdapter' - name: Authorization in: header description: > Per-deployment JWT signed by astro-server (HS256). Injected into the agent and messaging containers as the `ASTRO_AUTHZ_TOKEN` environment variable. The `sub` claim identifies the deployment. required: true schema: type: string responses: '200': description: Authorization decision content: application/json: schema: $ref: >- #/components/schemas/deployments_authorizeDeployment_Response_200 '400': description: Invalid request body or parameters content: application/json: schema: $ref: '#/components/schemas/Error' '401': description: Authentication required content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Server error content: application/json: schema: $ref: '#/components/schemas/Error' servers: - url: https://astropods.com/api/v1 description: Astro AI API server components: schemas: DeploymentsAuthorizeGetParametersIdentityType: type: string enum: - user - slack title: DeploymentsAuthorizeGetParametersIdentityType DeploymentsAuthorizeGetParametersAdapter: type: string enum: - web - slack title: DeploymentsAuthorizeGetParametersAdapter deployments_authorizeDeployment_Response_200: type: object properties: allowed: type: boolean description: Whether the request is allowed. user_id: type: string description: > Resolved platform user id. Echoed back for `identity_type=user`; looked up via Slack identity mappings for `identity_type=slack` (empty when no mapping exists). Only present when `allowed: true`. slack_user_id: type: string description: > The Slack user id from the request, echoed back so callers can attribute unlinked Slack users to a namespaced trace id. Only present when `allowed: true` and `identity_type=slack`. slack_team_id: type: string description: > The Slack workspace id (`team_id`) from the request, echoed back. Only present when `allowed: true` and `identity_type=slack`. required: - allowed title: deployments_authorizeDeployment_Response_200 Error: type: object properties: error: type: string details: type: string title: Error securitySchemes: DeployTokenAuth: type: http scheme: bearer description: > Per-deployment JWT signed by astro-server (HS256). Injected into the agent and messaging containers as the `ASTRO_AUTHZ_TOKEN` environment variable. The `sub` claim identifies the deployment. ``` ## Examples **Request** ```json {} ``` **Response** ```json { "allowed": true, "user_id": "user-987654321", "slack_user_id": "U12345678", "slack_team_id": "T87654321" } ``` **SDK Code** ```python import requests url = "https://astropods.com/api/v1/deployments/authorize" querystring = {"adapter":"slack","identity_type":"slack","identity_id":"U12345678","identity_scope":"T87654321"} payload = {} headers = { "Authorization": "Bearer ", "Content-Type": "application/json" } response = requests.get(url, json=payload, headers=headers, params=querystring) print(response.json()) ``` ```javascript const url = 'https://astropods.com/api/v1/deployments/authorize?adapter=slack&identity_type=slack&identity_id=U12345678&identity_scope=T87654321'; const options = { method: 'GET', headers: {Authorization: 'Bearer ', 'Content-Type': 'application/json'}, body: '{}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://astropods.com/api/v1/deployments/authorize?adapter=slack&identity_type=slack&identity_id=U12345678&identity_scope=T87654321" payload := strings.NewReader("{}") req, _ := http.NewRequest("GET", url, payload) req.Header.Add("Authorization", "Bearer ") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://astropods.com/api/v1/deployments/authorize?adapter=slack&identity_type=slack&identity_id=U12345678&identity_scope=T87654321") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Get.new(url) request["Authorization"] = 'Bearer ' request["Content-Type"] = 'application/json' request.body = "{}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.get("https://astropods.com/api/v1/deployments/authorize?adapter=slack&identity_type=slack&identity_id=U12345678&identity_scope=T87654321") .header("Authorization", "Bearer ") .header("Content-Type", "application/json") .body("{}") .asString(); ``` ```php request('GET', 'https://astropods.com/api/v1/deployments/authorize?adapter=slack&identity_type=slack&identity_id=U12345678&identity_scope=T87654321', [ 'body' => '{}', 'headers' => [ 'Authorization' => 'Bearer ', 'Content-Type' => 'application/json', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://astropods.com/api/v1/deployments/authorize?adapter=slack&identity_type=slack&identity_id=U12345678&identity_scope=T87654321"); var request = new RestRequest(Method.GET); request.AddHeader("Authorization", "Bearer "); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "Authorization": "Bearer ", "Content-Type": "application/json" ] let parameters = [] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://astropods.com/api/v1/deployments/authorize?adapter=slack&identity_type=slack&identity_id=U12345678&identity_scope=T87654321")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```