Canopy is built around its API. Every action available in the dashboard is available programmatically, no hidden functionality, no UI-only features. Authenticate with API keys, react to changes with webhooks, and integrate hierarchical access control into your application.
Most APIs manage users and roles. Canopy's API models real organizational structure, evaluates permissions across hierarchies, and enforces access consistently across tenants. You're not just storing data, you're outsourcing authorization logic.
The API doesn't just manage data. It enforces access control. Use it to manage hierarchies, assign roles at specific nodes, evaluate permissions in real time, and build permission-aware features. Standard JSON, predictable responses, versioned endpoints.
Authenticate server-to-server requests with API keys. Keys support scoped access control, limit what each integration can do. Rotate and revoke keys at any time. Keys integrate directly with Canopy's authorization model.
React to changes in real time. Subscribe to events like identity created, role assigned, or hierarchy updated. Receive HTTP callbacks and trigger workflows without polling. Retries with exponential backoff for reliability.
Every security-sensitive action is recorded, who performed it, what changed, and when it happened. Use audit logs for debugging access issues, tracking changes over time, and compliance reporting.
A typical integration: create identities via API, assign roles at hierarchy nodes, authenticate users through OAuth (optional), and evaluate permissions at runtime. Your application doesn't implement access logic. It asks Canopy.