feat: authzen docs

[aaguiarz]

Summary by CodeRabbit

• Documentation
  • Introduced AuthZEN API documentation including configuration options, endpoint specifications, request/response details, ABAC support, batch evaluation semantics, pagination behavior, and mappings to OpenFGA concepts.

[coderabbitai]

Walkthrough

A new documentation page describing the AuthZEN API (experimental) has been added, detailing how to enable the feature, its endpoints, request/response semantics, ABAC support, batch evaluation behavior, and implementation notes. The sidebar configuration was updated to include this documentation.

Changes

Cohort / File(s)	Summary
AuthZEN API Documentation docs/content/interacting/authzen.mdx, docs/sidebars.js	Added comprehensive documentation for the AuthZEN API (experimental), covering enablement via flags/environment variables, endpoint paths, request/response mappings to OpenFGA operations, model pinning, ABAC support with context attributes, batch evaluation semantics, search pagination behavior, and identifier validation constraints. Updated sidebar to include the new documentation entry.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: authzen docs' accurately describes the main changeset, which adds new AuthZEN API documentation. It is concise, clear, and directly reflects the primary purpose of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/address-pr-1210-comments-uoYjW

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-03-23 12:43 UTC

[coderabbitai]

🧹 Nitpick comments (2)

docs/content/interacting/authzen.mdx (2)

22-22: Tighten wording in the integration recommendation sentence.

The sentence is a bit awkward ("and you use AuthZEN when you are integrating..."). Consider a shorter, clearer rewrite for readability.

Suggested wording

-We recommend that you use the native API when integrating your application with <ProductName format={ProductNameFormat.ShortForm}/>, and you use AuthZEN when you are integrating an AuthZEN-compatible product like an API/MCP Gateway, or an Identity Provider.
+We recommend using the native API when integrating your application with <ProductName format={ProductNameFormat.ShortForm}/>, and using AuthZEN when integrating with an AuthZEN-compatible product such as an API/MCP gateway or an identity provider.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/content/interacting/authzen.mdx` at line 22, Tighten the integration
recommendation sentence: replace the awkward clause that reads "We recommend
that you use the native API when integrating your application with <ProductName
format={ProductNameFormat.ShortForm}/>, and you use AuthZEN when you are
integrating an AuthZEN-compatible product..." with a concise alternative that
uses the same symbols (<ProductName format={ProductNameFormat.ShortForm}/> and
AuthZEN) and clearly contrasts use cases—for example: "Use the native API to
integrate applications with <ProductName format={ProductNameFormat.ShortForm}/>;
use AuthZEN only for AuthZEN-compatible products such as API/MCP Gateways or
Identity Providers." Ensure the new sentence still includes the following note
that AuthZEN cannot replace the native API for Write and Read endpoints (links
to update-tuples.mdx and relationship-queries.mdx).

---

68-73: Use consistent header casing for product naming.

Openfga-Authorization-Model-Id works technically, but OpenFGA-Authorization-Model-Id is clearer and aligns with product naming used elsewhere in docs.

Suggested consistency update

-By default, AuthZEN endpoints use the latest authorization model in the store. To pin requests to a specific model version, pass the `Openfga-Authorization-Model-Id` header:
+By default, AuthZEN endpoints use the latest authorization model in the store. To pin requests to a specific model version, pass the `OpenFGA-Authorization-Model-Id` header:
@@
-Openfga-Authorization-Model-Id: 01G50QVV17PECNVAHX1GG4Y5NC
+OpenFGA-Authorization-Model-Id: 01G50QVV17PECNVAHX1GG4Y5NC
@@
-The AuthZEN spec does not define a standard way to pin requests to a specific model version. <ProductName format={ProductNameFormat.ShortForm}/> adds `Openfga-Authorization-Model-Id` as an OpenFGA-specific request header extension.
+The AuthZEN spec does not define a standard way to pin requests to a specific model version. <ProductName format={ProductNameFormat.ShortForm}/> adds `OpenFGA-Authorization-Model-Id` as an OpenFGA-specific request header extension.

Also applies to: 425-425

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/content/interacting/authzen.mdx` around lines 68 - 73, Update the header
casing to match product naming by replacing `Openfga-Authorization-Model-Id`
with `OpenFGA-Authorization-Model-Id` wherever it appears (e.g., the example
POST block and the other occurrence flagged), ensuring the exact header string
`OpenFGA-Authorization-Model-Id` is used consistently in the content and
examples.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/content/interacting/authzen.mdx`:
- Line 22: Tighten the integration recommendation sentence: replace the awkward
clause that reads "We recommend that you use the native API when integrating
your application with <ProductName format={ProductNameFormat.ShortForm}/>, and
you use AuthZEN when you are integrating an AuthZEN-compatible product..." with
a concise alternative that uses the same symbols (<ProductName
format={ProductNameFormat.ShortForm}/> and AuthZEN) and clearly contrasts use
cases—for example: "Use the native API to integrate applications with
<ProductName format={ProductNameFormat.ShortForm}/>; use AuthZEN only for
AuthZEN-compatible products such as API/MCP Gateways or Identity Providers."
Ensure the new sentence still includes the following note that AuthZEN cannot
replace the native API for Write and Read endpoints (links to update-tuples.mdx
and relationship-queries.mdx).
- Around line 68-73: Update the header casing to match product naming by
replacing `Openfga-Authorization-Model-Id` with `OpenFGA-Authorization-Model-Id`
wherever it appears (e.g., the example POST block and the other occurrence
flagged), ensuring the exact header string `OpenFGA-Authorization-Model-Id` is
used consistently in the content and examples.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 824ef3c9-b73b-4cbc-8784-dd6ece686fbf

📥 Commits

Reviewing files that changed from the base of the PR and between 4d1dac2 and 6c412e4.

📒 Files selected for processing (2)

• docs/content/interacting/authzen.mdx
• docs/sidebars.js

[Copilot]

Pull request overview

Adds documentation for OpenFGA’s experimental AuthZEN interoperability API and exposes it in the Docusaurus sidebar under “Interacting with the API”.

Changes:

• Adds a new “AuthZEN API” doc entry to the docs sidebar navigation.
• Introduces a new MDX page documenting enabling the feature, available endpoints, request/response shapes, and implementation notes.

Reviewed changes

Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.

File	Description
docs/sidebars.js	Adds the new AuthZEN doc page to the “Interacting with the API” sidebar section.
docs/content/interacting/authzen.mdx	New documentation page describing the experimental AuthZEN API, endpoints, and behavior notes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.