E

elgon

performance-first for Go APIs

Documentation

Auth & RBAC

Protect routes with JWT and role/permission checks.

Overview

Use authentication middleware and explicit authorization rules per route group.

Example

Go

api := app.Group("/api", auth.Auth(jwt), auth.RequirePerm("users:write"))

Best Practices

  • Separate authN and authZ concerns.
  • Keep permissions scoped to resource actions.

Common Pitfalls

  • Encoding too much policy logic in handlers.
  • Using long-lived tokens without rotation.

Previous

Validation

Next

CORS / Security