TIP
Original: View on authzed.com
中文版: 查看中文版
Official Client Libraries
SpiceDB is accessed primarily through a gRPC API, enabling client library generation for any programming language.
Officially Maintained Libraries
AuthZed builds and maintains gRPC client libraries for:
- Go — authzed-go
- Node.js — authzed-node
- Python — authzed-py
- Ruby — authzed-rb
- Java — authzed-java
- .NET — authzed-dotnet
These libraries are generated from protobuf definitions in the API repository, with primary documentation available through buf documentation for SpiceDB services.
Local Development Configuration
Without TLS (Most Common)
Use insecure plaintext credentials for localhost, Docker, OrbStack, and other local environments without TLS:
| Language | Configuration |
|---|---|
| Node.js | v1.ClientSecurity.INSECURE_PLAINTEXT_CREDENTIALS |
| Go | grpcutil.WithInsecureBearerToken() and grpc.WithTransportCredentials(insecure.NewCredentials()) |
| Python | insecure_bearer_token_credentials() |
| Ruby | credentials: :this_channel_is_insecure |
| Java | .usePlaintext() |
| .NET | ChannelCredentials.Insecure with UnsafeUseInsecureChannelCallCredentials = true |
With Self-Signed TLS Certificates
- Node.js: Use
v1.ClientSecurity.INSECURE_LOCALHOST_ALLOWEDto allow localhost connections without CA verification. - Go: Load self-signed CA explicitly with
grpcutil.WithCustomCerts()or useInsecureSkipVerifyfor localhost only (not recommended for production).
HTTP Clients
SpiceDB exposes an HTTP API when run with the --http-enabled flag. While AuthZed doesn't officially maintain HTTP client libraries, OpenAPI documentation is available and can be converted into clients using tools like openapi-ts or openapi-python-client.
Additional Resources
- zed: AuthZed's command-line client for SpiceDB API interaction
- Community clients: Discover more languages and integrations in the Awesome SpiceDB repository's Clients section