Now with scheduled testing & CI/CD integration

Stop Guessing If Your
API Permissions Actually Work

Define roles, set permissions, run tests. Permitta automatically verifies your RBAC rules work exactly as intended — so you catch permission bugs before they hit production.

Start Testing FreeSee How It Works
permitta.io / My API Project / Permissions
EndpointAdminEditorViewer
GET/api/users
POST/api/users
DELETE/api/users/:id
PUT/api/settings
4 endpoints × 3 roles — 12 permission rulesAll tests passing

Built for teams of all sizes

StartupsAgenciesEnterprises

Everything You Need to Test Authorization

From simple role checks to complex permission matrices, Permitta handles it all.

Permission Matrix

Visual grid to define which roles should access which endpoints. ALLOW or DENY with one click.

One-Click Testing

Run hundreds of permission tests in seconds. Every role against every endpoint, automatically.

Scheduled Tests

Set up hourly, daily, or weekly test runs. Get notified when permissions drift.

CI/CD Integration

API access for Jenkins, GitHub Actions, and any CI pipeline. Fail builds on permission errors.

Team Collaboration

Invite your team with role-based access. Share projects and test results securely.

Slack Notifications

Get instant alerts when tests fail. Integrate with your existing workflow.

Built For Teams Who Ship APIs

Whether you're a solo dev or a platform team, Permitta fits into how you already work.

Backend Developers

You built the API and the auth logic. Now verify it actually works the way you intended — across every role and endpoint.

DevOps & Platform Teams

Add permission tests to your CI/CD pipeline. Catch authorization regressions on every deploy, not after.

Security-Minded Teams

Broken access control is the #1 OWASP risk. Scheduled tests and drift detection keep your permissions honest.

Up and Running in Minutes

No complex setup. No infrastructure to manage. Just results.

1

Create a Project

Add your API base URL and choose your authentication type (Bearer, API Key, Basic Auth, or custom headers).

2

Define Endpoints

Add the endpoints you want to test. Import from OpenAPI/Swagger or add manually.

3

Set Up Roles

Create roles like Admin, Editor, Viewer. Add their authentication tokens or API keys.

4

Configure Permissions

Use the visual matrix to define which roles should be allowed or denied for each endpoint.

5

Run & Monitor

Execute tests on-demand or on a schedule. Get instant results and track changes over time.

Why Teams Stay With Permitta

Permitta isn't a one-time audit. It's continuous confidence that your permissions are correct.

Catch Drift Early

Permissions change as teams ship. Scheduled tests catch regressions the moment they happen — not when a customer reports a data leak.

Full Audit Trail

Every test run is recorded. See exactly when permissions changed and what broke — invaluable for compliance and incident response.

Grows With Your API

Add new endpoints and roles as your API evolves. Permitta scales your permission testing automatically — no extra test scripts to maintain.

Never Miss a Failure

Slack and email notifications mean your team knows the moment something breaks — before it becomes an incident.

Simple, Transparent Pricing

Start free, upgrade when you need more

Free

$0/month

Perfect for trying out Permitta

  • 2 projects
  • 50 tests per month
  • Basic test runner
  • 7-day test history
  • Community support
Get Started
POPULAR

Pro

$29/month

For professional developers

  • 10 projects
  • 500 tests per month
  • Scheduled tests
  • API access for CI/CD
  • Multiple environments
  • Slack notifications
  • 90-day test history
  • Email support
Get Started

Team

$99/month

For growing teams

  • Unlimited projects
  • Unlimited tests
  • Unlimited team members
  • All Pro features
  • Priority support
  • Unlimited test history
  • Custom integrations
  • SSO (coming soon)
Get Started

Your Data, Your Control

We take data protection seriously. Here's how Permitta keeps your information safe.

Tokens Encrypted at Rest

Your auth tokens and API keys are encrypted before they ever touch our database.

No Response Data Stored

We only store pass/fail results and status codes. Your actual API responses never hit our servers.

Use Scoped Test Tokens

We recommend using test-specific tokens with limited permissions — never your production master keys.

Frequently Asked Questions

How is this different from Postman?

Postman is for general API testing - you write individual test scripts. Permitta is specifically for authorization testing - define your roles and permissions once, and we auto-generate tests for every role×endpoint combination. It's the difference between writing 100 tests manually vs. clicking one button.

Does Permitta work with my auth provider?

Yes! Permitta works with any auth system - Keycloak, Auth0, Okta, Firebase, custom JWT, API keys, you name it. We just need the tokens your roles use to authenticate.

Can I use this in my CI/CD pipeline?

Absolutely. Generate an API key and call our REST API from GitHub Actions, Jenkins, GitLab CI, or any other pipeline. Fail your builds when permission tests don't pass.

How do scheduled tests work?

Set up hourly, daily, or weekly test runs. When permissions drift or someone misconfigures access, you'll get a Slack or email notification immediately.

Is my API data secure?

We never store your API responses - only pass/fail results. Auth tokens are encrypted at rest. We recommend using test-specific tokens with limited permissions.

Can I try before I buy?

Yes! The Free tier gives you 2 projects and 50 tests/month - enough to fully evaluate Permitta. No credit card required.

Ready to Trust Your Permissions?

Join developers who use Permitta to catch broken access control before it hits production.

Get Started Free

No credit card required