Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I'm wondering, is there a way to secure keto-write endpoint and prevent unauthorized users of creating/editing/deleting relation tuples?

Does this help? <https://www.ory.sh/docs/self-hosted/operations/api-access-control>

<@U02FKL33NBE> mmm, not that much :joy:  We are trying to solve the use case as detailed here: <https://ory-community.slack.com/archives/C012RBZFMDG/p1688127723312969?thread_ts=1688066308.248209&amp;cid=C012RBZFMDG>

Any suggestion/idea/comment is truly appreciated.

Well, that seems a separate oathkeeper question so worth asking in that channel!  The answer  on how to secure keto-write endpoint is to put it behind any firewall or API gateway and that sometimes you might want to write a custom middleware layer or similar.