Permit.io, a startup that provides a full-stack authorization framework to help other companies build authorization systems into their products, announced today that it has raised a $6 million seed funding round. The round was led by NFX, alongside previous investor Rainfall Ventures and a number of angel investors, including Aqua Security CTO and co-founder Amir Jerbi, Snyk co-founder Danny Grander and LaunchDarkly CTO and co-founder John Kodumal.
The company was co-founded by former Rookout CEO and co-founder Or Weis and former Facebook and Microsoft engineer Asaf Cohen.
“With Rookout, I ended up converting access control five times,” Weis told me. “That’s probably four times – if not five times – too many. And when I spoke to Asaf about it, we both quickly reminisced about the many times we had built this from scratch. […] This is a constant problem that annoys all developers and we just want to get rid of it.”
He also noted that this problem is only getting worse, partly due to the growth of microservices and the increasing number of applications that communicate with each other primarily on behalf of their users.
“As with feature flags, permissions have been something developers have built over and over again,” says LaunchDarkly’s Kodumal. “The permission of Permit.io puts an end to this battle once and for all. You basically just plug it in and you’re done: a simple, elegant and time-saving solution.”
Built on top of the open source OPAL project, Permit.io provides developers with all the infrastructure and developer tools to manage authorization, in addition to the back office services that allow not only developers, but virtually anyone in a company to manage permissions. For the developer, the service decouples the policies from their code, so there’s no need to explicitly build access policies into their applications (which also allows for a lot more flexibility later on).
Since the company focuses on authorization – not authentication – it also plays well with providers like Auth0, Cognito, Okta, and others. “Unlike authentication and identity management, where society has agreed on what is the standard, authorization is still evolving and changing,” notes Weis. “I think we’re going to see the stack evolve here. There are things like Opal that we have already adopted and things like Google Zanzibar which is a graph based approach that we also want to apply […] What we’re trying to do is, as this evolves, abstract that revolution — and the challenge of following that evolution — away for our customers. When you use our solution, we just bring you what the market has decided is best.”
“The founders of Permit.io have a unique vision that doesn’t just look at what’s broken and needs fixing, but rather envisions a new and completely different reality,” said Gigi Levy-Weiss, general partner at NFX. “By understanding what engineers are dealing with today and the impact it has on organizations, they were able to create a solution that reorganizes the ecosystem and how it is securely connected through access controls.”