A resource is an instance of a resource type that represents an entity in your application. Resources can be workspaces, projects, apps, or any other object that users can access.
Resources are organized in a hierarchy. When a role is assigned to a user on a parent resource, they automatically gain access to child resources through permission inheritance.
const resource = { object: 'authorization_resource', id: 'authz_resource_01HXYZ123456789ABCDEFGH', externalId: 'proj-456', name: 'Website Redesign', description: 'Company website redesign project', resourceTypeSlug: 'project', parentResourceId: 'authz_resource_01XYZ789ABCDEFGHIJKLMN', organizationId: 'org_01EHZNVPK3SFK441A1RGBFSHRT', createdAt: '2025-01-15T14:30:00.000Z', updatedAt: '2025-01-15T14:30:00.000Z', };
AuthorizationResourceGet a paginated list of authorization resources. Use query parameters to filter by organization, resource type, or parent resource.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const resources = await workos.authorization.listResources({ organizationId: 'org_01ABC123', resourceTypeSlug: 'project', parentResourceId: 'authz_resource_01XYZ789', search: 'budget', limit: 10, order: 'desc', });
authorizationParameters objectReturns objectCreate a new authorization resource. The resource is associated with an organization and resource type.
You can optionally specify a parent resource to place it in a hierarchy. The parent can be identified either by parent_resource_id or by the combination of parent_resource_external_id and parent_resource_type_slug.
The external_id must be unique within the organization and resource type
combination.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); // Option 1: by parent resource ID const resource = await workos.authorization.createResource({ organizationId: 'org_01ABC123', resourceTypeSlug: 'project', externalId: 'proj-456', name: 'Website Redesign', description: 'Company website redesign project', parentResourceId: 'authz_resource_01XYZ789', }); // Option 2: by parent external ID + type const resourceByExternal = await workos.authorization.createResource({ organizationId: 'org_01ABC123', resourceTypeSlug: 'project', externalId: 'proj-789', name: 'Mobile App', parentResourceExternalId: 'ws-123', parentResourceTypeSlug: 'workspace', });
authorizationParameters objectReturns Retrieve the details of an authorization resource by its ID.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const resource = await workos.authorization.getResource( 'authz_resource_01HXYZ123456789ABCDEFGH', );
authorizationParameters Returns Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const resource = await workos.authorization.getResourceByExternalId({ organizationId: 'org_01ABC123', resourceTypeSlug: 'project', externalId: 'proj-456', });
authorizationParameters objectReturns Update an existing authorization resource. Only the fields provided will be updated.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const resource = await workos.authorization.updateResource({ resourceId: 'authz_resource_01HXYZ123456789ABCDEFGH', name: 'Updated Name', description: 'Updated description', });
authorizationParameters objectReturns Update an existing authorization resource using its external ID. Only the fields provided will be updated.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const resource = await workos.authorization.updateResourceByExternalId({ organizationId: 'org_01ABC123', resourceTypeSlug: 'project', externalId: 'proj-456', name: 'Updated Name', description: 'Updated description', });
authorizationParameters objectReturns Delete an authorization resource. By default, this will fail if the resource has child resources or role assignments. Set cascade_delete to true to delete the resource along with all its descendants and role assignments.
Deleting a resource also removes all role assignments on that resource. This action cannot be undone.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); await workos.authorization.deleteResource({ resourceId: 'authz_resource_01HXYZ123456789ABCDEFGH', cascadeDelete: true, });
authorizationParameters objectReturns Delete an authorization resource using its external ID. By default, this will fail if the resource has child resources or role assignments. Set cascade_delete to true to delete the resource along with all its descendants and role assignments.
Deleting a resource also removes all role assignments on that resource. This action cannot be undone.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); await workos.authorization.deleteResourceByExternalId({ organizationId: 'org_01ABC123', resourceTypeSlug: 'project', externalId: 'proj-456', cascadeDelete: true, });
authorizationParameters objectReturns