Permit.io, a startup that provides a full-stack authorization framework to help other companies build permissions systems into their products, today announced that it has raised a $6 million seed funding round. The round was led by NFX, in addition to previous investor Rainfall Ventures and a number of angel investors, including Aqua Security CTO and co-founder Amir Jerbi, Snyk co-founder Danny Grander and LaunchDarkly CTO and co-founder John Kodumal.
The company was co-founded by former Rookout CEO and co-founder Or Weis and former Facebook and Microsoft engineer Asaf Cohen.
“With Rookout, I ended up rebuilding access control five times,” Weis told me. “That’s probably four times — if not five times — too much. And when I talked to Asaf about it, we both quickly reminisced about so many times we built this from scratch. […] This is a constant problem that annoys all developers and we just want to get rid of it.”
He also noted how this problem is only becoming worse, in part because of the growth of microservices and the increasing number of applications that are mainly interacting with each other on behalf of their users.
“Just like with feature-flags, permissions have been something developers have been building over and over again,” said LaunchDarkly’s Kodumal. “Permit.io’s authorization puts an end to this struggle once and for all. You basically just have to plug it in, and you’re done — a simple, elegant and time-saving solution.”
Built on top of the open source OPAL project, Permit.io provides developers with all of the infrastructure and developer tools to manage authorization, in addition to the back-office services to enable not just developers but virtually anybody inside a company to manage permissions. For the developer, the service decouples policies from their code so there is no need to explicitly bake access policies into their applications (which also allows for far more flexibility later on).
Because the company focuses on authorization — not authentication — it also plays nicely with providers like Auth0, Cognito, Okta and others. “Unlike authentication and identity management, where society has agreed on what the standard is, authorization is still evolving and changing,” Weis noted. “I think what we’ll be seeing here is the stack evolving. There are things like Opal which we’ve already adopted and things like Google Zanzibar, a graph-based approach that we are looking to adopt as well […] What we’re trying to do is, as this is evolving, abstract that revolution — and the challenge of tracking that evolution — away for our customers. If you use our solution, we will just bring to you what the market has decided is best.”
“Permit.io’s founders have a unique vision that doesn’t just look at what’s broken and needs to be fixed, but rather envisions a new and completely different reality,” said Gigi Levy-Weiss, general partner at NFX. “By understanding what engineers are dealing with today and the impact that has on organizations, they were able to create a solution that reorganizes the ecosystem, and how it’s interconnected safely through access controls.”