After the ReBAC engine (SpiceDB and sync job) is running, connect your application with @frontegg/e10s-client. The client uses gRPC to evaluate feature, permission, route, and entity-level checks and to run lookup queries against your authorization model.
Prerequisites
Prerequisites
Configure the entitlements engine using the Entitlements setup guide before installing the SDK.
For installation, initialization, query examples, and lookup operations, go directly to the SDK reference pages:
- Node.js Entitlements —
@frontegg/e10s-clientinstall, client setup, feature/permission/route/entity checks, lookup APIs, and monitoring mode - Java Entitlements — Maven/Gradle setup and JVM client for the same engine
The SDK connects your application to your running SpiceDB instance over gRPC. Subject context (user and tenant IDs) typically comes from a decoded Frontegg JWT. The entitlements engine evaluates the authorization model and returns a boolean result.
Your App (SDK) ──gRPC──▶ SpiceDB ◀── Sync Job ◀── Frontegg CloudFor conceptual background on the authorization model — entity types, relations, actions, and hierarchies — see ReBAC.
- Entitlements setup — deploy the full engine stack locally or to Kubernetes
- ReBAC — define entity types, relations, and actions
- SDKs overview — all available SDK options