Return the authorisation snapshot for the calling consumer's delegation on a Norwegian organisation. The response carries: the current status enum (full / partial / none); the missing_scopes array (Altinn / Maskinporten scope tokens the delegation lacks — empty when status=full); the granted_scop...
Part of the Mcp server.
Free to start. No card required.
AI agents call check_authorization to retrieve information from Mcp without modifying any data. This is common in research, monitoring, and reporting workflows where the agent needs context before taking action. Because read operations don't change state, they are generally safe to allow without restrictions -- but you may still want rate limits to control API costs.
Even though check_authorization only reads data, uncontrolled read access can leak sensitive information or rack up API costs. An agent caught in a retry loop could make thousands of calls per minute. A rate limit gives you a safety net without blocking legitimate use.
Read-only tools are safe to allow by default. No rate limit needed unless you want to control costs.
{
"version": "1",
"default": "deny",
"tools": {
"check_authorization": {}
}
}See the full Mcp policy for all 13 tools.
These attack patterns abuse exactly the kind of access check_authorization gives an agent. Each links to the full case and the policy that stops it:
Other read tools across the catalogue. The same approach applies to each: allow, with a rate cap to control cost.
Return the authorisation snapshot for the calling consumer's delegation on a Norwegian organisation. The response carries: the current status enum (full / partial / none); the missing_scopes array (Altinn / Maskinporten scope tokens the delegation lacks — empty when status=full); the granted_scopes array (the scope tokens the delegation already covers); and the delegation_chain (ordered list of System-User and consumer-id breadcrumbs the auth gateway walked to derive the verdict). Agents that need to check whether a SPECIFIC regulatory action (submit_mva, file_a_melding, etc.) is permitted should fetch the snapshot via this tool and compare granted_scopes to the scopes their target action requires — the rulebook's action→scope mapping is in the openapi.json x-action-scopes extension. The evaluation always runs against the calling consumer — there is no per-action and no per-actor input at v1. (The PR-070-tools brief's proposed action and actor_national_id parameters were dropped to match the route exactly. The underlying /v1/auth/permissions/{org} route does not parse either today; both will land in future PRs once the route adds the parameters AND a canonical fnr validator + shared hashFnr helper extract from PR-MCP-02's inline implementation per SA-001 §3.) Failure modes: SCOPE_INSUFFICIENT if the API key is not scoped read:altinn; VALIDATION_FAILED on shape or mod-11. The underlying endpoint is always a 200 — when no delegation exists for the (consumer, org) pair the verdict is status: "none" with the missing scopes enumerated, NOT a 404. Required scope: read:altinn.. It is categorised as a Read tool in the Mcp MCP Server, which means it retrieves data without modifying state.
Register the MCP server in PolicyLayer and add a rule for check_authorization: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp. Nothing to install.
check_authorization is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the check_authorization rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for check_authorization. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
check_authorization is provided by the MCP server (https://www.apier.no/api/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 13 Mcp tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.