Documentation
Go SDK
The official TigerIdentity SDK for Go. Build secure, context-aware access controls with native Go support and full type safety.
Installation
Install the SDK using Go modules:
go get github.com/tigeridentity/tiger-go
Requirements: Go 1.21 or higher
Quick Start
Initialize the client and make your first access decision:
package main
import (
"context"
"fmt"
"log"
tiger "github.com/tigeridentity/tiger-go"
"github.com/tigeridentity/tiger-go/decision"
"github.com/tigeridentity/tiger-go/principal"
)
func main() {
// Initialize client
client, err := tiger.NewClient(
tiger.WithAPIKey("your-api-key"),
tiger.WithBaseURL("https://api.tigeridentity.com"),
)
if err != nil {
log.Fatal(err)
}
defer client.Close()
ctx := context.Background()
// Evaluate access
result, err := client.Decisions.Evaluate(ctx, &decision.EvaluateRequest{
PrincipalID: "user-123",
Action: "read",
Resource: "document:sensitive-report",
Context: map[string]interface{}{
"ip_address": "203.0.113.42",
"device_trust": "high",
},
})
if err != nil {
log.Fatal(err)
}
if result.Allowed {
fmt.Println("Access granted:", result.Reason)
} else {
fmt.Println("Access denied:", result.Reason)
}
// List principals
principals, err := client.Principals.List(ctx, &principal.ListOptions{
Type: principal.TypeUser,
Limit: 50,
})
if err != nil {
log.Fatal(err)
}
for _, p := range principals.Items {
fmt.Printf("Principal: %s (%s)\n", p.ID, p.Type)
}
}Key Packages
client
Core client initialization and configuration with context support and connection pooling.
tiger.NewClient()decision
Real-time access decisions with context-aware evaluation and caching.
client.Decisions.Evaluate()principal
Manage identities for users, services, and AI agents with full CRUD operations.
client.Principals.Get()policy
Create, update, and simulate access policies with versioning support.
client.Policies.Create()Usage Examples
Creating a Policy
import (
"github.com/tigeridentity/tiger-go/policy"
)
// Create a time-based access policy
newPolicy, err := client.Policies.Create(ctx, &policy.CreateRequest{
Name: "business-hours-access",
Description: "Allow access only during business hours",
Rules: []policy.Rule{
{
Effect: policy.EffectAllow,
Conditions: []policy.Condition{
{
Field: "context.time.hour",
Operator: policy.OpBetween,
Value: []int{9, 17},
},
{
Field: "context.time.weekday",
Operator: policy.OpIn,
Value: []string{"Mon", "Tue", "Wed", "Thu", "Fri"},
},
},
},
},
Resources: []string{"project:*"},
Actions: []string{"read", "write"},
})
if err != nil {
log.Fatal(err)
}
fmt.Printf("Created policy: %s\n", newPolicy.ID)Evaluating Access with Context
import (
"time"
)
// Evaluate with rich context
result, err := client.Decisions.Evaluate(ctx, &decision.EvaluateRequest{
PrincipalID: "user-alice",
Action: "deploy",
Resource: "environment:production",
Context: map[string]interface{}{
"ip_address": "10.0.1.42",
"device_trust": "high",
"mfa_verified": true,
"location": "US-West",
"risk_score": 0.12,
"session_age": time.Minute * 15,
},
})
if err != nil {
log.Fatal(err)
}
if result.Allowed {
// Proceed with action
fmt.Println("Access granted")
fmt.Printf("Matched policies: %v\n", result.MatchedPolicies)
} else {
// Deny access
fmt.Printf("Access denied: %s\n", result.Reason)
if result.RequiresMFA {
fmt.Println("MFA challenge required")
}
}Handling CAEP Events
import (
"github.com/tigeridentity/tiger-go/event"
)
// Subscribe to security events
sub, err := client.Events.Subscribe(ctx, &event.SubscribeOptions{
Types: []event.Type{
event.TypeSessionRevoked,
event.TypeRiskScoreChanged,
event.TypePrincipalDisabled,
},
})
if err != nil {
log.Fatal(err)
}
defer sub.Close()
// Process events
for evt := range sub.Events() {
switch evt.Type {
case event.TypeSessionRevoked:
fmt.Printf("Session %s revoked for principal %s\n",
evt.SessionID, evt.PrincipalID)
// Invalidate local session cache
case event.TypeRiskScoreChanged:
fmt.Printf("Risk score changed to %.2f for %s\n",
evt.RiskScore, evt.PrincipalID)
// Re-evaluate active sessions
case event.TypePrincipalDisabled:
fmt.Printf("Principal %s disabled\n", evt.PrincipalID)
// Terminate all sessions
}
}Error Handling
import (
"errors"
"github.com/tigeridentity/tiger-go/apierror"
)
result, err := client.Decisions.Evaluate(ctx, req)
if err != nil {
var apiErr *apierror.Error
if errors.As(err, &apiErr) {
switch apiErr.Code {
case apierror.CodeNotFound:
fmt.Printf("Principal not found: %s\n", apiErr.Message)
case apierror.CodeRateLimited:
fmt.Printf("Rate limited. Retry after: %v\n", apiErr.RetryAfter)
time.Sleep(apiErr.RetryAfter)
case apierror.CodeUnauthorized:
fmt.Println("Invalid API key")
default:
fmt.Printf("API error: %s (code: %s)\n", apiErr.Message, apiErr.Code)
}
} else {
// Network or other error
log.Printf("Request failed: %v\n", err)
}
return
}Configuration Options
WithAPIKey(key string)
Set the API key for authentication. Required for all API calls.
WithBaseURL(url string)
Override the default API base URL. Useful for development or self-hosted deployments.
WithTimeout(duration time.Duration)
Set request timeout. Default: 30 seconds for standard calls, 5 seconds for decisions.
WithRetry(maxRetries int)
Enable automatic retries for transient failures with exponential backoff. Default: 3 retries.
WithCache(cache cache.Cache)
Provide a custom cache implementation for decision caching. Improves performance for repeated queries.
WithLogger(logger log.Logger)
Set a custom logger for SDK debugging and request tracing.
Start building with Go
Get your API key and integrate TigerIdentity in minutes.