Permify: From spaghetti authorization code to single source of truth

Kaan Eren
3 min readApr 26, 2022


In the past decade SaaS adoption has grown immensely and the tools have become much more complex compared to earlier iterations. With the majority of SaaS apps offering multiple user tiers the need for engineering teams to implement multi-tier based architectures became glaringly evident. The authorization process allows developers to decide what data someone can see (like messages and profiles) once a user logs into an app. Typically, developers write their own user authorization systems. And, most developers are used to rolling their own authorization because they don’t realize that good substitutes exist, and until recently, there really weren’t any.

And on the demand side, users expect much more than logging-in from their SaaS apps to satisfy complex organizational authorization schemes. Maintaining tenant-based access control and authorization in a multi-tenant SaaS application can become very complex and/or siloed to preserve this tenancy, leading to development teams doing repetitive work to create custom roles for their users and eventually hit a wall.

Permify abstracts away the authorization logic from application code by providing a single API

Permify presents a flexible approach to access control models on a self-service model, enabling developers to execute multi-tenant authorization schemes and an accompanying dashboard to manage those settings on the fly to become a single source of truth for authorizations.

Similar to other API-first companies (e.g. Twilio) showing developers the value of offloading work that isn’t core to their product, Permify wants customers to offload their authorization work to it, enabling them to implement fine grained authorization (RBAC & ABAC) and advanced multi-tenancy within their apps. Permify also offers pre-built integrations to other tools such as Auth0 to enable a full-stack experience for its clients.

Permify is one of select few companies that saw a large opportunity for outsourcing authorization work

The current competitive landscape is dominated by DIY which requires writing boilerplate authorization code and leads to nonlinear complexity increases while creating the need to integrate databases, active directories, Auth0/Okta-like access control platforms.

Truly complementary Founder trio with demonstrated execution speed

The founding team (Fıratcan, Tolga, Ege) has a unique mix of technical and execution skills, as they were quick to develop their product and relentless in getting the MVP out to the market to start engaging with potential customers right off the bat.

I remember the day I stumbled upon Fıratcan’s tweets ( about Permify and after spending a good 20 minutes on their website, sent him a message — to which he responded within just a couple minutes and we started chatting. As we dived deeper into Permify we were impressed with the founders’ devotion to “build in public” mantra and product-led-growth as well as their technical skills. Looking back, we probably were impressed the most by their A-grade meme game which can be found on Permify’s Linkedin & Twitter pages.

Our relationship has gone parabolic as we engaged further, commending their ability to be some of the few people that saw this wave coming and their passion for building a consumer-grade Dev tool. I have the utmost belief in their abilities to win in this space leveraging their technical expertise to build for developers.

Welcome to the 500 Family guys!! #500Strong



Kaan Eren

Investment Manager @ 500 Global