Security Protocol

Authentication

Prizm uses Bearer tokens to authenticate requests. All API requests must be made over HTTPS.

Authentication is handled via the Authorization header. Your API keys carry significant privileges, so be sure to keep them secure.

Authorization: Bearer tm_live_••••••••••••••••

We recommend rotating secret keys every 90 days. You can specify an expiry date during key generation in the "Security" settings.

If a key is leaked, revoke it immediately through the dashboard. Revocation is instantaneous across all global edge nodes.

Custom SAML & OIDC connectors available for organization plans.