According to Prisma doc here, to protect your Prisma API, you’ll need a service secret.
You can set your service secret as the value for the
secret property of
Prisma will use the service secret in the generation of a JWT service token.
You can use the command
prisma token to create that token.
Once created, the token needs to be attached to the
Authorization header HTTP requests made to the PRISMA API. Note here that the token needs to be prepnded with “Bearer”. The value for the “Authorization” property of your Http header should look like the following:
"Authorization": "Bearer __YOUR_SERVICE_TOKEN__"
Using the token is important especially if we don’t want our Prisma API to be public.
Prisma Secret - the secret key used to generate JWT for Prisma API user authorization.
Prisma Token - the JWT attached to the header of the Http request sent to the Prisma API server.
Here’s the basic flow of Prisma API authorization:
- Define a service secret for the
secretproperty in your
- Generate token with the command
- Assign the value “Bearer __YOURSECRETTOKEN” to the “Authorization” key of the header.