What is the difference between Prisma Token and Prisma Secret?

May 29, 2019

According to Prisma doc here, to protect your Prisma API, you’ll need a service secret.

You can set your service secret as the value for the secret property of prisma.yml

secret: my-secret-42

Prisma will use the service secret in the generation of a JWT service token.

You can use the command prisma token to create that token.

Once created, the token needs to be attached to the Authorization header HTTP requests made to the PRISMA API. Note here that the token needs to be prepnded with “Bearer”. The value for the “Authorization” property of your Http header should look like the following:

"Authorization": "Bearer __YOUR_SERVICE_TOKEN__"

Using the token is important especially if we don’t want our Prisma API to be public.


Prisma Secret - the secret key used to generate JWT for Prisma API user authorization.

Prisma Token - the JWT attached to the header of the Http request sent to the Prisma API server.

Here’s the basic flow of Prisma API authorization:

  1. Define a service secret for the secret property in your prisma.yml
  2. Generate token with the command prisma token
  3. Assign the value “Bearer __YOURSECRETTOKEN” to the “Authorization” key of the header.

Get post updates via email