Security best practices and authorization model for the Prisme.ai API
TLS Encryption
https://
URLs for API calls.Microservices Architecture
x-prismeai-user-id
header from the api-gatewayIP Restrictions
JWT Signing and Rotation
JWKS_ROTATION_DAYS
setting (default: 30 days)ACCESS_TOKENS_MAX_AGE
(default: 30 days)JWT Configuration
Variable | Description | Default Value |
---|---|---|
JWKS_ROTATION_DAYS | Rotation period in days | 30 |
JWKS_KTY | JWK Algorithm family | RSA |
JWKS_ALG | JWK signature algorithm | RS256 |
JWKS_SIZE | JWK size | 2048 |
ACCESS_TOKENS_MAX_AGE | JWT expiration time in seconds | 2592000 (30 days) |
https://api.studio.prisme.ai/oidc/jwks
for JWT verification.Secure Token Handling
Implement Least Privilege
Input Validation
Secure Automation Development
Regular Security Review
Security Monitoring
Logging
Incident Response