Authentication
Most public endpoints require a Prismatic API key. OpenAI-style clients use Authorization: Bearer; Gemini-style clients can use Authorization: Bearer, x-api-key or x-goog-api-key; Anthropic-style clients can use x-api-key plus anthropic-version.
Standard header
Use this header for OpenAI-compatible endpoints and direct HTTP clients that expect bearer authentication.
Authorization: Bearer pa_YOUR_KEY
Anthropic-compatible header
Use this header set for POST /v1/messages and POST /v1/messages/count_tokens when your client speaks the Anthropic protocol.
x-api-key: pa_YOUR_KEY anthropic-version: 2023-06-01
Gemini-compatible headers
Gemini-compatible routes accept the same Prismatic customer API key through Authorization: Bearer, x-api-key or x-goog-api-key. The value is your Prismatic key, not a Google API key.
- Recommended for Gemini SDK-style clients:
x-goog-api-key: pa_YOUR_KEY. - Recommended for generic HTTP clients:
Authorization: Bearer pa_YOUR_KEY. - Do not send upstream provider keys to Prismatic public routes.
Where to get your key
Open the Prismatic dashboard, go to API Keys and generate a customer API key. Keep the full key secret; only the prefix is safe to display in logs or UI.
Best practices
- Keep keys server-side whenever possible.
- Rotate keys immediately if a client, screenshot or repository exposes one.
- Use one key per environment or integration when practical.
- Handle
401authentication errors separately from402billing and429rate-limit responses.