Prism IO™ users authenticate via WordPress at
prismio.ai/my-account/. Once authenticated, the
Prism IO Auth Bridge mu-plugin mints an HMAC-signed
handoff token and redirects to
app.prismio.ai/auth/handoff?token=...&user_id=.... The
app exchanges the handoff token for a long-lived access JWT via
POST /api/auth/handoff.
For developer access (no browser flow), use a Prism IO API key
minted at app.prismio.ai/dashboard/settings/api-keys.
Pro Core tier and above support API key access.
Once you have a JWT, every authenticated endpoint expects an
Authorization: Bearer <JWT> header.
curl https://api.prismio.ai/api/v1/capabilities \
-H "Authorization: Bearer $PRISMIO_JWT"Response (Pro Core tier example):
{
"tier": "Pro Core",
"tier_slug": "pro_core",
"tier_limits": {
"governance_calls_per_day": 100000,
"bim_max_models": 5,
"personas_max": 999,
"team_seats_max": 25,
"api_keys_max": 5
},
"features": {
"mcp_server_access": true,
"multi_brand_bim": false,
"closed_loop_reinforcement": true,
"custom_mcp_deployment": false,
"drift_detection": true,
"compliance_drill_down": true,
"audit_log_export": true,
"rest_api_access": true,
"ai_safety_filters": false,
"sso_saml": false
}
}Every error response (4xx / 5xx) returns the canonical envelope:
{
"error": {
"code": "tier_limit_exceeded",
"message": "Your tier allows up to 5 BIMs.",
"param": "brand_model_id",
"type": "invalid_request_error"
}
}See Error codes for the full taxonomy.