Prisma

:question: Terrible newbie question here: I have set up a Demo server in *Prisma Cloud*.  Correct me if I am wrong, but _there seems to be no authentication?_. Once somebody knows the URL of this demo server, can they fire queries against it?

you can add a `secret` to `prisma.yml` to protect your Prisma API: <https://www.prisma.io/docs/reference/prisma-api/concepts-utee3eiquo#authentication>

Hi <@U0RQY0KK5>, thanks for the swift response! Makes me all happy and warm inside :slightly_smiling_face:

Don't understand how I could have missed this, it's even in the comments in `prisma.yml`

how does that works with JWT obtained from auth0?

the JWT you would use to protect _your_ server (the one calling prisma)

exactly what i’m doing :slightly_smiling_face: when i add secret to the prisma.yml and deploy it, every request from my server is unauthorised, that part im having hard time to understand. setup is std express/TS where i have middleware which is processing Auth header (auth0 JWT) .

what do you mean every request from your server? where are you getting an authorized error from? is it from your server calling prisma, or your client calling your server?

I'm not quite following, can you elaborate <@U9WSNCWMS> :slightly_smiling_face:

<@U8ZQADW1H> &amp; <@U0RQY0KK5> i went through the docs, examples and my code to find out what the heck is going on, it turns out that some of the variables were missing (.env) and misconfiguration (sending the wring JWT ) to different endpoints. It was(is) confusing for me to get my head around when prisma starts and ends without real deployments on different envs. I deployed prisma to app.prisma.sh and server to now.sh. then i tested it and it started making a lot of sense.

i would expect that `prisma deploy` deploys the directory i’m in(server source code) not just part of it (structure). i guess that was most confusing part