Obtain your API base URL from the Prisma Cloud console (e.g., api.prismacloud.io or a region-specific variant) and create Access Key and Secret Key credentials in Settings > Access Keys.
Authenticate by POST-ing to /login with a JSON body containing username (the Access Key) and password (the Secret Key); the response contains a token valid for ten minutes.
Use the token in subsequent requests with the header x-redlock-auth: YOUR_TOKEN.
List open alerts with POST /v2/alert and a JSON body specifying filters such as timeRange, alert.status: open, and policy.severity.
Page through results using the pageToken field returned in the response; repeat requests until nextPageToken is absent.
For each alert, extract fields including alertId, policy.name, resource.name, and resource.cloudType for downstream ticketing or reporting.
Known gotchas
The JWT token expires in ten minutes; build token refresh logic into long-running automation rather than reusing a cached token.
POST /v2/alert returns alerts matching all filters combined with AND logic; using too many filters can unexpectedly return an empty set.
Prisma Cloud API base URLs are tenant-specific and region-scoped; the URL shown in your browser console is the correct starting point.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp