permisyn
← All postsCreate free account
Infrastructure2026-07-02·5 min read·Permisyn

AI Authorization Is Not Observability

Most AI tools tell you what happened after the model call. Permisyn decides whether the call is allowed before the provider sees it.

The gap

Tracing, evals, gateways, and dashboards are useful, but they are not authorization. A risky model call has already happened by the time the alert arrives. Permisyn moves the allow/deny decision into the traffic path: authorize, deny, meter, sign, and prove.

The core question changes from 'what happened?' to 'was this allowed to happen?'

The deployment model

proxy.shbash
export OPENAI_BASE_URL=https://api.permisyn.com/v1
export PERMISYN_API_KEY=psyn_live_...
export OPENAI_API_KEY=$YOUR_PROVIDER_KEY

curl https://api.permisyn.com/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "X-Permisyn-Key: $PERMISYN_API_KEY" \
  -H "X-Permisyn-Agent: production-agent" \
  -H "X-Permisyn-Risk: HIGH"

Why it matters

Test findings
No in-process library needs installing in every application team's codebase.
Permisyn does not need to store the upstream provider key.
Permission is enforced before the upstream provider receives traffic.
Passport and cost-cap rules are blocking controls, not notifications.
Every authorized call becomes signed evidence with a public proof surface.
#authorization#evidence#pre-execution
Route your agent through Permisyn

Change the model base URL. Keep your existing client. Agent passports, kill switch, signed audit trail, cost cap.

OPENAI_BASE_URL=https://api.permisyn.com/v1
OPENAI_API_KEY=$YOUR_PROVIDER_KEY
X-Permisyn-Key: psyn_live_...
X-Permisyn-Agent: production-agent
Get free API keyRead the docs
More integrations
Security

Authorization Headers Are the Governance Contract

4 min read
Compliance

Evidence-Ready AI Without App Instrumentation

6 min read
Infrastructure

The AI Flight Recorder for Agents

6 min read