permisyn
← All postsCreate free account
Security2026-07-02·4 min read·Permisyn

Authorization Headers Are the Governance Contract

Agent identity, user, team, purpose, risk label, and budget controls become the allow/deny contract for every model request.

Headers make authorization explicit

Permisyn treats authorization context as part of the request contract. That makes the allow/deny decision reviewable, testable, and independent of a programming language or framework.

HeaderPurpose
X-Permisyn-AgentAgent attribution and dashboard grouping
X-Permisyn-UserAccountable human user
X-Permisyn-TeamTeam/department attribution and usage rollups
X-Permisyn-RiskDeclarative risk label, recorded in the receipt
X-Permisyn-PurposeBusiness context in signed evidence
X-Permisyn-Max-Cost-USDPre-call budget enforcement
governed-call.shbash
curl https://api.permisyn.com/v1/chat/completions \
  -H "Authorization: Bearer $YOUR_PROVIDER_KEY" \
  -H "X-Permisyn-Key: psyn_live_xxx" \
  -H "X-Permisyn-Agent: finance-report-agent" \
  -H "X-Permisyn-User: finance-owner@company.com" \
  -H "X-Permisyn-Team: finance" \
  -H "X-Permisyn-Max-Cost-USD: 1.00"
#headers#policy#security
Route your agent through Permisyn

Change the model base URL. Keep your existing client. Agent passports, kill switch, signed audit trail, cost cap.

OPENAI_BASE_URL=https://api.permisyn.com/v1
OPENAI_API_KEY=$YOUR_PROVIDER_KEY
X-Permisyn-Key: psyn_live_...
X-Permisyn-Agent: production-agent
Get free API keyRead the docs
More integrations
Infrastructure

AI Authorization Is Not Observability

5 min read
Compliance

Evidence-Ready AI Without App Instrumentation

6 min read
Infrastructure

The AI Flight Recorder for Agents

6 min read