Partner Database Provisioning & User Claim Flow
Introduction
This guide walks you through how to use the Prisma Postgres Management API, to power experiences like the npx create-db command.
You'll learn how to provision a Prisma Postgres database on your workspace as a partner, and how to transfer it to another user's workspace so they can "claim" the database. We'll cover how the process is secured using OAuth2, and by the end, you'll understand the full flow and how to integrate it into your own product experience.
This guide references the actual implementation in the npx create-db CLI and Cloudflare Workers as real world examples. The repo for the npx create-db is here, which can be used as a reference for how to use the Management API in your own projects.
The two Cloudflare Workers in this guide are just reference examples. You would typically build this logic into your own backend or serverless functions.
Similarly, the npx create-db CLI is a simple demo. In your product, you can trigger the same API calls from your own UI or onboarding flows to create a seamless experience for your users.
Core Concepts
Before diving into implementation, let's clarify the main concepts involved in the Management API integration:
- Management API: A set of endpoints that allow to programmatically provision and manage Prisma Postgres databases.
- Projects vs Databases: A project is a container that can hold multiple databases. You can use this to organize databases you create e.g. by user. Projects can then be transferred to users, including all databases they contain.
- Authentication: All API requests require authentication. As a partner, you use OAuth2 to obtain integration tokens (for your app) and facilitate secure transfers to your users.
- Tokens: There are two main types of tokens:
- Integration Token: Issued to your partner integration, scoped to provision and manage databases on your own workspace.
- User Access Token: Obtained via OAuth2 when a user authenticates with your app, scoped to the user's workspace and can be used to transfer database ownership to the user's workspace.
How to become a partner
To use the Prisma Postgres Management API, you first need to set up as a partner:
- Request access to the Management API: Contact the Prisma team from the Prisma Partners page to request access to the Management API. You will be guided through the onboarding process.
- Obtain OAuth credentials: Once approved, you will receive an OAuth client ID and client secret. These credentials are required to authenticate your integration and enable secure database transfers for your users.
For a complete list of available endpoints and details on request/response formats, see the Prisma Management API documentation.
Provisioning a Database as a Partner
To provision a new Prisma Postgres database for your users as a partner, follow these steps:
- Gather required information: Prepare the necessary details for provisioning, such as region, database name, and any other options your application requires. This information may come from user input or be determined by your application logic.
- Authenticate your integration: Use your integration token (obtained via OAuth2) to authenticate API requests. This token authenticates your app as an approved partner.
- Send a database provisioning request: Make a
POSTrequest to the Management API endpoint to create a new project with a default database. For example:
const prismaResponse = await fetch('https://api.prisma.io/v1/projects', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer <YOUR_INTEGRATION_TOKEN>`,
},
body: JSON.stringify({ region, name }),
});
-
Handle the response: If successful, the API will return the new project's details, including database connection strings and a
project_id. Store these securely and display them to your user as needed. -
(Optional) Store project metadata: You may want to associate the
project_idwith your user in your own database for future reference.
Database Claim Flow
Once a database is provisioned, you may want to transfer ownership to your user at a later point so they can manage it in their own Prisma workspace and go beyond the free database usage limits. This is done via the claim flow, which consists of three main steps:
Overview: How the Claim Flow Works
When a user wants to claim a database, your app will:
- Trigger the OAuth2 flow, redirecting the user to Prisma Auth. This is necessary, so your app will have the permissions to transfer the database into the user's workspace.
- The user authenticates and selects a workspace.
- Your backend receives an authorization code, exchanges it for a user access token, and calls the Management API transfer endpoint with both your integration token and the user's token.
This ensures the transfer is secure and only the intended user can claim the database.
1. Triggering the Claim Flow
When your user wants to take ownership of a database you provisioned for them, they need to transfer it to their own Prisma Postgres workspace. This gives them full control over it.
To initiate this process, provide a button or link in your app (e.g., "Claim Database" or "Transfer to My Workspace"). When clicked, your backend should:
- Generate a secure
statevalue to track the session and prevent CSRF attacks. - Construct an OAuth2 authorization URL with your client ID, redirect URI, and required scopes.
- Redirect the user to this URL to begin the authentication flow.
Example:
const authParams = new URLSearchParams({
client_id: YOUR_CLIENT_ID,
redirect_uri: 'https://your-app.com/auth/callback', // Your callback endpoint
response_type: 'code',
scope: 'workspace:admin', // The scope of the OAuth2 authorization
state: generateState(), // Securely track the session
});
const authUrl = `https://auth.prisma.io/authorize?${authParams.toString()}`;
// Redirect the user to authUrl
2. Authenticating the User
The user will be prompted to log in (if not already authenticated) and select the workspace where they want to claim the database. After successful authentication and workspace selection, Prisma Auth will redirect back to your callback endpoint with a code and state (and, in some cases, a project_id).
3. Finishing the Claim Flow
Your backend should now:
- Exchange the authorization code for a user access token:
const tokenResponse = await fetch('https://auth.prisma.io/token', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
code: code, // The code received from the callback
redirect_uri: 'https://your-app.com/auth/callback', // Must match the redirect_uri used in step 1
client_id: YOUR_CLIENT_ID,
client_secret: YOUR_CLIENT_SECRET,
}).toString(),
});
const tokenData = await tokenResponse.json();
- Call the Management API transfer endpoint to move the project to the selected workspace. You will need the
project_idand the user's access token:
const transferResponse = await fetch(`https://api.prisma.io/v1/projects/${project_id}/transfer`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${YOUR_INTEGRATION_TOKEN}`,
},
body: JSON.stringify({ recipientAccessToken: tokenData.access_token }),
});
If the transfer is successful, the database is now owned by the user's workspace.
Conclusion
By following this guide, you have learned how to:
- Set up as a Prisma Postgres Partner and obtain the necessary credentials
- Provision a new database for your users using the Management API
- Implement a secure claim flow that allows users to claim ownership of a database in their own workspace using OAuth2
This flow enables you to integrate Prisma Postgres provisioning and transfer seamlessly into your own product, providing a smooth onboarding experience for your users.
For further details, see the create-db repo for a reference implementation, or consult the Prisma Management API documentation.
Stay connected with Prisma
Continue your Prisma journey by connecting with our active community. Stay informed, get involved, and collaborate with other developers:
- Follow us on X for announcements, live events and useful tips.
- Join our Discord to ask questions, talk to the community, and get active support through conversations.
- Subscribe on YouTube for tutorials, demos, and streams.
- Engage on GitHub by starring the repository, reporting issues, or contributing to an issue.