Crossdeck Docs
Dashboard

Prism

Intelligence layer Bank-grade · scoped keys · Read API + AI/MCP connector

Prism is Crossdeck's intelligence layer. Ask Prism anything across your whole portfolio — revenue, database read-cost, errors, per-host analytics, and the cross-layer answers only Crossdeck can give, because Crossdeck owns the identity that joins them: "this error hit user_847, who pays you $90/mo." There are two ways to reach the same intelligence — your backend reads Prism (the API), and your AI talks to Prism (the MCP connector). Everything is read-only, server-to-server, and behind a scoped key whose scope is the security boundary.

What Prism is

Crossdeck already owns four layers about your users and joins them by identity: identity (the SDK), revenue (the rails — Stripe, Apple, Google), errors, and database read-cost. Prism is the surface that hands that joined intelligence back to you. A single-layer tool can tell you "this error happened 400 times." Only Prism can tell you "…and 3 of the people it hit are paying customers worth $230/mo combined" — because it crosses the layers no single tool owns.

The brand: developers don't think "API" or "MCP" — they think "ask Prism." The MCP connector is one way of talking to Prism; the API is another way of reading it. Same intelligence underneath.

Two ways to reach Prism

 The connector (MCP)The API
Who calls itYour AI — Claude, ChatGPT, Cursor, any MCP-aware toolYour backend / Worker
How"Ask Prism" in natural languageGET requests, JSON over HTTPS
CredentialSign in once (OAuth) — no key to pasteA secret key (cd_sk_)
ReachEvery app in your workspaceOne project (the key's project)

Keys & permissions

Prism follows Stripe's restricted-key model: the key's scope is the boundary, and you grant exactly what a key may read when you mint it. Three key types:

PrefixTypeWhat it is
cd_wk_Workspace keyYour account-level credential. Reads every app you own, full suite (including identity). When you connect an AI it signs in and Crossdeck mints a short-lived, revocable one of these for the session — you never paste a key. Create a long-lived one only for programmatic API use. Server-side only.
cd_sk_Secret keyScoped to one project. Aggregate reads by default; identity (row-level) is a permission you grant at mint. This is what your backend uses, and what you'd distribute. Server-side only.
cd_pub_Publishable keyIngest only (the SDKs). Origin-locked, safe in client bundles. Cannot read Prism.

The two tiers, set on the key at mint

Identity is granted on the KEY, at mint — not a project-wide switch. Enabling something in project settings does not retroactively add a scope to a key you already minted (scope is fixed at creation). To get identity access, mint a key with the identity permission ticked, or rotate an existing identity key. A key without the scope is rejected with 403 insufficient_scope before any data is read.

Connect your AI (the connector)

Prism is a hosted, remote MCP server. You connect it the way you connect any modern app — add one URL and sign in. There is no package to install, no key to copy, and no config file to edit.

1. Add the connector. Paste this URL into your AI tool's connector settings:

https://api.cross-deck.com/mcp

2. Sign in through Crossdeck. Your AI opens a Crossdeck sign-in page — Google, GitHub, Apple or email, the same account you use in the dashboard. Approve once and the tools appear. The connection is authorized over OAuth 2.1 with PKCE; Crossdeck issues a read-only, short-lived token scoped to your workspace that renews automatically and that you can revoke any time from Developers → Prism. Your password and keys never reach the AI tool.

3. Ask Prism. The connector sees every app in your workspace; switch between them by naming them in chat (it calls list_projects and carries the project id through for you).

Prefer the API? The connector needs no key. A cd_wk_ workspace key is only for calling Prism's read API yourself, server-to-server — see the API reference. Create one in Developers → Prism.

The tools

Every tool is read-only (readOnlyHint), scoped, and paginated. list_projects shows your apps; the rest answer questions about one (pass its project id, which the AI carries through the conversation).

Portfolio

Revenue & cost

Errors

Customer & analytics

Ask Prism — intents

The point is natural language. A few real ones:

Prism as an API

The same intelligence is a API your own backend calls server-to-server — to embed Crossdeck's data inside your product, or to compute your own metrics (funnels, cohorts) from the raw events. Authenticate with a secret key:

curl https://api.cross-deck.com/v1/revenue \
  -H "Authorization: Bearer cd_sk_live_…"

Every response carries a request_id; errors are typed (Stripe-style). The /v1 prefix is canonical. Full request/response schemas, error codes, and rate limits are in the Prism — the API reference.

Endpoint reference

EndpointScopeReturns
GET /v1/workspace/projectsworkspace keyYour apps (the portfolio)
GET /v1/revenuerevenue:readMRR, paying count, per-rail split
GET /v1/bucketsbuckets:readRead-cost: per-user vs overhead, by operation
GET /v1/errorserrors:readAn issue + how many hit / pay (counts)
GET /v1/reporting/metricsreporting:aggregatePer-host views + unique visitors
GET /v1/reporting/breakdownreporting:aggregatePer-host top pages / referrers
GET /v1/reporting/eventsreporting:aggregateEvent counts grouped by a property — project-wide, or per-host with an optional host
GET /v1/errors/affected identityreporting:identityWho an error hit + what they pay (row-level)
GET /v1/reporting/people identityreporting:identityA host's people, newest-active first (paged)
GET /v1/reporting/people/{id}/journey identityreporting:identityOne person's event timeline + raw custom-event payload
GET /v1/crossmatch identitycrossmatch:readOne customer × revenue × entitlements × read-cost

Security & trust

Prism is built on one bank-grade gate every endpoint inherits. The eight guarantees:

Key lifecycle — every key, the same net

For AI platforms

Prism is a hosted, remote MCP server over Streamable HTTP, live at https://api.cross-deck.com/mcp. Authentication is OAuth 2.1 to the current MCP spec: RFC 8414 authorization-server metadata at /.well-known/oauth-authorization-server (advertising PKCE S256), RFC 7591 dynamic client registration, RFC 9728 protected-resource metadata, and a Crossdeck-branded consent screen. Every tool ships directory-grade metadata: a title, an accurate non-promotional description, a readOnlyHint annotation (all tools are read-only — no read/write mixing), scoped + paginated output, and actionable errors. Each user authorizes their own account, so the connector never sees another tenant's data.