>
    Strata Copilot
    Create a Deployment Profile for Prisma AIRS AI Runtime API
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Activation & Onboarding
    4. Prisma AIRS AI Runtime: API Intercept Overview
    5. Create a Deployment Profile for Prisma AIRS AI Runtime API
    Download PDF
    Prisma AIRS

    Create a Deployment Profile for Prisma AIRS AI Runtime API

    Table of Contents

    Create a Deployment Profile for Prisma AIRS AI Runtime API

    Create and associate a deployment profile in the Customer Support Portal for Prisma AIRS AI Runtime API.
    Where Can I Use This?What Do I Need?
    • Prisma AIRS Runtime API
    • Prisma® AI Runtime Security™ (for token-based consumption)
    • Strata™ Cloud Manager Essentials or Strata Cloud Manager Pro
    • Network Administrator role
    • Superuser role
    Token-based licensing for the Prisma AIRS Runtime API is a consumption model that shifts from fixed API calls to token consumption, where usage is priced per billion monthly tokens. This model aligns with industry standards for AI applications, providing a more granular, content-driven metric for measuring your Prisma AIRS Runtime API usage.
    For context, one token is equal to four characters. This licensing is based on billions of tokens per month. At the end of each calendar month, your token quota resets. Whenever you send a prompt, model response, or tool call to the Prisma AIRS Runtime API, the system counts the number of tokens and subtracts it from your monthly quota.
    This licensing model fundamentally changes how you measure consumption. The new model measures consumption based on the volume of "tokens" processed from your scan content. You now define Monthly Tokens (Billions) in your Prisma AIRS Runtime API deployment profile. For each Prisma AIRS Runtime API deployment profile, enter the number of tokens (billions) that you expect to consume per deployment profile per month.
    The token-based licensing architecture involves several key components that interact to manage your API usage:
    • Prisma AIRS API—This is the primary service endpoint that receives your scan requests and initiates the token computation process from your scan content.
    • Customer Support Portal (CSP)—You use this interface to define and manage your token-based deployment profiles, specifying your allocated monthly tokens.
    • Strata Cloud Manager (SCM)—This management platform allows you to activate subscriptions, associate deployment profiles with your tenants, generate API keys, and monitor your token consumption through dashboards.
    The token lifecycle begins when you define your deployment profile in the Customer Support Portal (CSP). You specify your desired Monthly Tokens (Billions) in the CSP to establish the licensed capacity for your Prisma AIRS Runtime API usage. You then activate your Prisma AIRS API deployment profile by onboarding Prisma AIRS in SCM. You associate the defined deployment profile with a specific Tenant Service Group (TSG) in SCM, either an existing one or a new one. This process activates the token-based subscription by calling a new IT license activate endpoint, which registers the license and enables token-based consumption for your deployment profile.
    You might see a higher token count in Strata Cloud Manager than in your support account; this is because Prisma AIRS rounds up to the highest integer in SCM.
    You generate unique API keys within SCM for your applications. You use these keys to authenticate scan requests to the Prisma AIRS API, and they link to your activated token-based deployment profile. When you submit a scan request to the Prisma AIRS API, the system analyzes the content of the scan and computes the corresponding token count. The system persists the computed token counts for each scan request in a backend database and simultaneously transmits them.

    Prerequisites

    • Prisma AIRS AI Runtime: API intercept feature is not available in FedRAMP-authorized cloud environments.
    • Contact Palo Alto Networks support for the first-time activation of a TSG in the Customer Support Portal.
    • To activate the deployment profile, you must have super-user privileges in TSG.
    • Ensure you have a credit pool available for Software NGFW credits, as these are required for licensing Prisma AIRS Runtime API. Your subscription includes Strata Cloud Manager, Enterprise DLP, and Strata Logging Service.
    • For onboarding Prisma AIRS AI Runtime: API intercept, ensure your TSG does not have an existing AIOps subscription. If it does, create a new TSG without AIOps (Strata Cloud Manager Base).

    Create a Runtime API Deployment Profile

    1. Log in to the Customer Support Portal.
    2. Navigate to ProductsSoftware/Cloud NGFW Credits.
    3. Locate your credit pool and click Create Deployment Profile.
    5. Enter the desired Monthly Tokens (Billions). This value defines the total token capacity allocated for your Prisma AIRS API for a monthly billing cycle. New profiles are created in steps of 1 billion tokens, with a minimum value of 1 billion, and you must use integral numbers as fractional values are not supported. The deployment profile creation form in CSP displays Monthly Tokens (Billions) instead of Max API calls per day for this new model.
      The AI Security Package 3 and Use Credits to Enable are selected by default and cannot be changed.
    6. Click Create Deployment Profile to complete the procedure.

    Activate the Subscription and Generate an API Key

    1. Log in to Strata Cloud Manager.
    2. Select the relevant tenant or create a new one,
    3. Associate the deployment profile with the tenant by either onboarding Prisma AIRS API, or creating a new app and activating the Prisma AIRS API deployment profile.
    4. Select AI SecurityAPI Applications.
    5. Create a security profile and an application.
    6. Generate a new API Key for the application. When you create an app key pair, SCM shows a list of deployment profiles and displays the monthly token (billions) usage for Prisma AIRS API deployment profile.

    © 2026 Palo Alto Networks, Inc. All rights reserved.