Perplexity API Key

Detects Perplexity API keys, which use a distinctive pplx- prefix followed by a 48-character alphanumeric body. A leaked key grants unauthorized, billed access to Perplexity's search and chat completion API and any prompts or data routed through it.

Type
regex
Engine
universal
Confidence
high
Confidence justification
High confidence: the pplx- prefix is confirmed by Perplexity's own API key management documentation, and the fixed 48-character alphanumeric body (confirmed by the community-maintained gitleaks ruleset) makes false positives extremely unlikely.
Jurisdictions
global
Regulations
Criminal Code Act 1995 (Cth)
Frameworks
CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories
credentials, security
Scope
narrow
Risk rating
9
Platform compatibility
Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9_-])pplx-[a-zA-Z0-9]{48}(?![A-Za-z0-9_-])

Corroborative evidence keywords

perplexity, perplexity.ai, PERPLEXITY_API_KEY, pplx-api, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential, database, host, [object Object] (+37 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References