Create AppSec Data Sources

Cortex XSIAM Platform APIs
post /public_api/appsec/v1/data_source_instances

Create a new data source instance to connect an external system to your Cortex environment.

Required license:

Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the Cortex Cloud Posture Management add-on. Not supported in XSIAM Enterprise Plus.

Request headers
Authorization String required

{api_key}
Example: your_api_key_here
x-xdr-auth-id String required

{api_key_id}
Example: 1
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: your_api_key_here' -H 'x-xdr-auth-id: 1'
'https://api-yourfqdn/public_api/appsec/v1/data_source_instances'
-d '{ "selfSignedCertificate" : "selfSignedCertificate", "credentials" : { "password" : "password", "clientId" : "clientId", "webhookAuthKeyId" : "webhookAuthKeyId", "webhookAuthKey" : "webhookAuthKey", "clientSecret" : "clientSecret", "token" : "token", "refreshToken" : "refreshToken", "username" : "username" }, "domain" : { "hostname" : "hostname" }, "transporter" : { "connectionName" : "connectionName", "brokerDeviceId" : "brokerDeviceId" }, "uniqueProperties" : "{}" }'
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"type\":\"COLLECTOR\",\"domain\":{\"hostname\":\"string\",\"protocol\":\"http\"},\"credentials\":{\"type\":\"OAUTH\",\"token\":\"string\",\"refreshToken\":\"string\",\"clientId\":\"string\",\"clientSecret\":\"string\",\"username\":\"string\",\"password\":\"string\",\"webhookAuthKeyId\":\"string\",\"webhookAuthKey\":\"string\"},\"uniqueProperties\":{},\"status\":\"COMPLETED\",\"transporter\":{\"brokerDeviceId\":\"string\",\"connectionName\":\"string\"},\"selfSignedCertificate\":\"string\"}" headers = { 'Authorization': "your_api_key_here", 'x-xdr-auth-id': "1", 'content-type': "application/json" } conn.request("POST", "/public_api/appsec/v1/data_source_instances", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/appsec/v1/data_source_instances") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'your_api_key_here' request["x-xdr-auth-id"] = '1' request["content-type"] = 'application/json' request.body = "{\"type\":\"COLLECTOR\",\"domain\":{\"hostname\":\"string\",\"protocol\":\"http\"},\"credentials\":{\"type\":\"OAUTH\",\"token\":\"string\",\"refreshToken\":\"string\",\"clientId\":\"string\",\"clientSecret\":\"string\",\"username\":\"string\",\"password\":\"string\",\"webhookAuthKeyId\":\"string\",\"webhookAuthKey\":\"string\"},\"uniqueProperties\":{},\"status\":\"COMPLETED\",\"transporter\":{\"brokerDeviceId\":\"string\",\"connectionName\":\"string\"},\"selfSignedCertificate\":\"string\"}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "type": "COLLECTOR", "domain": { "hostname": "string", "protocol": "http" }, "credentials": { "type": "OAUTH", "token": "string", "refreshToken": "string", "clientId": "string", "clientSecret": "string", "username": "string", "password": "string", "webhookAuthKeyId": "string", "webhookAuthKey": "string" }, "uniqueProperties": {}, "status": "COMPLETED", "transporter": { "brokerDeviceId": "string", "connectionName": "string" }, "selfSignedCertificate": "string" }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/appsec/v1/data_source_instances"); xhr.setRequestHeader("Authorization", "your_api_key_here"); xhr.setRequestHeader("x-xdr-auth-id", "1"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/appsec/v1/data_source_instances") .header("Authorization", "your_api_key_here") .header("x-xdr-auth-id", "1") .header("content-type", "application/json") .body("{\"type\":\"COLLECTOR\",\"domain\":{\"hostname\":\"string\",\"protocol\":\"http\"},\"credentials\":{\"type\":\"OAUTH\",\"token\":\"string\",\"refreshToken\":\"string\",\"clientId\":\"string\",\"clientSecret\":\"string\",\"username\":\"string\",\"password\":\"string\",\"webhookAuthKeyId\":\"string\",\"webhookAuthKey\":\"string\"},\"uniqueProperties\":{},\"status\":\"COMPLETED\",\"transporter\":{\"brokerDeviceId\":\"string\",\"connectionName\":\"string\"},\"selfSignedCertificate\":\"string\"}") .asString();
import Foundation let headers = [ "Authorization": "your_api_key_here", "x-xdr-auth-id": "1", "content-type": "application/json" ] let parameters = [ "type": "COLLECTOR", "domain": [ "hostname": "string", "protocol": "http" ], "credentials": [ "type": "OAUTH", "token": "string", "refreshToken": "string", "clientId": "string", "clientSecret": "string", "username": "string", "password": "string", "webhookAuthKeyId": "string", "webhookAuthKey": "string" ], "uniqueProperties": [], "status": "COMPLETED", "transporter": [ "brokerDeviceId": "string", "connectionName": "string" ], "selfSignedCertificate": "string" ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/appsec/v1/data_source_instances")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/appsec/v1/data_source_instances", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"type\":\"COLLECTOR\",\"domain\":{\"hostname\":\"string\",\"protocol\":\"http\"},\"credentials\":{\"type\":\"OAUTH\",\"token\":\"string\",\"refreshToken\":\"string\",\"clientId\":\"string\",\"clientSecret\":\"string\",\"username\":\"string\",\"password\":\"string\",\"webhookAuthKeyId\":\"string\",\"webhookAuthKey\":\"string\"},\"uniqueProperties\":{},\"status\":\"COMPLETED\",\"transporter\":{\"brokerDeviceId\":\"string\",\"connectionName\":\"string\"},\"selfSignedCertificate\":\"string\"}", CURLOPT_HTTPHEADER => [ "Authorization: your_api_key_here", "content-type: application/json", "x-xdr-auth-id: 1" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/appsec/v1/data_source_instances"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: your_api_key_here"); headers = curl_slist_append(headers, "x-xdr-auth-id: 1"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"type\":\"COLLECTOR\",\"domain\":{\"hostname\":\"string\",\"protocol\":\"http\"},\"credentials\":{\"type\":\"OAUTH\",\"token\":\"string\",\"refreshToken\":\"string\",\"clientId\":\"string\",\"clientSecret\":\"string\",\"username\":\"string\",\"password\":\"string\",\"webhookAuthKeyId\":\"string\",\"webhookAuthKey\":\"string\"},\"uniqueProperties\":{},\"status\":\"COMPLETED\",\"transporter\":{\"brokerDeviceId\":\"string\",\"connectionName\":\"string\"},\"selfSignedCertificate\":\"string\"}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/appsec/v1/data_source_instances"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "your_api_key_here"); request.AddHeader("x-xdr-auth-id", "1"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"type\":\"COLLECTOR\",\"domain\":{\"hostname\":\"string\",\"protocol\":\"http\"},\"credentials\":{\"type\":\"OAUTH\",\"token\":\"string\",\"refreshToken\":\"string\",\"clientId\":\"string\",\"clientSecret\":\"string\",\"username\":\"string\",\"password\":\"string\",\"webhookAuthKeyId\":\"string\",\"webhookAuthKey\":\"string\"},\"uniqueProperties\":{},\"status\":\"COMPLETED\",\"transporter\":{\"brokerDeviceId\":\"string\",\"connectionName\":\"string\"},\"selfSignedCertificate\":\"string\"}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json

Define the integration configuration

typestring (Enum)required

Type of the data source instance, indicating the external system it connects to.

Allowed values:"COLLECTOR"
domainobject

Domain configuration specifying the hostname and protocol for the data source instance

hostnamestringrequired

Hostname or domain name of the external data source.

protocolstring (Enum)required

Communication protocol used to connect to the data source.

Allowed values:"http""https"
credentialsobject

Authentication credentials required to connect to the external data source. All properties are optional to support different authentication methods.

typestring (Enum)

Type of authentication method used for the data source connection.

Allowed values:"OAUTH""PAT"
tokenstring

Authentication token, such as a personal access token (PAT), used to authenticate with the data source.

refreshTokenstring

Refresh token used to obtain a new authentication token when the current one expires.

clientIdstring

Client ID for OAuth-based authentication with the data source.

clientSecretstring

Client secret for OAuth-based authentication with the data source.

usernamestring

Username for basic authentication with the data source.

passwordstring

Password for basic authentication with the data source.

webhookAuthKeyIdstring

Webhook authentication key ID used for webhook-based integrations.

webhookAuthKeystring

Authentication key used to validate incoming webhook requests from the data source.

uniquePropertiesobject

A flexible key-value map for specifying additional properties. Keys are strings and values can be of any type.

statusstring (Enum)

Current connection status of the data source instance.

  • COMPLETED — The data source instance setup is complete and operational.
  • CONNECTED — The data source instance is actively connected.
  • DESTROYING — The data source instance is being removed.
  • DISABLED — The data source instance is disabled and not actively scanning.
  • ERROR — The data source instance encountered an error and requires attention.
  • PENDING — The data source instance is being set up and is not yet active.
  • TEMPORARY — The data source instance is in a temporary state during configuration.
  • TRANSPORTER_CONNECTION_DISABLED — The transporter connection for this data source instance is disabled.
  • WARNING — The data source instance is operational but has warnings that may require attention.
Allowed values:"COMPLETED""CONNECTED""DESTROYING""DISABLED""ERROR""PENDING""TEMPORARY""TRANSPORTER_CONNECTION_DISABLED""WARNING"
transporterobject

Transporter configuration for establishing secure communication between an on-premises or private data source and Cortex.

brokerDeviceIdstringrequired

Unique identifier of the broker device used for the transporter connection.

connectionNamestringrequired

Name of the transporter connection.

selfSignedCertificatestring

PEM-encoded self-signed certificate for secure communication.

REQUEST
{ "type": "COLLECTOR", "uniqueProperties": { "name": "my-sast-collector", "detectionMethod": "SAST", "fileType": "SARIF" } }
Responses

Ok

Body
application/json

Integration details

creationDatestringrequired

Date and time when the data source instance was created.

domainobject

Domain configuration specifying the hostname and protocol for the data source instance

hostnamestringrequired

Hostname or domain name of the external data source.

protocolstring (Enum)required

Communication protocol used to connect to the data source.

Allowed values:"http""https"
idstringrequired

Unique identifier (ID) of the data source instance.

instanceVersionstring

Version of the data source instance configuration.

lastUpdateDatestringrequired

Date and time when the data source instance was last updated.

scanTypesobject
Additional propertiesobject

Configuration for a specific scan type within a data source instance.

isEnabledbooleanrequired

Indicates whether this scan type is enabled for the data source instance.

selectionTypestring (Enum)

Defines how repositories are selected for scanning within a data source instance.

Allowed values:"CURRENT_STATE""CURRENT_STATE_AND_FUTURE""CURRENT_STATE_PENDING""MANUAL_SELECTION"
selfSignedCertificatestring

PEM-encoded self-signed certificate used for secure communication with the data source.

statearray[string]

Integration state

statusDetailsobject
Additional propertiesobject

Detailed status information for a specific component of the data source instance.

errorstring

Error code or identifier if the component is in an error state.

messagestring

Human-readable message providing additional context about the status.

statusstring (Enum)required
Allowed values:"INVALID""VALID"
timestampstring

ISO 8601 timestamp indicating when the status was last evaluated.

tenantIdstring

Tenant ID that owns this data source instance.

transporterobject

Transporter configuration for establishing secure communication between an on-premises or private data source and Cortex.

brokerDeviceIdstringrequired

Unique identifier of the broker device used for the transporter connection.

connectionNamestringrequired

Name of the transporter connection.

typestring (Enum)required

Type of the data source instance, indicating the external system it connects to.

Allowed values:"COLLECTOR"
typeCategorystring (Enum)

Category classification of the data source instance type.

  • DEFAULT — Standard data source instances such as VCS, CI/CD, and CLI integrations.
  • EXTERNAL_VENDOR_INTEGRATIONS — Third-party external vendor integrations.
Allowed values:"DEFAULT""EXTERNAL_VENDOR_INTEGRATIONS"
uniqueIdentifierstring

Unique identifier of the integration

RESPONSE
{ "creationDate": "2025-04-02T08:20:58.381Z", "id": "d4e5f6a7b8c9d0e1f2a3b4c5", "status": "CONNECTED", "type": "COLLECTOR", "uniqueIdentifier": "my-sast-collector", "lastUpdateDate": "2025-04-02T08:20:58.381Z", "credentials": { "webhookAuthKey": "your_webhook_auth_key_shown_only_once", "webhookAuthKeyId": 1 }, "detectionMethod": "SAST", "fileType": "SARIF", "apiUrl": "https://api-yourfqdn/public_api/appsec/v1/collectors/d4e5f6a7b8c9d0e1f2a3b4c5" }

Validation error.

Body
application/json
errorCodestring

Error code identifying the type of validation failure.

messagestring

Human-readable message describing the validation error.

detailsobject

Detailed validation error information, keyed by field path.

Additional propertiesobject
messagestring
RESPONSE
{ "errorCode": "ValidateError", "message": "Validation Failed", "details": { "body.type": { "message": "'type' is required" } } }
{ "errorCode": "_BadParamsError", "message": "Collector with name \"my-sast-collector\" already exists" }