Get an AppSec Data Source

Cortex XSIAM Platform APIs
get /public_api/appsec/v1/data_source_instances/{id}

Retrieve the details of a specific data source instance identified by its ID.

Required license:

Cortex XSIAM Premium. In Cortex XSIAM Enterprise and Cortex NG SIEM, requires the Cortex Cloud Posture Management add-on. Not supported in XSIAM Enterprise Plus.

Path parameters
id String required

Unique ID of the data source instance to retrieve. You can retrieve this value from the id field in the response of Get all Data Sources or Create Appsec Data Sources endpoint.
Example: id_example
Request headers
Authorization String required

{api_key}
Example: your_api_key_here
x-xdr-auth-id String required

{api_key_id}
Example: 1
CLIENT REQUEST
curl -X 'GET'
-H 'Accept: application/json'
-H 'Authorization: your_api_key_here' -H 'x-xdr-auth-id: 1'
'https://api-yourfqdn/public_api/appsec/v1/data_source_instances/{id}'
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") headers = { 'Authorization': "your_api_key_here", 'x-xdr-auth-id': "1" } conn.request("GET", "/public_api/appsec/v1/data_source_instances/%7Bid%7D", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/appsec/v1/data_source_instances/%7Bid%7D") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Get.new(url) request["Authorization"] = 'your_api_key_here' request["x-xdr-auth-id"] = '1' response = http.request(request) puts response.read_body
const data = null; const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("GET", "https://api-yourfqdn/public_api/appsec/v1/data_source_instances/%7Bid%7D"); xhr.setRequestHeader("Authorization", "your_api_key_here"); xhr.setRequestHeader("x-xdr-auth-id", "1"); xhr.send(data);
HttpResponse<String> response = Unirest.get("https://api-yourfqdn/public_api/appsec/v1/data_source_instances/%7Bid%7D") .header("Authorization", "your_api_key_here") .header("x-xdr-auth-id", "1") .asString();
import Foundation let headers = [ "Authorization": "your_api_key_here", "x-xdr-auth-id": "1" ] let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/appsec/v1/data_source_instances/%7Bid%7D")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/appsec/v1/data_source_instances/%7Bid%7D", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => [ "Authorization: your_api_key_here", "x-xdr-auth-id: 1" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/appsec/v1/data_source_instances/%7Bid%7D"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: your_api_key_here"); headers = curl_slist_append(headers, "x-xdr-auth-id: 1"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/appsec/v1/data_source_instances/%7Bid%7D"); var request = new RestRequest(Method.GET); request.AddHeader("Authorization", "your_api_key_here"); request.AddHeader("x-xdr-auth-id", "1"); IRestResponse response = client.Execute(request);
Responses

Ok

Body
application/json

Integration details

creationDatestringrequired

Date and time when the data source instance was created.

domainobject

Domain configuration specifying the hostname and protocol for the data source instance

hostnamestringrequired

Hostname or domain name of the external data source.

protocolstring (Enum)required

Communication protocol used to connect to the data source.

Allowed values:"http""https"
idstringrequired

Unique identifier (ID) of the data source instance.

instanceVersionstring

Version of the data source instance configuration.

lastUpdateDatestringrequired

Date and time when the data source instance was last updated.

scanTypesobject
Additional propertiesobject

Configuration for a specific scan type within a data source instance.

isEnabledbooleanrequired

Indicates whether this scan type is enabled for the data source instance.

selectionTypestring (Enum)

Defines how repositories are selected for scanning within a data source instance.

Allowed values:"CURRENT_STATE""CURRENT_STATE_AND_FUTURE""CURRENT_STATE_PENDING""MANUAL_SELECTION"
selfSignedCertificatestring

PEM-encoded self-signed certificate used for secure communication with the data source.

statearray[string]

Integration state

statusDetailsobject
Additional propertiesobject

Detailed status information for a specific component of the data source instance.

errorstring

Error code or identifier if the component is in an error state.

messagestring

Human-readable message providing additional context about the status.

statusstring (Enum)required
Allowed values:"INVALID""VALID"
timestampstring

ISO 8601 timestamp indicating when the status was last evaluated.

tenantIdstring

Tenant ID that owns this data source instance.

transporterobject

Transporter configuration for establishing secure communication between an on-premises or private data source and Cortex.

brokerDeviceIdstringrequired

Unique identifier of the broker device used for the transporter connection.

connectionNamestringrequired

Name of the transporter connection.

typestring (Enum)required

Type of the data source instance, indicating the external system it connects to.

Allowed values:"COLLECTOR"
typeCategorystring (Enum)

Category classification of the data source instance type.

  • DEFAULT — Standard data source instances such as VCS, CI/CD, and CLI integrations.
  • EXTERNAL_VENDOR_INTEGRATIONS — Third-party external vendor integrations.
Allowed values:"DEFAULT""EXTERNAL_VENDOR_INTEGRATIONS"
uniqueIdentifierstring

Unique identifier of the integration

RESPONSE
{ "creationDate": "2025-06-15T09:30:00.000Z", "domain": { "hostname": "github.example.com", "protocol": "https" }, "id": "a1b2c3d4e5f6a7b8c9d0e1f2", "instanceVersion": "1.0.0", "lastUpdateDate": "2025-07-20T14:15:30.000Z", "scanTypes": { "SAST": { "isEnabled": true }, "SCA": { "isEnabled": false } }, "selectionType": "MANUAL_SELECTION", "selfSignedCertificate": "-----BEGIN CERTIFICATE-----\nMIIBxTCCAWugAwIBAgIJAL...\n-----END CERTIFICATE-----", "state": [ "example-org/repo-alpha", "example-org/repo-beta" ], "status": "CONNECTED", "statusDetails": { "connection": { "status": "VALID", "message": "Connection established successfully", "timestamp": "2025-07-20T14:15:30.000Z" } }, "tenantId": "tenant-001", "transporter": { "brokerDeviceId": "broker-device-abc123", "connectionName": "on-prem-github-connection" }, "type": "GITHUB_ENTERPRISE", "typeCategory": "DEFAULT", "uniqueIdentifier": "example-org" }

Not Found

Body
application/json
errorCodestring

Error code identifying the type of error.

messagestring

Human-readable message describing the error.

RESPONSE
{ "errorCode": "_NotFoundError", "message": "Integration d4e5f6a7b8c9d0e1f2a3b4c5 not found" }