components: callbacks: {} examples: {} headers: {} links: {} parameters: APIKeyCategoryParameter: description: Filter API keys by category. in: query name: filter[category] required: false schema: type: string APIKeyFilterCreatedAtEndParameter: description: Only include API keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: "2020-11-24T18:46:21+00:00" type: string APIKeyFilterCreatedAtStartParameter: description: Only include API keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: "2020-11-24T18:46:21+00:00" type: string APIKeyFilterModifiedAtEndParameter: description: Only include API keys modified on or before the specified date. in: query name: filter[modified_at][end] required: false schema: example: "2020-11-24T18:46:21+00:00" type: string APIKeyFilterModifiedAtStartParameter: description: Only include API keys modified on or after the specified date. in: query name: filter[modified_at][start] required: false schema: example: "2020-11-24T18:46:21+00:00" type: string APIKeyFilterParameter: description: Filter API keys by the specified string. in: query name: filter required: false schema: type: string APIKeyId: description: The ID of the API key. in: path name: api_key_id required: true schema: type: string APIKeyIncludeParameter: description: |- Comma separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `modified_by`. in: query name: include required: false schema: example: "created_by,modified_by" type: string APIKeyReadConfigReadEnabledParameter: description: Filter API keys by remote config read enabled status. in: query name: filter[remote_config_read_enabled] required: false schema: type: boolean APIKeysSortParameter: description: |- API key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign. in: query name: sort required: false schema: $ref: "#/components/schemas/APIKeysSort" AWSAccountConfigIDPathParameter: description: |- Unique Datadog ID of the AWS Account Integration Config. To get the config ID for an account, use the [List all AWS integrations](https://docs.datadoghq.com/api/latest/aws-integration/#list-all-aws-integrations) endpoint and query by AWS Account ID. in: path name: aws_account_config_id required: true schema: type: string AnomalyID: description: The UUID of the cost anomaly. in: path name: anomaly_id required: true schema: type: string ApplicationKeyFilterCreatedAtEndParameter: description: Only include application keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: "2020-11-24T18:46:21+00:00" type: string ApplicationKeyFilterCreatedAtStartParameter: description: Only include application keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: "2020-11-24T18:46:21+00:00" type: string ApplicationKeyFilterParameter: description: Filter application keys by the specified string. in: query name: filter required: false schema: type: string ApplicationKeyID: description: The ID of the application key. in: path name: app_key_id required: true schema: type: string ApplicationKeyId: description: The ID of the app key in: path name: app_key_id required: true schema: type: string ApplicationKeyIncludeParameter: description: Resource path for related resources to include in the response. Only `owned_by` is supported. in: query name: include required: false schema: example: "owned_by" type: string ApplicationKeysSortParameter: description: |- Application key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign. in: query name: sort required: false schema: $ref: "#/components/schemas/ApplicationKeysSort" ApplicationSecurityWafCustomRuleIDParam: description: The ID of the custom rule. example: 3b5-v82-ns6 in: path name: custom_rule_id required: true schema: type: string ApplicationSecurityWafExclusionFilterID: description: The identifier of the WAF exclusion filter. example: 3b5-v82-ns6 in: path name: exclusion_filter_id required: true schema: type: string ArchiveID: description: The ID of the archive. in: path name: archive_id required: true schema: type: string AttachmentIDPathParameter: description: "The ID of the attachment." in: path name: attachment_id required: true schema: example: "00000000-0000-0000-0000-000000000001" type: string AttachmentIncludeQueryParameter: description: "Resource to include in the response. Supported value: `last_modified_by_user`." explode: false in: query name: include required: false schema: example: "last_modified_by_user" type: string AuthNMappingID: description: The UUID of the AuthN Mapping. in: path name: authn_mapping_id required: true schema: type: string AwsAccountId: description: The ID of an AWS account. example: "123456789012" in: path name: account_id required: true schema: type: string BudgetID: description: Budget id. in: path name: budget_id required: true schema: type: string CaseCustomAttributeIDPathParameter: description: Case Custom attribute's UUID example: "f98a5a5b-e0ff-45d4-b2f5-afe6e74de505" in: path name: custom_attribute_id required: true schema: type: string CaseCustomAttributeKeyPathParameter: description: Case Custom attribute's key example: "aws_region" in: path name: custom_attribute_key required: true schema: type: string CaseIDPathParameter: description: Case's UUID or key example: "f98a5a5b-e0ff-45d4-b2f5-afe6e74de504" in: path name: case_id required: true schema: type: string CaseSortableFieldParameter: description: Specify which field to sort in: query name: sort[field] required: false schema: $ref: "#/components/schemas/CaseSortableField" CaseTypeIDPathParameter: description: Case type's UUID example: "f98a5a5b-e0ff-45d4-b2f5-afe6e74de505" in: path name: case_type_id required: true schema: type: string CellIDPathParameter: description: Timeline cell's UUID example: "f98a5a5b-e0ff-45d4-b2f5-afe6e74de504" in: path name: cell_id required: true schema: type: string ChangeRequestDecisionIDPathParameter: description: The identifier of the change request decision. example: "decision-id-0" in: path name: decision_id required: true schema: type: string ChangeRequestIDPathParameter: description: The identifier of the change request. example: "CHM-1234" in: path name: change_request_id required: true schema: type: string CloudAccountID: description: Cloud Account id. in: path name: cloud_account_id required: true schema: format: int64 type: integer CloudWorkloadSecurityAgentRuleID: description: "The ID of the Agent rule" example: 3b5-v82-ns6 in: path name: agent_rule_id required: true schema: type: string CloudWorkloadSecurityPathAgentPolicyID: description: "The ID of the Agent policy" example: 6517fcc1-cec7-4394-a655-8d6e9d085255 in: path name: policy_id required: true schema: type: string CloudWorkloadSecurityQueryAgentPolicyID: description: "The ID of the Agent policy" example: 6517fcc1-cec7-4394-a655-8d6e9d085255 in: query name: policy_id required: false schema: type: string ConfluentAccountID: description: Confluent Account ID. in: path name: account_id required: true schema: type: string ConfluentResourceID: description: Confluent Account Resource ID. in: path name: resource_id required: true schema: type: string ConnectionId: description: The ID of the action connection in: path name: connection_id required: true schema: type: string CustomDestinationId: description: The ID of the custom destination. in: path name: custom_destination_id required: true schema: type: string CustomFrameworkHandle: description: The framework handle in: path name: handle required: true schema: type: string CustomFrameworkVersion: description: The framework version in: path name: version required: true schema: type: string DashboardIDPathParameter: description: The ID of the dashboard. example: "abc-def-ghi" in: path name: dashboard_id required: true schema: type: string DatasetID: description: The ID of a defined dataset. example: "0879ce27-29a1-481f-a12e-bc2a48ec9ae1" in: path name: dataset_id required: true schema: type: string DisableCorrections: description: Whether to exclude correction windows from the SLO status calculation. Defaults to false. in: query name: disable_corrections required: false schema: default: false example: false type: boolean EntityID: description: UUID or Entity Ref. in: path name: entity_id required: true schema: example: "service:myservice" type: string FastlyAccountID: description: Fastly Account id. in: path name: account_id required: true schema: type: string FastlyServiceID: description: Fastly Service ID. in: path name: service_id required: true schema: type: string FileID: description: File ID. in: path name: file_id required: true schema: type: string FilterByExcludeSnapshot: description: Filter entities by excluding snapshotted entities. in: query name: filter[exclude_snapshot] required: false schema: type: string FilterByID: description: Filter entities by UUID. explode: true in: query name: filter[id] required: false schema: type: string FilterByKind: description: Filter entities by kind. explode: true in: query name: filter[kind] required: false schema: type: string FilterByName: description: Filter entities by name. explode: true in: query name: filter[name] required: false schema: type: string FilterByOwner: description: Filter entities by owner. explode: true in: query name: filter[owner] required: false schema: type: string FilterByRef: description: Filter entities by reference example: service:shopping-cart explode: true in: query name: filter[ref] required: false schema: type: string FilterByRelationType: description: Filter entities by relation type. explode: true in: query name: filter[relation][type] required: false schema: $ref: "#/components/schemas/RelationType" FilterRelationByFromRef: description: Filter relations by the reference of the first entity in the relation. example: service:shopping-cart explode: true in: query name: filter[from_ref] required: false schema: type: string FilterRelationByToRef: description: Filter relations by the reference of the second entity in the relation. example: service:shopping-cart explode: true in: query name: filter[to_ref] required: false schema: type: string FilterRelationByType: description: Filter relations by type. explode: true in: query name: filter[type] required: false schema: $ref: "#/components/schemas/RelationType" FromTimestamp: description: The starting timestamp for the SLO status query in epoch seconds. in: query name: from_ts required: true schema: example: 1690901870 format: int64 type: integer GCPSTSServiceAccountID: description: Your GCP STS enabled service account's unique ID. in: path name: account_id required: true schema: type: string GetIssueIncludeQueryParameter: description: Comma-separated list of relationship objects that should be included in the response. Possible values are `assignee`, `case`, and `team_owners`. explode: false in: query name: include required: false schema: items: $ref: "#/components/schemas/GetIssueIncludeQueryParameterItem" type: array GoogleChatHandleIdPathParameter: description: Your organization handle ID. in: path name: handle_id required: true schema: type: string GoogleChatOrganizationBindingIdPathParameter: description: Your organization binding ID. in: path name: organization_binding_id required: true schema: type: string GoogleChatOrganizationDomainNamePathParameter: description: The Google Chat domain name. in: path name: domain_name required: true schema: type: string GoogleChatOrganizationSpaceDisplayNamePathParameter: description: The Google Chat space display name. in: path name: space_display_name required: true schema: type: string HistoricalJobID: description: The ID of the job. in: path name: job_id required: true schema: type: string HistoricalSignalID: description: The ID of the historical signal. in: path name: histsignal_id required: true schema: type: string IncidentIDPathParameter: description: The UUID of the incident. in: path name: incident_id required: true schema: type: string IncidentImpactIDPathParameter: description: The UUID of the incident impact. in: path name: impact_id required: true schema: type: string IncidentImpactIncludeQueryParameter: description: Specifies which related resources should be included in the response. explode: false in: query name: "include" required: false schema: items: $ref: "#/components/schemas/IncidentImpactRelatedObject" type: array IncidentImportIncludeQueryParameter: description: Specifies which related object types to include in the response when importing an incident. explode: false in: query name: "include" required: false schema: items: $ref: "#/components/schemas/IncidentImportRelatedObject" type: array IncidentIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. explode: false in: query name: "include" required: false schema: items: $ref: "#/components/schemas/IncidentRelatedObject" type: array IncidentIntegrationMetadataIDPathParameter: description: The UUID of the incident integration metadata. in: path name: integration_metadata_id required: true schema: type: string IncidentNotificationRuleIDPathParameter: description: The ID of the notification rule. in: path name: id required: true schema: example: "00000000-0000-0000-0000-000000000001" format: uuid type: string IncidentNotificationRuleIncludeQueryParameter: description: >- Comma-separated list of resources to include. Supported values: `created_by_user`, `last_modified_by_user`, `incident_type`, `notification_template` explode: false in: query name: include required: false schema: example: "created_by_user,incident_type,notification_template" type: string IncidentNotificationTemplateIDPathParameter: description: The ID of the notification template. in: path name: id required: true schema: example: "00000000-0000-0000-0000-000000000001" format: uuid type: string IncidentNotificationTemplateIncidentTypeFilterQueryParameter: description: Optional incident type ID filter. explode: false in: query name: filter[incident-type] required: false schema: example: "00000000-0000-0000-0000-000000000001" format: uuid type: string IncidentNotificationTemplateIncludeQueryParameter: description: >- Comma-separated list of relationships to include. Supported values: `created_by_user`, `last_modified_by_user`, `incident_type` explode: false in: query name: include required: false schema: example: "created_by_user,incident_type" type: string IncidentSearchIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: "include" required: false schema: $ref: "#/components/schemas/IncidentRelatedObject" IncidentSearchQueryQueryParameter: description: |- Specifies which incidents should be returned. The query can contain any number of incident facets joined by `ANDs`, along with multiple values for each of those facets joined by `OR`s. For example: `state:active AND severity:(SEV-2 OR SEV-1)`. explode: false in: query name: query required: true schema: type: string IncidentSearchSortQueryParameter: description: Specifies the order of returned incidents. explode: false in: query name: sort required: false schema: $ref: "#/components/schemas/IncidentSearchSortOrder" IncidentServiceIDPathParameter: description: The ID of the incident service. in: path name: service_id required: true schema: type: string IncidentServiceIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: "include" required: false schema: $ref: "#/components/schemas/IncidentRelatedObject" IncidentServiceSearchQueryParameter: description: A search query that filters services by name. in: query name: "filter" required: false schema: example: "ExampleServiceName" type: string IncidentTodoIDPathParameter: description: The UUID of the incident todo. in: path name: todo_id required: true schema: type: string IncidentTypeIDPathParameter: description: The UUID of the incident type. in: path name: incident_type_id required: true schema: type: string IncidentTypeIncludeDeletedParameter: description: Include deleted incident types in the response. in: query name: include_deleted schema: default: false type: boolean IncidentUserDefinedFieldIDPathParameter: description: The ID of the incident user-defined field. in: path name: field_id required: true schema: example: "00000000-0000-0000-0000-000000000000" type: string Include: description: Include relationship data. explode: true in: query name: include required: false schema: $ref: "#/components/schemas/IncludeType" InstanceId: description: The ID of the workflow instance. in: path name: instance_id required: true schema: type: string IssueIDPathParameter: description: The identifier of the issue. example: "c1726a66-1f64-11ee-b338-da7ad0900002" in: path name: issue_id required: true schema: type: string KindID: description: Entity kind. in: path name: kind_id required: true schema: example: "my-job" type: string LLMObsAnnotationQueueIDPathParameter: description: The ID of the LLM Observability annotation queue. example: "00000000-0000-0000-0000-000000000001" in: path name: queue_id required: true schema: type: string LLMObsDatasetIDPathParameter: description: The ID of the LLM Observability dataset. example: "9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d" in: path name: dataset_id required: true schema: type: string LLMObsEvalNamePathParameter: description: The name of the custom LLM Observability evaluator configuration. example: "my-custom-evaluator" in: path name: eval_name required: true schema: type: string LLMObsExperimentIDPathParameter: description: The ID of the LLM Observability experiment. example: "3fd6b5e0-8910-4b1c-a7d0-5b84de329012" in: path name: experiment_id required: true schema: type: string LLMObsProjectIDPathParameter: description: The ID of the LLM Observability project. example: "a33671aa-24fd-4dcd-9b33-a8ec7dde7751" in: path name: project_id required: true schema: type: string MembershipSort: description: >- Field to sort memberships by. Supported values: `name`, `uuid`, `-name`, `-uuid`. Defaults to `uuid`. in: query name: sort required: false schema: $ref: "#/components/schemas/OrgGroupMembershipSortOption" MetricID: description: The name of the log-based metric. in: path name: metric_id required: true schema: type: string MetricName: description: The name of the metric. example: dist.http.endpoint.request in: path name: metric_name required: true schema: type: string MicrosoftTeamsChannelNamePathParameter: description: Your channel name. in: path name: channel_name required: true schema: type: string MicrosoftTeamsHandleNameQueryParameter: description: Your tenant-based handle name. in: query name: name required: false schema: type: string MicrosoftTeamsTeamNamePathParameter: description: Your team name. in: path name: team_name required: true schema: type: string MicrosoftTeamsTenantBasedHandleIDPathParameter: description: Your tenant-based handle id. in: path name: handle_id required: true schema: type: string MicrosoftTeamsTenantIDQueryParameter: description: Your tenant id. in: query name: tenant_id required: false schema: type: string MicrosoftTeamsTenantNamePathParameter: description: Your tenant name. in: path name: tenant_name required: true schema: type: string MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter: description: Your Workflows webhook handle id. in: path name: handle_id required: true schema: type: string MicrosoftTeamsWorkflowsWebhookHandleNameQueryParameter: description: Your Workflows webhook handle name. in: query name: name required: false schema: type: string NDMPageNumber: description: Specific page number to return. Defaults to 0. in: query name: page[number] required: false schema: default: 0 example: 0 format: int64 type: integer NDMPageSize: description: Size for a given page. The maximum allowed value is 500. Defaults to 50. in: query name: page[size] required: false schema: default: 50 example: 50 format: int64 type: integer NotificationRuleIDPathParameter: description: Notification Rule UUID example: "e555e290-ed65-49bd-ae18-8acbfcf18db7" in: path name: notification_rule_id required: true schema: type: string OnDemandTaskId: description: The UUID of the task. example: "6d09294c-9ad9-42fd-a759-a0c1599b4828" in: path name: task_id required: true schema: type: string OpsgenieServiceIDPathParameter: description: The UUID of the service. in: path name: integration_service_id required: true schema: type: string OrgConfigName: description: The name of an Org Config. in: path name: org_config_name required: true schema: example: monitor_timezone type: string OrgConnectionId: description: The unique identifier of the org connection. in: path name: connection_id required: true schema: example: "f9ec96b0-8c8a-4b0a-9b0a-1b2c3d4e5f6a" format: uuid type: string OrgGroupId: description: The ID of the org group. in: path name: org_group_id required: true schema: example: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" format: uuid type: string OrgGroupInclude: description: >- List of related resources to include. explode: false in: query name: include required: false schema: example: - memberships items: $ref: "#/components/schemas/OrgGroupIncludeOption" type: array style: form OrgGroupMembershipFilterOrgGroupId: description: Filter memberships by org group ID. Required when `filter[org_uuid]` is not provided. in: query name: filter[org_group_id] required: false schema: example: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" format: uuid type: string OrgGroupMembershipFilterOrgUuid: description: Filter memberships by org UUID. Returns a single-item list. in: query name: filter[org_uuid] required: false schema: example: "b2c3d4e5-f6a7-8901-bcde-f01234567890" format: uuid type: string OrgGroupMembershipId: description: The ID of the org group membership. in: path name: org_group_membership_id required: true schema: example: "f1e2d3c4-b5a6-7890-1234-567890abcdef" format: uuid type: string OrgGroupPageNumber: description: The page number to return. in: query name: page[number] required: false schema: default: 0 example: 0 format: int64 minimum: 0 type: integer OrgGroupPageSize: description: The number of items per page. Maximum is 1000. in: query name: page[size] required: false schema: default: 50 example: 50 format: int64 maximum: 1000 minimum: 1 type: integer OrgGroupPolicyFilterOrgGroupId: description: Filter policies by org group ID. in: query name: filter[org_group_id] required: true schema: example: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" format: uuid type: string OrgGroupPolicyFilterPolicyName: description: Filter policies by policy name. in: query name: filter[policy_name] required: false schema: example: monitor_timezone type: string OrgGroupPolicyId: description: The ID of the org group policy. in: path name: org_group_policy_id required: true schema: example: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" format: uuid type: string OrgGroupPolicyOverrideFilterOrgGroupId: description: Filter policy overrides by org group ID. in: query name: filter[org_group_id] required: true schema: example: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" format: uuid type: string OrgGroupPolicyOverrideFilterPolicyId: description: Filter policy overrides by policy ID. in: query name: filter[policy_id] required: false schema: example: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" format: uuid type: string OrgGroupPolicyOverrideId: description: The ID of the org group policy override. in: path name: org_group_policy_override_id required: true schema: example: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" format: uuid type: string OrgGroupSort: description: >- Field to sort org groups by. Supported values: `name`, `uuid`, `-name`, `-uuid`. Defaults to `uuid`. in: query name: sort required: false schema: $ref: "#/components/schemas/OrgGroupSortOption" OverrideSort: description: >- Field to sort overrides by. Supported values: `id`, `org_uuid`, `-id`, `-org_uuid`. Defaults to `id`. in: query name: sort required: false schema: $ref: "#/components/schemas/OrgGroupPolicyOverrideSortOption" PageNumber: description: Specific page number to return. in: query name: page[number] required: false schema: default: 0 example: 0 format: int64 type: integer PageOffset: description: Specific offset to use as the beginning of the returned page. in: query name: page[offset] required: false schema: default: 0 example: 0 format: int64 type: integer PageSize: description: Size for a given page. The maximum allowed value is 100. in: query name: page[size] required: false schema: default: 10 example: 10 format: int64 type: integer PersonaMappingID: description: The ID of the persona mapping example: c5c758c6-18c2-4484-ae3f-46b84128404a in: path name: persona_mapping_id required: true schema: type: string PersonalAccessTokenID: description: The ID of the personal access token. in: path name: pat_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string PersonalAccessTokensFilterOwnerUUIDParameter: description: Filter personal access tokens by the owner's UUID. Supports multiple values. in: query name: filter[owner_uuid] required: false schema: items: example: "00000000-0000-1234-0000-000000000000" type: string type: array PersonalAccessTokensFilterParameter: description: Filter personal access tokens by the specified string. in: query name: filter required: false schema: type: string PersonalAccessTokensSortParameter: description: |- Personal access token attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign. in: query name: sort required: false schema: $ref: "#/components/schemas/PersonalAccessTokensSort" PolicySort: description: >- Field to sort policies by. Supported values: `id`, `name`, `-id`, `-name`. Defaults to `id`. in: query name: sort required: false schema: $ref: "#/components/schemas/OrgGroupPolicySortOption" ProductName: description: Name of the product to be deleted, either `logs` or `rum`. in: path name: product required: true schema: type: string ProjectIDPathParameter: description: Project UUID. example: "e555e290-ed65-49bd-ae18-8acbfcf18db7" in: path name: project_id required: true schema: type: string QueryFilterFrom: description: The minimum timestamp for requested security signals. example: "2019-01-02T09:42:36.320Z" in: query name: filter[from] required: false schema: format: date-time type: string QueryFilterSearch: description: The search query for security signals. example: security:attack status:high in: query name: filter[query] required: false schema: type: string QueryFilterTo: description: The maximum timestamp for requested security signals. example: "2019-01-03T09:42:36.320Z" in: query name: filter[to] required: false schema: format: date-time type: string QueryPageCursor: description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string QueryPageLimit: description: The maximum number of security signals in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer QuerySort: description: The order of the security signals in results. in: query name: sort required: false schema: $ref: "#/components/schemas/SecurityMonitoringSignalsSort" RelationInclude: description: Include relationship data. explode: true in: query name: include required: false schema: $ref: "#/components/schemas/RelationIncludeType" ReportID: description: The ID of the report job. in: path name: report_id required: true schema: type: string RequestId: description: ID of the deletion request. in: path name: id required: true schema: type: string ResourceFilterAccountID: description: Filter resource filters by cloud provider account ID. This parameter is only valid when provider is specified. in: query name: account_id required: false schema: type: string ResourceFilterProvider: description: Filter resource filters by cloud provider (e.g. aws, gcp, azure). in: query name: cloud_provider required: false schema: type: string ResourceID: description: |- Identifier, formatted as `type:id`. Supported types: `dashboard`, `integration-service`, `integration-webhook`, `notebook`, `powerpack`, `reference-table`, `security-rule`, `slo`, `synthetics-global-variable`, `synthetics-test`, `synthetics-private-location`, `monitor`, `workflow`, `app-builder-app`, `connection`, `connection-group`, `rum-application`, `cross-org-connection`, `spreadsheet`, `on-call-schedule`, `on-call-escalation-policy`, `on-call-team-routing-rules`, `logs-pipeline`, `case-management-project`, `monitor-notification-rule`. example: "dashboard:abc-def-ghi" in: path name: resource_id required: true schema: type: string RestrictionQueryID: description: The ID of the restriction query. in: path name: restriction_query_id required: true schema: type: string RestrictionQueryRoleID: description: "The ID of the role." in: path name: role_id required: true schema: type: string RestrictionQueryUserID: description: "The ID of the user." in: path name: user_id required: true schema: type: string RetentionFilterIdParam: description: The ID of the retention filter. in: path name: filter_id required: true schema: type: string RoleID: description: The unique identifier of the role. in: path name: role_id required: true schema: type: string RuleId: description: The ID of the rule. in: path name: rule_id required: true schema: type: string RumApplicationIDParameter: description: RUM application ID. in: path name: app_id required: true schema: type: string RumMetricIDParameter: description: The name of the rum-based metric. in: path name: metric_id required: true schema: type: string RumRetentionFilterIDParameter: description: Retention filter ID. in: path name: rf_id required: true schema: type: string SchemaVersion: description: The schema version desired in the response. in: query name: schema_version required: false schema: $ref: "#/components/schemas/ServiceDefinitionSchemaVersions" SearchIssuesIncludeQueryParameter: description: Comma-separated list of relationship objects that should be included in the response. Possible values are `issue`, `issue.assignee`, `issue.case`, and `issue.team_owners`. explode: false in: query name: include required: false schema: items: $ref: "#/components/schemas/SearchIssuesIncludeQueryParameterItem" type: array SecureEmbedTokenPathParameter: description: The share token identifying the secure embed. example: "s3cur3t0k3n-abcdef123456" in: path name: token required: true schema: type: string SecurityFilterID: description: The ID of the security filter. in: path name: security_filter_id required: true schema: type: string SecurityMonitoringCriticalAssetID: description: The ID of the critical asset. in: path name: critical_asset_id required: true schema: type: string SecurityMonitoringRuleID: description: The ID of the rule. in: path name: rule_id required: true schema: type: string SecurityMonitoringSuppressionID: description: The ID of the suppression rule in: path name: suppression_id required: true schema: type: string SecurityMonitoringTerraformResourceId: description: The ID of the security monitoring resource to export. in: path name: resource_id required: true schema: type: string SecurityMonitoringTerraformResourceType: description: The type of security monitoring resource to export. in: path name: resource_type required: true schema: $ref: "#/components/schemas/SecurityMonitoringTerraformResourceType" SensitiveDataScannerGroupID: description: The ID of a group of rules. in: path name: group_id required: true schema: type: string SensitiveDataScannerRuleID: description: The ID of the rule. in: path name: rule_id required: true schema: type: string ServiceAccountID: description: "The ID of the service account." in: path name: service_account_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string ServiceName: description: The name of the service. in: path name: service_name required: true schema: example: "my-service" type: string SignalID: description: The ID of the signal. in: path name: signal_id required: true schema: type: string SkipCache: description: Skip cache for resource filters. in: query name: skip_cache required: false schema: type: boolean SloID: description: The ID of the SLO. in: path name: slo_id required: true schema: example: "00000000-0000-0000-0000-000000000000" type: string SpansMetricIDParameter: description: The name of the span-based metric. in: path name: metric_id required: true schema: type: string TagKey: description: The Cloud Cost Management tag key. Tag keys can contain forward slashes (for example, `kubernetes/instance`). in: path name: tag_key required: true schema: type: string ToTimestamp: description: The ending timestamp for the SLO status query in epoch seconds. in: query name: to_ts required: true schema: example: 1706803070 format: int64 type: integer UserID: description: "The ID of the user." in: path name: user_id required: true schema: example: "00000000-0000-9999-0000-000000000000" type: string WorkflowId: description: The ID of the workflow. in: path name: workflow_id required: true schema: type: string environment_id: description: The ID of the environment. in: path name: environment_id required: true schema: example: "550e8400-e29b-41d4-a716-446655440001" format: uuid type: string exposure_schedule_id: description: The ID of the exposure schedule. in: path name: exposure_schedule_id required: true schema: example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string feature_flag_id: description: The ID of the feature flag. in: path name: feature_flag_id required: true schema: example: "550e8400-e29b-41d4-a716-446655440000" format: uuid type: string requestBodies: {} responses: BadRequestResponse: content: "application/json": schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request ConcurrentModificationResponse: content: "application/json": schema: $ref: "#/components/schemas/APIErrorResponse" description: Concurrent Modification ConflictResponse: content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict FindingsBadRequestResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Bad Request: The server cannot process the request due to invalid syntax in the request." FindingsForbiddenResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Forbidden: Access denied" FindingsNotFoundResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Not Found: The requested finding cannot be found." FindingsTooManyRequestsResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Too many requests: The rate limit set by the API has been exceeded." ForbiddenResponse: content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden HTTPCDGatesBadRequestResponse: content: application/json: schema: $ref: "#/components/schemas/HTTPCDGatesBadRequestResponse" description: Bad request. HTTPCDGatesNotFoundResponse: content: application/json: schema: $ref: "#/components/schemas/HTTPCDGatesNotFoundResponse" description: Deployment gate not found. HTTPCDRulesNotFoundResponse: content: application/json: schema: $ref: "#/components/schemas/HTTPCDRulesNotFoundResponse" description: Deployment rule not found. NotAuthorizedResponse: content: "application/json": schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Authorized NotFoundResponse: content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found NotificationRulesList: content: "application/json": schema: properties: data: items: $ref: "#/components/schemas/NotificationRule" type: array type: object description: The list of notification rules. PreconditionFailedResponse: content: "application/json": schema: $ref: "#/components/schemas/APIErrorResponse" description: Failed Precondition SpansBadRequestResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Bad Request." SpansForbiddenResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Forbidden: Access denied." SpansTooManyRequestsResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Too many requests: The rate limit set by the API has been exceeded." SpansUnprocessableEntityResponse: content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Unprocessable Entity." TooManyRequestsResponse: content: "application/json": schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests UnauthorizedResponse: content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unauthorized UnprocessableEntityResponse: content: "application/json": schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: The server cannot process the request because it contains invalid data. schemas: APIErrorResponse: description: API error response. properties: errors: description: A list of errors. example: - Bad Request items: description: A list of items. example: Bad Request type: string type: array required: - errors type: object APIKeyCreateAttributes: description: Attributes used to create an API Key. properties: category: description: The APIKeyCreateAttributes category. type: string name: description: Name of the API key. example: "API Key for submitting metrics" type: string remote_config_read_enabled: description: The APIKeyCreateAttributes remote_config_read_enabled. type: boolean required: - name type: object APIKeyCreateData: description: Object used to create an API key. properties: attributes: $ref: "#/components/schemas/APIKeyCreateAttributes" type: $ref: "#/components/schemas/APIKeysType" required: - attributes - type type: object APIKeyCreateRequest: description: Request used to create an API key. properties: data: $ref: "#/components/schemas/APIKeyCreateData" required: - data type: object APIKeyRelationships: description: Resources related to the API key. properties: created_by: $ref: "#/components/schemas/RelationshipToUser" modified_by: $ref: "#/components/schemas/NullableRelationshipToUser" type: object APIKeyResponse: description: Response for retrieving an API key. properties: data: $ref: "#/components/schemas/FullAPIKey" included: description: Array of objects related to the API key. items: $ref: "#/components/schemas/APIKeyResponseIncludedItem" type: array type: object APIKeyResponseIncludedItem: description: An object related to an API key. oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/LeakedKey" APIKeyUpdateAttributes: description: Attributes used to update an API Key. properties: category: description: The APIKeyUpdateAttributes category. type: string name: description: Name of the API key. example: "API Key for submitting metrics" type: string remote_config_read_enabled: description: The APIKeyUpdateAttributes remote_config_read_enabled. type: boolean required: - name type: object APIKeyUpdateData: description: Object used to update an API key. properties: attributes: $ref: "#/components/schemas/APIKeyUpdateAttributes" id: description: ID of the API key. example: "00112233-4455-6677-8899-aabbccddeeff" type: string type: $ref: "#/components/schemas/APIKeysType" required: - attributes - id - type type: object APIKeyUpdateRequest: description: Request used to update an API key. properties: data: $ref: "#/components/schemas/APIKeyUpdateData" required: - data type: object APIKeysResponse: description: Response for a list of API keys. properties: data: description: Array of API keys. items: $ref: "#/components/schemas/PartialAPIKey" type: array included: description: Array of objects related to the API key. items: $ref: "#/components/schemas/APIKeyResponseIncludedItem" type: array meta: $ref: "#/components/schemas/APIKeysResponseMeta" type: object APIKeysResponseMeta: description: Additional information related to api keys response. properties: max_allowed: description: Max allowed number of API keys. format: int64 type: integer page: $ref: "#/components/schemas/APIKeysResponseMetaPage" type: object APIKeysResponseMetaPage: description: Additional information related to the API keys response. properties: total_filtered_count: description: Total filtered application key count. format: int64 type: integer type: object APIKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - modified_at - -modified_at - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - NAME_ASCENDING - NAME_DESCENDING APIKeysType: default: api_keys description: API Keys resource type. enum: - api_keys example: api_keys type: string x-enum-varnames: - API_KEYS APITrigger: description: "Trigger a workflow from an API request. The workflow must be published." properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object APITriggerWrapper: description: "Schema for an API-based trigger." properties: apiTrigger: $ref: "#/components/schemas/APITrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - apiTrigger type: object AWSAccountConfigID: description: |- Unique Datadog ID of the AWS Account Integration Config. To get the config ID for an account, use the [List all AWS integrations](https://docs.datadoghq.com/api/latest/aws-integration/#list-all-aws-integrations) endpoint and query by AWS Account ID. example: "00000000-abcd-0001-0000-000000000000" type: string AWSAccountCreateRequest: description: AWS Account Create Request body. properties: data: $ref: "#/components/schemas/AWSAccountCreateRequestData" required: - data type: object AWSAccountCreateRequestAttributes: description: The AWS Account Integration Config to be created. properties: account_tags: $ref: "#/components/schemas/AWSAccountTags" auth_config: $ref: "#/components/schemas/AWSAuthConfig" aws_account_id: $ref: "#/components/schemas/AWSAccountID" aws_partition: $ref: "#/components/schemas/AWSAccountPartition" aws_regions: $ref: "#/components/schemas/AWSRegions" logs_config: $ref: "#/components/schemas/AWSLogsConfig" metrics_config: $ref: "#/components/schemas/AWSMetricsConfig" resources_config: $ref: "#/components/schemas/AWSResourcesConfig" traces_config: $ref: "#/components/schemas/AWSTracesConfig" required: - aws_account_id - aws_partition - auth_config type: object AWSAccountCreateRequestData: description: AWS Account Create Request data. properties: attributes: $ref: "#/components/schemas/AWSAccountCreateRequestAttributes" type: $ref: "#/components/schemas/AWSAccountType" required: - attributes - type type: object AWSAccountID: description: AWS Account ID. example: "123456789012" type: string AWSAccountPartition: description: |- AWS partition your AWS account is scoped to. Defaults to `aws`. See [Partitions](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/partitions.html) in the AWS documentation for more information. enum: - aws - aws-cn - aws-us-gov example: aws type: string x-enum-varnames: - AWS - AWS_CN - AWS_US_GOV AWSAccountResponse: description: AWS Account response body. properties: data: $ref: "#/components/schemas/AWSAccountResponseData" required: - data type: object AWSAccountResponseAttributes: description: AWS Account response attributes. properties: account_tags: $ref: "#/components/schemas/AWSAccountTags" auth_config: $ref: "#/components/schemas/AWSAuthConfig" aws_account_id: $ref: "#/components/schemas/AWSAccountID" aws_partition: $ref: "#/components/schemas/AWSAccountPartition" aws_regions: $ref: "#/components/schemas/AWSRegions" created_at: description: Timestamp of when the account integration was created. format: date-time readOnly: true type: string logs_config: $ref: "#/components/schemas/AWSLogsConfig" metrics_config: $ref: "#/components/schemas/AWSMetricsConfig" modified_at: description: Timestamp of when the account integration was updated. format: date-time readOnly: true type: string resources_config: $ref: "#/components/schemas/AWSResourcesConfig" traces_config: $ref: "#/components/schemas/AWSTracesConfig" required: - aws_account_id type: object AWSAccountResponseData: description: AWS Account response data. properties: attributes: $ref: "#/components/schemas/AWSAccountResponseAttributes" id: $ref: "#/components/schemas/AWSAccountConfigID" type: $ref: "#/components/schemas/AWSAccountType" required: - id - type type: object AWSAccountTags: description: Tags to apply to all hosts and metrics reporting for this account. Defaults to `[]`. items: description: Tag in the form `key:value`. example: "env:prod" type: string nullable: true type: array AWSAccountType: default: account description: AWS Account resource type. enum: - account example: account type: string x-enum-varnames: - ACCOUNT AWSAccountUpdateRequest: description: AWS Account Update Request body. properties: data: $ref: "#/components/schemas/AWSAccountUpdateRequestData" required: - data type: object AWSAccountUpdateRequestAttributes: description: The AWS Account Integration Config to be updated. properties: account_tags: $ref: "#/components/schemas/AWSAccountTags" auth_config: $ref: "#/components/schemas/AWSAuthConfig" aws_account_id: $ref: "#/components/schemas/AWSAccountID" aws_partition: $ref: "#/components/schemas/AWSAccountPartition" aws_regions: $ref: "#/components/schemas/AWSRegions" logs_config: $ref: "#/components/schemas/AWSLogsConfig" metrics_config: $ref: "#/components/schemas/AWSMetricsConfig" resources_config: $ref: "#/components/schemas/AWSResourcesConfig" traces_config: $ref: "#/components/schemas/AWSTracesConfig" required: - aws_account_id type: object AWSAccountUpdateRequestData: description: AWS Account Update Request data. properties: attributes: $ref: "#/components/schemas/AWSAccountUpdateRequestAttributes" id: $ref: "#/components/schemas/AWSAccountConfigID" type: $ref: "#/components/schemas/AWSAccountType" required: - attributes - type type: object AWSAccountsResponse: description: AWS Accounts response body. properties: data: description: List of AWS Account Integration Configs. items: $ref: "#/components/schemas/AWSAccountResponseData" type: array required: - data type: object AWSAssumeRole: description: The definition of `AWSAssumeRole` object. properties: account_id: description: AWS account the connection is created for example: "111222333444" pattern: ^\d{12}$ type: string external_id: description: External ID used to scope which connection can be used to assume the role example: 33a1011635c44b38a064cf14e82e1d8f readOnly: true type: string principal_id: description: AWS account that will assume the role example: "123456789012" readOnly: true type: string role: description: Role to assume example: my-role type: string type: $ref: "#/components/schemas/AWSAssumeRoleType" required: - type - account_id - role type: object AWSAssumeRoleType: description: The definition of `AWSAssumeRoleType` object. enum: - AWSAssumeRole example: AWSAssumeRole type: string x-enum-varnames: - AWSASSUMEROLE AWSAssumeRoleUpdate: description: The definition of `AWSAssumeRoleUpdate` object. properties: account_id: description: AWS account the connection is created for example: "111222333444" pattern: ^\d{12}$ type: string generate_new_external_id: description: The `AWSAssumeRoleUpdate` `generate_new_external_id`. type: boolean role: description: Role to assume example: my-role type: string type: $ref: "#/components/schemas/AWSAssumeRoleType" required: - type type: object AWSAuthConfig: description: AWS Authentication config. oneOf: - $ref: "#/components/schemas/AWSAuthConfigKeys" - $ref: "#/components/schemas/AWSAuthConfigRole" AWSAuthConfigKeys: description: AWS Authentication config to integrate your account using an access key pair. properties: access_key_id: description: AWS Access Key ID. example: "AKIAIOSFODNN7EXAMPLE" type: string secret_access_key: description: AWS Secret Access Key. example: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" minLength: 1 type: string writeOnly: true required: - access_key_id type: object AWSAuthConfigRole: description: AWS Authentication config to integrate your account using an IAM role. properties: external_id: description: AWS IAM External ID for associated role. type: string role_name: description: AWS IAM Role name. example: "DatadogIntegrationRole" maxLength: 576 minLength: 1 type: string required: - role_name type: object AWSCcmConfig: description: AWS Cloud Cost Management config. properties: data_export_configs: description: List of data export configurations for Cost and Usage Reports. items: $ref: "#/components/schemas/DataExportConfig" type: array required: - data_export_configs type: object AWSCcmConfigRequest: description: AWS CCM Config Create/Update Request body. properties: data: $ref: "#/components/schemas/AWSCcmConfigRequestData" required: - data type: object AWSCcmConfigRequestAttributes: description: AWS CCM Config attributes for Create/Update requests. properties: ccm_config: $ref: "#/components/schemas/AWSCcmConfig" required: - ccm_config type: object AWSCcmConfigRequestData: description: AWS CCM Config Create/Update Request data. properties: attributes: $ref: "#/components/schemas/AWSCcmConfigRequestAttributes" type: $ref: "#/components/schemas/AWSCcmConfigType" required: - attributes - type type: object AWSCcmConfigResponse: description: AWS CCM Config response body. properties: data: $ref: "#/components/schemas/AWSCcmConfigResponseData" required: - data type: object AWSCcmConfigResponseAttributes: description: AWS CCM Config response attributes. properties: data_export_configs: description: List of data export configurations for Cost and Usage Reports. items: $ref: "#/components/schemas/DataExportConfig" type: array type: object AWSCcmConfigResponseData: description: AWS CCM Config response data. properties: attributes: $ref: "#/components/schemas/AWSCcmConfigResponseAttributes" id: $ref: "#/components/schemas/AWSAccountConfigID" type: $ref: "#/components/schemas/AWSCcmConfigType" required: - type type: object AWSCcmConfigType: default: "ccm_config" description: AWS CCM Config resource type. enum: - ccm_config example: "ccm_config" type: string x-enum-varnames: - CCM_CONFIG AWSCloudAuthPersonaMappingAttributesResponse: description: Attributes for AWS cloud authentication persona mapping response properties: account_identifier: description: Datadog account identifier (email or handle) mapped to the AWS principal example: "test@test.com" type: string account_uuid: description: Datadog account UUID example: "12bbdc5c-5966-47e0-8733-285f9e44bcf4" type: string arn_pattern: description: AWS IAM ARN pattern to match for authentication example: "arn:aws:iam::123456789012:user/testuser" type: string required: - arn_pattern - account_identifier - account_uuid type: object AWSCloudAuthPersonaMappingCreateAttributes: description: Attributes for creating an AWS cloud authentication persona mapping properties: account_identifier: description: Datadog account identifier (email or handle) mapped to the AWS principal example: "test@test.com" type: string arn_pattern: description: AWS IAM ARN pattern to match for authentication example: "arn:aws:iam::123456789012:user/testuser" type: string required: - arn_pattern - account_identifier type: object AWSCloudAuthPersonaMappingCreateData: description: Data for creating an AWS cloud authentication persona mapping properties: attributes: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingCreateAttributes" type: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingType" required: - type - attributes type: object AWSCloudAuthPersonaMappingCreateRequest: description: Request used to create an AWS cloud authentication persona mapping properties: data: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingCreateData" required: - data type: object AWSCloudAuthPersonaMappingDataResponse: description: Data for AWS cloud authentication persona mapping response properties: attributes: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingAttributesResponse" id: description: Unique identifier for the persona mapping example: "c5c758c6-18c2-4484-ae3f-46b84128404a" type: string type: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingType" required: - id - type - attributes type: object AWSCloudAuthPersonaMappingResponse: description: Response containing a single AWS cloud authentication persona mapping properties: data: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingDataResponse" required: - data type: object AWSCloudAuthPersonaMappingType: description: Type identifier for AWS cloud authentication persona mapping enum: - aws_cloud_auth_config example: aws_cloud_auth_config type: string x-enum-varnames: - AWS_CLOUD_AUTH_CONFIG AWSCloudAuthPersonaMappingsData: description: List of AWS cloud authentication persona mappings items: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingDataResponse" type: array AWSCloudAuthPersonaMappingsResponse: description: Response containing a list of AWS cloud authentication persona mappings properties: data: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingsData" example: - attributes: account_identifier: "test@test.com" account_uuid: "12bbdc5c-5966-47e0-8733-285f9e44bcf4" arn_pattern: "arn:aws:iam::123456789012:user/testuser" id: "c5c758c6-18c2-4484-ae3f-46b84128404a" type: aws_cloud_auth_config required: - data type: object AWSCredentials: description: The definition of `AWSCredentials` object. oneOf: - $ref: "#/components/schemas/AWSAssumeRole" AWSCredentialsUpdate: description: The definition of `AWSCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/AWSAssumeRoleUpdate" AWSEventBridgeAccountConfiguration: description: The EventBridge configuration for one AWS account. properties: account_id: description: Your AWS Account ID without dashes. example: "123456789012" type: string event_hubs: description: Array of AWS event sources associated with this account. items: $ref: "#/components/schemas/AWSEventBridgeSource" type: array tags: description: |- Array of tags (in the form `key:value`) which are added to all hosts and metrics reporting through the main AWS integration. example: ["$KEY:$VALUE"] items: description: The list of the host_tags. type: string type: array type: object AWSEventBridgeCreateRequest: description: Amazon EventBridge create request body. properties: data: $ref: "#/components/schemas/AWSEventBridgeCreateRequestData" required: - data type: object AWSEventBridgeCreateRequestAttributes: description: The EventBridge source to be created. properties: account_id: $ref: "#/components/schemas/AWSAccountID" create_event_bus: description: |- Set to true if Datadog should create the event bus in addition to the event source. Requires the `events:CreateEventBus` permission. example: true type: boolean event_generator_name: description: |- The given part of the event source name, which is then combined with an assigned suffix to form the full name. example: "app-alerts" type: string region: description: |- The event source's [AWS region](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). example: "us-east-1" type: string required: - account_id - event_generator_name - region type: object AWSEventBridgeCreateRequestData: description: Amazon EventBridge create request data. properties: attributes: $ref: "#/components/schemas/AWSEventBridgeCreateRequestAttributes" type: $ref: "#/components/schemas/AWSEventBridgeType" required: - attributes - type type: object AWSEventBridgeCreateResponse: description: Amazon EventBridge create response body. properties: data: $ref: "#/components/schemas/AWSEventBridgeCreateResponseData" required: - data type: object AWSEventBridgeCreateResponseAttributes: description: A created EventBridge source. properties: event_source_name: description: The event source name. example: "app-alerts-zyxw3210" type: string has_bus: description: True if the event bus was created in addition to the source. example: true type: boolean region: description: |- The event source's [AWS region](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). example: "us-east-1" type: string status: $ref: "#/components/schemas/AWSEventBridgeCreateStatus" type: object AWSEventBridgeCreateResponseData: description: Amazon EventBridge create response data. properties: attributes: $ref: "#/components/schemas/AWSEventBridgeCreateResponseAttributes" id: default: "create_event_bridge" description: The ID of the Amazon EventBridge create response data. example: "create_event_bridge" type: string type: $ref: "#/components/schemas/AWSEventBridgeType" required: - attributes - type type: object AWSEventBridgeCreateStatus: description: The event source status "created". enum: ["created"] example: created type: string x-enum-varnames: ["CREATED"] AWSEventBridgeDeleteRequest: description: Amazon EventBridge delete request body. properties: data: $ref: "#/components/schemas/AWSEventBridgeDeleteRequestData" required: - data type: object AWSEventBridgeDeleteRequestAttributes: description: The EventBridge source to be deleted. properties: account_id: $ref: "#/components/schemas/AWSAccountID" event_generator_name: description: The event source name. example: "app-alerts-zyxw3210" type: string region: description: |- The event source's [AWS region](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). example: "us-east-1" type: string required: - account_id - event_generator_name - region type: object AWSEventBridgeDeleteRequestData: description: Amazon EventBridge delete request data. properties: attributes: $ref: "#/components/schemas/AWSEventBridgeDeleteRequestAttributes" type: $ref: "#/components/schemas/AWSEventBridgeType" required: - attributes - type type: object AWSEventBridgeDeleteResponse: description: Amazon EventBridge delete response body. properties: data: $ref: "#/components/schemas/AWSEventBridgeDeleteResponseData" required: - data type: object AWSEventBridgeDeleteResponseAttributes: description: The EventBridge source delete response attributes. properties: status: $ref: "#/components/schemas/AWSEventBridgeDeleteStatus" type: object AWSEventBridgeDeleteResponseData: description: Amazon EventBridge delete response data. properties: attributes: $ref: "#/components/schemas/AWSEventBridgeDeleteResponseAttributes" id: default: "delete_event_bridge" description: The ID of the Amazon EventBridge list response data. example: "delete_event_bridge" type: string type: $ref: "#/components/schemas/AWSEventBridgeType" required: - attributes - type type: object AWSEventBridgeDeleteStatus: description: The event source status "empty". enum: ["empty"] example: empty type: string x-enum-varnames: ["EMPTY"] AWSEventBridgeListResponse: description: Amazon EventBridge list response body. properties: data: $ref: "#/components/schemas/AWSEventBridgeListResponseData" required: - data type: object AWSEventBridgeListResponseAttributes: description: An object describing the EventBridge configuration for multiple accounts. properties: accounts: description: List of accounts with their event sources. items: $ref: "#/components/schemas/AWSEventBridgeAccountConfiguration" type: array is_installed: description: True if the EventBridge integration is enabled for your organization. type: boolean type: object AWSEventBridgeListResponseData: description: Amazon EventBridge list response data. properties: attributes: $ref: "#/components/schemas/AWSEventBridgeListResponseAttributes" id: default: "get_event_bridge" description: The ID of the Amazon EventBridge list response data. example: "get_event_bridge" type: string type: $ref: "#/components/schemas/AWSEventBridgeType" required: - attributes - id - type type: object AWSEventBridgeSource: description: An EventBridge source. properties: name: description: The event source name. example: "app-alerts-zyxw3210" type: string region: description: |- The event source's [AWS region](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). example: "us-east-1" type: string type: object AWSEventBridgeType: default: "event_bridge" description: Amazon EventBridge resource type. enum: - event_bridge example: "event_bridge" type: string x-enum-varnames: - EVENT_BRIDGE AWSIntegration: description: The definition of `AWSIntegration` object. properties: credentials: $ref: "#/components/schemas/AWSCredentials" type: $ref: "#/components/schemas/AWSIntegrationType" required: - type - credentials type: object AWSIntegrationIamPermissionsResponse: description: AWS Integration IAM Permissions response body. properties: data: $ref: "#/components/schemas/AWSIntegrationIamPermissionsResponseData" required: - data type: object AWSIntegrationIamPermissionsResponseAttributes: description: AWS Integration IAM Permissions response attributes. properties: permissions: description: List of AWS IAM permissions required for the integration. example: - "account:GetContactInformation" - "amplify:ListApps" - "amplify:ListArtifacts" - "amplify:ListBackendEnvironments" - "amplify:ListBranches" items: description: An AWS IAM permission required for the Datadog integration. example: "account:GetContactInformation" type: string type: array required: - permissions type: object AWSIntegrationIamPermissionsResponseData: description: AWS Integration IAM Permissions response data. properties: attributes: $ref: "#/components/schemas/AWSIntegrationIamPermissionsResponseAttributes" id: default: "permissions" description: The `AWSIntegrationIamPermissionsResponseData` `id`. example: "permissions" type: string type: $ref: "#/components/schemas/AWSIntegrationIamPermissionsResponseDataType" type: object AWSIntegrationIamPermissionsResponseDataType: default: "permissions" description: The `AWSIntegrationIamPermissionsResponseData` `type`. enum: - permissions example: "permissions" type: string x-enum-varnames: - PERMISSIONS AWSIntegrationType: description: The definition of `AWSIntegrationType` object. enum: - AWS example: AWS type: string x-enum-varnames: - AWS AWSIntegrationUpdate: description: The definition of `AWSIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/AWSCredentialsUpdate" type: $ref: "#/components/schemas/AWSIntegrationType" required: - type type: object AWSLambdaForwarderConfig: description: |- Log Autosubscription configuration for Datadog Forwarder Lambda functions. Automatically set up triggers for existing and new logs for some services, ensuring no logs from new resources are missed and saving time spent on manual configuration. properties: lambdas: description: List of Datadog Lambda Log Forwarder ARNs in your AWS account. Defaults to `[]`. items: description: The ARN of a Datadog Lambda Log Forwarder function. example: "arn:aws:lambda:us-east-1:123456789012:function:DatadogLambdaLogForwarder" type: string type: array log_source_config: $ref: "#/components/schemas/AWSLambdaForwarderConfigLogSourceConfig" sources: description: |- List of service IDs set to enable automatic log collection. Discover the list of available services with the [Get list of AWS log ready services](https://docs.datadoghq.com/api/latest/aws-logs-integration/#get-list-of-aws-log-ready-services) endpoint. items: description: An AWS service ID for which automatic log collection is enabled. example: s3 type: string type: array type: object AWSLambdaForwarderConfigLogSourceConfig: description: Log source configuration. properties: tag_filters: description: List of AWS log source tag filters. Defaults to `[]`. items: $ref: "#/components/schemas/AWSLogSourceTagFilter" type: array type: object AWSLogSourceTagFilter: description: |- AWS log source tag filter list. Defaults to `[]`. Array of log source to AWS resource tag mappings. Each mapping contains a log source and its associated AWS resource tags (in `key:value` format) used to filter logs submitted to Datadog. Tag filters are applied for tags on the AWS resource emitting logs; tags associated with the log storage entity (such as a CloudWatch Log Group or S3 Bucket) are not considered. For more information on resource tag filter syntax, [see AWS resource exclusion](https://docs.datadoghq.com/account_management/billing/aws/#aws-resource-exclusion) in the AWS integration billing page. properties: source: description: The AWS log source to which the tag filters defined in `tags` are applied. example: "s3" type: string tags: description: The AWS resource tags to filter on for the log source specified by `source`. items: description: Tag in the form `key:value`. example: "env:prod" type: string nullable: true type: array type: object AWSLogsConfig: description: AWS Logs Collection config. properties: lambda_forwarder: $ref: "#/components/schemas/AWSLambdaForwarderConfig" type: object AWSLogsServicesResponse: description: AWS Logs Services response body properties: data: $ref: "#/components/schemas/AWSLogsServicesResponseData" required: - data type: object AWSLogsServicesResponseAttributes: description: AWS Logs Services response body properties: logs_services: description: List of AWS services that can send logs to Datadog example: - "s3" items: description: The name of an AWS service that can send logs to Datadog. example: "s3" type: string type: array required: - logs_services type: object AWSLogsServicesResponseData: description: AWS Logs Services response body properties: attributes: $ref: "#/components/schemas/AWSLogsServicesResponseAttributes" id: default: "logs_services" description: The `AWSLogsServicesResponseData` `id`. example: "logs_services" type: string type: $ref: "#/components/schemas/AWSLogsServicesResponseDataType" required: - id - type type: object AWSLogsServicesResponseDataType: default: "logs_services" description: The `AWSLogsServicesResponseData` `type`. enum: - logs_services example: "logs_services" type: string x-enum-varnames: - LOGS_SERVICES AWSMetricsConfig: description: AWS Metrics Collection config. properties: automute_enabled: description: Enable EC2 automute for AWS metrics. Defaults to `true`. example: true type: boolean collect_cloudwatch_alarms: description: Enable CloudWatch alarms collection. Defaults to `false`. example: false type: boolean collect_custom_metrics: description: Enable custom metrics collection. Defaults to `false`. example: false type: boolean enabled: description: Enable AWS metrics collection. Defaults to `true`. example: true type: boolean namespace_filters: $ref: "#/components/schemas/AWSNamespaceFilters" tag_filters: description: AWS Metrics collection tag filters list. Defaults to `[]`. items: $ref: "#/components/schemas/AWSNamespaceTagFilter" type: array type: object AWSNamespaceFilters: description: AWS Metrics namespace filters. Defaults to `exclude_only`. oneOf: - $ref: "#/components/schemas/AWSNamespaceFiltersExcludeOnly" - $ref: "#/components/schemas/AWSNamespaceFiltersIncludeOnly" AWSNamespaceFiltersExcludeOnly: description: |- Exclude only these namespaces from metrics collection. Defaults to `["AWS/SQS", "AWS/ElasticMapReduce", "AWS/Usage"]`. `AWS/SQS`, `AWS/ElasticMapReduce`, and `AWS/Usage` are excluded by default to reduce your AWS CloudWatch costs from `GetMetricData` API calls. properties: exclude_only: description: |- Exclude only these namespaces from metrics collection. Defaults to `["AWS/SQS", "AWS/ElasticMapReduce", "AWS/Usage"]`. `AWS/SQS`, `AWS/ElasticMapReduce`, and `AWS/Usage` are excluded by default to reduce your AWS CloudWatch costs from `GetMetricData` API calls. example: - "AWS/SQS" - "AWS/ElasticMapReduce" - "AWS/Usage" items: description: An AWS CloudWatch namespace to exclude from metrics collection. example: "AWS/SQS" type: string type: array required: - exclude_only type: object AWSNamespaceFiltersIncludeOnly: description: Include only these namespaces. properties: include_only: description: Include only these namespaces. example: - "AWS/EC2" items: description: An AWS CloudWatch namespace to include in metrics collection. example: "AWS/EC2" type: string type: array required: - include_only type: object AWSNamespaceTagFilter: description: |- AWS Metrics Collection tag filters list. Defaults to `[]`. The array of custom AWS resource tags (in the form `key:value`) defines a filter that Datadog uses when collecting metrics from a specified service. Wildcards, such as `?` (match a single character) and `*` (match multiple characters), and exclusion using `!` before the tag are supported. For EC2, only hosts that match one of the defined tags are imported into Datadog. The rest are ignored. For example, `env:production,instance-type:c?.*,!region:us-east-1`. properties: namespace: description: The AWS service for which the tag filters defined in `tags` will be applied. example: "AWS/EC2" type: string tags: description: The AWS resource tags to filter on for the service specified by `namespace`. items: description: Tag in the form `key:value`. example: "datadog:true" type: string nullable: true type: array type: object AWSNamespacesResponse: description: AWS Namespaces response body. properties: data: $ref: "#/components/schemas/AWSNamespacesResponseData" required: - data type: object AWSNamespacesResponseAttributes: description: AWS Namespaces response attributes. properties: namespaces: description: AWS CloudWatch namespace. example: - "AWS/ApiGateway" items: description: An AWS CloudWatch namespace name. example: "AWS/ApiGateway" type: string type: array required: - namespaces type: object AWSNamespacesResponseData: description: AWS Namespaces response data. properties: attributes: $ref: "#/components/schemas/AWSNamespacesResponseAttributes" id: default: "namespaces" description: The `AWSNamespacesResponseData` `id`. example: "namespaces" type: string type: $ref: "#/components/schemas/AWSNamespacesResponseDataType" required: - id - type type: object AWSNamespacesResponseDataType: default: "namespaces" description: The `AWSNamespacesResponseData` `type`. enum: - namespaces example: "namespaces" type: string x-enum-varnames: - NAMESPACES AWSNewExternalIDResponse: description: AWS External ID response body. properties: data: $ref: "#/components/schemas/AWSNewExternalIDResponseData" required: - data type: object AWSNewExternalIDResponseAttributes: description: AWS External ID response body. properties: external_id: description: AWS IAM External ID for associated role. example: "acb8f6b8a844443dbb726d07dcb1a870" type: string required: - external_id type: object AWSNewExternalIDResponseData: description: AWS External ID response body. properties: attributes: $ref: "#/components/schemas/AWSNewExternalIDResponseAttributes" id: default: "external_id" description: The `AWSNewExternalIDResponseData` `id`. example: "external_id" type: string type: $ref: "#/components/schemas/AWSNewExternalIDResponseDataType" required: - id - type type: object AWSNewExternalIDResponseDataType: default: "external_id" description: The `AWSNewExternalIDResponseData` `type`. enum: - external_id example: "external_id" type: string x-enum-varnames: - EXTERNAL_ID AWSRegions: description: AWS Regions to collect data from. Defaults to `include_all`. oneOf: - $ref: "#/components/schemas/AWSRegionsIncludeAll" - $ref: "#/components/schemas/AWSRegionsIncludeOnly" AWSRegionsIncludeAll: description: Include all regions. Defaults to `true`. properties: include_all: description: Include all regions. example: true type: boolean required: - include_all type: object AWSRegionsIncludeOnly: description: Include only these regions. properties: include_only: description: Include only these regions. example: - "us-east-1" items: description: An AWS region to include in metrics collection. example: "us-east-1" type: string type: array required: - include_only type: object AWSResourcesConfig: description: AWS Resources Collection config. properties: cloud_security_posture_management_collection: description: |- Enable Cloud Security Management to scan AWS resources for vulnerabilities, misconfigurations, identity risks, and compliance violations. Defaults to `false`. Requires `extended_collection` to be set to `true`. example: false type: boolean extended_collection: description: |- Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Defaults to `true`. Required for `cloud_security_posture_management_collection`. example: true type: boolean type: object AWSTracesConfig: description: AWS Traces Collection config. properties: xray_services: $ref: "#/components/schemas/XRayServicesList" type: object AccountFilteringConfig: description: The account filtering configuration. properties: excluded_accounts: description: The AWS account IDs to be excluded from your billing dataset. This field is used when `include_new_accounts` is `true`. example: ["123456789123", "123456789143"] items: description: An AWS account ID to exclude from the billing dataset. type: string type: array include_new_accounts: description: Whether or not to automatically include new member accounts by default in your billing dataset. example: true nullable: true type: boolean included_accounts: description: The AWS account IDs to be included in your billing dataset. This field is used when `include_new_accounts` is `false`. example: ["123456789123", "123456789143"] items: description: An AWS account ID to include in the billing dataset. type: string type: array type: object ActionConnectionAttributes: description: The definition of `ActionConnectionAttributes` object. properties: integration: $ref: "#/components/schemas/ActionConnectionIntegration" name: description: Name of the connection example: My AWS Connection type: string required: - name - integration type: object ActionConnectionAttributesUpdate: description: The definition of `ActionConnectionAttributesUpdate` object. properties: integration: $ref: "#/components/schemas/ActionConnectionIntegrationUpdate" name: description: Name of the connection example: My AWS Connection type: string type: object ActionConnectionData: description: Data related to the connection. properties: attributes: $ref: "#/components/schemas/ActionConnectionAttributes" id: description: The connection identifier readOnly: true type: string type: $ref: "#/components/schemas/ActionConnectionDataType" required: - type - attributes type: object ActionConnectionDataType: description: The definition of `ActionConnectionDataType` object. enum: - action_connection example: action_connection type: string x-enum-varnames: - ACTION_CONNECTION ActionConnectionDataUpdate: description: Data related to the connection update. properties: attributes: $ref: "#/components/schemas/ActionConnectionAttributesUpdate" type: $ref: "#/components/schemas/ActionConnectionDataType" required: - type - attributes type: object ActionConnectionIntegration: description: The definition of `ActionConnectionIntegration` object. oneOf: - $ref: "#/components/schemas/AWSIntegration" - $ref: "#/components/schemas/AnthropicIntegration" - $ref: "#/components/schemas/AsanaIntegration" - $ref: "#/components/schemas/AzureIntegration" - $ref: "#/components/schemas/CircleCIIntegration" - $ref: "#/components/schemas/ClickupIntegration" - $ref: "#/components/schemas/CloudflareIntegration" - $ref: "#/components/schemas/ConfigCatIntegration" - $ref: "#/components/schemas/DatadogIntegration" - $ref: "#/components/schemas/FastlyIntegration" - $ref: "#/components/schemas/FreshserviceIntegration" - $ref: "#/components/schemas/GCPIntegration" - $ref: "#/components/schemas/GeminiIntegration" - $ref: "#/components/schemas/GitlabIntegration" - $ref: "#/components/schemas/GreyNoiseIntegration" - $ref: "#/components/schemas/HTTPIntegration" - $ref: "#/components/schemas/LaunchDarklyIntegration" - $ref: "#/components/schemas/NotionIntegration" - $ref: "#/components/schemas/OktaIntegration" - $ref: "#/components/schemas/OpenAIIntegration" - $ref: "#/components/schemas/ServiceNowIntegration" - $ref: "#/components/schemas/SplitIntegration" - $ref: "#/components/schemas/StatsigIntegration" - $ref: "#/components/schemas/VirusTotalIntegration" ActionConnectionIntegrationUpdate: description: The definition of `ActionConnectionIntegrationUpdate` object. oneOf: - $ref: "#/components/schemas/AWSIntegrationUpdate" - $ref: "#/components/schemas/AnthropicIntegrationUpdate" - $ref: "#/components/schemas/AsanaIntegrationUpdate" - $ref: "#/components/schemas/AzureIntegrationUpdate" - $ref: "#/components/schemas/CircleCIIntegrationUpdate" - $ref: "#/components/schemas/ClickupIntegrationUpdate" - $ref: "#/components/schemas/CloudflareIntegrationUpdate" - $ref: "#/components/schemas/ConfigCatIntegrationUpdate" - $ref: "#/components/schemas/DatadogIntegrationUpdate" - $ref: "#/components/schemas/FastlyIntegrationUpdate" - $ref: "#/components/schemas/FreshserviceIntegrationUpdate" - $ref: "#/components/schemas/GCPIntegrationUpdate" - $ref: "#/components/schemas/GeminiIntegrationUpdate" - $ref: "#/components/schemas/GitlabIntegrationUpdate" - $ref: "#/components/schemas/GreyNoiseIntegrationUpdate" - $ref: "#/components/schemas/HTTPIntegrationUpdate" - $ref: "#/components/schemas/LaunchDarklyIntegrationUpdate" - $ref: "#/components/schemas/NotionIntegrationUpdate" - $ref: "#/components/schemas/OktaIntegrationUpdate" - $ref: "#/components/schemas/OpenAIIntegrationUpdate" - $ref: "#/components/schemas/ServiceNowIntegrationUpdate" - $ref: "#/components/schemas/SplitIntegrationUpdate" - $ref: "#/components/schemas/StatsigIntegrationUpdate" - $ref: "#/components/schemas/VirusTotalIntegrationUpdate" ActionQuery: description: An action query. This query type is used to trigger an action, such as sending a HTTP request. properties: events: description: Events to listen for downstream of the action query. items: $ref: "#/components/schemas/AppBuilderEvent" type: array id: description: The ID of the action query. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string name: description: A unique identifier for this action query. This name is also used to access the query's result throughout the app. example: "fetchPendingOrders" type: string properties: $ref: "#/components/schemas/ActionQueryProperties" type: $ref: "#/components/schemas/ActionQueryType" required: - id - name - type - properties type: object ActionQueryCondition: description: Whether to run this query. If specified, the query will only run if this condition evaluates to `true` in JavaScript and all other conditions are also met. oneOf: - type: boolean - example: "${true}" type: string ActionQueryDebounceInMs: description: The minimum time in milliseconds that must pass before the query can be triggered again. This is useful for preventing accidental double-clicks from triggering the query multiple times. oneOf: - example: 310.5 format: double type: number - description: "If this is a string, it must be a valid JavaScript expression that evaluates to a number." example: "${1000}" type: string ActionQueryMockedOutputs: description: The mocked outputs of the action query. This is useful for testing the app without actually running the action. oneOf: - type: string - $ref: "#/components/schemas/ActionQueryMockedOutputsObject" ActionQueryMockedOutputsEnabled: description: Whether to enable the mocked outputs for testing. example: false oneOf: - type: boolean - description: "If this is a string, it must be a valid JavaScript expression that evaluates to a boolean." example: "${true}" type: string ActionQueryMockedOutputsObject: description: The mocked outputs of the action query. properties: enabled: $ref: "#/components/schemas/ActionQueryMockedOutputsEnabled" outputs: description: The mocked outputs of the action query, serialized as JSON. example: '{"status": "success"}' type: string required: - enabled type: object ActionQueryOnlyTriggerManually: description: Determines when this query is executed. If set to `false`, the query will run when the app loads and whenever any query arguments change. If set to `true`, the query will only run when manually triggered from elsewhere in the app. oneOf: - type: boolean - description: "If this is a string, it must be a valid JavaScript expression that evaluates to a boolean." example: "${true}" type: string ActionQueryPollingIntervalInMs: description: If specified, the app will poll the query at the specified interval in milliseconds. The minimum polling interval is 15 seconds. The query will only poll when the app's browser tab is active. oneOf: - example: 30000.0 format: double minimum: 15000.0 type: number - description: "If this is a string, it must be a valid JavaScript expression that evaluates to a number." example: "${15000}" type: string ActionQueryProperties: description: The properties of the action query. properties: condition: $ref: "#/components/schemas/ActionQueryCondition" debounceInMs: $ref: "#/components/schemas/ActionQueryDebounceInMs" mockedOutputs: $ref: "#/components/schemas/ActionQueryMockedOutputs" onlyTriggerManually: $ref: "#/components/schemas/ActionQueryOnlyTriggerManually" outputs: description: The post-query transformation function, which is a JavaScript function that changes the query's `.outputs` property after the query's execution. example: "${((outputs) => {return outputs.body.data})(self.rawOutputs)}" type: string pollingIntervalInMs: $ref: "#/components/schemas/ActionQueryPollingIntervalInMs" requiresConfirmation: $ref: "#/components/schemas/ActionQueryRequiresConfirmation" showToastOnError: $ref: "#/components/schemas/ActionQueryShowToastOnError" spec: $ref: "#/components/schemas/ActionQuerySpec" required: - spec type: object ActionQueryRequiresConfirmation: description: Whether to prompt the user to confirm this query before it runs. oneOf: - type: boolean - description: "If this is a string, it must be a valid JavaScript expression that evaluates to a boolean." example: "${true}" type: string ActionQueryShowToastOnError: description: Whether to display a toast to the user when the query returns an error. oneOf: - type: boolean - description: "If this is a string, it must be a valid JavaScript expression that evaluates to a boolean." example: "${true}" type: string ActionQuerySpec: description: The definition of the action query. example: "" oneOf: - type: string - $ref: "#/components/schemas/ActionQuerySpecObject" ActionQuerySpecConnectionGroup: description: The connection group to use for an action query. properties: id: description: The ID of the connection group. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string tags: description: The tags of the connection group. items: description: A tag for the connection group. type: string type: array type: object ActionQuerySpecInput: additionalProperties: {} description: The inputs to the action query. See the [Actions Catalog](https://docs.datadoghq.com/actions/actions_catalog/) for more detail on each action and its inputs. type: object ActionQuerySpecInputs: description: The inputs to the action query. These are the values that are passed to the action when it is triggered. oneOf: - type: string - $ref: "#/components/schemas/ActionQuerySpecInput" ActionQuerySpecObject: description: The action query spec object. properties: connectionGroup: $ref: "#/components/schemas/ActionQuerySpecConnectionGroup" connectionId: description: The ID of the custom connection to use for this action query. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 type: string fqn: description: The fully qualified name of the action type. example: "com.datadoghq.http.request" type: string inputs: $ref: "#/components/schemas/ActionQuerySpecInputs" required: - fqn type: object ActionQueryType: default: action description: The action query type. enum: - action example: action type: string x-enum-varnames: - ACTION ActiveBillingDimensionsAttributes: description: List of active billing dimensions. properties: month: description: "Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]`." format: date-time type: string values: description: "List of active billing dimensions. Example: `[infra_host, apm_host, serverless_infra]`." items: description: A given billing dimension in a list. example: "infra_host" type: string type: array type: object ActiveBillingDimensionsBody: description: Active billing dimensions data. properties: attributes: $ref: "#/components/schemas/ActiveBillingDimensionsAttributes" id: description: Unique ID of the response. type: string type: $ref: "#/components/schemas/ActiveBillingDimensionsType" type: object ActiveBillingDimensionsResponse: description: Active billing dimensions response. properties: data: $ref: "#/components/schemas/ActiveBillingDimensionsBody" type: object ActiveBillingDimensionsType: default: billing_dimensions description: Type of active billing dimensions data. enum: - billing_dimensions type: string x-enum-varnames: - BILLING_DIMENSIONS AddMemberTeamRequest: description: Request to add a member team to super team's hierarchy properties: data: $ref: "#/components/schemas/MemberTeam" required: - data type: object Advisory: description: Advisory. properties: base_severity: description: Advisory base severity. example: Critical type: string id: description: Advisory id. example: GHSA-4wrc-f8pq-fpqp type: string severity: description: Advisory Datadog severity. example: Medium type: string required: - id - base_severity type: object AlertEventAttributes: description: Alert event attributes. properties: aggregation_key: $ref: "#/components/schemas/V2EventAggregationKey" custom: description: JSON object of custom attributes. example: {} type: object evt: $ref: "#/components/schemas/EventSystemAttributes" links: description: The links related to the event. example: [{"category": "runbook", "title": "Runbook Link", "url": "https://app.datadoghq.com/runbook"}] items: $ref: "#/components/schemas/AlertEventAttributesLinksItem" type: array priority: $ref: "#/components/schemas/AlertEventAttributesPriority" service: $ref: "#/components/schemas/V2EventService" status: $ref: "#/components/schemas/AlertEventAttributesStatus" timestamp: $ref: "#/components/schemas/V2EventTimestamp" title: $ref: "#/components/schemas/V2EventTitle" type: object AlertEventAttributesLinksItem: description: A link. properties: category: $ref: "#/components/schemas/AlertEventAttributesLinksItemCategory" title: description: |- The display text of the link. type: string url: description: |- The URL of the link. type: string type: object AlertEventAttributesLinksItemCategory: description: |- The category of the link. enum: - runbook - documentation - dashboard type: string x-enum-varnames: - RUNBOOK - DOCUMENTATION - DASHBOARD AlertEventAttributesPriority: description: The priority of the alert. enum: - "1" - "2" - "3" - "4" - "5" example: "5" type: string x-enum-varnames: - PRIORITY_ONE - PRIORITY_TWO - PRIORITY_THREE - PRIORITY_FOUR - PRIORITY_FIVE AlertEventAttributesStatus: description: The status of the alert. enum: - warn - error - ok example: "error" type: string x-enum-varnames: - WARN - ERROR - OK AlertEventCustomAttributes: additionalProperties: false description: |- Alert event attributes. properties: custom: $ref: "#/components/schemas/AlertEventCustomAttributesCustom" links: $ref: "#/components/schemas/AlertEventCustomAttributesLinks" priority: $ref: "#/components/schemas/AlertEventCustomAttributesPriority" status: $ref: "#/components/schemas/AlertEventCustomAttributesStatus" required: - status type: object AlertEventCustomAttributesCustom: additionalProperties: {} description: |- Free form JSON object for arbitrary data. Supports up to 100 properties per object and a maximum nesting depth of 10 levels. example: {} type: object AlertEventCustomAttributesLinks: description: |- The links related to the event. Maximum of 20 links allowed. items: $ref: "#/components/schemas/AlertEventCustomAttributesLinksItems" maxItems: 20 minItems: 1 type: array AlertEventCustomAttributesLinksItems: additionalProperties: false description: |- A link. properties: category: $ref: "#/components/schemas/AlertEventCustomAttributesLinksItemsCategory" title: description: |- The display text of the link. Limited to 300 characters. example: "Runbook Link" maxLength: 300 minLength: 1 type: string url: description: |- The URL of the link. Limited to 2048 characters. example: "https://app.datadoghq.com/runbook" maxLength: 2048 minLength: 1 type: string required: - url - category type: object AlertEventCustomAttributesLinksItemsCategory: description: |- The category of the link. enum: - runbook - documentation - dashboard - resource example: "runbook" type: string x-enum-varnames: - RUNBOOK - DOCUMENTATION - DASHBOARD - RESOURCE AlertEventCustomAttributesPriority: default: "5" description: |- The priority of the alert. enum: - "1" - "2" - "3" - "4" - "5" example: "5" type: string x-enum-varnames: - PRIORITY_ONE - PRIORITY_TWO - PRIORITY_THREE - PRIORITY_FOUR - PRIORITY_FIVE AlertEventCustomAttributesStatus: description: |- The status of the alert. enum: - warn - error - ok example: "warn" type: string x-enum-varnames: - WARN - ERROR - OK Allocation: description: Targeting rule (allocation) details for a feature flag environment. properties: created_at: description: The timestamp when the targeting rule allocation was created. example: "2024-01-01T12:00:00Z" format: date-time type: string environment_ids: description: Environment IDs associated with this targeting rule allocation. example: - "550e8400-e29b-41d4-a716-446655440001" items: description: Environment ID linked to this targeting rule allocation. format: uuid type: string type: array experiment_id: description: The experiment ID linked to this targeting rule allocation. example: "550e8400-e29b-41d4-a716-446655440030" nullable: true type: string exposure_schedule: $ref: "#/components/schemas/AllocationExposureSchedule" guardrail_metrics: description: Guardrail metrics associated with this targeting rule allocation. items: $ref: "#/components/schemas/GuardrailMetric" type: array id: description: The unique identifier of the targeting rule allocation. example: "550e8400-e29b-41d4-a716-446655440020" format: uuid type: string key: description: The unique key of the targeting rule allocation. example: "prod-rollout" type: string name: description: The display name of the targeting rule. example: "Production Rollout" type: string order_position: description: Sort order position within the environment. example: 0 format: int64 type: integer targeting_rules: description: Conditions associated with this targeting rule allocation. items: $ref: "#/components/schemas/TargetingRule" type: array type: $ref: "#/components/schemas/AllocationType" updated_at: description: The timestamp when the targeting rule allocation was last updated. example: "2024-01-01T12:00:00Z" format: date-time type: string variant_weights: description: Weighted variant assignments for this targeting rule allocation. items: $ref: "#/components/schemas/VariantWeight" type: array required: - name - key - targeting_rules - variant_weights - order_position - environment_ids - type - guardrail_metrics - created_at - updated_at type: object AllocationDataRequest: description: Data wrapper for allocation request payloads. properties: attributes: $ref: "#/components/schemas/UpsertAllocationRequest" type: $ref: "#/components/schemas/AllocationDataType" required: - type - attributes type: object AllocationDataResponse: description: Data wrapper for targeting rule allocation responses. properties: attributes: $ref: "#/components/schemas/Allocation" id: description: The unique identifier of the targeting rule allocation. example: "550e8400-e29b-41d4-a716-446655440020" format: uuid type: string type: $ref: "#/components/schemas/AllocationDataType" required: - id - type - attributes type: object AllocationDataType: description: The resource type. enum: - "allocations" example: "allocations" type: string x-enum-varnames: - ALLOCATIONS AllocationExposureGuardrailTrigger: description: Guardrail trigger details for a progressive rollout. properties: allocation_exposure_schedule_id: description: The progressive rollout ID this trigger belongs to. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string created_at: description: The timestamp when this trigger was created. example: "2024-01-01T12:00:00Z" format: date-time type: string flagging_variant_id: description: The variant ID that triggered this event. example: "550e8400-e29b-41d4-a716-446655440001" format: uuid type: string id: description: The unique identifier of the guardrail trigger. example: "550e8400-e29b-41d4-a716-446655440080" format: uuid type: string metric_id: description: The metric ID associated with the trigger. example: "metric-error-rate" type: string triggered_action: description: The action that was triggered. example: "PAUSE" type: string updated_at: description: The timestamp when this trigger was last updated. example: "2024-01-01T12:00:00Z" format: date-time type: string required: - id - allocation_exposure_schedule_id - flagging_variant_id - metric_id - triggered_action - created_at - updated_at type: object AllocationExposureRolloutStep: description: Exposure progression step details. properties: allocation_exposure_schedule_id: description: The progressive rollout ID this step belongs to. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string created_at: description: The timestamp when the progression step was created. example: "2024-01-01T12:00:00Z" format: date-time type: string exposure_ratio: description: The exposure ratio for this step. example: 0.1 format: double maximum: 1 minimum: 0 type: number grouped_step_index: description: Logical index grouping related steps. example: 0 format: int64 minimum: 0 type: integer id: description: The unique identifier of the progression step. example: "550e8400-e29b-41d4-a716-446655440040" format: uuid type: string interval_ms: description: Step duration in milliseconds. example: 3600000 format: int64 nullable: true type: integer is_pause_record: description: Whether this step represents a pause record. example: false type: boolean order_position: description: Sort order for the progression step. example: 0 format: int64 type: integer updated_at: description: The timestamp when the progression step was last updated. example: "2024-01-01T12:00:00Z" format: date-time type: string required: - id - allocation_exposure_schedule_id - order_position - exposure_ratio - is_pause_record - grouped_step_index - created_at - updated_at type: object AllocationExposureSchedule: description: Progressive release details for a targeting rule allocation. properties: absolute_start_time: description: The absolute UTC start time for this schedule. example: "2025-06-13T12:00:00Z" format: date-time nullable: true type: string allocation_id: description: The targeting rule allocation ID this progressive rollout belongs to. example: "550e8400-e29b-41d4-a716-446655440020" format: uuid type: string control_variant_id: description: The control variant ID used for experiment comparisons. example: "550e8400-e29b-41d4-a716-446655440012" nullable: true type: string created_at: description: The timestamp when the schedule was created. example: "2024-01-01T12:00:00Z" format: date-time type: string guardrail_triggered_action: description: Last guardrail action triggered for this schedule. example: "PAUSE" nullable: true type: string guardrail_triggers: description: Guardrail trigger records for this schedule. items: $ref: "#/components/schemas/AllocationExposureGuardrailTrigger" type: array id: description: The unique identifier of the progressive rollout. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string rollout_options: $ref: "#/components/schemas/RolloutOptions" rollout_steps: description: Ordered progression steps for exposure. items: $ref: "#/components/schemas/AllocationExposureRolloutStep" type: array updated_at: description: The timestamp when the schedule was last updated. example: "2024-01-01T12:00:00Z" format: date-time type: string required: - allocation_id - rollout_options - rollout_steps - guardrail_triggers - created_at - updated_at type: object AllocationExposureScheduleData: description: Data wrapper for progressive rollout schedule responses. properties: attributes: $ref: "#/components/schemas/AllocationExposureSchedule" id: description: The unique identifier of the progressive rollout. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string type: $ref: "#/components/schemas/AllocationExposureScheduleDataType" required: - id - type - attributes type: object AllocationExposureScheduleDataType: description: The resource type for progressive rollout schedules. enum: - "allocation_exposure_schedules" example: "allocation_exposure_schedules" type: string x-enum-varnames: - ALLOCATION_EXPOSURE_SCHEDULES AllocationExposureScheduleResponse: description: Response containing a progressive rollout schedule. properties: data: $ref: "#/components/schemas/AllocationExposureScheduleData" required: - data type: object AllocationResponse: description: Response containing a single targeting rule (allocation). properties: data: $ref: "#/components/schemas/AllocationDataResponse" required: - data type: object AllocationType: description: The type of targeting rule (called allocation in the API model). enum: - FEATURE_GATE - CANARY example: "FEATURE_GATE" type: string x-enum-varnames: - FEATURE_GATE - CANARY Annotation: description: "A list of annotations used in the workflow. These are like sticky notes for your workflow!" properties: display: $ref: "#/components/schemas/AnnotationDisplay" id: description: The `Annotation` `id`. example: "" type: string markdownTextAnnotation: $ref: "#/components/schemas/AnnotationMarkdownTextAnnotation" required: - id - display - markdownTextAnnotation type: object AnnotationDisplay: description: The definition of `AnnotationDisplay` object. properties: bounds: $ref: "#/components/schemas/AnnotationDisplayBounds" type: object AnnotationDisplayBounds: description: The definition of `AnnotationDisplayBounds` object. properties: height: description: The `bounds` `height`. format: double type: number width: description: The `bounds` `width`. format: double type: number x: description: The `bounds` `x`. format: double type: number y: description: The `bounds` `y`. format: double type: number type: object AnnotationMarkdownTextAnnotation: description: The definition of `AnnotationMarkdownTextAnnotation` object. properties: text: description: The `markdownTextAnnotation` `text`. type: string type: object AnonymizeUserError: description: Error encountered when anonymizing a specific user. properties: error: description: Error message describing why anonymization failed. example: "" type: string user_id: description: UUID of the user that failed to be anonymized. example: "00000000-0000-0000-0000-000000000000" type: string required: - user_id - error type: object AnonymizeUsersRequest: description: Request body for anonymizing users. properties: data: $ref: "#/components/schemas/AnonymizeUsersRequestData" required: - data type: object AnonymizeUsersRequestAttributes: description: Attributes of an anonymize users request. properties: user_ids: description: List of user IDs (UUIDs) to anonymize. example: - "00000000-0000-0000-0000-000000000000" items: example: "00000000-0000-0000-0000-000000000000" type: string type: array required: - user_ids type: object AnonymizeUsersRequestData: description: Object to anonymize a list of users. properties: attributes: $ref: "#/components/schemas/AnonymizeUsersRequestAttributes" id: description: Unique identifier for the request. Not used server-side. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/AnonymizeUsersRequestType" required: - type - attributes type: object AnonymizeUsersRequestType: default: anonymize_users_request description: Type of the anonymize users request. enum: - anonymize_users_request example: anonymize_users_request type: string x-enum-varnames: - ANONYMIZE_USERS_REQUEST AnonymizeUsersResponse: description: Response containing the result of an anonymize users request. properties: data: $ref: "#/components/schemas/AnonymizeUsersResponseData" type: object AnonymizeUsersResponseAttributes: description: Attributes of an anonymize users response. properties: anonymize_errors: description: List of errors encountered during anonymization, one entry per failed user. items: $ref: "#/components/schemas/AnonymizeUserError" type: array anonymized_user_ids: description: List of user IDs (UUIDs) that were successfully anonymized. example: - "00000000-0000-0000-0000-000000000000" items: example: "00000000-0000-0000-0000-000000000000" type: string type: array required: - anonymized_user_ids - anonymize_errors type: object AnonymizeUsersResponseData: description: Response data for anonymizing users. properties: attributes: $ref: "#/components/schemas/AnonymizeUsersResponseAttributes" id: description: Unique identifier of the response. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/AnonymizeUsersResponseType" type: object AnonymizeUsersResponseType: default: anonymize_users_response description: Type of the anonymize users response. enum: - anonymize_users_response example: anonymize_users_response type: string x-enum-varnames: - ANONYMIZE_USERS_RESPONSE AnthropicAPIKey: description: The definition of the `AnthropicAPIKey` object. properties: api_token: description: The `AnthropicAPIKey` `api_token`. example: "" type: string type: $ref: "#/components/schemas/AnthropicAPIKeyType" required: - type - api_token type: object AnthropicAPIKeyType: description: The definition of the `AnthropicAPIKey` object. enum: - AnthropicAPIKey example: AnthropicAPIKey type: string x-enum-varnames: - ANTHROPICAPIKEY AnthropicAPIKeyUpdate: description: The definition of the `AnthropicAPIKey` object. properties: api_token: description: The `AnthropicAPIKeyUpdate` `api_token`. type: string type: $ref: "#/components/schemas/AnthropicAPIKeyType" required: - type type: object AnthropicCredentials: description: The definition of the `AnthropicCredentials` object. oneOf: - $ref: "#/components/schemas/AnthropicAPIKey" AnthropicCredentialsUpdate: description: The definition of the `AnthropicCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/AnthropicAPIKeyUpdate" AnthropicIntegration: description: The definition of the `AnthropicIntegration` object. properties: credentials: $ref: "#/components/schemas/AnthropicCredentials" type: $ref: "#/components/schemas/AnthropicIntegrationType" required: - type - credentials type: object AnthropicIntegrationType: description: The definition of the `AnthropicIntegrationType` object. enum: - Anthropic example: Anthropic type: string x-enum-varnames: - ANTHROPIC AnthropicIntegrationUpdate: description: The definition of the `AnthropicIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/AnthropicCredentialsUpdate" type: $ref: "#/components/schemas/AnthropicIntegrationType" required: - type type: object AnyValue: description: Represents any valid JSON value. nullable: true oneOf: - $ref: "#/components/schemas/AnyValueString" - $ref: "#/components/schemas/AnyValueNumber" - $ref: "#/components/schemas/AnyValueObject" - $ref: "#/components/schemas/AnyValueArray" - $ref: "#/components/schemas/AnyValueBoolean" type: object AnyValueArray: description: An array of arbitrary values. items: $ref: "#/components/schemas/AnyValueItem" type: array AnyValueBoolean: description: A scalar boolean value. type: boolean AnyValueItem: description: A single item in an array of arbitrary values, which can be a string, number, object, or boolean. oneOf: - $ref: "#/components/schemas/AnyValueString" - $ref: "#/components/schemas/AnyValueNumber" - $ref: "#/components/schemas/AnyValueObject" - $ref: "#/components/schemas/AnyValueBoolean" AnyValueNumber: description: A scalar numeric value. format: double type: number AnyValueObject: additionalProperties: {} description: An arbitrary object value with additional properties. type: object AnyValueString: description: A scalar string value. type: string ApiID: description: API identifier. example: "90646597-5fdb-4a17-a240-647003f8c028" format: uuid type: string ApmDependencyStatName: description: The APM dependency statistic to query. enum: - avg_duration - avg_root_duration - avg_spans_per_trace - error_rate - pct_exec_time - pct_of_traces - total_traces_count example: avg_duration type: string x-enum-varnames: - AVG_DURATION - AVG_ROOT_DURATION - AVG_SPANS_PER_TRACE - ERROR_RATE - PCT_EXEC_TIME - PCT_OF_TRACES - TOTAL_TRACES_COUNT ApmDependencyStatsDataSource: default: apm_dependency_stats description: A data source for APM dependency statistics queries. enum: - apm_dependency_stats example: apm_dependency_stats type: string x-enum-varnames: - APM_DEPENDENCY_STATS ApmDependencyStatsQuery: description: >- A query for APM dependency statistics between services, such as call latency and error rates. properties: cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/ApmDependencyStatsDataSource" env: description: The environment to query. example: prod type: string is_upstream: description: Determines whether stats for upstream or downstream dependencies should be queried. example: true type: boolean name: description: The variable name for use in formulas. example: query1 type: string operation_name: description: The APM operation name. example: web.request type: string primary_tag_name: description: The name of the second primary tag used within APM; required when `primary_tag_value` is specified. See https://docs.datadoghq.com/tracing/guide/setting_primary_tags_to_scope/#add-a-second-primary-tag-in-datadog. example: datacenter type: string primary_tag_value: description: Filter APM data by the second primary tag. `primary_tag_name` must also be specified. example: us-east-1 type: string resource_name: description: The resource name to filter by. example: "GET /api/v2/users" type: string service: description: The service name to filter by. example: web-store type: string stat: $ref: "#/components/schemas/ApmDependencyStatName" required: - data_source - name - env - operation_name - resource_name - service - stat type: object ApmMetricsDataSource: default: apm_metrics description: A data source for APM metrics queries. enum: - apm_metrics example: apm_metrics type: string x-enum-varnames: - APM_METRICS ApmMetricsQuery: description: >- A query for APM trace metrics such as hits, errors, and latency percentiles, aggregated across services. properties: cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/ApmMetricsDataSource" group_by: description: Optional fields to group the query results by. items: description: A field to group results by. example: service type: string type: array name: description: The variable name for use in formulas. example: query1 type: string operation_mode: description: Optional operation mode to aggregate across operation names. example: "primary" type: string operation_name: description: Name of operation on service. If not provided, the primary operation name is used. example: web.request type: string peer_tags: description: Tags to query for a specific downstream entity (peer.service, peer.db_instance, peer.s3, peer.s3.bucket, etc.). items: description: A peer tag value. example: "peer.service:my-service" type: string type: array query_filter: description: Additional filters for the query using metrics query syntax (for example, env, primary_tag). example: "env:prod" type: string resource_hash: description: The resource hash for exact matching. example: "abc123" type: string resource_name: description: The full name of a specific resource to filter by. example: "GET /api/v1/users" type: string service: description: The service name to filter by. example: web-store type: string span_kind: $ref: "#/components/schemas/ApmMetricsSpanKind" stat: $ref: "#/components/schemas/ApmMetricsStat" required: - data_source - name - stat type: object ApmMetricsSpanKind: description: Describes the relationship between the span, its parents, and its children in a trace. enum: - consumer - server - client - producer - internal example: server type: string x-enum-varnames: - CONSUMER - SERVER - CLIENT - PRODUCER - INTERNAL ApmMetricsStat: description: The APM metric statistic to query. enum: - error_rate - errors - errors_per_second - hits - hits_per_second - apdex - latency_avg - latency_max - latency_p50 - latency_p75 - latency_p90 - latency_p95 - latency_p99 - latency_p999 - latency_distribution - total_time example: latency_p99 type: string x-enum-varnames: - ERROR_RATE - ERRORS - ERRORS_PER_SECOND - HITS - HITS_PER_SECOND - APDEX - LATENCY_AVG - LATENCY_MAX - LATENCY_P50 - LATENCY_P75 - LATENCY_P90 - LATENCY_P95 - LATENCY_P99 - LATENCY_P999 - LATENCY_DISTRIBUTION - TOTAL_TIME ApmResourceStatName: description: The APM resource statistic to query. enum: - error_rate - errors - hits - latency_avg - latency_max - latency_p50 - latency_p75 - latency_p90 - latency_p95 - latency_p99 - latency_distribution - total_time example: latency_p95 type: string x-enum-varnames: - ERROR_RATE - ERRORS - HITS - LATENCY_AVG - LATENCY_MAX - LATENCY_P50 - LATENCY_P75 - LATENCY_P90 - LATENCY_P95 - LATENCY_P99 - LATENCY_DISTRIBUTION - TOTAL_TIME ApmResourceStatsDataSource: default: apm_resource_stats description: A data source for APM resource statistics queries. enum: - apm_resource_stats example: apm_resource_stats type: string x-enum-varnames: - APM_RESOURCE_STATS ApmResourceStatsQuery: description: >- A query for APM resource statistics such as latency, error rate, and hit count, grouped by resource name. properties: cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/ApmResourceStatsDataSource" env: description: The environment to query. example: prod type: string group_by: description: Tag keys to group results by. items: description: A tag key to group by. example: resource_name type: string type: array name: description: The variable name for use in formulas. example: query1 type: string operation_name: description: The APM operation name. example: web.request type: string primary_tag_name: description: Name of the second primary tag used within APM. Required when `primary_tag_value` is specified. See https://docs.datadoghq.com/tracing/guide/setting_primary_tags_to_scope/#add-a-second-primary-tag-in-datadog example: datacenter type: string primary_tag_value: description: Value of the second primary tag by which to filter APM data. `primary_tag_name` must also be specified. example: us-east-1 type: string resource_name: description: The resource name to filter by. example: "Admin::ProductsController#create" type: string service: description: The service name to filter by. example: web-store type: string stat: $ref: "#/components/schemas/ApmResourceStatName" required: - data_source - name - env - service - stat type: object ApmRetentionFilterType: default: apm_retention_filter description: The type of the resource. enum: - apm_retention_filter example: apm_retention_filter type: string x-enum-varnames: ["apm_retention_filter"] AppBuilderEvent: additionalProperties: {} description: An event on a UI component that triggers a response or action in an app. properties: name: $ref: "#/components/schemas/AppBuilderEventName" type: $ref: "#/components/schemas/AppBuilderEventType" type: object AppBuilderEventName: description: "The triggering action for the event." enum: - pageChange - tableRowClick - _tableRowButtonClick - change - submit - click - toggleOpen - close - open - executionFinished example: click type: string x-enum-varnames: - PAGECHANGE - TABLEROWCLICK - TABLEROWBUTTONCLICK - CHANGE - SUBMIT - CLICK - TOGGLEOPEN - CLOSE - OPEN - EXECUTIONFINISHED AppBuilderEventType: description: The response to the event. enum: - custom - setComponentState - triggerQuery - openModal - closeModal - openUrl - downloadFile - setStateVariableValue example: triggerQuery type: string x-enum-varnames: - CUSTOM - SETCOMPONENTSTATE - TRIGGERQUERY - OPENMODAL - CLOSEMODAL - OPENURL - DOWNLOADFILE - SETSTATEVARIABLEVALUE AppDefinitionType: default: appDefinitions description: The app definition type. enum: - appDefinitions example: appDefinitions type: string x-enum-varnames: - APPDEFINITIONS AppDeploymentType: default: deployment description: The deployment type. enum: - deployment example: deployment type: string x-enum-varnames: - DEPLOYMENT AppKeyRegistrationData: description: Data related to the app key registration. properties: id: description: The app key registration identifier format: uuid readOnly: true type: string type: $ref: "#/components/schemas/AppKeyRegistrationDataType" required: - type type: object AppKeyRegistrationDataType: description: The definition of `AppKeyRegistrationDataType` object. enum: - app_key_registration example: app_key_registration type: string x-enum-varnames: - APP_KEY_REGISTRATION AppMeta: description: Metadata of an app. properties: created_at: description: Timestamp of when the app was created. format: date-time type: string deleted_at: description: Timestamp of when the app was deleted. format: date-time type: string org_id: description: The Datadog organization ID that owns the app. format: int64 type: integer updated_at: description: Timestamp of when the app was last updated. format: date-time type: string updated_since_deployment: description: Whether the app was updated since it was last published. Published apps are pinned to a specific version and do not automatically update when the app is updated. type: boolean user_id: description: The ID of the user who created the app. format: int64 type: integer user_name: description: The name (or email address) of the user who created the app. type: string user_uuid: description: The UUID of the user who created the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string version: description: The version number of the app. This starts at 1 and increments with each update. format: int64 type: integer type: object AppRelationship: description: The app's publication relationship and custom connections. properties: connections: description: Array of custom connections used by the app. items: $ref: "#/components/schemas/CustomConnection" type: array deployment: $ref: "#/components/schemas/DeploymentRelationship" type: object AppTriggerWrapper: description: "Schema for an App-based trigger." properties: appTrigger: description: "Trigger a workflow from an App." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - appTrigger type: object ApplicationKeyCreateAttributes: description: Attributes used to create an application Key. properties: name: description: Name of the application key. example: "Application Key for managing dashboards" type: string scopes: description: Array of scopes to grant the application key. example: ["dashboards_read", "dashboards_write", "dashboards_public_share"] items: description: Name of scope. type: string nullable: true type: array required: - name type: object ApplicationKeyCreateData: description: Object used to create an application key. properties: attributes: $ref: "#/components/schemas/ApplicationKeyCreateAttributes" type: $ref: "#/components/schemas/ApplicationKeysType" required: - attributes - type type: object ApplicationKeyCreateRequest: description: Request used to create an application key. properties: data: $ref: "#/components/schemas/ApplicationKeyCreateData" required: - data type: object ApplicationKeyRelationships: description: Resources related to the application key. properties: owned_by: $ref: "#/components/schemas/RelationshipToUser" type: object ApplicationKeyResponse: description: Response for retrieving an application key. properties: data: $ref: "#/components/schemas/FullApplicationKey" included: description: Array of objects related to the application key. items: $ref: "#/components/schemas/ApplicationKeyResponseIncludedItem" type: array type: object ApplicationKeyResponseIncludedItem: description: An object related to an application key. oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/Role" - $ref: "#/components/schemas/LeakedKey" ApplicationKeyResponseMeta: description: Additional information related to the application key response. properties: max_allowed_per_user: description: Max allowed number of application keys per user. format: int64 type: integer page: $ref: "#/components/schemas/ApplicationKeyResponseMetaPage" type: object ApplicationKeyResponseMetaPage: description: Additional information related to the application key response. properties: total_filtered_count: description: Total filtered application key count. format: int64 type: integer type: object ApplicationKeyUpdateAttributes: description: Attributes used to update an application Key. properties: name: description: Name of the application key. example: "Application Key for managing dashboards" type: string scopes: description: Array of scopes to grant the application key. example: ["dashboards_read", "dashboards_write", "dashboards_public_share"] items: description: Name of scope. type: string nullable: true type: array type: object ApplicationKeyUpdateData: description: Object used to update an application key. properties: attributes: $ref: "#/components/schemas/ApplicationKeyUpdateAttributes" id: description: ID of the application key. example: "00112233-4455-6677-8899-aabbccddeeff" type: string type: $ref: "#/components/schemas/ApplicationKeysType" required: - attributes - id - type type: object ApplicationKeyUpdateRequest: description: Request used to update an application key. properties: data: $ref: "#/components/schemas/ApplicationKeyUpdateData" required: - data type: object ApplicationKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - NAME_ASCENDING - NAME_DESCENDING ApplicationKeysType: default: application_keys description: Application Keys resource type. enum: - application_keys example: application_keys type: string x-enum-varnames: - APPLICATION_KEYS ApplicationSecurityWafCustomRuleAction: description: The definition of `ApplicationSecurityWafCustomRuleAction` object. properties: action: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleActionAction" parameters: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleActionParameters" type: object ApplicationSecurityWafCustomRuleActionAction: default: block_request description: Override the default action to take when the WAF custom rule would block. enum: - redirect_request - block_request example: block_request type: string x-enum-varnames: - REDIRECT_REQUEST - BLOCK_REQUEST ApplicationSecurityWafCustomRuleActionParameters: description: The definition of `ApplicationSecurityWafCustomRuleActionParameters` object. properties: location: description: The location to redirect to when the WAF custom rule triggers. example: "/blocking" type: string status_code: default: 403 description: The status code to return when the WAF custom rule triggers. example: 403 format: int64 type: integer type: object ApplicationSecurityWafCustomRuleAttributes: description: "A WAF custom rule." properties: action: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleAction" blocking: description: Indicates whether the WAF custom rule will block the request. example: false type: boolean conditions: description: |- Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger. items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleCondition" type: array enabled: description: Indicates whether the WAF custom rule is enabled. example: false type: boolean metadata: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleMetadata" name: description: The Name of the WAF custom rule. example: "Block request from bad useragent" type: string path_glob: description: The path glob for the WAF custom rule. example: "/api/search/*" type: string scope: description: The scope of the WAF custom rule. items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleScope" type: array tags: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleTags" required: - enabled - blocking - name - tags - conditions type: object ApplicationSecurityWafCustomRuleCondition: description: One condition of the WAF Custom Rule. properties: operator: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionOperator" parameters: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionParameters" required: - operator - parameters type: object ApplicationSecurityWafCustomRuleConditionInput: description: Input from the request on which the condition should apply. properties: address: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionInputAddress" key_path: description: Specific path for the input. items: description: A path segment for the input key. type: string type: array required: - address type: object ApplicationSecurityWafCustomRuleConditionInputAddress: description: Input from the request on which the condition should apply. enum: - server.db.statement - server.io.fs.file - server.io.net.url - server.sys.shell.cmd - server.request.method - server.request.uri.raw - server.request.path_params - server.request.query - server.request.headers - server.request.headers.no_cookies - server.request.custom-auth - server.request.cookies - server.request.trailers - server.request.body - server.request.body.filenames - server.response.status - server.response.headers.no_cookies - server.response.trailers - server.response.body - grpc.server.request.metadata - grpc.server.request.message - grpc.server.method - graphql.server.all_resolvers - usr.id - http.client_ip - server.llm.event - server.llm.guard.verdict - _dd.appsec.fp.http.header - _dd.appsec.fp.http.network - _dd.appsec.fp.session - _dd.appsec.fp.http.endpoint example: server.db.statement type: string x-enum-varnames: - SERVER_DB_STATEMENT - SERVER_IO_FS_FILE - SERVER_IO_NET_URL - SERVER_SYS_SHELL_CMD - SERVER_REQUEST_METHOD - SERVER_REQUEST_URI_RAW - SERVER_REQUEST_PATH_PARAMS - SERVER_REQUEST_QUERY - SERVER_REQUEST_HEADERS - SERVER_REQUEST_HEADERS_NO_COOKIES - SERVER_REQUEST_CUSTOM_AUTH - SERVER_REQUEST_COOKIES - SERVER_REQUEST_TRAILERS - SERVER_REQUEST_BODY - SERVER_REQUEST_BODY_FILENAMES - SERVER_RESPONSE_STATUS - SERVER_RESPONSE_HEADERS_NO_COOKIES - SERVER_RESPONSE_TRAILERS - SERVER_RESPONSE_BODY - GRPC_SERVER_REQUEST_METADATA - GRPC_SERVER_REQUEST_MESSAGE - GRPC_SERVER_METHOD - GRAPHQL_SERVER_ALL_RESOLVERS - USR_ID - HTTP_CLIENT_IP - SERVER_LLM_EVENT - SERVER_LLM_GUARD_VERDICT - DD_APPSEC_FP_HTTP_HEADER - DD_APPSEC_FP_HTTP_NETWORK - DD_APPSEC_FP_SESSION - DD_APPSEC_FP_HTTP_ENDPOINT ApplicationSecurityWafCustomRuleConditionOperator: description: Operator to use for the WAF Condition. enum: - match_regex - "!match_regex" - phrase_match - "!phrase_match" - is_xss - is_sqli - exact_match - "!exact_match" - ip_match - "!ip_match" - capture_data - exists - "!exists" - equals - "!equals" example: "match_regex" type: string x-enum-varnames: - MATCH_REGEX - NOT_MATCH_REGEX - PHRASE_MATCH - NOT_PHRASE_MATCH - IS_XSS - IS_SQLI - EXACT_MATCH - NOT_EXACT_MATCH - IP_MATCH - NOT_IP_MATCH - CAPTURE_DATA - EXISTS - NOT_EXISTS - EQUALS - NOT_EQUALS ApplicationSecurityWafCustomRuleConditionOptions: description: Options for the operator of this condition. properties: case_sensitive: default: false description: Evaluate the value as case sensitive. type: boolean min_length: default: 0 description: Only evaluate this condition if the value has a minimum amount of characters. format: int64 type: integer type: object ApplicationSecurityWafCustomRuleConditionParameters: description: The scope of the WAF custom rule. properties: data: description: |- Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter. example: "blocked_users" type: string inputs: description: List of inputs on which at least one should match with the given operator. items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionInput" type: array list: description: |- List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator. items: description: A value to match against in the condition. type: string type: array options: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionOptions" regex: description: "Regex to use with the condition. Only used with match_regex and !match_regex operator." example: "path.*" type: string type: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleConditionParametersType" value: description: |- Store the captured value in the specified tag name. Only used with the capture_data operator. example: custom_tag type: string required: - inputs type: object ApplicationSecurityWafCustomRuleConditionParametersType: description: The type of the value to compare against. Only used with the equals and !equals operator. enum: - boolean - signed - unsigned - float - string example: "string" type: string x-enum-varnames: - BOOLEAN - SIGNED - UNSIGNED - FLOAT - STRING ApplicationSecurityWafCustomRuleCreateAttributes: description: "Create a new WAF custom rule." properties: action: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleAction" blocking: description: Indicates whether the WAF custom rule will block the request. example: false type: boolean conditions: description: |- Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleCondition" type: array enabled: description: Indicates whether the WAF custom rule is enabled. example: false type: boolean name: description: The Name of the WAF custom rule. example: "Block request from a bad useragent" type: string path_glob: description: The path glob for the WAF custom rule. example: "/api/search/*" type: string scope: description: The scope of the WAF custom rule. items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleScope" type: array tags: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleTags" required: - enabled - blocking - name - tags - conditions type: object ApplicationSecurityWafCustomRuleCreateData: description: Object for a single WAF custom rule. properties: attributes: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleCreateAttributes" type: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleType" required: - attributes - type type: object ApplicationSecurityWafCustomRuleCreateRequest: description: Request object that includes the custom rule to create. properties: data: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleCreateData" required: - data type: object ApplicationSecurityWafCustomRuleData: description: Object for a single WAF custom rule. properties: attributes: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleAttributes" id: description: "The ID of the custom rule." example: "2857c47d-1e3a-4300-8b2f-dc24089c084b" readOnly: true type: string type: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleType" type: object ApplicationSecurityWafCustomRuleListResponse: description: Response object that includes a list of WAF custom rules. properties: data: description: The WAF custom rule data. items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleData" type: array type: object ApplicationSecurityWafCustomRuleMetadata: description: Metadata associated with the WAF Custom Rule. properties: added_at: description: The date and time the WAF custom rule was created. example: "2021-01-01T00:00:00Z" format: date-time type: string added_by: description: The handle of the user who created the WAF custom rule. example: "john.doe@datadoghq.com" type: string added_by_name: description: The name of the user who created the WAF custom rule. example: "John Doe" type: string modified_at: description: The date and time the WAF custom rule was last updated. example: "2021-01-01T00:00:00Z" format: date-time type: string modified_by: description: The handle of the user who last updated the WAF custom rule. example: "john.doe@datadoghq.com" type: string modified_by_name: description: The name of the user who last updated the WAF custom rule. example: "John Doe" type: string readOnly: true type: object ApplicationSecurityWafCustomRuleResponse: description: Response object that includes a single WAF custom rule. properties: data: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleData" type: object ApplicationSecurityWafCustomRuleScope: description: The scope of the WAF custom rule. properties: env: description: The environment scope for the WAF custom rule. example: "prod" type: string service: description: The service scope for the WAF custom rule. example: "billing-service" type: string required: - service - env type: object ApplicationSecurityWafCustomRuleTags: additionalProperties: type: string description: |- Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces. maxProperties: 32 properties: category: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleTagsCategory" type: description: The type of the WAF rule, associated with the category will form the security activity. example: "users.login.success" type: string required: - category - type type: object ApplicationSecurityWafCustomRuleTagsCategory: description: The category of the WAF Rule, can be either `business_logic`, `attack_attempt` or `security_response`. enum: - attack_attempt - business_logic - security_response example: "business_logic" type: string x-enum-varnames: - ATTACK_ATTEMPT - BUSINESS_LOGIC - SECURITY_RESPONSE ApplicationSecurityWafCustomRuleType: default: custom_rule description: The type of the resource. The value should always be `custom_rule`. enum: - custom_rule example: custom_rule type: string x-enum-varnames: - CUSTOM_RULE ApplicationSecurityWafCustomRuleUpdateAttributes: description: "Update a WAF custom rule." properties: action: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleAction" blocking: description: Indicates whether the WAF custom rule will block the request. example: false type: boolean conditions: description: |- Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger. items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleCondition" type: array enabled: description: Indicates whether the WAF custom rule is enabled. example: false type: boolean name: description: The Name of the WAF custom rule. example: "Block request from bad useragent" type: string path_glob: description: The path glob for the WAF custom rule. example: "/api/search/*" type: string scope: description: The scope of the WAF custom rule. items: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleScope" type: array tags: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleTags" required: - enabled - blocking - name - tags - conditions type: object ApplicationSecurityWafCustomRuleUpdateData: description: Object for a single WAF Custom Rule. properties: attributes: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleUpdateAttributes" type: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleType" required: - attributes - type type: object ApplicationSecurityWafCustomRuleUpdateRequest: description: Request object that includes the Custom Rule to update. properties: data: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleUpdateData" required: - data type: object ApplicationSecurityWafExclusionFilterAttributes: description: Attributes describing a WAF exclusion filter. properties: description: description: A description for the exclusion filter. example: "Exclude false positives on a path" type: string enabled: description: Indicates whether the exclusion filter is enabled. example: true type: boolean event_query: description: The event query matched by the legacy exclusion filter. Cannot be created nor updated. type: string ip_list: description: The client IP addresses matched by the exclusion filter (CIDR notation is supported). items: description: A single IP address to exclude. example: "198.51.100.72" type: string type: array metadata: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterMetadata" on_match: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterOnMatch" parameters: description: A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character. items: description: A request parameter name to exclude from the query string or request body. example: "list.search.query" type: string type: array path_glob: description: The HTTP path glob expression matched by the exclusion filter. example: "/accounts/*" type: string rules_target: description: The WAF rules targeted by the exclusion filter. items: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTarget" type: array scope: description: The services where the exclusion filter is deployed. items: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterScope" type: array search_query: description: Generated event search query for traces matching the exclusion filter. readOnly: true type: string type: object ApplicationSecurityWafExclusionFilterCreateAttributes: description: Attributes for creating a WAF exclusion filter. properties: description: description: A description for the exclusion filter. example: "Exclude false positives on a path" type: string enabled: description: Indicates whether the exclusion filter is enabled. example: true type: boolean ip_list: description: The client IP addresses matched by the exclusion filter (CIDR notation is supported). items: description: A single IP address to exclude. example: "198.51.100.72" type: string type: array on_match: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterOnMatch" parameters: description: A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character. items: description: A request parameter name to exclude from the query string or request body. example: "list.search.query" type: string type: array path_glob: description: The HTTP path glob expression matched by the exclusion filter. example: "/accounts/*" type: string rules_target: description: The WAF rules targeted by the exclusion filter. items: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTarget" type: array scope: description: The services where the exclusion filter is deployed. items: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterScope" type: array required: - description - enabled type: object ApplicationSecurityWafExclusionFilterCreateData: description: Object for creating a single WAF exclusion filter. properties: attributes: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterCreateAttributes" type: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterType" required: - attributes - type type: object ApplicationSecurityWafExclusionFilterCreateRequest: description: Request object for creating a single WAF exclusion filter. properties: data: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterCreateData" required: - data type: object ApplicationSecurityWafExclusionFilterID: description: The identifier of the WAF exclusion filter. example: "3dd-0uc-h1s" readOnly: true type: string ApplicationSecurityWafExclusionFilterMetadata: description: Extra information about the exclusion filter. properties: added_at: description: The creation date of the exclusion filter. format: date-time type: string added_by: description: The handle of the user who created the exclusion filter. type: string added_by_name: description: The name of the user who created the exclusion filter. type: string modified_at: description: The last modification date of the exclusion filter. format: date-time type: string modified_by: description: The handle of the user who last modified the exclusion filter. type: string modified_by_name: description: The name of the user who last modified the exclusion filter. type: string readOnly: true type: object ApplicationSecurityWafExclusionFilterOnMatch: description: The action taken when the exclusion filter matches. When set to `monitor`, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. enum: - monitor type: string x-enum-varnames: - MONITOR ApplicationSecurityWafExclusionFilterResource: description: A JSON:API resource for an WAF exclusion filter. properties: attributes: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterAttributes" id: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterID" type: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterType" type: object ApplicationSecurityWafExclusionFilterResponse: description: Response object for a single WAF exclusion filter. properties: data: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterResource" type: object ApplicationSecurityWafExclusionFilterRulesTarget: description: Target WAF rules based either on an identifier or tags. properties: rule_id: description: Target a single WAF rule based on its identifier. example: dog-913-009 type: string tags: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTargetTags" type: object ApplicationSecurityWafExclusionFilterRulesTargetTags: additionalProperties: type: string description: Target multiple WAF rules based on their tags. properties: category: description: The category of the targeted WAF rules. example: attack_attempt type: string type: description: The type of the targeted WAF rules. example: lfi type: string type: object ApplicationSecurityWafExclusionFilterScope: description: Deploy on services based on their environment and/or service name. properties: env: description: Deploy on this environment. example: www type: string service: description: Deploy on this service. example: prod type: string type: object ApplicationSecurityWafExclusionFilterType: default: exclusion_filter description: Type of the resource. The value should always be `exclusion_filter`. enum: - exclusion_filter example: exclusion_filter type: string x-enum-varnames: ["EXCLUSION_FILTER"] ApplicationSecurityWafExclusionFilterUpdateAttributes: description: Attributes for updating a WAF exclusion filter. properties: description: description: A description for the exclusion filter. example: "Exclude false positives on a path" type: string enabled: description: Indicates whether the exclusion filter is enabled. example: true type: boolean ip_list: description: The client IP addresses matched by the exclusion filter (CIDR notation is supported). items: description: A single IP address to exclude. example: "198.51.100.72" type: string type: array on_match: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterOnMatch" parameters: description: A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character. items: description: A parameter name matched by the exclusion filter in the HTTP query string or request body. example: "list.search.query" type: string type: array path_glob: description: The HTTP path glob expression matched by the exclusion filter. example: "/accounts/*" type: string rules_target: description: The WAF rules targeted by the exclusion filter. items: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTarget" type: array scope: description: The services where the exclusion filter is deployed. items: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterScope" type: array required: - description - enabled type: object ApplicationSecurityWafExclusionFilterUpdateData: description: Object for updating a single WAF exclusion filter. properties: attributes: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterUpdateAttributes" type: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterType" required: - attributes - type type: object ApplicationSecurityWafExclusionFilterUpdateRequest: description: Request object for updating a single WAF exclusion filter. properties: data: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterUpdateData" required: - data type: object ApplicationSecurityWafExclusionFiltersResponse: description: Response object for multiple WAF exclusion filters. properties: data: description: A list of WAF exclusion filters. items: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterResource" type: array type: object AppsSortField: description: "The field and direction to sort apps by" enum: - name - created_at - updated_at - user_name - -name - -created_at - -updated_at - -user_name example: -created_at type: string x-enum-varnames: - NAME - CREATED_AT - UPDATED_AT - USER_NAME - NAME_DESC - CREATED_AT_DESC - UPDATED_AT_DESC - USER_NAME_DESC ArbitraryCostUpsertRequest: description: The definition of `ArbitraryCostUpsertRequest` object. example: data: attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" values: - condition: in tag: environment value: "" values: - production - staging enabled: true order_id: 1 provider: - aws - gcp rule_name: example-arbitrary-cost-rule strategy: allocated_by_tag_keys: - team - environment based_on_costs: - condition: is tag: service value: web-api values: - condition: not in tag: team value: "" values: - legacy - deprecated granularity: daily method: proportional type: shared type: upsert_arbitrary_rule properties: data: $ref: "#/components/schemas/ArbitraryCostUpsertRequestData" type: object ArbitraryCostUpsertRequestData: description: The definition of `ArbitraryCostUpsertRequestData` object. properties: attributes: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributes" id: description: The `ArbitraryCostUpsertRequestData` `id`. type: string type: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataType" required: - type type: object ArbitraryCostUpsertRequestDataAttributes: description: The definition of `ArbitraryCostUpsertRequestDataAttributes` object. properties: costs_to_allocate: description: The `attributes` `costs_to_allocate`. items: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributesCostsToAllocateItems" type: array enabled: description: The `attributes` `enabled`. type: boolean order_id: description: The `attributes` `order_id`. format: int64 type: integer provider: description: The `attributes` `provider`. example: - "" items: description: A cloud provider name. type: string type: array rejected: description: The `attributes` `rejected`. type: boolean rule_name: description: The `attributes` `rule_name`. example: "" type: string strategy: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributesStrategy" type: description: The `attributes` `type`. example: "" type: string required: - costs_to_allocate - provider - rule_name - strategy - type type: object ArbitraryCostUpsertRequestDataAttributesCostsToAllocateItems: description: The definition of `ArbitraryCostUpsertRequestDataAttributesCostsToAllocateItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryCostUpsertRequestDataAttributesStrategy: description: The definition of `ArbitraryCostUpsertRequestDataAttributesStrategy` object. properties: allocated_by: description: The `strategy` `allocated_by`. items: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByItems" type: array allocated_by_filters: description: The `strategy` `allocated_by_filters`. items: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByFiltersItems" type: array allocated_by_tag_keys: description: The `strategy` `allocated_by_tag_keys`. items: description: A tag key used to group cost allocations. type: string type: array based_on_costs: description: The `strategy` `based_on_costs`. items: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributesStrategyBasedOnCostsItems" type: array based_on_timeseries: additionalProperties: {} description: The `strategy` `based_on_timeseries`. type: object evaluate_grouped_by_filters: description: The `strategy` `evaluate_grouped_by_filters`. items: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributesStrategyEvaluateGroupedByFiltersItems" type: array evaluate_grouped_by_tag_keys: description: The `strategy` `evaluate_grouped_by_tag_keys`. items: description: A tag key used to group cost evaluation. type: string type: array granularity: description: The `strategy` `granularity`. type: string method: description: The `strategy` `method`. example: "" type: string required: - method type: object ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByFiltersItems: description: The definition of `ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByFiltersItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByItems: description: The definition of `ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByItems` object. properties: allocated_tags: description: The `items` `allocated_tags`. items: $ref: "#/components/schemas/ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByItemsAllocatedTagsItems" type: array percentage: description: The `items` `percentage`. The numeric value format should be a 32bit float value. example: 0.0 format: double type: number required: - allocated_tags - percentage type: object ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByItemsAllocatedTagsItems: description: The definition of `ArbitraryCostUpsertRequestDataAttributesStrategyAllocatedByItemsAllocatedTagsItems` object. properties: key: description: The `items` `key`. example: "" type: string value: description: The `items` `value`. example: "" type: string required: - key - value type: object ArbitraryCostUpsertRequestDataAttributesStrategyBasedOnCostsItems: description: The definition of `ArbitraryCostUpsertRequestDataAttributesStrategyBasedOnCostsItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryCostUpsertRequestDataAttributesStrategyEvaluateGroupedByFiltersItems: description: The definition of `ArbitraryCostUpsertRequestDataAttributesStrategyEvaluateGroupedByFiltersItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryCostUpsertRequestDataType: default: upsert_arbitrary_rule description: Upsert arbitrary rule resource type. enum: - upsert_arbitrary_rule example: upsert_arbitrary_rule type: string x-enum-varnames: - UPSERT_ARBITRARY_RULE ArbitraryRuleResponse: description: The definition of `ArbitraryRuleResponse` object. example: data: attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" values: - condition: in tag: environment value: "" values: - production - staging created: "2023-01-01T12:00:00Z" enabled: true last_modified_user_uuid: user-123-uuid order_id: 1 provider: - aws - gcp rule_name: Example custom allocation rule strategy: allocated_by_tag_keys: - team - environment based_on_costs: - condition: is tag: service value: web-api values: - condition: not in tag: team value: "" values: - legacy - deprecated granularity: daily method: proportional type: shared updated: "2023-01-01T12:00:00Z" version: 1 id: "123" type: arbitrary_rule properties: data: $ref: "#/components/schemas/ArbitraryRuleResponseData" type: object ArbitraryRuleResponseArray: description: The definition of `ArbitraryRuleResponseArray` object. example: data: - attributes: costs_to_allocate: - condition: like tag: service value: orgstore-csm* values: created: "2024-11-20T03:44:37Z" enabled: true last_modified_user_uuid: user-example-uuid order_id: 1 processing_status: done provider: - gcp rule_name: gcp-orgstore-csm-team-allocation strategy: allocated_by: - allocated_tags: - key: team value: csm-activation percentage: 0.34 - allocated_tags: - key: team value: csm-agentless percentage: 0.66 method: percent type: shared updated: "2025-09-02T21:28:32Z" version: 1 id: "19" type: arbitrary_rule - attributes: costs_to_allocate: - condition: is tag: env value: staging values: created: "2025-05-27T18:48:05Z" enabled: true last_modified_user_uuid: user-example-uuid-2 order_id: 2 processing_status: done provider: - aws rule_name: test-even-2 strategy: allocated_by_tag_keys: - team based_on_costs: - condition: is tag: aws_product value: s3 values: granularity: daily method: even type: shared updated: "2025-09-03T21:00:49Z" version: 1 id: "311" type: arbitrary_rule - attributes: costs_to_allocate: - condition: is tag: servicename value: s3 values: created: "2025-03-21T20:42:40Z" enabled: false last_modified_user_uuid: user-example-uuid-3 order_id: 3 processing_status: done provider: - aws rule_name: test-s3-timeseries strategy: granularity: daily method: proportional_timeseries type: shared updated: "2025-09-02T21:16:50Z" version: 1 id: "289" type: arbitrary_rule - attributes: costs_to_allocate: - condition: "=" tag: aws_product value: msk values: - condition: is tag: product value: "null" values: created: "2025-08-27T14:39:31Z" enabled: true last_modified_user_uuid: user-example-uuid-4 order_id: 4 processing_status: done provider: - aws rule_name: azure-unallocated-by-product-2 strategy: allocated_by_tag_keys: - aws_product based_on_costs: - condition: "=" tag: aws_product value: msk values: - condition: is not tag: product value: "null" values: granularity: daily method: proportional type: shared updated: "2025-09-02T21:28:32Z" version: 1 id: "523" type: arbitrary_rule properties: data: description: The `ArbitraryRuleResponseArray` `data`. items: $ref: "#/components/schemas/ArbitraryRuleResponseData" type: array meta: $ref: "#/components/schemas/ArbitraryRuleResponseArrayMeta" required: - data type: object ArbitraryRuleResponseArrayMeta: description: The `ArbitraryRuleResponseArray` `meta`. properties: total_count: description: The `meta` `total_count`. format: int64 type: integer type: object ArbitraryRuleResponseData: description: The definition of `ArbitraryRuleResponseData` object. properties: attributes: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributes" id: description: The `ArbitraryRuleResponseData` `id`. type: string type: $ref: "#/components/schemas/ArbitraryRuleResponseDataType" required: - type type: object ArbitraryRuleResponseDataAttributes: description: The definition of `ArbitraryRuleResponseDataAttributes` object. properties: costs_to_allocate: description: The `attributes` `costs_to_allocate`. items: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributesCostsToAllocateItems" type: array created: description: The `attributes` `created`. example: "" format: date-time type: string enabled: description: The `attributes` `enabled`. example: false type: boolean last_modified_user_uuid: description: The `attributes` `last_modified_user_uuid`. example: "" type: string order_id: description: The `attributes` `order_id`. example: 0 format: int64 type: integer processing_status: description: The `attributes` `processing_status`. example: "" type: string provider: description: The `attributes` `provider`. example: - "" items: description: A cloud provider name. type: string type: array rejected: description: The `attributes` `rejected`. type: boolean rule_name: description: The `attributes` `rule_name`. example: "" type: string strategy: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributesStrategy" type: description: The `attributes` `type`. example: "" type: string updated: description: The `attributes` `updated`. example: "" format: date-time type: string version: description: The `attributes` `version`. example: 0 format: int32 maximum: 2147483647 type: integer required: - costs_to_allocate - created - enabled - last_modified_user_uuid - order_id - provider - rule_name - strategy - type - updated - version type: object ArbitraryRuleResponseDataAttributesCostsToAllocateItems: description: The definition of `ArbitraryRuleResponseDataAttributesCostsToAllocateItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryRuleResponseDataAttributesStrategy: description: The definition of `ArbitraryRuleResponseDataAttributesStrategy` object. properties: allocated_by: description: The `strategy` `allocated_by`. items: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributesStrategyAllocatedByItems" type: array allocated_by_filters: description: The `strategy` `allocated_by_filters`. items: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributesStrategyAllocatedByFiltersItems" type: array allocated_by_tag_keys: description: The `strategy` `allocated_by_tag_keys`. items: description: A tag key used to group cost allocations. type: string type: array based_on_costs: description: The `strategy` `based_on_costs`. items: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributesStrategyBasedOnCostsItems" type: array based_on_timeseries: additionalProperties: {} description: The rule `strategy` `based_on_timeseries`. type: object evaluate_grouped_by_filters: description: The `strategy` `evaluate_grouped_by_filters`. items: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributesStrategyEvaluateGroupedByFiltersItems" type: array evaluate_grouped_by_tag_keys: description: The `strategy` `evaluate_grouped_by_tag_keys`. items: description: A tag key used to group cost evaluation. type: string type: array granularity: description: The `strategy` `granularity`. type: string method: description: The `strategy` `method`. example: "" type: string required: - method type: object ArbitraryRuleResponseDataAttributesStrategyAllocatedByFiltersItems: description: The definition of `ArbitraryRuleResponseDataAttributesStrategyAllocatedByFiltersItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryRuleResponseDataAttributesStrategyAllocatedByItems: description: The definition of `ArbitraryRuleResponseDataAttributesStrategyAllocatedByItems` object. properties: allocated_tags: description: The `items` `allocated_tags`. items: $ref: "#/components/schemas/ArbitraryRuleResponseDataAttributesStrategyAllocatedByItemsAllocatedTagsItems" type: array percentage: description: The `items` `percentage`. The numeric value format should be a 32bit float value. example: 0.0 format: double type: number required: - allocated_tags - percentage type: object ArbitraryRuleResponseDataAttributesStrategyAllocatedByItemsAllocatedTagsItems: description: The definition of `ArbitraryRuleResponseDataAttributesStrategyAllocatedByItemsAllocatedTagsItems` object. properties: key: description: The `items` `key`. example: "" type: string value: description: The `items` `value`. example: "" type: string required: - key - value type: object ArbitraryRuleResponseDataAttributesStrategyBasedOnCostsItems: description: The definition of `ArbitraryRuleResponseDataAttributesStrategyBasedOnCostsItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryRuleResponseDataAttributesStrategyEvaluateGroupedByFiltersItems: description: The definition of `ArbitraryRuleResponseDataAttributesStrategyEvaluateGroupedByFiltersItems` object. properties: condition: description: The `items` `condition`. example: "" type: string tag: description: The `items` `tag`. example: "" type: string value: description: The `items` `value`. type: string values: description: The `items` `values`. items: description: A filter value string. type: string nullable: true type: array required: - condition - tag type: object ArbitraryRuleResponseDataType: default: arbitrary_rule description: Arbitrary rule resource type. enum: - arbitrary_rule example: arbitrary_rule type: string x-enum-varnames: - ARBITRARY_RULE ArbitraryRuleStatusResponseArray: description: Processing statuses for all custom allocation rules in the specified organization. example: data: - attributes: processing_status: processing id: "123" type: arbitrary_rule_status - attributes: processing_status: done id: "456" type: arbitrary_rule_status properties: data: description: Processing status for a custom allocation rule. items: $ref: "#/components/schemas/ArbitraryRuleStatusResponseData" type: array required: - data type: object ArbitraryRuleStatusResponseData: description: Processing status for a custom allocation rule. properties: attributes: $ref: "#/components/schemas/ArbitraryRuleStatusResponseDataAttributes" id: description: The unique identifier of the custom allocation rule. example: "123" type: string type: $ref: "#/components/schemas/ArbitraryRuleStatusResponseDataType" required: - id - type - attributes type: object ArbitraryRuleStatusResponseDataAttributes: description: Processing status for a custom allocation rule. properties: processing_status: description: The processing status of the custom allocation rule. example: processing type: string required: - processing_status type: object ArbitraryRuleStatusResponseDataType: default: arbitrary_rule_status description: Custom allocation rule status resource type. enum: - arbitrary_rule_status example: arbitrary_rule_status type: string x-enum-varnames: - ARBITRARY_RULE_STATUS Argument: description: A named argument for a custom static analysis rule. properties: description: description: Base64-encoded argument description example: YXJndW1lbnQgZGVzY3JpcHRpb24= type: string name: description: Base64-encoded argument name example: YXJndW1lbnRfbmFtZQ== type: string required: - name - description type: object AsanaAccessToken: description: The definition of the `AsanaAccessToken` object. properties: access_token: description: The `AsanaAccessToken` `access_token`. example: "" type: string type: $ref: "#/components/schemas/AsanaAccessTokenType" required: - type - access_token type: object AsanaAccessTokenType: description: The definition of the `AsanaAccessToken` object. enum: - AsanaAccessToken example: AsanaAccessToken type: string x-enum-varnames: - ASANAACCESSTOKEN AsanaAccessTokenUpdate: description: The definition of the `AsanaAccessToken` object. properties: access_token: description: The `AsanaAccessTokenUpdate` `access_token`. type: string type: $ref: "#/components/schemas/AsanaAccessTokenType" required: - type type: object AsanaCredentials: description: The definition of the `AsanaCredentials` object. oneOf: - $ref: "#/components/schemas/AsanaAccessToken" AsanaCredentialsUpdate: description: The definition of the `AsanaCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/AsanaAccessTokenUpdate" AsanaIntegration: description: The definition of the `AsanaIntegration` object. properties: credentials: $ref: "#/components/schemas/AsanaCredentials" type: $ref: "#/components/schemas/AsanaIntegrationType" required: - type - credentials type: object AsanaIntegrationType: description: The definition of the `AsanaIntegrationType` object. enum: - Asana example: Asana type: string x-enum-varnames: - ASANA AsanaIntegrationUpdate: description: The definition of the `AsanaIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/AsanaCredentialsUpdate" type: $ref: "#/components/schemas/AsanaIntegrationType" required: - type type: object Asset: description: A single vulnerable asset properties: attributes: $ref: "#/components/schemas/AssetAttributes" id: description: The unique ID for this asset. example: Repository|github.com/DataDog/datadog-agent.git type: string type: $ref: "#/components/schemas/AssetEntityType" required: - id - type - attributes type: object AssetAttributes: description: The JSON:API attributes of the asset. properties: arch: description: Asset architecture. example: arm64 type: string environments: description: List of environments where the asset is deployed. example: - staging items: description: An environment where the asset is deployed. example: staging type: string type: array name: description: Asset name. example: github.com/DataDog/datadog-agent.git type: string operating_system: $ref: "#/components/schemas/AssetOperatingSystem" risks: $ref: "#/components/schemas/AssetRisks" teams: description: List of teams that own the asset. example: - compute items: description: A team that owns the asset. example: compute type: string type: array type: $ref: "#/components/schemas/AssetType" version: $ref: "#/components/schemas/AssetVersion" required: - name - type - risks - environments type: object AssetEntityType: description: The JSON:API type. enum: - assets example: assets type: string x-enum-varnames: - ASSETS AssetOperatingSystem: description: Asset operating system. properties: description: description: Operating system version. example: "24.04" type: string name: description: Operating system name. example: ubuntu type: string required: - name type: object AssetRisks: description: Asset risks. properties: has_access_to_sensitive_data: description: Whether the asset has access to sensitive data or not. example: false type: boolean has_privileged_access: description: Whether the asset has privileged access or not. example: false type: boolean in_production: description: Whether the asset is in production or not. example: false type: boolean is_publicly_accessible: description: Whether the asset is publicly accessible or not. example: false type: boolean under_attack: description: Whether the asset is under attack or not. example: false type: boolean required: - in_production type: object AssetType: description: The asset type enum: - Repository - Service - Host - HostImage - Image example: Repository type: string x-enum-varnames: - REPOSITORY - SERVICE - HOST - HOSTIMAGE - IMAGE AssetVersion: description: Asset version. properties: first: description: Asset first version. example: _latest type: string last: description: Asset last version. example: _latest type: string type: object AssignSeatsUserRequest: description: The request body for assigning seats to users for a product code. properties: data: $ref: "#/components/schemas/AssignSeatsUserRequestData" description: The data for the assign seats user request. type: object AssignSeatsUserRequestData: description: The request data object containing attributes for assigning seats to users. properties: attributes: $ref: "#/components/schemas/AssignSeatsUserRequestDataAttributes" description: The attributes of the assign seats user request. id: description: The ID of the assign seats user request. type: string type: $ref: "#/components/schemas/SeatAssignmentsDataType" description: The type of the assign seats user request. required: - type - attributes type: object AssignSeatsUserRequestDataAttributes: description: Attributes specifying the product and users to whom seats will be assigned. properties: product_code: description: The product code for which to assign seats. example: "" type: string user_uuids: description: The list of user IDs to assign seats to. example: - "" items: description: A user UUID identifying a user to assign a seat to. type: string type: array required: - product_code - user_uuids type: object AssignSeatsUserResponse: description: The response body returned after successfully assigning seats to users. properties: data: $ref: "#/components/schemas/AssignSeatsUserResponseData" description: The data for the assign seats user response. type: object AssignSeatsUserResponseData: description: The response data object containing attributes of the seat assignment result. properties: attributes: $ref: "#/components/schemas/AssignSeatsUserResponseDataAttributes" description: The attributes of the assign seats user response. id: description: The ID of the assign seats user response. type: string type: $ref: "#/components/schemas/SeatAssignmentsDataType" type: object AssignSeatsUserResponseDataAttributes: description: Attributes of the assign seats response, including the list of users assigned and the product code. properties: assigned_ids: description: The list of user IDs to which the seats were assigned. items: description: A user UUID identifying a user to whom a seat was assigned. type: string type: array product_code: description: The product code for which the seats were assigned. type: string type: object AttachCaseRequest: description: Request for attaching security findings to a case. properties: data: $ref: "#/components/schemas/AttachCaseRequestData" type: object AttachCaseRequestData: description: Data of the case to attach security findings to. properties: id: description: Unique identifier of the case. example: "c1234567-89ab-cdef-0123-456789abcdef" type: string relationships: $ref: "#/components/schemas/AttachCaseRequestDataRelationships" type: $ref: "#/components/schemas/CaseDataType" required: - type - id type: object AttachCaseRequestDataRelationships: description: Relationships of the case to attach security findings to. properties: findings: $ref: "#/components/schemas/Findings" description: Security findings to attach to the case. required: - findings type: object AttachJiraIssueRequest: description: Request for attaching security findings to a Jira issue. properties: data: $ref: "#/components/schemas/AttachJiraIssueRequestData" type: object AttachJiraIssueRequestData: description: Data of the Jira issue to attach security findings to. properties: attributes: $ref: "#/components/schemas/AttachJiraIssueRequestDataAttributes" relationships: $ref: "#/components/schemas/AttachJiraIssueRequestDataRelationships" type: $ref: "#/components/schemas/JiraIssuesDataType" required: - type type: object AttachJiraIssueRequestDataAttributes: description: Attributes of the Jira issue to attach security findings to. properties: jira_issue_url: description: URL of the Jira issue to attach security findings to. example: "https://domain.atlassian.net/browse/PROJ-123" type: string required: - jira_issue_url type: object AttachJiraIssueRequestDataRelationships: description: Relationships of the Jira issue to attach security findings to. properties: findings: $ref: "#/components/schemas/Findings" description: Security findings to attach to the Jira issue. project: $ref: "#/components/schemas/CaseManagementProject" description: Case management project with Jira integration configured. It is used to attach security findings to the Jira issue. To configure the integration, see [Bidirectional ticket syncing with Jira](https://docs.datadoghq.com/security/ticketing_integrations/#bidirectional-ticket-syncing-with-jira). required: - findings - project type: object Attachment: description: An attachment response containing the attachment data and related objects. properties: data: $ref: "#/components/schemas/AttachmentData" included: description: A list of related objects included in the response. items: $ref: "#/components/schemas/AttachmentIncluded" type: array type: object AttachmentArray: description: A list of incident attachments. properties: data: description: An array of attachment data objects. items: $ref: "#/components/schemas/AttachmentData" type: array included: description: A list of related objects included in the response. items: $ref: "#/components/schemas/AttachmentIncluded" type: array required: - data type: object AttachmentData: description: Attachment data from a response. properties: attributes: $ref: "#/components/schemas/AttachmentDataAttributes" id: description: The unique identifier of the attachment. example: "00000000-abcd-0002-0000-000000000000" type: string relationships: $ref: "#/components/schemas/AttachmentDataRelationships" type: $ref: "#/components/schemas/IncidentAttachmentType" required: - type - attributes - relationships - id type: object AttachmentDataAttributes: description: The attachment's attributes. properties: attachment: $ref: "#/components/schemas/AttachmentDataAttributesAttachment" attachment_type: $ref: "#/components/schemas/AttachmentDataAttributesAttachmentType" modified: description: Timestamp when the attachment was last modified. example: "2025-01-01T01:01:01.000000001Z" format: date-time type: string type: object AttachmentDataAttributesAttachment: description: The attachment object. properties: documentUrl: description: The URL of the attachment. example: "https://app.datadoghq.com/notebook/123/Postmortem-IR-123" type: string title: description: The title of the attachment. example: "Postmortem IR-123" type: string type: object AttachmentDataAttributesAttachmentType: description: The type of the attachment. enum: ["postmortem", "link"] example: "postmortem" type: string x-enum-varnames: - POSTMORTEM - LINK AttachmentDataRelationships: description: The attachment's resource relationships. properties: incident: $ref: "#/components/schemas/RelationshipToIncident" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" type: object AttachmentIncluded: description: Objects related to an attachment. oneOf: - $ref: "#/components/schemas/IncidentUserData" AuditLogsEvent: description: Object description of an Audit Logs event after it is processed and stored by Datadog. properties: attributes: $ref: "#/components/schemas/AuditLogsEventAttributes" id: description: Unique ID of the event. example: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" type: string type: $ref: "#/components/schemas/AuditLogsEventType" type: object AuditLogsEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from Audit Logs events. example: {"customAttribute": 123, "duration": 2345} type: object message: description: Message of the event. type: string service: description: |- Name of the application or service generating Audit Logs events. This name is used to correlate Audit Logs to APM, so make sure you specify the same value when you use both products. example: "web-app" type: string tags: description: Array of tags associated with your event. example: ["team:A"] items: description: Tag associated with your event. type: string type: array timestamp: description: Timestamp of your event. example: "2019-01-02T09:42:36.320Z" format: date-time type: string type: object AuditLogsEventType: default: audit description: Type of the event. enum: - audit example: "audit" type: string x-enum-varnames: - Audit AuditLogsEventsResponse: description: Response object with all events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: "#/components/schemas/AuditLogsEvent" type: array links: $ref: "#/components/schemas/AuditLogsResponseLinks" meta: $ref: "#/components/schemas/AuditLogsResponseMetadata" type: object AuditLogsQueryFilter: description: Search and filter query settings. properties: from: default: "now-15m" description: Minimum time for the requested events. Supports date, math, and regular timestamps (in milliseconds). example: "now-15m" type: string query: default: "*" description: Search query following the Audit Logs search syntax. example: "@type:session AND @session.type:user" type: string to: default: "now" description: Maximum time for the requested events. Supports date, math, and regular timestamps (in milliseconds). example: "now" type: string type: object AuditLogsQueryOptions: description: |- Global query options that are used during the query. Note: Specify either timezone or time offset, not both. Otherwise, the query fails. properties: time_offset: description: Time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: "UTC" description: |- The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: "GMT" type: string type: object AuditLogsQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object AuditLogsResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of results. Note that the request can also be made using the POST endpoint. example: "https://app.datadoghq.com/api/v2/audit/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object AuditLogsResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: Time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: "#/components/schemas/AuditLogsResponsePage" request_id: description: The identifier of the request. example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: $ref: "#/components/schemas/AuditLogsResponseStatus" warnings: description: |- A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response. items: $ref: "#/components/schemas/AuditLogsWarning" type: array type: object AuditLogsResponsePage: description: Paging attributes. properties: after: description: |- The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object AuditLogsResponseStatus: description: The status of the response. enum: ["done", "timeout"] example: "done" type: string x-enum-varnames: ["DONE", "TIMEOUT"] AuditLogsSearchEventsRequest: description: The request for a Audit Logs events list. properties: filter: $ref: "#/components/schemas/AuditLogsQueryFilter" options: $ref: "#/components/schemas/AuditLogsQueryOptions" page: $ref: "#/components/schemas/AuditLogsQueryPageOptions" sort: $ref: "#/components/schemas/AuditLogsSort" type: object AuditLogsSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING AuditLogsWarning: description: Warning message indicating something that went wrong with the query. properties: code: description: Unique code for this type of warning. example: "unknown_index" type: string detail: description: Detailed explanation of this specific warning. example: "indexes: foo, bar" type: string title: description: Short human-readable summary of the warning. example: "One or several indexes are missing or invalid, results hold data from the other indexes" type: string type: object AuthNMapping: description: The AuthN Mapping object returned by API. properties: attributes: $ref: "#/components/schemas/AuthNMappingAttributes" id: description: ID of the AuthN Mapping. example: "3653d3c6-0c75-11ea-ad28-fb5701eabc7d" type: string relationships: $ref: "#/components/schemas/AuthNMappingRelationships" type: $ref: "#/components/schemas/AuthNMappingsType" required: - id - type type: object AuthNMappingAttributes: description: Attributes of AuthN Mapping. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string created_at: description: Creation time of the AuthN Mapping. format: date-time readOnly: true type: string modified_at: description: Time of last AuthN Mapping modification. format: date-time readOnly: true type: string saml_assertion_attribute_id: description: The ID of the SAML assertion attribute. example: "0" type: string type: object AuthNMappingCreateAttributes: description: Key/Value pair of attributes used for create request. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object AuthNMappingCreateData: description: Data for creating an AuthN Mapping. properties: attributes: $ref: "#/components/schemas/AuthNMappingCreateAttributes" relationships: $ref: "#/components/schemas/AuthNMappingCreateRelationships" type: $ref: "#/components/schemas/AuthNMappingsType" required: - type type: object AuthNMappingCreateRelationships: description: Relationship of AuthN Mapping create object to a Role or Team. oneOf: - $ref: "#/components/schemas/AuthNMappingRelationshipToRole" - $ref: "#/components/schemas/AuthNMappingRelationshipToTeam" AuthNMappingCreateRequest: description: Request for creating an AuthN Mapping. properties: data: $ref: "#/components/schemas/AuthNMappingCreateData" required: - data type: object AuthNMappingIncluded: description: Included data in the AuthN Mapping response. oneOf: - $ref: "#/components/schemas/SAMLAssertionAttribute" - $ref: "#/components/schemas/Role" - $ref: "#/components/schemas/AuthNMappingTeam" AuthNMappingRelationshipToRole: description: Relationship of AuthN Mapping to a Role. properties: role: $ref: "#/components/schemas/RelationshipToRole" required: - role type: object AuthNMappingRelationshipToTeam: description: Relationship of AuthN Mapping to a Team. properties: team: $ref: "#/components/schemas/RelationshipToTeam" required: - team type: object AuthNMappingRelationships: description: All relationships associated with AuthN Mapping. properties: role: $ref: "#/components/schemas/RelationshipToRole" saml_assertion_attribute: $ref: "#/components/schemas/RelationshipToSAMLAssertionAttribute" team: $ref: "#/components/schemas/RelationshipToTeam" type: object AuthNMappingResourceType: description: The type of resource being mapped to. enum: - role - team type: string x-enum-varnames: - ROLE - TEAM AuthNMappingResponse: description: AuthN Mapping response from the API. properties: data: $ref: "#/components/schemas/AuthNMapping" included: description: Included data in the AuthN Mapping response. items: $ref: "#/components/schemas/AuthNMappingIncluded" type: array type: object AuthNMappingTeam: description: Team. properties: attributes: $ref: "#/components/schemas/AuthNMappingTeamAttributes" id: description: The ID of the Team. example: "f9bb8444-af7f-11ec-ac2c-da7ad0900001" type: string type: $ref: "#/components/schemas/TeamType" type: object AuthNMappingTeamAttributes: description: Team attributes. properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "🥑" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer handle: description: The team's identifier example: example-team maxLength: 195 type: string link_count: description: The number of links belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer name: description: The name of the team example: Example Team maxLength: 200 type: string summary: description: A brief summary of the team, derived from the `description` maxLength: 120 nullable: true type: string user_count: description: The number of users belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer type: object AuthNMappingUpdateAttributes: description: Key/Value pair of attributes used for update request. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object AuthNMappingUpdateData: description: Data for updating an AuthN Mapping. properties: attributes: $ref: "#/components/schemas/AuthNMappingUpdateAttributes" id: description: ID of the AuthN Mapping. example: "3653d3c6-0c75-11ea-ad28-fb5701eabc7d" type: string relationships: $ref: "#/components/schemas/AuthNMappingUpdateRelationships" type: $ref: "#/components/schemas/AuthNMappingsType" required: - id - type type: object AuthNMappingUpdateRelationships: description: Relationship of AuthN Mapping update object to a Role or Team. oneOf: - $ref: "#/components/schemas/AuthNMappingRelationshipToRole" - $ref: "#/components/schemas/AuthNMappingRelationshipToTeam" AuthNMappingUpdateRequest: description: Request to update an AuthN Mapping. properties: data: $ref: "#/components/schemas/AuthNMappingUpdateData" required: - data type: object AuthNMappingsResponse: description: Array of AuthN Mappings response. properties: data: description: Array of returned AuthN Mappings. items: $ref: "#/components/schemas/AuthNMapping" type: array included: description: Included data in the AuthN Mapping response. items: $ref: "#/components/schemas/AuthNMappingIncluded" type: array meta: $ref: "#/components/schemas/ResponseMetaAttributes" type: object AuthNMappingsSort: description: Sorting options for AuthN Mappings. enum: - created_at - -created_at - role_id - -role_id - saml_assertion_attribute_id - -saml_assertion_attribute_id - role.name - -role.name - saml_assertion_attribute.attribute_key - -saml_assertion_attribute.attribute_key - saml_assertion_attribute.attribute_value - -saml_assertion_attribute.attribute_value type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - ROLE_ID_ASCENDING - ROLE_ID_DESCENDING - SAML_ASSERTION_ATTRIBUTE_ID_ASCENDING - SAML_ASSERTION_ATTRIBUTE_ID_DESCENDING - ROLE_NAME_ASCENDING - ROLE_NAME_DESCENDING - SAML_ASSERTION_ATTRIBUTE_KEY_ASCENDING - SAML_ASSERTION_ATTRIBUTE_KEY_DESCENDING - SAML_ASSERTION_ATTRIBUTE_VALUE_ASCENDING - SAML_ASSERTION_ATTRIBUTE_VALUE_DESCENDING AuthNMappingsType: default: authn_mappings description: AuthN Mappings resource type. enum: - authn_mappings example: authn_mappings type: string x-enum-varnames: - AUTHN_MAPPINGS AutoCloseInactiveCases: description: Auto-close inactive cases settings. properties: enabled: description: Whether auto-close is enabled. type: boolean max_inactive_time_in_secs: description: Maximum inactive time in seconds before auto-closing. format: int64 type: integer type: object AutoTransitionAssignedCases: description: Auto-transition assigned cases settings. properties: auto_transition_assigned_cases_on_self_assigned: description: Whether to auto-transition cases when self-assigned. type: boolean type: object AwsAccountId: description: The ID of the AWS account. example: "123456789012" type: string AwsCURConfig: description: AWS CUR config. properties: attributes: $ref: "#/components/schemas/AwsCURConfigAttributes" id: description: The ID of the AWS CUR config. type: string type: $ref: "#/components/schemas/AwsCURConfigType" required: - attributes - type type: object AwsCURConfigAttributes: description: Attributes for An AWS CUR config. properties: account_filters: $ref: "#/components/schemas/AccountFilteringConfig" account_id: description: The AWS account ID. example: "123456789123" type: string bucket_name: description: The AWS bucket name used to store the Cost and Usage Report. example: "dd-cost-bucket" type: string bucket_region: description: The region the bucket is located in. example: "us-east-1" type: string created_at: description: The timestamp when the AWS CUR config was created. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string error_messages: description: The error messages for the AWS CUR config. items: description: An error message string. type: string nullable: true type: array months: deprecated: true description: The number of months the report has been backfilled. format: int32 maximum: 36 type: integer report_name: description: The name of the Cost and Usage Report. example: "dd-report-name" type: string report_prefix: description: The report prefix used for the Cost and Usage Report. example: "dd-report-prefix" type: string status: description: The status of the AWS CUR. example: "active" type: string status_updated_at: description: The timestamp when the AWS CUR config status was updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string updated_at: description: The timestamp when the AWS CUR config status was updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string required: - account_id - bucket_name - bucket_region - report_name - report_prefix - status type: object AwsCURConfigPatchData: description: AWS CUR config Patch data. properties: attributes: $ref: "#/components/schemas/AwsCURConfigPatchRequestAttributes" type: $ref: "#/components/schemas/AwsCURConfigPatchRequestType" required: - attributes - type type: object AwsCURConfigPatchRequest: description: AWS CUR config Patch Request. properties: data: $ref: "#/components/schemas/AwsCURConfigPatchData" required: - data type: object AwsCURConfigPatchRequestAttributes: description: Attributes for AWS CUR config Patch Request. properties: account_filters: $ref: "#/components/schemas/AccountFilteringConfig" is_enabled: description: Whether or not the Cloud Cost Management account is enabled. example: true type: boolean type: object AwsCURConfigPatchRequestType: default: aws_cur_config_patch_request description: Type of AWS CUR config Patch Request. enum: - aws_cur_config_patch_request example: aws_cur_config_patch_request type: string x-enum-varnames: - AWS_CUR_CONFIG_PATCH_REQUEST AwsCURConfigPostData: description: AWS CUR config Post data. properties: attributes: $ref: "#/components/schemas/AwsCURConfigPostRequestAttributes" type: $ref: "#/components/schemas/AwsCURConfigPostRequestType" required: - type type: object AwsCURConfigPostRequest: description: AWS CUR config Post Request. properties: data: $ref: "#/components/schemas/AwsCURConfigPostData" required: - data type: object AwsCURConfigPostRequestAttributes: description: Attributes for AWS CUR config Post Request. properties: account_filters: $ref: "#/components/schemas/AccountFilteringConfig" account_id: description: The AWS account ID. example: "123456789123" type: string bucket_name: description: The AWS bucket name used to store the Cost and Usage Report. example: "dd-cost-bucket" type: string bucket_region: description: The region the bucket is located in. example: "us-east-1" type: string months: description: The month of the report. format: int32 maximum: 36 type: integer report_name: description: The name of the Cost and Usage Report. example: "dd-report-name" type: string report_prefix: description: The report prefix used for the Cost and Usage Report. example: "dd-report-prefix" type: string required: - account_id - bucket_name - report_name - report_prefix type: object AwsCURConfigPostRequestType: default: aws_cur_config_post_request description: Type of AWS CUR config Post Request. enum: - aws_cur_config_post_request example: aws_cur_config_post_request type: string x-enum-varnames: - AWS_CUR_CONFIG_POST_REQUEST AwsCURConfigType: default: aws_cur_config description: Type of AWS CUR config. enum: - aws_cur_config example: aws_cur_config type: string x-enum-varnames: - AWS_CUR_CONFIG AwsCURConfigsResponse: description: List of AWS CUR configs. properties: data: description: An AWS CUR config. items: $ref: "#/components/schemas/AwsCURConfig" type: array required: - data type: object AwsCurConfigResponse: description: The definition of `AwsCurConfigResponse` object. example: data: attributes: account_filters: excluded_accounts: - "123456789124" - "123456789125" include_new_accounts: true account_id: "123456789123" bucket_name: dd-cost-bucket bucket_region: us-east-1 created_at: "2023-01-01T12:00:00.000000" error_messages: [] months: 36 report_name: dd-report-name report_prefix: dd-report-prefix status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: aws_cur_config properties: data: $ref: "#/components/schemas/AwsCurConfigResponseData" type: object AwsCurConfigResponseData: description: The definition of `AwsCurConfigResponseData` object. properties: attributes: $ref: "#/components/schemas/AwsCurConfigResponseDataAttributes" id: description: The `AwsCurConfigResponseData` `id`. type: string type: $ref: "#/components/schemas/AwsCurConfigResponseDataType" required: - type type: object AwsCurConfigResponseDataAttributes: description: The definition of `AwsCurConfigResponseDataAttributes` object. properties: account_filters: $ref: "#/components/schemas/AwsCurConfigResponseDataAttributesAccountFilters" account_id: description: The `attributes` `account_id`. type: string bucket_name: description: The `attributes` `bucket_name`. type: string bucket_region: description: The `attributes` `bucket_region`. type: string created_at: description: The `attributes` `created_at`. type: string error_messages: description: The `attributes` `error_messages`. items: description: An error message string. type: string nullable: true type: array months: description: The `attributes` `months`. format: int64 type: integer report_name: description: The `attributes` `report_name`. type: string report_prefix: description: The `attributes` `report_prefix`. type: string status: description: The `attributes` `status`. type: string status_updated_at: description: The `attributes` `status_updated_at`. type: string updated_at: description: The `attributes` `updated_at`. type: string type: object AwsCurConfigResponseDataAttributesAccountFilters: description: The definition of `AwsCurConfigResponseDataAttributesAccountFilters` object. properties: excluded_accounts: description: The `account_filters` `excluded_accounts`. items: description: An AWS account ID to exclude. type: string type: array include_new_accounts: description: The `account_filters` `include_new_accounts`. nullable: true type: boolean included_accounts: description: The `account_filters` `included_accounts`. items: description: An AWS account ID to include. type: string type: array type: object AwsCurConfigResponseDataType: default: aws_cur_config description: AWS CUR config resource type. enum: - aws_cur_config example: aws_cur_config type: string x-enum-varnames: - AWS_CUR_CONFIG AwsOnDemandAttributes: description: Attributes for the AWS on demand task. properties: arn: description: The arn of the resource to scan. example: "arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba" type: string assigned_at: description: Specifies the assignment timestamp if the task has been already assigned to a scanner. example: "2025-02-11T18:25:04.550564Z" type: string created_at: description: The task submission timestamp. example: "2025-02-11T18:13:24.576915Z" type: string status: description: |- Indicates the status of the task. QUEUED: the task has been submitted successfully and the resource has not been assigned to a scanner yet. ASSIGNED: the task has been assigned. ABORTED: the scan has been aborted after a period of time due to technical reasons, such as resource not found, insufficient permissions, or the absence of a configured scanner. example: "QUEUED" type: string type: object AwsOnDemandCreateAttributes: description: Attributes for the AWS on demand task. properties: arn: description: |- The arn of the resource to scan. Agentless supports the scan of EC2 instances, lambda functions, AMI, ECR, RDS and S3 buckets. example: "arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba" type: string required: - arn type: object AwsOnDemandCreateData: description: Object for a single AWS on demand task. properties: attributes: $ref: "#/components/schemas/AwsOnDemandCreateAttributes" type: $ref: "#/components/schemas/AwsOnDemandType" required: - type - attributes type: object AwsOnDemandCreateRequest: description: Request object that includes the on demand task to submit. properties: data: $ref: "#/components/schemas/AwsOnDemandCreateData" required: - data type: object AwsOnDemandData: description: Single AWS on demand task. properties: attributes: $ref: "#/components/schemas/AwsOnDemandAttributes" id: description: The UUID of the task. example: "6d09294c-9ad9-42fd-a759-a0c1599b4828" type: string type: $ref: "#/components/schemas/AwsOnDemandType" type: object AwsOnDemandListResponse: description: Response object that includes a list of AWS on demand tasks. properties: data: description: A list of on demand tasks. items: $ref: "#/components/schemas/AwsOnDemandData" type: array type: object AwsOnDemandResponse: description: Response object that includes an AWS on demand task. properties: data: $ref: "#/components/schemas/AwsOnDemandData" type: object AwsOnDemandType: default: aws_resource description: The type of the on demand task. The value should always be `aws_resource`. enum: - aws_resource example: aws_resource type: string x-enum-varnames: ["AWS_RESOURCE"] AwsScanOptionsAttributes: description: Attributes for the AWS scan options. properties: compliance_host: description: Indicates whether host compliance scanning is enabled. example: false type: boolean lambda: description: Indicates if scanning of Lambda functions is enabled. example: true type: boolean sensitive_data: description: Indicates if scanning for sensitive data is enabled. example: false type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. example: true type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. example: true type: boolean type: object AwsScanOptionsCreateAttributes: description: Attributes for the AWS scan options to create. properties: compliance_host: description: Indicates whether host compliance scanning is enabled. example: false type: boolean lambda: description: Indicates if scanning of Lambda functions is enabled. example: true type: boolean sensitive_data: description: Indicates if scanning for sensitive data is enabled. example: false type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. example: true type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. example: true type: boolean required: - compliance_host - lambda - sensitive_data - vuln_containers_os - vuln_host_os type: object AwsScanOptionsCreateData: description: Object for the scan options of a single AWS account. properties: attributes: $ref: "#/components/schemas/AwsScanOptionsCreateAttributes" id: $ref: "#/components/schemas/AwsAccountId" type: $ref: "#/components/schemas/AwsScanOptionsType" required: - id - type - attributes type: object AwsScanOptionsCreateRequest: description: Request object that includes the scan options to create. properties: data: $ref: "#/components/schemas/AwsScanOptionsCreateData" required: - data type: object AwsScanOptionsData: description: Single AWS Scan Options entry. properties: attributes: $ref: "#/components/schemas/AwsScanOptionsAttributes" id: description: The ID of the AWS account. example: "184366314700" type: string type: $ref: "#/components/schemas/AwsScanOptionsType" type: object AwsScanOptionsListResponse: description: Response object that includes a list of AWS scan options. properties: data: description: A list of AWS scan options. items: $ref: "#/components/schemas/AwsScanOptionsData" type: array type: object AwsScanOptionsResponse: description: Response object that includes the scan options of an AWS account. properties: data: $ref: "#/components/schemas/AwsScanOptionsData" type: object AwsScanOptionsType: default: aws_scan_options description: The type of the resource. The value should always be `aws_scan_options`. enum: - aws_scan_options example: aws_scan_options type: string x-enum-varnames: ["AWS_SCAN_OPTIONS"] AwsScanOptionsUpdateAttributes: description: Attributes for the AWS scan options to update. properties: compliance_host: description: Indicates whether host compliance scanning is enabled. example: false type: boolean lambda: description: Indicates if scanning of Lambda functions is enabled. example: true type: boolean sensitive_data: description: Indicates if scanning for sensitive data is enabled. example: false type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. example: true type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. example: true type: boolean type: object AwsScanOptionsUpdateData: description: Object for the scan options of a single AWS account. properties: attributes: $ref: "#/components/schemas/AwsScanOptionsUpdateAttributes" id: $ref: "#/components/schemas/AwsAccountId" type: $ref: "#/components/schemas/AwsScanOptionsType" required: - id - type - attributes type: object AwsScanOptionsUpdateRequest: description: Request object that includes the scan options to update. properties: data: $ref: "#/components/schemas/AwsScanOptionsUpdateData" required: - data type: object AzureCredentials: description: The definition of the `AzureCredentials` object. oneOf: - $ref: "#/components/schemas/AzureTenant" AzureCredentialsUpdate: description: The definition of the `AzureCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/AzureTenantUpdate" AzureIntegration: description: The definition of the `AzureIntegration` object. properties: credentials: $ref: "#/components/schemas/AzureCredentials" type: $ref: "#/components/schemas/AzureIntegrationType" required: - type - credentials type: object AzureIntegrationType: description: The definition of the `AzureIntegrationType` object. enum: - Azure example: Azure type: string x-enum-varnames: - AZURE AzureIntegrationUpdate: description: The definition of the `AzureIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/AzureCredentialsUpdate" type: $ref: "#/components/schemas/AzureIntegrationType" required: - type type: object AzureScanOptions: description: Response object containing Azure scan options for a single subscription. example: data: attributes: compliance_host: false vuln_containers_os: true vuln_host_os: true id: 12345678-90ab-cdef-1234-567890abcdef type: azure_scan_options properties: data: $ref: "#/components/schemas/AzureScanOptionsData" type: object AzureScanOptionsArray: description: Response object containing a list of Azure scan options. example: data: - attributes: compliance_host: false vuln_containers_os: true vuln_host_os: true id: 12345678-90ab-cdef-1234-567890abcdef type: azure_scan_options properties: data: description: A list of Azure scan options. items: $ref: "#/components/schemas/AzureScanOptionsData" type: array required: - data type: object AzureScanOptionsData: description: Single Azure scan options entry. properties: attributes: $ref: "#/components/schemas/AzureScanOptionsDataAttributes" id: description: The Azure subscription ID. example: "" type: string type: $ref: "#/components/schemas/AzureScanOptionsDataType" required: - type - id type: object AzureScanOptionsDataAttributes: description: Attributes for Azure scan options configuration. properties: compliance_host: description: Indicates whether host compliance scanning is enabled. type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. type: boolean type: object AzureScanOptionsDataType: default: azure_scan_options description: The type of the resource. The value should always be `azure_scan_options`. enum: - azure_scan_options example: azure_scan_options type: string x-enum-varnames: - AZURE_SCAN_OPTIONS AzureScanOptionsInputUpdate: description: Request object for updating Azure scan options. example: data: id: 12345678-90ab-cdef-1234-567890abcdef type: azure_scan_options properties: data: $ref: "#/components/schemas/AzureScanOptionsInputUpdateData" type: object AzureScanOptionsInputUpdateData: description: Data object for updating the scan options of a single Azure subscription. properties: attributes: $ref: "#/components/schemas/AzureScanOptionsInputUpdateDataAttributes" id: description: The Azure subscription ID. example: "12345678-90ab-cdef-1234-567890abcdef" type: string type: $ref: "#/components/schemas/AzureScanOptionsInputUpdateDataType" required: - type - id type: object AzureScanOptionsInputUpdateDataAttributes: description: Attributes for updating Azure scan options configuration. properties: compliance_host: description: Indicates whether host compliance scanning is enabled. type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. type: boolean type: object AzureScanOptionsInputUpdateDataType: default: azure_scan_options description: Azure scan options resource type. enum: - azure_scan_options example: azure_scan_options type: string x-enum-varnames: - AZURE_SCAN_OPTIONS AzureStorageDestination: description: |- The `azure_storage` destination forwards logs to an Azure Blob Storage container. **Supported pipeline types:** logs properties: blob_prefix: description: Optional prefix for blobs written to the container. example: "logs/" type: string buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" connection_string_key: description: Name of the environment variable or secret that holds the Azure Storage connection string. example: AZURE_STORAGE_CONNECTION_STRING type: string container_name: description: The name of the Azure Blob Storage container to store logs in. example: "my-log-container" type: string id: description: The unique identifier for this component. example: "azure-storage-destination" type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["processor-id"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array type: $ref: "#/components/schemas/AzureStorageDestinationType" required: - id - type - inputs - container_name type: object x-pipeline-types: [logs] AzureStorageDestinationType: default: azure_storage description: The destination type. The value should always be `azure_storage`. enum: - azure_storage example: azure_storage type: string x-enum-varnames: - AZURE_STORAGE AzureTenant: description: The definition of the `AzureTenant` object. properties: app_client_id: description: "The Client ID, also known as the Application ID in Azure, is a unique identifier for an application. It's used to identify the application during the authentication process. Your Application (client) ID is listed in the application's overview page. You can navigate to your application via the Azure Directory." example: "" type: string client_secret: description: The Client Secret is a confidential piece of information known only to the application and Azure AD. It's used to prove the application's identity. Your Client Secret is available from the application’s secrets page. You can navigate to your application via the Azure Directory. example: "" type: string custom_scopes: description: If provided, the custom scope to be requested from Microsoft when acquiring an OAuth 2 access token. This custom scope is used only in conjunction with the HTTP action. A resource's scope is constructed by using the identifier URI for the resource and .default, separated by a forward slash (/) as follows:{identifierURI}/.default. type: string tenant_id: description: The Tenant ID, also known as the Directory ID in Azure, is a unique identifier that represents an Azure AD instance. Your Tenant ID (Directory ID) is listed in your Active Directory overview page under the 'Tenant information' section. example: "" type: string type: $ref: "#/components/schemas/AzureTenantType" required: - type - tenant_id - app_client_id - client_secret type: object AzureTenantType: description: The definition of the `AzureTenant` object. enum: - AzureTenant example: AzureTenant type: string x-enum-varnames: - AZURETENANT AzureTenantUpdate: description: The definition of the `AzureTenant` object. properties: app_client_id: description: "The Client ID, also known as the Application ID in Azure, is a unique identifier for an application. It's used to identify the application during the authentication process. Your Application (client) ID is listed in the application's overview page. You can navigate to your application via the Azure Directory." type: string client_secret: description: The Client Secret is a confidential piece of information known only to the application and Azure AD. It's used to prove the application's identity. Your Client Secret is available from the application’s secrets page. You can navigate to your application via the Azure Directory. type: string custom_scopes: description: If provided, the custom scope to be requested from Microsoft when acquiring an OAuth 2 access token. This custom scope is used only in conjunction with the HTTP action. A resource's scope is constructed by using the identifier URI for the resource and .default, separated by a forward slash (/) as follows:{identifierURI}/.default. type: string tenant_id: description: The Tenant ID, also known as the Directory ID in Azure, is a unique identifier that represents an Azure AD instance. Your Tenant ID (Directory ID) is listed in your Active Directory overview page under the 'Tenant information' section. type: string type: $ref: "#/components/schemas/AzureTenantType" required: - type type: object AzureUCConfig: description: Azure config. properties: account_id: description: The tenant ID of the Azure account. example: "1234abcd-1234-abcd-1234-1234abcd1234" type: string client_id: description: The client ID of the Azure account. example: "1234abcd-1234-abcd-1234-1234abcd1234" type: string created_at: description: The timestamp when the Azure config was created. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string dataset_type: description: The dataset type of the Azure config. example: "actual" type: string error_messages: description: The error messages for the Azure config. items: description: An error message string. type: string nullable: true type: array export_name: description: The name of the configured Azure Export. example: "dd-actual-export" type: string export_path: description: The path where the Azure Export is saved. example: "dd-export-path" type: string id: description: The ID of the Azure config. type: string months: deprecated: true description: The number of months the report has been backfilled. format: int32 maximum: 36 type: integer scope: description: The scope of your observed subscription. example: "/subscriptions/1234abcd-1234-abcd-1234-1234abcd1234" type: string status: description: The status of the Azure config. example: "active" type: string status_updated_at: description: The timestamp when the Azure config status was last updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string storage_account: description: The name of the storage account where the Azure Export is saved. example: "dd-storage-account" type: string storage_container: description: The name of the storage container where the Azure Export is saved. example: "dd-storage-container" type: string updated_at: description: The timestamp when the Azure config was last updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string required: - account_id - client_id - dataset_type - export_name - export_path - scope - status - storage_account - storage_container type: object AzureUCConfigPair: description: Azure config pair. properties: attributes: $ref: "#/components/schemas/AzureUCConfigPairAttributes" id: description: The ID of Cloud Cost Management account. type: string type: $ref: "#/components/schemas/AzureUCConfigPairType" required: - attributes - type type: object AzureUCConfigPairAttributes: description: Attributes for Azure config pair. properties: configs: description: An Azure config. items: $ref: "#/components/schemas/AzureUCConfig" type: array id: description: The ID of the Azure config pair. type: string required: - configs type: object AzureUCConfigPairType: default: azure_uc_configs description: Type of Azure config pair. enum: - azure_uc_configs example: azure_uc_configs type: string x-enum-varnames: - AZURE_UC_CONFIGS AzureUCConfigPairsResponse: description: Response of Azure config pair. properties: data: $ref: "#/components/schemas/AzureUCConfigPair" type: object AzureUCConfigPatchData: description: Azure config Patch data. properties: attributes: $ref: "#/components/schemas/AzureUCConfigPatchRequestAttributes" type: $ref: "#/components/schemas/AzureUCConfigPatchRequestType" required: - type type: object AzureUCConfigPatchRequest: description: Azure config Patch Request. properties: data: $ref: "#/components/schemas/AzureUCConfigPatchData" required: - data type: object AzureUCConfigPatchRequestAttributes: description: Attributes for Azure config Patch Request. properties: is_enabled: description: Whether or not the Cloud Cost Management account is enabled. example: true type: boolean required: - is_enabled type: object AzureUCConfigPatchRequestType: default: azure_uc_config_patch_request description: Type of Azure config Patch Request. enum: - azure_uc_config_patch_request example: azure_uc_config_patch_request type: string x-enum-varnames: - AZURE_UC_CONFIG_PATCH_REQUEST AzureUCConfigPostData: description: Azure config Post data. properties: attributes: $ref: "#/components/schemas/AzureUCConfigPostRequestAttributes" type: $ref: "#/components/schemas/AzureUCConfigPostRequestType" required: - type type: object AzureUCConfigPostRequest: description: Azure config Post Request. properties: data: $ref: "#/components/schemas/AzureUCConfigPostData" required: - data type: object AzureUCConfigPostRequestAttributes: description: Attributes for Azure config Post Request. properties: account_id: description: The tenant ID of the Azure account. example: "1234abcd-1234-abcd-1234-1234abcd1234" type: string actual_bill_config: $ref: "#/components/schemas/BillConfig" amortized_bill_config: $ref: "#/components/schemas/BillConfig" client_id: description: The client ID of the Azure account. example: "1234abcd-1234-abcd-1234-1234abcd1234" type: string scope: description: The scope of your observed subscription. example: "/subscriptions/1234abcd-1234-abcd-1234-1234abcd1234" type: string required: - account_id - actual_bill_config - amortized_bill_config - client_id - scope type: object AzureUCConfigPostRequestType: default: azure_uc_config_post_request description: Type of Azure config Post Request. enum: - azure_uc_config_post_request example: azure_uc_config_post_request type: string x-enum-varnames: - AZURE_UC_CONFIG_POST_REQUEST AzureUCConfigsResponse: description: List of Azure accounts with configs. properties: data: description: An Azure config pair. items: $ref: "#/components/schemas/AzureUCConfigPair" type: array required: - data type: object BatchDeleteRowsRequestArray: description: The request body for deleting multiple rows from a reference table. properties: data: description: List of row resources to delete from the reference table. items: $ref: "#/components/schemas/TableRowResourceIdentifier" maxItems: 200 type: array required: - data type: object BatchRowsQueryDataType: default: reference-tables-batch-rows-query description: Resource type identifier for batch queries of reference table rows. enum: - reference-tables-batch-rows-query example: reference-tables-batch-rows-query type: string x-enum-varnames: - REFERENCE_TABLES_BATCH_ROWS_QUERY BatchRowsQueryRequest: description: Request object for querying multiple rows from a reference table by their identifiers. properties: data: $ref: "#/components/schemas/BatchRowsQueryRequestData" type: object BatchRowsQueryRequestData: description: Data object for a batch rows query request. properties: attributes: $ref: "#/components/schemas/BatchRowsQueryRequestDataAttributes" type: $ref: "#/components/schemas/BatchRowsQueryDataType" required: - type type: object BatchRowsQueryRequestDataAttributes: description: Attributes for a batch rows query request. properties: row_ids: description: List of row identifiers to query from the reference table. example: - "row_id_1" - "row_id_2" items: description: A single row identifier. type: string type: array table_id: description: Unique identifier of the reference table to query. example: "00000000-0000-0000-0000-000000000000" type: string required: - row_ids - table_id type: object BatchRowsQueryResponse: description: Response object for a batch rows query against a reference table. example: data: id: 00000000-0000-0000-0000-000000000000 relationships: rows: data: - id: row_id_1 type: row - id: row_id_2 type: row type: reference-tables-batch-rows-query properties: data: $ref: "#/components/schemas/BatchRowsQueryResponseData" type: object BatchRowsQueryResponseData: description: Data object for a batch rows query response. properties: id: description: Unique identifier of the batch query. type: string relationships: $ref: "#/components/schemas/BatchRowsQueryResponseDataRelationships" type: $ref: "#/components/schemas/BatchRowsQueryDataType" required: - type type: object BatchRowsQueryResponseDataRelationships: description: Relationships of the batch rows query response data. properties: rows: $ref: "#/components/schemas/BatchRowsQueryResponseDataRelationshipsRows" type: object BatchRowsQueryResponseDataRelationshipsRows: description: Relationship data containing the list of matching rows. properties: data: items: $ref: "#/components/schemas/TableRowResourceIdentifier" type: array type: object BatchUpsertRowsRequestArray: description: The request body for creating or updating multiple rows into a reference table. properties: data: description: List of row resources to create or update in the reference table. items: $ref: "#/components/schemas/BatchUpsertRowsRequestData" maxItems: 200 type: array required: - data type: object BatchUpsertRowsRequestData: description: Row resource containing a single row identifier and its column values. properties: attributes: $ref: "#/components/schemas/BatchUpsertRowsRequestDataAttributes" id: description: The primary key value that uniquely identifies the row to create or update. example: "primary_key_value" type: string type: $ref: "#/components/schemas/TableRowResourceDataType" required: - type - id type: object BatchUpsertRowsRequestDataAttributes: description: Attributes containing row data values for row creation or update operations. example: values: {} properties: values: additionalProperties: $ref: "#/components/schemas/BatchUpsertRowsRequestDataAttributesValue" description: >- Key-value pairs representing row data, where keys are schema field names and values match the corresponding column types. type: object required: - values type: object BatchUpsertRowsRequestDataAttributesValue: description: Types allowed for Reference Table row values. oneOf: - example: "row_name" type: string - example: 25 format: int32 maximum: 2147483647 type: integer BillConfig: description: Bill config. properties: export_name: description: The name of the configured Azure Export. example: "dd-actual-export" type: string export_path: description: The path where the Azure Export is saved. example: "dd-export-path" type: string storage_account: description: The name of the storage account where the Azure Export is saved. example: "dd-storage-account" type: string storage_container: description: The name of the storage container where the Azure Export is saved. example: "dd-storage-container" type: string required: - export_name - export_path - storage_account - storage_container type: object BillingDimensionsMappingBody: description: Billing dimensions mapping data. items: $ref: "#/components/schemas/BillingDimensionsMappingBodyItem" type: array BillingDimensionsMappingBodyItem: description: The mapping data for each billing dimension. properties: attributes: $ref: "#/components/schemas/BillingDimensionsMappingBodyItemAttributes" id: description: ID of the billing dimension. type: string type: $ref: "#/components/schemas/ActiveBillingDimensionsType" type: object BillingDimensionsMappingBodyItemAttributes: description: Mapping of billing dimensions to endpoint keys. properties: endpoints: description: "List of supported endpoints with their keys mapped to the billing_dimension." items: $ref: "#/components/schemas/BillingDimensionsMappingBodyItemAttributesEndpointsItems" type: array in_app_label: description: "Label used for the billing dimension in the Plan & Usage charts." example: APM Hosts type: string timestamp: description: "Month in ISO-8601 format, UTC, and precise to the second: `[YYYY-MM-DDThh:mm:ss]`." format: date-time type: string type: object BillingDimensionsMappingBodyItemAttributesEndpointsItems: description: An endpoint's keys mapped to the billing_dimension. properties: id: description: The URL for the endpoint. example: "api/v1/usage/billable-summary" type: string keys: description: The billing dimension. example: - "apm_host_top99p" - "apm_host_sum" items: description: A billing dimension key. example: apm_host_top99p type: string type: array status: $ref: "#/components/schemas/BillingDimensionsMappingBodyItemAttributesEndpointsItemsStatus" type: object BillingDimensionsMappingBodyItemAttributesEndpointsItemsStatus: description: Denotes whether mapping keys were available for this endpoint. enum: - OK - NOT_FOUND type: string x-enum-varnames: - OK - NOT_FOUND BillingDimensionsMappingResponse: description: Billing dimensions mapping response. properties: data: $ref: "#/components/schemas/BillingDimensionsMappingBody" type: object BranchCoverageSummaryRequest: description: Request object for getting code coverage summary for a branch. properties: data: $ref: "#/components/schemas/BranchCoverageSummaryRequestData" required: - data type: object BranchCoverageSummaryRequestAttributes: description: Attributes for requesting code coverage summary for a branch. properties: branch: description: The branch name. example: prod minLength: 1 type: string repository_id: description: The repository identifier. example: github.com/datadog/shopist minLength: 1 type: string required: - repository_id - branch type: object BranchCoverageSummaryRequestData: description: Data object for branch summary request. properties: attributes: $ref: "#/components/schemas/BranchCoverageSummaryRequestAttributes" type: $ref: "#/components/schemas/BranchCoverageSummaryRequestType" required: - type - attributes type: object BranchCoverageSummaryRequestType: description: JSON:API type for branch coverage summary request. The value must always be `ci_app_coverage_branch_summary_request`. enum: - ci_app_coverage_branch_summary_request example: ci_app_coverage_branch_summary_request type: string x-enum-varnames: - CI_APP_COVERAGE_BRANCH_SUMMARY_REQUEST Budget: description: A budget. properties: attributes: $ref: "#/components/schemas/BudgetAttributes" id: description: The id of the budget. type: string type: description: The type of the object, must be `budget`. example: "" type: string required: - type type: object BudgetArray: description: An array of budgets. example: data: - attributes: created_at: 1741011342772 created_by: user1 end_month: 202502 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1741011342772 updated_by: user2 id: "00000000-0a0a-0a0a-aaa0-00000000000a" type: budget properties: data: description: The `BudgetArray` `data`. items: $ref: "#/components/schemas/Budget" type: array required: - data type: object BudgetAttributes: description: The attributes of a budget. properties: created_at: description: The timestamp when the budget was created. example: 1738258683590 format: int64 type: integer created_by: description: The id of the user that created the budget. example: 00000000-0a0a-0a0a-aaa0-00000000000a type: string end_month: description: The month when the budget ends. example: 202502 format: int64 type: integer entries: description: The list of monthly budget entries. items: $ref: "#/components/schemas/BudgetWithEntriesDataAttributesEntriesItems" type: array metrics_query: description: The cost query used to track against the budget. example: aws.cost.amortized{service:ec2} by {service} type: string name: description: The name of the budget. example: my budget type: string org_id: description: The id of the org the budget belongs to. example: 123 format: int64 type: integer start_month: description: The month when the budget starts. example: 202501 format: int64 type: integer total_amount: description: The sum of all budget entries' amounts. example: 1000 format: double type: number updated_at: description: The timestamp when the budget was last updated. example: 1738258683590 format: int64 type: integer updated_by: description: The id of the user that created the budget. example: 00000000-0a0a-0a0a-aaa0-00000000000a type: string type: object BudgetValidationRequest: description: The request object for validating a budget configuration before creating or updating it. example: data: attributes: created_at: 1738258683590 created_by: 00000000-0a0a-0a0a-aaa0-00000000000a end_month: 202502 entries: - amount: 500 month: 202501 tag_filters: - tag_key: service tag_value: ec2 - amount: 500 month: 202502 tag_filters: - tag_key: service tag_value: ec2 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1738258683590 updated_by: 00000000-0a0a-0a0a-aaa0-00000000000a id: "1" type: budget properties: data: $ref: "#/components/schemas/BudgetValidationRequestData" type: object BudgetValidationRequestData: description: The data object for a budget validation request, containing the resource type, ID, and budget attributes to validate. properties: attributes: $ref: "#/components/schemas/BudgetWithEntriesDataAttributes" id: description: The unique identifier of the budget to validate. type: string type: $ref: "#/components/schemas/BudgetWithEntriesDataType" required: - type type: object BudgetValidationResponse: description: The response object for a budget validation request, containing the validation result data. example: data: attributes: errors: [] valid: true id: budget_validation type: budget_validation properties: data: $ref: "#/components/schemas/BudgetValidationResponseData" type: object BudgetValidationResponseData: description: The data object for a budget validation response, containing the resource type, ID, and validation attributes. properties: attributes: $ref: "#/components/schemas/BudgetValidationResponseDataAttributes" id: description: The unique identifier of the budget being validated. type: string type: $ref: "#/components/schemas/BudgetValidationResponseDataType" required: - type type: object BudgetValidationResponseDataAttributes: description: The attributes of a budget validation response, including any validation errors and the validity status. properties: errors: description: A list of validation error messages for the budget. items: description: A validation error message. type: string type: array valid: description: Whether the budget configuration is valid. type: boolean type: object BudgetValidationResponseDataType: default: budget_validation description: Budget validation resource type. enum: - budget_validation example: budget_validation type: string x-enum-varnames: - BUDGET_VALIDATION BudgetWithEntries: description: The definition of the `BudgetWithEntries` object. properties: data: $ref: "#/components/schemas/BudgetWithEntriesData" type: object BudgetWithEntriesData: description: A budget and all its entries. properties: attributes: $ref: "#/components/schemas/BudgetAttributes" id: description: The `BudgetWithEntriesData` `id`. example: 00000000-0a0a-0a0a-aaa0-00000000000a type: string type: description: The type of the object, must be `budget`. example: "" type: string type: object BudgetWithEntriesDataAttributes: description: The attributes of a budget including all its monthly entries. properties: created_at: description: The timestamp when the budget was created. format: int64 type: integer created_by: description: The ID of the user that created the budget. type: string end_month: description: The month when the budget ends, in YYYYMM format. format: int64 type: integer entries: description: The list of monthly budget entries. items: $ref: "#/components/schemas/BudgetWithEntriesDataAttributesEntriesItems" type: array metrics_query: description: The cost query used to track spending against the budget. type: string name: description: The name of the budget. type: string org_id: description: The ID of the organization the budget belongs to. format: int64 type: integer start_month: description: The month when the budget starts, in YYYYMM format. format: int64 type: integer total_amount: description: The total budget amount across all entries. format: double type: number updated_at: description: The timestamp when the budget was last updated. format: int64 type: integer updated_by: description: The ID of the user that last updated the budget. type: string type: object BudgetWithEntriesDataAttributesEntriesItems: description: A single monthly budget entry defining the allocated amount and optional tag filters for a specific month. properties: amount: description: The budgeted amount for this entry. format: double type: number month: description: The month this budget entry applies to, in YYYYMM format. format: int64 type: integer tag_filters: description: The list of tag filters that scope this budget entry to specific resources. items: $ref: "#/components/schemas/BudgetWithEntriesDataAttributesEntriesItemsTagFiltersItems" type: array type: object BudgetWithEntriesDataAttributesEntriesItemsTagFiltersItems: description: A tag filter used to scope a budget entry to specific resource tags. properties: tag_key: description: The tag key to filter on. type: string tag_value: description: The tag value to filter on. type: string type: object BudgetWithEntriesDataType: default: budget description: Budget resource type. enum: - budget example: budget type: string x-enum-varnames: - BUDGET BulkDeleteAppsDatastoreItemsRequest: description: Request to delete items from a datastore. properties: data: $ref: "#/components/schemas/BulkDeleteAppsDatastoreItemsRequestData" type: object BulkDeleteAppsDatastoreItemsRequestData: description: Data wrapper containing the data needed to delete items from a datastore. properties: attributes: $ref: "#/components/schemas/BulkDeleteAppsDatastoreItemsRequestDataAttributes" id: description: ID for the datastore of the items to delete. type: string type: $ref: "#/components/schemas/BulkDeleteAppsDatastoreItemsRequestDataType" required: - type type: object BulkDeleteAppsDatastoreItemsRequestDataAttributes: description: Attributes of request data to delete items from a datastore. properties: item_keys: description: List of primary keys identifying items to delete from datastore. Up to 100 items can be deleted in a single request. items: description: A primary key identifying a datastore item to delete. type: string maxItems: 100 type: array type: object BulkDeleteAppsDatastoreItemsRequestDataType: default: items description: Items resource type. enum: - items example: items type: string x-enum-varnames: - ITEMS BulkMuteFindingsRequest: description: The new bulk mute finding request. properties: data: $ref: "#/components/schemas/BulkMuteFindingsRequestData" required: - data type: object BulkMuteFindingsRequestAttributes: additionalProperties: false description: The mute properties to be updated. properties: mute: $ref: "#/components/schemas/BulkMuteFindingsRequestProperties" required: - mute type: object BulkMuteFindingsRequestData: description: Data object containing the new bulk mute properties of the finding. properties: attributes: $ref: "#/components/schemas/BulkMuteFindingsRequestAttributes" id: description: UUID to identify the request example: dbe5f567-192b-4404-b908-29b70e1c9f76 type: string meta: $ref: "#/components/schemas/BulkMuteFindingsRequestMeta" type: $ref: "#/components/schemas/FindingType" required: - id - type - attributes - meta type: object BulkMuteFindingsRequestMeta: description: Meta object containing the findings to be updated. properties: findings: description: Array of findings. items: $ref: "#/components/schemas/BulkMuteFindingsRequestMetaFindings" type: array type: object BulkMuteFindingsRequestMetaFindings: description: Finding object containing the finding information. properties: finding_id: $ref: "#/components/schemas/FindingID" type: object BulkMuteFindingsRequestProperties: additionalProperties: false description: Object containing the new mute properties of the findings. properties: description: description: Additional information about the reason why those findings are muted or unmuted. This field has a maximum limit of 280 characters. type: string expiration_date: description: |- The expiration date of the mute or unmute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the finding will be muted or unmuted indefinitely, which is equivalent to setting the expiration date to 9999999999999. example: 1778721573794 format: int64 type: integer muted: description: Whether those findings should be muted or unmuted. example: true type: boolean reason: $ref: "#/components/schemas/FindingMuteReason" required: - muted - reason type: object BulkMuteFindingsResponse: description: The expected response schema. properties: data: $ref: "#/components/schemas/BulkMuteFindingsResponseData" required: - data type: object BulkMuteFindingsResponseData: description: Data object containing the ID of the request that was updated. properties: id: description: UUID used to identify the request example: 93bfeb70-af47-424d-908a-948d3f08e37f type: string type: $ref: "#/components/schemas/FindingType" type: object BulkPutAppsDatastoreItemsRequest: description: Request to insert multiple items into a datastore in a single operation. properties: data: $ref: "#/components/schemas/BulkPutAppsDatastoreItemsRequestData" type: object BulkPutAppsDatastoreItemsRequestData: description: Data wrapper containing the items to insert and their configuration for the bulk insert operation. properties: attributes: $ref: "#/components/schemas/BulkPutAppsDatastoreItemsRequestDataAttributes" type: $ref: "#/components/schemas/DatastoreItemsDataType" required: - type type: object BulkPutAppsDatastoreItemsRequestDataAttributes: description: Configuration for bulk inserting multiple items into a datastore. properties: conflict_mode: $ref: "#/components/schemas/DatastoreItemConflictMode" values: $ref: "#/components/schemas/DatastoreItemValues" required: - values type: object CIAppAggregateBucketValue: description: A bucket value, can either be a timeseries or a single value. oneOf: - $ref: "#/components/schemas/CIAppAggregateBucketValueSingleString" - $ref: "#/components/schemas/CIAppAggregateBucketValueSingleNumber" - $ref: "#/components/schemas/CIAppAggregateBucketValueTimeseries" CIAppAggregateBucketValueSingleNumber: description: A single number value. format: double type: number CIAppAggregateBucketValueSingleString: description: A single string value. type: string CIAppAggregateBucketValueTimeseries: description: A timeseries array. items: $ref: "#/components/schemas/CIAppAggregateBucketValueTimeseriesPoint" type: array x-generate-alias-as-model: true CIAppAggregateBucketValueTimeseriesPoint: description: A timeseries point. properties: time: description: The time value for this point. example: "2020-06-08T11:55:00.123Z" format: date-time type: string value: description: The value for this point. example: 19 format: double type: number type: object CIAppAggregateSort: description: |- A sort rule. The `aggregation` field is required when `type` is `measure`. example: {"aggregation": "count", "order": "asc"} properties: aggregation: $ref: "#/components/schemas/CIAppAggregationFunction" metric: description: The metric to sort by (only used for `type=measure`). example: "@duration" type: string order: $ref: "#/components/schemas/CIAppSortOrder" type: $ref: "#/components/schemas/CIAppAggregateSortType" type: object CIAppAggregateSortType: default: "alphabetical" description: The type of sorting algorithm. enum: ["alphabetical", "measure"] type: string x-enum-varnames: ["ALPHABETICAL", "MEASURE"] CIAppAggregationFunction: description: An aggregation function. enum: ["count", "cardinality", "pc75", "pc90", "pc95", "pc98", "pc99", "sum", "min", "max", "avg", "median", "latest", "earliest", "most_frequent", "delta"] example: "pc90" type: string x-enum-varnames: ["COUNT", "CARDINALITY", "PERCENTILE_75", "PERCENTILE_90", "PERCENTILE_95", "PERCENTILE_98", "PERCENTILE_99", "SUM", "MIN", "MAX", "AVG", "MEDIAN", "LATEST", "EARLIEST", "MOST_FREQUENT", "DELTA"] CIAppCIError: description: Contains information of the CI error. nullable: true properties: domain: $ref: "#/components/schemas/CIAppCIErrorDomain" message: description: Error message. maxLength: 5000 nullable: true type: string stack: description: The stack trace of the reported errors. nullable: true type: string type: description: Short description of the error type. maxLength: 100 nullable: true type: string type: object CIAppCIErrorDomain: description: Error category used to differentiate between issues related to the developer or provider environments. enum: [provider, user, unknown] type: string x-enum-varnames: ["PROVIDER", "USER", "UNKNOWN"] CIAppCompute: description: A compute rule to compute metrics or timeseries. properties: aggregation: $ref: "#/components/schemas/CIAppAggregationFunction" interval: description: |- The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points. example: "5m" type: string metric: description: The metric to use. example: "@duration" type: string type: $ref: "#/components/schemas/CIAppComputeType" required: - aggregation type: object CIAppComputeType: default: "total" description: The type of compute. enum: ["timeseries", "total"] type: string x-enum-varnames: ["TIMESERIES", "TOTAL"] CIAppComputes: additionalProperties: $ref: "#/components/schemas/CIAppAggregateBucketValue" description: A map of the metric name to value for regular compute, or a list of values for a timeseries. type: object CIAppCreatePipelineEventRequest: description: Request object. properties: data: $ref: "#/components/schemas/CIAppCreatePipelineEventRequestDataSingleOrArray" type: object CIAppCreatePipelineEventRequestAttributes: description: Attributes of the pipeline event to create. properties: env: description: The Datadog environment. type: string provider_name: description: The name of the CI provider. By default, this is "custom". type: string resource: $ref: "#/components/schemas/CIAppCreatePipelineEventRequestAttributesResource" service: description: If the CI provider is SaaS, use this to differentiate between instances. type: string required: - resource type: object CIAppCreatePipelineEventRequestAttributesResource: description: Details of the CI pipeline event. example: "Details TBD" oneOf: - $ref: "#/components/schemas/CIAppPipelineEventPipeline" - $ref: "#/components/schemas/CIAppPipelineEventStage" - $ref: "#/components/schemas/CIAppPipelineEventJob" - $ref: "#/components/schemas/CIAppPipelineEventStep" CIAppCreatePipelineEventRequestData: description: Data of the pipeline event to create. properties: attributes: $ref: "#/components/schemas/CIAppCreatePipelineEventRequestAttributes" type: $ref: "#/components/schemas/CIAppCreatePipelineEventRequestDataType" type: object CIAppCreatePipelineEventRequestDataArray: description: Array of pipeline events to create in batch. items: $ref: "#/components/schemas/CIAppCreatePipelineEventRequestData" type: array CIAppCreatePipelineEventRequestDataSingleOrArray: description: Data of the pipeline events to create. oneOf: - $ref: "#/components/schemas/CIAppCreatePipelineEventRequestData" - $ref: "#/components/schemas/CIAppCreatePipelineEventRequestDataArray" CIAppCreatePipelineEventRequestDataType: default: cipipeline_resource_request description: Type of the event. enum: ["cipipeline_resource_request"] example: "cipipeline_resource_request" type: string x-enum-varnames: ["CIPIPELINE_RESOURCE_REQUEST"] CIAppEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from CI Visibility test events. example: {"customAttribute": 123, "duration": 2345} type: object tags: $ref: "#/components/schemas/TagsEventAttribute" test_level: $ref: "#/components/schemas/CIAppTestLevel" type: object CIAppGitInfo: description: |- If pipelines are triggered due to actions to a Git repository, then all payloads must contain this. Note that either `tag` or `branch` has to be provided, but not both. nullable: true properties: author_email: description: The commit author email. example: author@example.com type: string author_name: description: The commit author name. example: John Doe nullable: true type: string author_time: description: The commit author timestamp in RFC3339 format. example: "2023-05-31T15:30:00Z" nullable: true type: string branch: description: The branch name (if a tag use the tag parameter). example: feature-1 nullable: true type: string commit_time: description: The commit timestamp in RFC3339 format. example: "2023-05-31T15:30:00Z" nullable: true type: string committer_email: description: The committer email. example: committer@example.com nullable: true type: string committer_name: description: The committer name. nullable: true type: string default_branch: description: The Git repository's default branch. example: main nullable: true type: string message: description: The commit message. example: Instrumenting tests with CI Visibility. nullable: true type: string repository_url: description: The URL of the repository. example: https://github.com/username/repository type: string sha: description: The git commit SHA. example: da39a3ee5e6b4b0d3255bfef95601890afd80709 pattern: "^[a-fA-F0-9]{40}$" type: string tag: description: The tag name (if a branch use the branch parameter). example: v1.0.0 nullable: true type: string required: - repository_url - sha - author_email type: object CIAppGroupByHistogram: description: |- Used to perform a histogram computation (only for measure facets). At most, 100 buckets are allowed, the number of buckets is `(max - min)/interval`. properties: interval: description: The bin size of the histogram buckets. example: 10 format: double type: number max: description: |- The maximum value for the measure used in the histogram (values greater than this one are filtered out). example: 100 format: double type: number min: description: |- The minimum value for the measure used in the histogram (values smaller than this one are filtered out). example: 50 format: double type: number required: - interval - min - max type: object CIAppGroupByMissing: description: The value to use for logs that don't have the facet used to group-by. oneOf: - $ref: "#/components/schemas/CIAppGroupByMissingString" - $ref: "#/components/schemas/CIAppGroupByMissingNumber" CIAppGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number CIAppGroupByMissingString: description: The missing value to use if there is a string valued facet. type: string CIAppGroupByTotal: default: false description: |- A resulting object to put the given computes in over all the matching records. oneOf: - $ref: "#/components/schemas/CIAppGroupByTotalBoolean" - $ref: "#/components/schemas/CIAppGroupByTotalString" - $ref: "#/components/schemas/CIAppGroupByTotalNumber" CIAppGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total". type: boolean CIAppGroupByTotalNumber: description: A number to use as the key value for the total bucket. format: double type: number CIAppGroupByTotalString: description: A string to use as the key value for the total bucket. type: string CIAppHostInfo: description: Contains information of the host running the pipeline, stage, job, or step. nullable: true properties: hostname: description: FQDN of the host. example: www.example.com type: string labels: description: A list of labels used to select or identify the node. example: - ubuntu-18.04 - n2.large items: description: A label used to select or identify the node. type: string type: array name: description: Name for the host. type: string workspace: description: The path where the code is checked out. example: /home/workspace/code/my-repo type: string type: object CIAppPipelineEvent: description: Object description of a pipeline event after being processed and stored by Datadog. properties: attributes: $ref: "#/components/schemas/CIAppPipelineEventAttributes" id: description: Unique ID of the event. example: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" type: string type: $ref: "#/components/schemas/CIAppPipelineEventTypeName" type: object CIAppPipelineEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from CI Visibility pipeline events. example: {"customAttribute": 123, "duration": 2345} type: object ci_level: $ref: "#/components/schemas/CIAppPipelineLevel" tags: $ref: "#/components/schemas/TagsEventAttribute" type: object CIAppPipelineEventFinishedPipeline: description: Details of a finished pipeline. properties: end: description: Time when the pipeline run finished. It cannot be older than 18 hours in the past from the current time. The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string error: $ref: "#/components/schemas/CIAppCIError" git: $ref: "#/components/schemas/CIAppGitInfo" is_manual: description: Whether or not the pipeline was triggered manually by the user. example: false nullable: true type: boolean is_resumed: description: Whether or not the pipeline was resumed after being blocked. example: false nullable: true type: boolean level: $ref: "#/components/schemas/CIAppPipelineEventPipelineLevel" metrics: $ref: "#/components/schemas/CIAppPipelineEventMetrics" name: description: Name of the pipeline. All pipeline runs for the builds should have the same name. example: Deploy to AWS type: string node: $ref: "#/components/schemas/CIAppHostInfo" parameters: $ref: "#/components/schemas/CIAppPipelineEventParameters" parent_pipeline: $ref: "#/components/schemas/CIAppPipelineEventParentPipeline" partial_retry: description: |- Whether or not the pipeline was a partial retry of a previous attempt. A partial retry is one which only runs a subset of the original jobs. example: false type: boolean pipeline_id: description: |- Any ID used in the provider to identify the pipeline run even if it is not unique across retries. If the `pipeline_id` is unique, then both `unique_id` and `pipeline_id` can be set to the same value. example: "#023" type: string previous_attempt: $ref: "#/components/schemas/CIAppPipelineEventPreviousPipeline" queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer start: description: Time when the pipeline run started (it should not include any queue time). The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string status: $ref: "#/components/schemas/CIAppPipelineEventPipelineStatus" tags: $ref: "#/components/schemas/CIAppPipelineEventTags" unique_id: description: |- UUID of the pipeline run. The ID has to be unique across retries and pipelines, including partial retries. example: "3eacb6f3-ff04-4e10-8a9c-46e6d054024a" type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://my-ci-provider.example/pipelines/my-pipeline/run/1 type: string required: - level - unique_id - name - url - start - end - status - partial_retry type: object CIAppPipelineEventInProgressPipeline: description: Details of a running pipeline. properties: error: $ref: "#/components/schemas/CIAppCIError" git: $ref: "#/components/schemas/CIAppGitInfo" is_manual: description: Whether or not the pipeline was triggered manually by the user. example: false nullable: true type: boolean is_resumed: description: Whether or not the pipeline was resumed after being blocked. example: false nullable: true type: boolean level: $ref: "#/components/schemas/CIAppPipelineEventPipelineLevel" metrics: $ref: "#/components/schemas/CIAppPipelineEventMetrics" name: description: Name of the pipeline. All pipeline runs for the builds should have the same name. example: Deploy to AWS type: string node: $ref: "#/components/schemas/CIAppHostInfo" parameters: $ref: "#/components/schemas/CIAppPipelineEventParameters" parent_pipeline: $ref: "#/components/schemas/CIAppPipelineEventParentPipeline" partial_retry: description: |- Whether or not the pipeline was a partial retry of a previous attempt. A partial retry is one which only runs a subset of the original jobs. example: false type: boolean pipeline_id: description: |- Any ID used in the provider to identify the pipeline run even if it is not unique across retries. If the `pipeline_id` is unique, then both `unique_id` and `pipeline_id` can be set to the same value. example: "#023" type: string previous_attempt: $ref: "#/components/schemas/CIAppPipelineEventPreviousPipeline" queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer start: description: Time when the pipeline run started (it should not include any queue time). The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string status: $ref: "#/components/schemas/CIAppPipelineEventPipelineInProgressStatus" tags: $ref: "#/components/schemas/CIAppPipelineEventTags" unique_id: description: |- UUID of the pipeline run. The ID has to be the same as the finished pipeline. example: "3eacb6f3-ff04-4e10-8a9c-46e6d054024a" type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://my-ci-provider.example/pipelines/my-pipeline/run/1 type: string required: - level - unique_id - name - url - start - status - partial_retry type: object CIAppPipelineEventJob: description: Details of a CI job. properties: dependencies: description: A list of job IDs that this job depends on. example: ["f7e6a006-a029-46c3-b0cc-742c9d7d363b", "c8a69849-3c3b-4721-8b33-3e8ec2df1ebe"] items: description: A list of job IDs. type: string nullable: true type: array end: description: Time when the job run finished. The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string error: $ref: "#/components/schemas/CIAppCIError" git: $ref: "#/components/schemas/CIAppGitInfo" id: description: The UUID for the job. It has to be unique within each pipeline execution. example: c865bad4-de82-44b8-ade7-2c987528eb54 type: string level: $ref: "#/components/schemas/CIAppPipelineEventJobLevel" metrics: $ref: "#/components/schemas/CIAppPipelineEventMetrics" name: description: The name for the job. example: test type: string node: $ref: "#/components/schemas/CIAppHostInfo" parameters: $ref: "#/components/schemas/CIAppPipelineEventParameters" pipeline_name: description: The parent pipeline name. example: Build type: string pipeline_unique_id: description: The parent pipeline UUID. example: "76b572af-a078-42b2-a08a-cc28f98b944f" type: string queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer stage_id: description: The parent stage UUID (if applicable). nullable: true type: string stage_name: description: The parent stage name (if applicable). nullable: true type: string start: description: Time when the job run instance started (it should not include any queue time). The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string status: $ref: "#/components/schemas/CIAppPipelineEventJobStatus" tags: $ref: "#/components/schemas/CIAppPipelineEventTags" url: description: The URL to look at the job in the CI provider UI. example: https://ci-platform.com/job/your-job-name/build/123 type: string required: - level - id - name - pipeline_unique_id - pipeline_name - start - end - status - url type: object CIAppPipelineEventJobLevel: default: job description: Used to distinguish between pipelines, stages, jobs, and steps. enum: ["job"] example: "job" type: string x-enum-varnames: ["JOB"] CIAppPipelineEventJobStatus: description: The final status of the job. enum: ["success", "error", "canceled", "skipped"] example: success type: string x-enum-varnames: ["SUCCESS", "ERROR", "CANCELED", "SKIPPED"] CIAppPipelineEventMetrics: description: A list of user-defined metrics. The metrics must follow the `key:value` pattern and the value must be numeric. example: - bundle_size:370 - build_time:50021 items: description: Metrics in the form of `key:value`. The value needs to be numeric. type: string nullable: true type: array CIAppPipelineEventParameters: additionalProperties: type: string description: A map of key-value parameters or environment variables that were defined for the pipeline. example: LOG_LEVEL: debug nullable: true type: object CIAppPipelineEventParentPipeline: description: If the pipeline is triggered as child of another pipeline, this should contain the details of the parent pipeline. nullable: true properties: id: description: UUID of a pipeline. example: 93bfeb70-af47-424d-908a-948d3f08e37f type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://ci-platform.com/pipelines/123456789 type: string required: - id type: object CIAppPipelineEventPipeline: description: Details of the top level pipeline, build, or workflow of your CI. oneOf: - $ref: "#/components/schemas/CIAppPipelineEventFinishedPipeline" - $ref: "#/components/schemas/CIAppPipelineEventInProgressPipeline" CIAppPipelineEventPipelineInProgressStatus: description: The in progress status of the pipeline. enum: ["running"] example: running type: string x-enum-varnames: ["RUNNING"] CIAppPipelineEventPipelineLevel: default: pipeline description: Used to distinguish between pipelines, stages, jobs, and steps. enum: ["pipeline"] example: "pipeline" type: string x-enum-varnames: ["PIPELINE"] CIAppPipelineEventPipelineStatus: description: The final status of the pipeline. enum: ["success", "error", "canceled", "skipped", "blocked"] example: success type: string x-enum-varnames: ["SUCCESS", "ERROR", "CANCELED", "SKIPPED", "BLOCKED"] CIAppPipelineEventPreviousPipeline: description: If the pipeline is a retry, this should contain the details of the previous attempt. nullable: true properties: id: description: UUID of a pipeline. example: 93bfeb70-af47-424d-908a-948d3f08e37f type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://ci-platform.com/pipelines/123456789 type: string required: - id type: object CIAppPipelineEventStage: description: Details of a CI stage. properties: dependencies: description: A list of stage IDs that this stage depends on. example: ["f7e6a006-a029-46c3-b0cc-742c9d7d363b", "c8a69849-3c3b-4721-8b33-3e8ec2df1ebe"] items: description: A list of stage IDs. type: string nullable: true type: array end: description: Time when the stage run finished. The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string error: $ref: "#/components/schemas/CIAppCIError" git: $ref: "#/components/schemas/CIAppGitInfo" id: description: UUID for the stage. It has to be unique at least in the pipeline scope. example: 562bdbbb-7cab-48c8-851c-b24ca14628bf type: string level: $ref: "#/components/schemas/CIAppPipelineEventStageLevel" metrics: $ref: "#/components/schemas/CIAppPipelineEventMetrics" name: description: The name for the stage. example: build type: string node: $ref: "#/components/schemas/CIAppHostInfo" parameters: $ref: "#/components/schemas/CIAppPipelineEventParameters" pipeline_name: description: The parent pipeline name. example: Build type: string pipeline_unique_id: description: The parent pipeline UUID. example: "76b572af-a078-42b2-a08a-cc28f98b944f" type: string queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer start: description: Time when the stage run started (it should not include any queue time). The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string status: $ref: "#/components/schemas/CIAppPipelineEventStageStatus" tags: $ref: "#/components/schemas/CIAppPipelineEventTags" required: - level - id - name - pipeline_unique_id - pipeline_name - start - end - status type: object CIAppPipelineEventStageLevel: default: stage description: Used to distinguish between pipelines, stages, jobs and steps. enum: ["stage"] example: "stage" type: string x-enum-varnames: ["STAGE"] CIAppPipelineEventStageStatus: description: The final status of the stage. enum: ["success", "error", "canceled", "skipped"] example: success type: string x-enum-varnames: ["SUCCESS", "ERROR", "CANCELED", "SKIPPED"] CIAppPipelineEventStep: description: Details of a CI step. properties: end: description: Time when the step run finished. The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string error: $ref: "#/components/schemas/CIAppCIError" git: $ref: "#/components/schemas/CIAppGitInfo" id: description: UUID for the step. It has to be unique within each pipeline execution. example: c2d517a8-4f3a-4b41-b4ae-69df0c864c79 type: string job_id: description: The parent job UUID (if applicable). nullable: true type: string job_name: description: The parent job name (if applicable). nullable: true type: string level: $ref: "#/components/schemas/CIAppPipelineEventStepLevel" metrics: $ref: "#/components/schemas/CIAppPipelineEventMetrics" name: description: The name for the step. example: test-server type: string node: $ref: "#/components/schemas/CIAppHostInfo" parameters: $ref: "#/components/schemas/CIAppPipelineEventParameters" pipeline_name: description: The parent pipeline name. example: Build type: string pipeline_unique_id: description: The parent pipeline UUID. example: "76b572af-a078-42b2-a08a-cc28f98b944f" type: string stage_id: description: The parent stage UUID (if applicable). nullable: true type: string stage_name: description: The parent stage name (if applicable). nullable: true type: string start: description: Time when the step run started. The time format must be RFC3339. example: "2023-05-31T15:30:00Z" format: date-time type: string status: $ref: "#/components/schemas/CIAppPipelineEventStepStatus" tags: $ref: "#/components/schemas/CIAppPipelineEventTags" url: description: The URL to look at the step in the CI provider UI. nullable: true type: string required: - level - id - name - pipeline_unique_id - pipeline_name - start - end - status type: object CIAppPipelineEventStepLevel: default: step description: Used to distinguish between pipelines, stages, jobs and steps. enum: ["step"] example: "step" type: string x-enum-varnames: ["STEP"] CIAppPipelineEventStepStatus: description: The final status of the step. enum: ["success", "error"] example: success type: string x-enum-varnames: ["SUCCESS", "ERROR"] CIAppPipelineEventTags: description: A list of user-defined tags. The tags must follow the `key:value` pattern. example: - team:backend - type:deployment items: description: Tags in the form of `key:value`. type: string nullable: true type: array CIAppPipelineEventTypeName: description: Type of the event. enum: ["cipipeline"] example: "cipipeline" type: string x-enum-varnames: ["CIPIPELINE"] CIAppPipelineEventsRequest: description: The request for a pipelines search. properties: filter: $ref: "#/components/schemas/CIAppPipelinesQueryFilter" options: $ref: "#/components/schemas/CIAppQueryOptions" page: $ref: "#/components/schemas/CIAppQueryPageOptions" sort: $ref: "#/components/schemas/CIAppSort" type: object CIAppPipelineEventsResponse: description: Response object with all pipeline events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: "#/components/schemas/CIAppPipelineEvent" type: array links: $ref: "#/components/schemas/CIAppResponseLinks" meta: $ref: "#/components/schemas/CIAppResponseMetadataWithPagination" type: object CIAppPipelineLevel: description: Pipeline execution level. enum: [pipeline, stage, job, step, custom] example: pipeline type: string x-enum-varnames: ["PIPELINE", "STAGE", "JOB", "STEP", "CUSTOM"] CIAppPipelinesAggregateRequest: description: The object sent with the request to retrieve aggregation buckets of pipeline events from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: "#/components/schemas/CIAppCompute" type: array filter: $ref: "#/components/schemas/CIAppPipelinesQueryFilter" group_by: description: The rules for the group-by. items: $ref: "#/components/schemas/CIAppPipelinesGroupBy" type: array options: $ref: "#/components/schemas/CIAppQueryOptions" type: object CIAppPipelinesAggregationBucketsResponse: description: The query results. properties: buckets: description: The list of matching buckets, one item per bucket. items: $ref: "#/components/schemas/CIAppPipelinesBucketResponse" type: array type: object CIAppPipelinesAnalyticsAggregateResponse: description: The response object for the pipeline events aggregate API endpoint. properties: data: $ref: "#/components/schemas/CIAppPipelinesAggregationBucketsResponse" links: $ref: "#/components/schemas/CIAppResponseLinks" meta: $ref: "#/components/schemas/CIAppResponseMetadata" type: object CIAppPipelinesBucketResponse: description: Bucket values. properties: by: additionalProperties: description: The values for each group-by. description: The key-value pairs for each group-by. example: {"@ci.provider.name": "gitlab", "@ci.status": "success"} type: object computes: $ref: "#/components/schemas/CIAppComputes" type: object CIAppPipelinesGroupBy: description: A group-by rule. properties: facet: description: The name of the facet to use (required). example: "@ci.status" type: string histogram: $ref: "#/components/schemas/CIAppGroupByHistogram" limit: default: 10 description: The maximum buckets to return for this group-by. format: int64 type: integer missing: $ref: "#/components/schemas/CIAppGroupByMissing" sort: $ref: "#/components/schemas/CIAppAggregateSort" total: $ref: "#/components/schemas/CIAppGroupByTotal" required: - facet type: object CIAppPipelinesQueryFilter: description: The search and filter query settings. properties: from: default: "now-15m" description: The minimum time for the requested events; supports date, math, and regular timestamps (in milliseconds). example: "now-15m" type: string query: default: "*" description: The search query following the CI Visibility Explorer search syntax. example: "@ci.provider.name:github AND @ci.status:error" type: string to: default: "now" description: The maximum time for the requested events, supports date, math, and regular timestamps (in milliseconds). example: "now" type: string type: object CIAppQueryOptions: description: |- Global query options that are used during the query. Only supply timezone or time offset, not both. Otherwise, the query fails. properties: time_offset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: "UTC" description: |- The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: "GMT" type: string type: object CIAppQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object CIAppResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of results. The request can also be made using the POST endpoint. example: "https://app.datadoghq.com/api/v2/ci/tests/events?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object CIAppResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer request_id: description: The identifier of the request. example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: $ref: "#/components/schemas/CIAppResponseStatus" warnings: description: |- A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response. items: $ref: "#/components/schemas/CIAppWarning" type: array type: object CIAppResponseMetadataWithPagination: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: "#/components/schemas/CIAppResponsePage" request_id: description: The identifier of the request. example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: $ref: "#/components/schemas/CIAppResponseStatus" warnings: description: |- A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response. items: $ref: "#/components/schemas/CIAppWarning" type: array type: object CIAppResponsePage: description: Paging attributes. properties: after: description: |- The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object CIAppResponseStatus: description: The status of the response. enum: ["done", "timeout"] example: "done" type: string x-enum-varnames: ["DONE", "TIMEOUT"] CIAppSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING CIAppSortOrder: description: The order to use, ascending or descending. enum: - "asc" - "desc" example: "asc" type: string x-enum-varnames: - "ASCENDING" - "DESCENDING" CIAppTestEvent: description: Object description of test event after being processed and stored by Datadog. properties: attributes: $ref: "#/components/schemas/CIAppEventAttributes" id: description: Unique ID of the event. example: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" type: string type: $ref: "#/components/schemas/CIAppTestEventTypeName" type: object CIAppTestEventTypeName: description: Type of the event. enum: ["citest"] example: "citest" type: string x-enum-varnames: ["CITEST"] CIAppTestEventsRequest: description: The request for a tests search. properties: filter: $ref: "#/components/schemas/CIAppTestsQueryFilter" options: $ref: "#/components/schemas/CIAppQueryOptions" page: $ref: "#/components/schemas/CIAppQueryPageOptions" sort: $ref: "#/components/schemas/CIAppSort" type: object CIAppTestEventsResponse: description: Response object with all test events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: "#/components/schemas/CIAppTestEvent" type: array links: $ref: "#/components/schemas/CIAppResponseLinks" meta: $ref: "#/components/schemas/CIAppResponseMetadataWithPagination" type: object CIAppTestLevel: description: Test run level. enum: [session, module, suite, test] example: test type: string x-enum-varnames: ["SESSION", "MODULE", "SUITE", "TEST"] CIAppTestsAggregateRequest: description: The object sent with the request to retrieve aggregation buckets of test events from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: "#/components/schemas/CIAppCompute" type: array filter: $ref: "#/components/schemas/CIAppTestsQueryFilter" group_by: description: The rules for the group-by. items: $ref: "#/components/schemas/CIAppTestsGroupBy" type: array options: $ref: "#/components/schemas/CIAppQueryOptions" type: object CIAppTestsAggregationBucketsResponse: description: The query results. properties: buckets: description: The list of matching buckets, one item per bucket. items: $ref: "#/components/schemas/CIAppTestsBucketResponse" type: array type: object CIAppTestsAnalyticsAggregateResponse: description: The response object for the test events aggregate API endpoint. properties: data: $ref: "#/components/schemas/CIAppTestsAggregationBucketsResponse" links: $ref: "#/components/schemas/CIAppResponseLinks" meta: $ref: "#/components/schemas/CIAppResponseMetadataWithPagination" type: object CIAppTestsBucketResponse: description: Bucket values. properties: by: additionalProperties: description: The values for each group-by. description: The key-value pairs for each group-by. example: {"@test.service": "web-ui-tests", "@test.status": "skip"} type: object computes: $ref: "#/components/schemas/CIAppComputes" type: object CIAppTestsGroupBy: description: A group-by rule. properties: facet: description: The name of the facet to use (required). example: "@test.service" type: string histogram: $ref: "#/components/schemas/CIAppGroupByHistogram" limit: default: 10 description: The maximum buckets to return for this group-by. format: int64 type: integer missing: $ref: "#/components/schemas/CIAppGroupByMissing" sort: $ref: "#/components/schemas/CIAppAggregateSort" total: $ref: "#/components/schemas/CIAppGroupByTotal" required: - facet type: object CIAppTestsQueryFilter: description: The search and filter query settings. properties: from: default: "now-15m" description: The minimum time for the requested events; supports date, math, and regular timestamps (in milliseconds). example: "now-15m" type: string query: default: "*" description: The search query following the CI Visibility Explorer search syntax. example: "@test.service:web-ui-tests AND @test.status:fail" type: string to: default: "now" description: The maximum time for the requested events, supports date, math, and regular timestamps (in milliseconds). example: "now" type: string type: object CIAppWarning: description: A warning message indicating something that went wrong with the query. properties: code: description: A unique code for this type of warning. example: "unknown_index" type: string detail: description: A detailed explanation of this specific warning. example: "indexes: foo, bar" type: string title: description: A short human-readable summary of the warning. example: "One or several indexes are missing or invalid, results hold data from the other indexes" type: string type: object CSMAgentsMetadata: description: Metadata related to the paginated response. properties: page_index: description: The index of the current page in the paginated results. example: 0 format: int64 type: integer page_size: description: The number of items per page in the paginated results. example: 10 format: int64 type: integer total_filtered: description: Total number of items that match the filter criteria. example: 128697 format: int64 type: integer type: object CSMAgentsType: default: datadog_agent description: The type of the resource. The value should always be `datadog_agent`. enum: - datadog_agent example: datadog_agent type: string x-enum-varnames: ["DATADOG_AGENT"] CVSS: description: Vulnerability severity. properties: score: description: Vulnerability severity score. example: 4.5 format: double type: number severity: $ref: "#/components/schemas/VulnerabilitySeverity" vector: description: Vulnerability CVSS vector. example: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" type: string required: - score - severity - vector type: object CalculatedField: description: Calculated field. properties: expression: description: Expression. example: "@request_end_timestamp - @request_start_timestamp" type: string name: description: Field name. example: response_time type: string required: - name - expression type: object CampaignResponse: description: Response containing campaign data. properties: data: $ref: "#/components/schemas/CampaignResponseData" required: - data type: object CampaignResponseAttributes: description: Campaign attributes. properties: created_at: description: Creation time of the campaign. example: "2023-12-15T10:30:00Z" format: date-time type: string description: description: The description of the campaign. example: Campaign to improve security posture for Q1 2024. type: string due_date: description: The due date of the campaign. example: "2024-03-31T23:59:59Z" format: date-time type: string entity_scope: description: Entity scope query to filter entities for this campaign. example: kind:service AND team:platform type: string guidance: description: Guidance for the campaign. example: Please ensure all services pass the security requirements. type: string key: description: The unique key for the campaign. example: q1-security-2024 type: string modified_at: description: Time of last campaign modification. example: "2024-01-05T14:20:00Z" format: date-time type: string name: description: The name of the campaign. example: Q1 Security Campaign type: string owner: description: The UUID of the campaign owner. example: 550e8400-e29b-41d4-a716-446655440000 type: string start_date: description: The start date of the campaign. example: "2024-01-01T00:00:00Z" format: date-time type: string status: description: The status of the campaign. example: in_progress type: string required: - key - name - owner - status - start_date - created_at - modified_at type: object CampaignResponseData: description: Campaign data. properties: attributes: $ref: "#/components/schemas/CampaignResponseAttributes" id: description: The unique ID of the campaign. example: c10ODp0VCrrIpXmz type: string type: $ref: "#/components/schemas/CampaignType" required: - id - type - attributes type: object CampaignStatus: description: The status of the campaign. enum: - in_progress - not_started - completed example: in_progress type: string x-enum-varnames: - IN_PROGRESS - NOT_STARTED - COMPLETED CampaignType: description: The JSON:API type for campaigns. enum: - campaign example: campaign type: string x-enum-varnames: - CAMPAIGN CancelDataDeletionResponseBody: description: The response from the cancel data deletion request endpoint. properties: data: $ref: "#/components/schemas/DataDeletionResponseItem" meta: $ref: "#/components/schemas/DataDeletionResponseMeta" type: object Case: description: A case properties: attributes: $ref: "#/components/schemas/CaseAttributes" id: description: Case's identifier example: "aeadc05e-98a8-11ec-ac2c-da7ad0900001" type: string relationships: $ref: "#/components/schemas/CaseRelationships" type: $ref: "#/components/schemas/CaseResourceType" required: - id - type - attributes type: object Case3rdPartyTicketStatus: default: IN_PROGRESS description: Case status enum: - IN_PROGRESS - COMPLETED - FAILED example: COMPLETED readOnly: true type: string x-enum-varnames: - IN_PROGRESS - COMPLETED - FAILED CaseAssign: description: Case assign properties: attributes: $ref: "#/components/schemas/CaseAssignAttributes" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseAssignAttributes: description: Case assign attributes properties: assignee_id: description: Assignee's UUID example: "f98a5a5b-e0ff-45d4-b2f5-afe6e74de504" type: string required: - assignee_id type: object CaseAssignRequest: description: Case assign request properties: data: $ref: "#/components/schemas/CaseAssign" required: - data type: object CaseAttributes: description: Case resource attributes properties: archived_at: description: Timestamp of when the case was archived format: date-time nullable: true readOnly: true type: string attributes: $ref: "#/components/schemas/CaseObjectAttributes" closed_at: description: Timestamp of when the case was closed format: date-time nullable: true readOnly: true type: string created_at: description: Timestamp of when the case was created format: date-time readOnly: true type: string custom_attributes: additionalProperties: $ref: "#/components/schemas/CustomAttributeValue" description: Case custom attributes type: object description: description: Description type: string jira_issue: $ref: "#/components/schemas/JiraIssue" key: description: Key example: "CASEM-4523" type: string modified_at: description: Timestamp of when the case was last modified format: date-time nullable: true readOnly: true type: string priority: $ref: "#/components/schemas/CasePriority" service_now_ticket: $ref: "#/components/schemas/ServiceNowTicket" status: $ref: "#/components/schemas/CaseStatus" status_group: $ref: "#/components/schemas/CaseStatusGroup" status_name: $ref: "#/components/schemas/CaseStatusName" title: description: Title example: "Memory leak investigation on API" type: string type: $ref: "#/components/schemas/CaseType" type_id: description: Case type UUID example: "3b010bde-09ce-4449-b745-71dd5f861963" type: string type: object CaseComment: description: Case comment properties: attributes: $ref: "#/components/schemas/CaseCommentAttributes" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseCommentAttributes: description: Case comment attributes properties: comment: description: The `CaseCommentAttributes` `message`. example: "This is my comment !" type: string required: - comment type: object CaseCommentRequest: description: Case comment request properties: data: $ref: "#/components/schemas/CaseComment" required: - data type: object CaseCreate: description: Case creation data properties: attributes: $ref: "#/components/schemas/CaseCreateAttributes" relationships: $ref: "#/components/schemas/CaseCreateRelationships" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseCreateAttributes: description: Case creation attributes properties: custom_attributes: additionalProperties: $ref: "#/components/schemas/CustomAttributeValue" description: Case custom attributes type: object description: description: Description type: string priority: $ref: "#/components/schemas/CasePriority" status_name: $ref: "#/components/schemas/CaseStatusName" title: description: Title example: "Security breach investigation" type: string type_id: description: Case type UUID example: "3b010bde-09ce-4449-b745-71dd5f861963" type: string required: - title - type_id type: object CaseCreateRelationships: description: Relationships formed with the case on creation properties: assignee: $ref: "#/components/schemas/NullableUserRelationship" project: $ref: "#/components/schemas/ProjectRelationship" required: - project type: object CaseCreateRequest: description: Case create request properties: data: $ref: "#/components/schemas/CaseCreate" required: - data type: object CaseDataType: default: cases description: Cases resource type. enum: - cases example: cases type: string x-enum-varnames: - CASES CaseEmpty: description: Case empty request data properties: type: $ref: "#/components/schemas/CaseResourceType" required: - type type: object CaseEmptyRequest: description: Case empty request properties: data: $ref: "#/components/schemas/CaseEmpty" required: - data type: object CaseInsightsItems: description: An insight of the case. properties: ref: description: Reference of the insight. example: "/security/appsec/vm/library/vulnerability/dfa027f7c037b2f77159adc027fecb56?detection=static" type: string resource_id: description: Unique identifier of the resource. For example, the unique identifier of a security finding. example: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==" type: string type: description: Type of the resource. For example, the type of a security finding is "SECURITY_FINDING". example: "SECURITY_FINDING" type: string type: object CaseManagementProject: description: Case management project. properties: data: $ref: "#/components/schemas/CaseManagementProjectData" required: - data type: object CaseManagementProjectData: description: Data object representing a case management project. properties: id: description: Unique identifier of the case management project. example: "aeadc05e-98a8-11ec-ac2c-da7ad0900001" type: string type: $ref: "#/components/schemas/CaseManagementProjectDataType" required: - type - id type: object CaseManagementProjectDataType: default: projects description: Projects resource type. enum: - projects example: projects type: string x-enum-varnames: - PROJECTS CaseNotificationRule: description: A notification rule for case management properties: attributes: $ref: "#/components/schemas/CaseNotificationRuleAttributes" id: description: The notification rule's identifier example: "aeadc05e-98a8-11ec-ac2c-da7ad0900001" type: string type: $ref: "#/components/schemas/CaseNotificationRuleResourceType" required: - id - type - attributes type: object CaseNotificationRuleAttributes: description: Notification rule attributes properties: is_enabled: description: Whether the notification rule is enabled type: boolean query: description: Query to filter cases for this notification rule type: string recipients: description: List of notification recipients items: $ref: "#/components/schemas/CaseNotificationRuleRecipient" type: array triggers: description: List of triggers for this notification rule items: $ref: "#/components/schemas/CaseNotificationRuleTrigger" type: array type: object CaseNotificationRuleCreate: description: Notification rule create properties: attributes: $ref: "#/components/schemas/CaseNotificationRuleCreateAttributes" type: $ref: "#/components/schemas/CaseNotificationRuleResourceType" required: - attributes - type type: object CaseNotificationRuleCreateAttributes: description: Notification rule creation attributes properties: is_enabled: default: true description: Whether the notification rule is enabled type: boolean query: description: Query to filter cases for this notification rule type: string recipients: description: List of notification recipients items: $ref: "#/components/schemas/CaseNotificationRuleRecipient" type: array triggers: description: List of triggers for this notification rule items: $ref: "#/components/schemas/CaseNotificationRuleTrigger" type: array required: - recipients - triggers type: object CaseNotificationRuleCreateRequest: description: Notification rule create request properties: data: $ref: "#/components/schemas/CaseNotificationRuleCreate" required: - data type: object CaseNotificationRuleRecipient: description: Notification rule recipient properties: data: $ref: "#/components/schemas/CaseNotificationRuleRecipientData" type: description: Type of recipient (SLACK_CHANNEL, EMAIL, HTTP, PAGERDUTY_SERVICE, MS_TEAMS_CHANNEL) example: EMAIL type: string type: object CaseNotificationRuleRecipientData: description: Recipient data properties: channel: description: Slack channel name type: string channel_id: description: Slack channel ID type: string channel_name: description: Microsoft Teams channel name type: string connector_name: description: Microsoft Teams connector name type: string email: description: Email address type: string name: description: HTTP webhook name type: string service_name: description: PagerDuty service name type: string team_id: description: Microsoft Teams team ID type: string team_name: description: Microsoft Teams team name type: string tenant_id: description: Microsoft Teams tenant ID type: string tenant_name: description: Microsoft Teams tenant name type: string workspace: description: Slack workspace name type: string workspace_id: description: Slack workspace ID type: string type: object CaseNotificationRuleResourceType: default: notification_rule description: Notification rule resource type enum: - notification_rule example: notification_rule type: string x-enum-varnames: - NOTIFICATION_RULE CaseNotificationRuleResponse: description: Notification rule response properties: data: $ref: "#/components/schemas/CaseNotificationRule" type: object CaseNotificationRuleTrigger: description: Notification rule trigger properties: data: $ref: "#/components/schemas/CaseNotificationRuleTriggerData" type: description: Type of trigger (CASE_CREATED, STATUS_TRANSITIONED, ATTRIBUTE_VALUE_CHANGED, EVENT_CORRELATION_SIGNAL_CORRELATED) example: CASE_CREATED type: string type: object CaseNotificationRuleTriggerData: description: Trigger data properties: change_type: description: Change type (added, removed, changed) type: string field: description: Field name for attribute value changed trigger type: string from_status: description: Status ID to transition from type: string from_status_name: description: Status name to transition from type: string to_status: description: Status ID to transition to type: string to_status_name: description: Status name to transition to type: string type: object CaseNotificationRuleUpdate: description: Notification rule update properties: attributes: $ref: "#/components/schemas/CaseNotificationRuleAttributes" type: $ref: "#/components/schemas/CaseNotificationRuleResourceType" required: - type type: object CaseNotificationRuleUpdateRequest: description: Notification rule update request properties: data: $ref: "#/components/schemas/CaseNotificationRuleUpdate" required: - data type: object CaseNotificationRulesResponse: description: Response with notification rules properties: data: description: Notification rules data items: $ref: "#/components/schemas/CaseNotificationRule" type: array type: object CaseObjectAttributes: additionalProperties: items: description: An attribute value. type: string type: array description: The definition of `CaseObjectAttributes` object. type: object CasePriority: default: NOT_DEFINED description: Case priority enum: - NOT_DEFINED - P1 - P2 - P3 - P4 - P5 example: NOT_DEFINED type: string x-enum-varnames: - NOT_DEFINED - P1 - P2 - P3 - P4 - P5 CaseRelationships: description: Resources related to a case properties: assignee: $ref: "#/components/schemas/NullableUserRelationship" created_by: $ref: "#/components/schemas/NullableUserRelationship" modified_by: $ref: "#/components/schemas/NullableUserRelationship" project: $ref: "#/components/schemas/ProjectRelationship" type: object CaseResourceType: default: case description: Case resource type enum: - case example: case type: string x-enum-varnames: - CASE CaseResponse: description: Case response properties: data: $ref: "#/components/schemas/Case" type: object CaseSortableField: description: Case field that can be sorted on enum: - created_at - priority - status example: created_at type: string x-enum-varnames: - CREATED_AT - PRIORITY - STATUS CaseStatus: deprecated: true description: Deprecated way of representing the case status, which only supports OPEN, IN_PROGRESS, and CLOSED statuses. Use `status_name` instead. enum: - OPEN - IN_PROGRESS - CLOSED example: OPEN type: string x-enum-varnames: - OPEN - IN_PROGRESS - CLOSED CaseStatusGroup: description: Status group of the case. enum: - SG_OPEN - SG_IN_PROGRESS - SG_CLOSED example: SG_OPEN type: string x-enum-varnames: - SG_OPEN - SG_IN_PROGRESS - SG_CLOSED CaseStatusName: description: Status of the case. Must be one of the existing statuses for the case's type. example: "Open" type: string CaseTrigger: description: "Trigger a workflow from a Case. For automatic triggering a handle must be configured and the workflow must be published." properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object CaseTriggerWrapper: description: "Schema for a Case-based trigger." properties: caseTrigger: $ref: "#/components/schemas/CaseTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - caseTrigger type: object CaseType: deprecated: true description: Case type enum: - STANDARD example: STANDARD type: string x-enum-varnames: - STANDARD CaseTypeCreate: description: Case type properties: attributes: $ref: "#/components/schemas/CaseTypeResourceAttributes" type: $ref: "#/components/schemas/CaseTypeResourceType" required: - attributes - type type: object CaseTypeCreateRequest: description: Case type create request properties: data: $ref: "#/components/schemas/CaseTypeCreate" required: - data type: object CaseTypeResource: description: The definition of `CaseType` object. properties: attributes: $ref: "#/components/schemas/CaseTypeResourceAttributes" id: description: Case type's identifier example: "aeadc05e-98a8-11ec-ac2c-da7ad0900001" type: string type: $ref: "#/components/schemas/CaseTypeResourceType" type: object CaseTypeResourceAttributes: description: Case Type resource attributes properties: deleted_at: description: Timestamp of when the case type was deleted format: date-time nullable: true readOnly: true type: string description: description: Case type description. example: "Investigations done in case management" type: string emoji: description: Case type emoji. example: "🕵🏻‍♂️" type: string name: description: Case type name. example: "Investigation" type: string required: - name type: object CaseTypeResourceType: default: case_type description: Case type resource type enum: - case_type example: case_type type: string x-enum-varnames: - CASE_TYPE CaseTypeResponse: description: Case type response properties: data: $ref: "#/components/schemas/CaseTypeResource" type: object CaseTypesResponse: description: Case types response. properties: data: description: List of case types items: $ref: "#/components/schemas/CaseTypeResource" type: array type: object CaseUpdateAttributes: description: Case update attributes properties: attributes: $ref: "#/components/schemas/CaseUpdateAttributesAttributes" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseUpdateAttributesAttributes: description: Case update attributes attributes properties: attributes: $ref: "#/components/schemas/CaseObjectAttributes" required: - attributes type: object CaseUpdateAttributesRequest: description: Case update attributes request properties: data: $ref: "#/components/schemas/CaseUpdateAttributes" required: - data type: object CaseUpdateCustomAttribute: description: Case update custom attribute properties: attributes: $ref: "#/components/schemas/CustomAttributeValue" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseUpdateCustomAttributeRequest: description: Case update custom attribute request properties: data: $ref: "#/components/schemas/CaseUpdateCustomAttribute" required: - data type: object CaseUpdateDescription: description: Case update description properties: attributes: $ref: "#/components/schemas/CaseUpdateDescriptionAttributes" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseUpdateDescriptionAttributes: description: Case update description attributes properties: description: description: Case new description example: "Seeing some weird memory increase... We shouldn't ignore this" type: string required: - description type: object CaseUpdateDescriptionRequest: description: Case update description request properties: data: $ref: "#/components/schemas/CaseUpdateDescription" required: - data type: object CaseUpdatePriority: description: Case priority status properties: attributes: $ref: "#/components/schemas/CaseUpdatePriorityAttributes" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseUpdatePriorityAttributes: description: Case update priority attributes properties: priority: $ref: "#/components/schemas/CasePriority" required: - priority type: object CaseUpdatePriorityRequest: description: Case update priority request properties: data: $ref: "#/components/schemas/CaseUpdatePriority" required: - data type: object CaseUpdateStatus: description: Case update status properties: attributes: $ref: "#/components/schemas/CaseUpdateStatusAttributes" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseUpdateStatusAttributes: description: Case update status attributes properties: status: $ref: "#/components/schemas/CaseStatus" deprecated: true status_name: $ref: "#/components/schemas/CaseStatusName" type: object CaseUpdateStatusRequest: description: Case update status request properties: data: $ref: "#/components/schemas/CaseUpdateStatus" required: - data type: object CaseUpdateTitle: description: Case update title properties: attributes: $ref: "#/components/schemas/CaseUpdateTitleAttributes" type: $ref: "#/components/schemas/CaseResourceType" required: - attributes - type type: object CaseUpdateTitleAttributes: description: Case update title attributes properties: title: description: Case new title example: "Memory leak investigation on API" type: string required: - title type: object CaseUpdateTitleRequest: description: Case update title request properties: data: $ref: "#/components/schemas/CaseUpdateTitle" required: - data type: object CasesResponse: description: Response with cases properties: data: description: Cases response data items: $ref: "#/components/schemas/Case" type: array meta: $ref: "#/components/schemas/CasesResponseMeta" type: object CasesResponseMeta: description: Cases response metadata properties: page: $ref: "#/components/schemas/CasesResponseMetaPagination" type: object CasesResponseMetaPagination: description: Pagination metadata properties: current: description: Current page number format: int64 type: integer size: description: Number of cases in current page format: int64 type: integer total: description: Total number of pages format: int64 type: integer type: object ChangeEventAttributes: description: Change event attributes. properties: aggregation_key: $ref: "#/components/schemas/V2EventAggregationKey" author: $ref: "#/components/schemas/ChangeEventAttributesAuthor" change_metadata: description: JSON object of change metadata. example: dd: team: "datadog_team" user_email: "datadog@datadog.com" user_id: "datadog_user_id" user_name: "datadog_username" type: object changed_resource: $ref: "#/components/schemas/ChangeEventAttributesChangedResource" evt: $ref: "#/components/schemas/EventSystemAttributes" impacted_resources: description: A list of resources impacted by this change. example: [{"name": "service-name", "type": "service"}] items: $ref: "#/components/schemas/ChangeEventAttributesImpactedResourcesItem" type: array new_value: description: The new state of the changed resource. example: enabled: true percentage: "50%" rule: datacenter: "devcycle.us1.prod" type: object prev_value: description: The previous state of the changed resource. example: enabled: true percentage: "10%" rule: datacenter: "devcycle.us1.prod" type: object service: $ref: "#/components/schemas/V2EventService" timestamp: $ref: "#/components/schemas/V2EventTimestamp" title: $ref: "#/components/schemas/V2EventTitle" type: object ChangeEventAttributesAuthor: description: The entity that made the change. properties: name: description: The name of the user or system that made the change. example: "example@datadog.com" type: string type: $ref: "#/components/schemas/ChangeEventAttributesAuthorType" type: object ChangeEventAttributesAuthorType: description: The type of the author. enum: - user - system - api - automation example: "user" type: string x-enum-varnames: - USER - SYSTEM - API - AUTOMATION ChangeEventAttributesChangedResource: description: A uniquely identified resource. properties: name: description: The name of the changed resource. type: string type: $ref: "#/components/schemas/ChangeEventAttributesChangedResourceType" type: object ChangeEventAttributesChangedResourceType: description: The type of the changed resource. enum: - feature_flag - configuration example: "feature_flag" type: string x-enum-varnames: - FEATURE_FLAG - CONFIGURATION ChangeEventAttributesImpactedResourcesItem: description: A uniquely identified resource. properties: name: description: The name of the impacted resource. type: string type: $ref: "#/components/schemas/ChangeEventAttributesImpactedResourcesItemType" type: object ChangeEventAttributesImpactedResourcesItemType: description: The type of the impacted resource. enum: - service type: string x-enum-varnames: - SERVICE ChangeEventCustomAttributes: additionalProperties: false description: |- Change event attributes. properties: author: $ref: "#/components/schemas/ChangeEventCustomAttributesAuthor" change_metadata: additionalProperties: {} description: |- Free form JSON object with information related to the `change` event. Supports up to 100 properties per object and a maximum nesting depth of 10 levels. example: dd: team: "datadog_team" user_email: "datadog@datadog.com" user_id: "datadog_user_id" user_name: "datadog_username" resource_link: "datadog.com/feature/fallback_payments_test" type: object changed_resource: $ref: "#/components/schemas/ChangeEventCustomAttributesChangedResource" impacted_resources: description: |- A list of resources impacted by this change. It is recommended to provide an impacted resource to display the change event at the correct location. Only resources of type `service` are supported. Maximum of 100 impacted resources allowed. example: - name: payments_api type: service items: $ref: "#/components/schemas/ChangeEventCustomAttributesImpactedResourcesItems" maxItems: 100 type: array new_value: additionalProperties: {} description: |- Free form JSON object representing the new state of the changed resource. example: enabled: true percentage: "50%" rule: datacenter: "devcycle.us1.prod" type: object prev_value: additionalProperties: {} description: |- Free form JSON object representing the previous state of the changed resource. example: enabled: true percentage: "10%" rule: datacenter: "devcycle.us1.prod" type: object required: - changed_resource type: object ChangeEventCustomAttributesAuthor: additionalProperties: false description: |- The entity that made the change. Optional, if provided it must include `type` and `name`. properties: name: description: The name of the user or system that made the change. Limited to 128 characters. example: "example@datadog.com" maxLength: 128 minLength: 1 type: string type: $ref: "#/components/schemas/ChangeEventCustomAttributesAuthorType" required: - name - type type: object ChangeEventCustomAttributesAuthorType: description: Author's type. enum: - user - system - api - automation example: user type: string x-enum-varnames: - USER - SYSTEM - API - AUTOMATION ChangeEventCustomAttributesChangedResource: additionalProperties: false description: |- A uniquely identified resource. properties: name: description: The name of the resource that was changed. Limited to 128 characters. Must contain at least one non-whitespace character. example: "fallback_payments_test" maxLength: 128 minLength: 1 pattern: ".*\\S.*" type: string type: $ref: "#/components/schemas/ChangeEventCustomAttributesChangedResourceType" required: - type - name type: object ChangeEventCustomAttributesChangedResourceType: description: The type of the resource that was changed. enum: - feature_flag - configuration example: "feature_flag" type: string x-enum-varnames: - FEATURE_FLAG - CONFIGURATION ChangeEventCustomAttributesImpactedResourcesItems: additionalProperties: false description: |- Object representing a uniquely identified resource. properties: name: description: The name of the impacted resource. Limited to 128 characters. example: "payments_api" maxLength: 128 minLength: 1 type: string type: $ref: "#/components/schemas/ChangeEventCustomAttributesImpactedResourcesItemsType" required: - type - name type: object ChangeEventCustomAttributesImpactedResourcesItemsType: description: The type of the impacted resource. enum: - service example: "service" type: string x-enum-varnames: - SERVICE ChangeEventTriggerWrapper: description: "Schema for a Change Event-based trigger." properties: changeEventTrigger: description: "Trigger a workflow from a Change Event." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - changeEventTrigger type: object ChangeRequestBranchCreateAttributes: description: Attributes for creating a change request branch. properties: branch_name: description: The name of the branch to create. example: "chm/CHM-1234" type: string repo_id: description: The repository identifier in the format owner/repository. example: "DataDog/dd-source" type: string required: - repo_id - branch_name type: object ChangeRequestBranchCreateData: description: Data object to create a change request branch. properties: attributes: $ref: "#/components/schemas/ChangeRequestBranchCreateAttributes" type: $ref: "#/components/schemas/ChangeRequestBranchResourceType" required: - type - attributes type: object ChangeRequestBranchCreateRequest: description: Request object to create a branch for a change request. properties: data: $ref: "#/components/schemas/ChangeRequestBranchCreateData" required: - data type: object ChangeRequestBranchResourceType: description: Change request branch resource type. enum: - change_request_branch example: change_request_branch type: string x-enum-varnames: - CHANGE_REQUEST_BRANCH ChangeRequestChangeType: description: The type of the change request. enum: - NORMAL - STANDARD - EMERGENCY example: NORMAL type: string x-enum-varnames: - NORMAL - STANDARD - EMERGENCY ChangeRequestCreateAttributes: description: Attributes for creating a change request. properties: change_request_linked_incident_uuid: description: The UUID of an incident to link to the change request. example: "00000000-0000-0000-0000-000000000000" type: string change_request_maintenance_window_query: description: The maintenance window query for the change request. example: "" type: string change_request_plan: description: The plan associated with the change request. example: "1. Deploy to staging 2. Run tests 3. Deploy to production" type: string change_request_risk: $ref: "#/components/schemas/ChangeRequestRiskLevel" change_request_type: $ref: "#/components/schemas/ChangeRequestChangeType" description: description: The description of the change request. example: "Deploying new payment service v2.1" type: string end_date: description: The planned end date of the change request. example: "2024-01-02T15:00:00Z" format: date-time type: string project_id: description: The project UUID to associate with the change request. example: "d4bbe1af-f36e-42f1-87c1-493ca35c320e" type: string requested_teams: description: A list of team handles to request decisions from. example: - "team-handle-1" items: description: A team handle to request decisions from. type: string type: array start_date: description: The planned start date of the change request. example: "2024-01-01T03:00:00Z" format: date-time type: string title: description: The title of the change request. example: "Deploy new payment service" type: string required: - title type: object ChangeRequestCreateData: description: Data object to create a change request. properties: attributes: $ref: "#/components/schemas/ChangeRequestCreateAttributes" type: $ref: "#/components/schemas/ChangeRequestResourceType" required: - type - attributes type: object ChangeRequestCreateRequest: description: Request object to create a change request. properties: data: $ref: "#/components/schemas/ChangeRequestCreateData" required: - data type: object ChangeRequestDecisionCreateAttributes: description: Attributes for creating a change request decision. properties: change_request_status: $ref: "#/components/schemas/ChangeRequestDecisionStatusType" request_reason: description: The reason for requesting the decision. example: "Please review and approve this change" type: string type: object ChangeRequestDecisionCreateItem: description: An included change request decision for a create or update operation. properties: attributes: $ref: "#/components/schemas/ChangeRequestDecisionCreateAttributes" id: description: The decision identifier. example: "decision-id-0" type: string relationships: $ref: "#/components/schemas/ChangeRequestDecisionCreateRelationships" type: $ref: "#/components/schemas/ChangeRequestDecisionResourceType" required: - type - id type: object ChangeRequestDecisionCreateRelationships: description: Relationships for creating a change request decision. properties: requested_user: $ref: "#/components/schemas/ChangeRequestUserRelationship" type: object ChangeRequestDecisionRelationshipData: description: Change request decision relationship data. properties: id: description: The decision UUID. example: "decision-id-0" type: string type: $ref: "#/components/schemas/ChangeRequestDecisionResourceType" required: - id - type type: object ChangeRequestDecisionRelationships: description: Relationships of a change request decision. properties: modified_by: $ref: "#/components/schemas/ChangeRequestUserRelationship" requested_by_user: $ref: "#/components/schemas/ChangeRequestUserRelationship" requested_user: $ref: "#/components/schemas/ChangeRequestUserRelationship" required: - requested_user - requested_by_user - modified_by type: object ChangeRequestDecisionResourceType: description: Change request decision resource type. enum: - change_request_decision example: change_request_decision type: string x-enum-varnames: - CHANGE_REQUEST_DECISION ChangeRequestDecisionResponseAttributes: description: Attributes of a change request decision in a response. properties: change_request_status: $ref: "#/components/schemas/ChangeRequestDecisionStatusType" decided_at: description: Timestamp of when the decision was made. example: "2024-01-02T00:00:00Z" format: date-time type: string decision_reason: description: The reason for the decision. example: "LGTM" type: string deleted_at: description: Timestamp of when the decision was deleted. example: "0001-01-01T00:00:00Z" format: date-time type: string request_reason: description: The reason for requesting the decision. example: "Please review this change" type: string requested_at: description: Timestamp of when the decision was requested. example: "2024-01-01T00:00:00Z" format: date-time type: string required: - change_request_status - request_reason - decision_reason - requested_at - decided_at - deleted_at type: object ChangeRequestDecisionStatusType: description: The status of a change request decision. enum: - REQUESTED - APPROVED - DECLINED example: REQUESTED type: string x-enum-varnames: - REQUESTED - APPROVED - DECLINED ChangeRequestDecisionUpdateData: description: Data object to update a change request decision. properties: attributes: $ref: "#/components/schemas/ChangeRequestDecisionUpdateDataAttributes" relationships: $ref: "#/components/schemas/ChangeRequestDecisionUpdateDataRelationships" type: $ref: "#/components/schemas/ChangeRequestResourceType" required: - type type: object ChangeRequestDecisionUpdateDataAttributes: description: Attributes of the parent change request for a decision update. properties: id: description: The identifier of the change request. example: "CHM-1234" type: string type: object ChangeRequestDecisionUpdateDataRelationships: description: Relationships for updating a change request decision. properties: change_request_decisions: $ref: "#/components/schemas/ChangeRequestDecisionsRelationship" required: - change_request_decisions type: object ChangeRequestDecisionUpdateRequest: description: Request object to update a change request decision. properties: data: $ref: "#/components/schemas/ChangeRequestDecisionUpdateData" included: $ref: "#/components/schemas/ChangeRequestUpdateIncluded" required: - data type: object ChangeRequestDecisionsRelationship: description: Relationship to change request decisions. properties: data: description: Array of decision relationship data. items: $ref: "#/components/schemas/ChangeRequestDecisionRelationshipData" type: array required: - data type: object ChangeRequestIncluded: description: Included resources related to the change request. items: $ref: "#/components/schemas/ChangeRequestIncludedItem" type: array ChangeRequestIncludedDecision: description: An included change request decision resource. properties: attributes: $ref: "#/components/schemas/ChangeRequestDecisionResponseAttributes" id: description: The decision UUID. example: "decision-id-0" type: string relationships: $ref: "#/components/schemas/ChangeRequestDecisionRelationships" type: $ref: "#/components/schemas/ChangeRequestDecisionResourceType" required: - type - id - attributes type: object ChangeRequestIncludedItem: description: An included resource item in the change request response. oneOf: - $ref: "#/components/schemas/ChangeRequestIncludedUser" - $ref: "#/components/schemas/ChangeRequestIncludedDecision" ChangeRequestIncludedUser: description: An included user resource. properties: attributes: $ref: "#/components/schemas/ChangeRequestIncludedUserAttributes" id: description: The user UUID. example: "00000000-0000-0000-0000-000000000000" type: string type: description: The resource type. example: "user" type: string required: - type - id - attributes type: object ChangeRequestIncludedUserAttributes: description: Attributes of an included user. properties: email: description: The email of the user. example: "john.doe@example.com" type: string handle: description: The handle of the user. example: "john.doe@example.com" type: string name: description: The name of the user. example: "John Doe" type: string required: - name - email - handle type: object ChangeRequestObjectAttributes: additionalProperties: items: description: An attribute value. type: string type: array description: Custom attributes of the change request as key-value pairs. type: object ChangeRequestRelationships: description: Relationships of a change request. properties: change_request_decisions: $ref: "#/components/schemas/ChangeRequestDecisionsRelationship" created_by: $ref: "#/components/schemas/ChangeRequestUserRelationship" modified_by: $ref: "#/components/schemas/ChangeRequestUserRelationship" required: - created_by - modified_by - change_request_decisions type: object ChangeRequestResourceType: description: Change request resource type. enum: - change_request example: change_request type: string x-enum-varnames: - CHANGE_REQUEST ChangeRequestResponse: description: Response object for a change request. properties: data: $ref: "#/components/schemas/ChangeRequestResponseData" included: $ref: "#/components/schemas/ChangeRequestIncluded" required: - data type: object ChangeRequestResponseAttributes: description: Attributes of a change request response. properties: archived_at: description: Timestamp of when the change request was archived. format: date-time nullable: true readOnly: true type: string attributes: $ref: "#/components/schemas/ChangeRequestObjectAttributes" change_request_linked_incident_uuid: description: The UUID of the linked incident. example: "" type: string change_request_maintenance_window_query: description: The maintenance window query for the change request. example: "" type: string change_request_plan: description: The plan associated with the change request. example: "" type: string change_request_risk: $ref: "#/components/schemas/ChangeRequestRiskLevel" change_request_type: $ref: "#/components/schemas/ChangeRequestChangeType" closed_at: description: Timestamp of when the change request was closed. format: date-time nullable: true readOnly: true type: string created_at: description: Timestamp of when the change request was created. example: "2024-01-01T00:00:00Z" format: date-time readOnly: true type: string creation_source: description: The source from which the change request was created. example: "CS_MANUAL" type: string description: description: The description of the change request. example: "Deploying new payment service v2.1" type: string end_date: description: The planned end date of the change request. example: "2024-01-02T15:00:00Z" format: date-time type: string key: description: The human-readable key of the change request. example: "CHM-1234" type: string modified_at: description: Timestamp of when the change request was last modified. example: "2024-01-01T00:00:00Z" format: date-time readOnly: true type: string plan_notebook_id: description: The notebook ID associated with the change request plan. example: 0 format: int64 type: integer priority: description: The priority of the change request. example: "NOT_DEFINED" type: string project_id: description: The project UUID associated with the change request. example: "d4bbe1af-f36e-42f1-87c1-493ca35c320e" type: string start_date: description: The planned start date of the change request. example: "2024-01-01T03:00:00Z" format: date-time type: string status: description: The current status of the change request. example: "OPEN" type: string title: description: The title of the change request. example: "Deploy new payment service" type: string type: description: The case type. example: "CHANGE_REQUEST" type: string required: - key - title - type - priority - status - description - creation_source - plan_notebook_id - project_id - attributes - created_at - modified_at - change_request_type - change_request_risk - change_request_plan - change_request_linked_incident_uuid - change_request_maintenance_window_query type: object ChangeRequestResponseData: description: Data object for a change request response. properties: attributes: $ref: "#/components/schemas/ChangeRequestResponseAttributes" id: description: The identifier of the change request. example: "CHM-1234" type: string relationships: $ref: "#/components/schemas/ChangeRequestRelationships" type: $ref: "#/components/schemas/ChangeRequestResourceType" required: - id - type - attributes type: object ChangeRequestRiskLevel: description: The risk level of the change request. enum: - UNDEFINED - LOW - MEDIUM - HIGH example: LOW type: string x-enum-varnames: - UNDEFINED - LOW - MEDIUM - HIGH ChangeRequestUpdateAttributes: description: Attributes for updating a change request. properties: change_request_plan: description: The plan associated with the change request. example: "Updated deployment plan" type: string change_request_risk: $ref: "#/components/schemas/ChangeRequestRiskLevel" change_request_type: $ref: "#/components/schemas/ChangeRequestChangeType" end_date: description: The planned end date of the change request. example: "2024-01-02T15:00:00Z" format: date-time type: string id: description: The identifier of the change request to update. example: "CHM-1234" type: string start_date: description: The planned start date of the change request. example: "2024-01-01T03:00:00Z" format: date-time type: string type: object ChangeRequestUpdateData: description: Data object to update a change request. properties: attributes: $ref: "#/components/schemas/ChangeRequestUpdateAttributes" relationships: $ref: "#/components/schemas/ChangeRequestUpdateRelationships" type: $ref: "#/components/schemas/ChangeRequestResourceType" required: - type type: object ChangeRequestUpdateIncluded: description: Included resources for the change request update. items: $ref: "#/components/schemas/ChangeRequestDecisionCreateItem" type: array ChangeRequestUpdateRelationships: description: Relationships for updating a change request. properties: change_request_decisions: $ref: "#/components/schemas/ChangeRequestDecisionsRelationship" type: object ChangeRequestUpdateRequest: description: Request object to update a change request. properties: data: $ref: "#/components/schemas/ChangeRequestUpdateData" included: $ref: "#/components/schemas/ChangeRequestUpdateIncluded" required: - data type: object ChangeRequestUserRelationship: description: Relationship to a user. properties: data: $ref: "#/components/schemas/ChangeRequestUserRelationshipData" required: - data type: object ChangeRequestUserRelationshipData: description: User relationship data. nullable: true properties: id: description: The user UUID. example: "00000000-0000-0000-0000-000000000000" type: string type: description: The user resource type. example: "user" type: string required: - id - type type: object ChargebackBreakdown: description: Charges breakdown. properties: charge_type: description: The type of charge for a particular product. example: on_demand type: string cost: description: The cost for a particular product and charge type during a given month. format: double type: number product_name: description: The product for which cost is being reported. example: infra_host type: string type: object CircleCIAPIKey: description: The definition of the `CircleCIAPIKey` object. properties: api_token: description: The `CircleCIAPIKey` `api_token`. example: "" type: string type: $ref: "#/components/schemas/CircleCIAPIKeyType" required: - type - api_token type: object CircleCIAPIKeyType: description: The definition of the `CircleCIAPIKey` object. enum: - CircleCIAPIKey example: CircleCIAPIKey type: string x-enum-varnames: - CIRCLECIAPIKEY CircleCIAPIKeyUpdate: description: The definition of the `CircleCIAPIKey` object. properties: api_token: description: The `CircleCIAPIKeyUpdate` `api_token`. type: string type: $ref: "#/components/schemas/CircleCIAPIKeyType" required: - type type: object CircleCICredentials: description: The definition of the `CircleCICredentials` object. oneOf: - $ref: "#/components/schemas/CircleCIAPIKey" CircleCICredentialsUpdate: description: The definition of the `CircleCICredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/CircleCIAPIKeyUpdate" CircleCIIntegration: description: The definition of the `CircleCIIntegration` object. properties: credentials: $ref: "#/components/schemas/CircleCICredentials" type: $ref: "#/components/schemas/CircleCIIntegrationType" required: - type - credentials type: object CircleCIIntegrationType: description: The definition of the `CircleCIIntegrationType` object. enum: - CircleCI example: CircleCI type: string x-enum-varnames: - CIRCLECI CircleCIIntegrationUpdate: description: The definition of the `CircleCIIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/CircleCICredentialsUpdate" type: $ref: "#/components/schemas/CircleCIIntegrationType" required: - type type: object ClickupAPIKey: description: The definition of the `ClickupAPIKey` object. properties: api_token: description: The `ClickupAPIKey` `api_token`. example: "" type: string type: $ref: "#/components/schemas/ClickupAPIKeyType" required: - type - api_token type: object ClickupAPIKeyType: description: The definition of the `ClickupAPIKey` object. enum: - ClickupAPIKey example: ClickupAPIKey type: string x-enum-varnames: - CLICKUPAPIKEY ClickupAPIKeyUpdate: description: The definition of the `ClickupAPIKey` object. properties: api_token: description: The `ClickupAPIKeyUpdate` `api_token`. type: string type: $ref: "#/components/schemas/ClickupAPIKeyType" required: - type type: object ClickupCredentials: description: The definition of the `ClickupCredentials` object. oneOf: - $ref: "#/components/schemas/ClickupAPIKey" ClickupCredentialsUpdate: description: The definition of the `ClickupCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/ClickupAPIKeyUpdate" ClickupIntegration: description: The definition of the `ClickupIntegration` object. properties: credentials: $ref: "#/components/schemas/ClickupCredentials" type: $ref: "#/components/schemas/ClickupIntegrationType" required: - type - credentials type: object ClickupIntegrationType: description: The definition of the `ClickupIntegrationType` object. enum: - Clickup example: Clickup type: string x-enum-varnames: - CLICKUP ClickupIntegrationUpdate: description: The definition of the `ClickupIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/ClickupCredentialsUpdate" type: $ref: "#/components/schemas/ClickupIntegrationType" required: - type type: object CloudAssetType: description: The cloud asset type enum: - Host - HostImage - Image example: Host type: string x-enum-varnames: - HOST - HOST_IMAGE - IMAGE CloudConfigurationComplianceRuleOptions: additionalProperties: {} description: "Options for cloud_configuration rules.\nFields `resourceType` and `regoRule` are mandatory when managing custom `cloud_configuration` rules." properties: complexRule: description: "Whether the rule is a complex one.\nMust be set to true if `regoRule.resourceTypes` contains more than one item. Defaults to false." type: boolean regoRule: $ref: "#/components/schemas/CloudConfigurationRegoRule" resourceType: description: "Main resource type to be checked by the rule. It should be specified again in `regoRule.resourceTypes`." example: aws_acm type: string type: object CloudConfigurationRegoRule: description: Rule details. properties: policy: description: "The policy written in `rego`, see: https://www.openpolicyagent.org/docs/latest/policy-language/" example: "package datadog\n\nimport data.datadog.output as dd_output\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource) = \"skip\" if {\n # Logic that evaluates to true if the resource should be skipped\n true\n} else = \"pass\" {\n # Logic that evaluates to true if the resource is compliant\n true\n} else = \"fail\" {\n # Logic that evaluates to true if the resource is not compliant\n true\n}\n\n# This part remains unchanged for all rules\nresults contains result if {\n some resource in input.resources[input.main_resource_type]\n result := dd_output.format(resource, eval(resource))\n}" type: string resourceTypes: description: List of resource types that will be evaluated upon. Must have at least one element. example: - gcp_iam_service_account - gcp_iam_policy items: description: A cloud resource type identifier. type: string type: array required: - policy - resourceTypes type: object CloudConfigurationRuleCaseCreate: description: Description of signals. properties: notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" required: - status type: object CloudConfigurationRuleComplianceSignalOptions: description: How to generate compliance signals. Useful for cloud_configuration rules only. properties: defaultActivationStatus: description: The default activation status. nullable: true type: boolean defaultGroupByFields: description: The default group by fields. items: description: A field name used for default grouping. type: string nullable: true type: array userActivationStatus: description: Whether signals will be sent. nullable: true type: boolean userGroupByFields: description: Fields to use to group findings by when sending signals. items: description: A field name to group findings by. type: string nullable: true type: array type: object CloudConfigurationRuleCreatePayload: description: Create a new cloud configuration rule. properties: cases: description: "Description of generated findings and signals (severity and channels to be notified in case of a signal). Must contain exactly one item." items: $ref: "#/components/schemas/CloudConfigurationRuleCaseCreate" type: array complianceSignalOptions: $ref: "#/components/schemas/CloudConfigurationRuleComplianceSignalOptions" filters: description: Additional queries to filter matched events before they are processed. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message in markdown format for generated findings and signals. example: "#Description\nExplanation of the rule.\n\n#Remediation\nHow to fix the security issue." type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: "#/components/schemas/CloudConfigurationRuleOptions" tags: description: Tags for generated findings and signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: "#/components/schemas/CloudConfigurationRuleType" required: - name - isEnabled - options - complianceSignalOptions - cases - message type: object CloudConfigurationRuleOptions: description: Options on cloud configuration rules. properties: complianceRuleOptions: $ref: "#/components/schemas/CloudConfigurationComplianceRuleOptions" required: - complianceRuleOptions type: object CloudConfigurationRulePayload: description: The payload of a cloud configuration rule. properties: cases: description: "Description of generated findings and signals (severity and channels to be notified in case of a signal). Must contain exactly one item." items: $ref: "#/components/schemas/CloudConfigurationRuleCaseCreate" type: array complianceSignalOptions: $ref: "#/components/schemas/CloudConfigurationRuleComplianceSignalOptions" customMessage: description: Custom/Overridden message for generated signals (used in case of Default rule update). type: string customName: description: Custom/Overridden name of the rule (used in case of Default rule update). type: string filters: description: Additional queries to filter matched events before they are processed. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message in markdown format for generated findings and signals. example: "#Description\nExplanation of the rule.\n\n#Remediation\nHow to fix the security issue." type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: "#/components/schemas/CloudConfigurationRuleOptions" tags: description: Tags for generated findings and signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: "#/components/schemas/CloudConfigurationRuleType" required: - name - isEnabled - options - complianceSignalOptions - cases - message type: object CloudConfigurationRuleType: description: The rule type. enum: - cloud_configuration type: string x-enum-varnames: - CLOUD_CONFIGURATION CloudInventoryCloudProviderId: description: |- Cloud provider for this sync configuration (`aws`, `gcp`, or `azure`). For requests, must match the provider block supplied under `attributes`. enum: - aws - gcp - azure example: aws type: string x-enum-varnames: - AWS - GCP - AZURE CloudInventoryCloudProviderRequestType: description: Always `cloud_provider`. enum: - cloud_provider example: cloud_provider type: string x-enum-varnames: - CLOUD_PROVIDER CloudInventorySyncConfigAWSRequestAttributes: description: AWS settings for the S3 bucket Storage Management reads inventory reports from. properties: aws_account_id: description: AWS account ID that owns the inventory bucket. example: "123456789012" type: string destination_bucket_name: description: Name of the S3 bucket containing inventory files. example: my-inventory-bucket type: string destination_bucket_region: description: AWS Region of the inventory bucket. example: us-east-1 type: string destination_prefix: description: Object key prefix where inventory reports are written. Omit or set to `/` when reports are written at the bucket root. example: logs/ type: string required: - aws_account_id - destination_bucket_name - destination_bucket_region type: object CloudInventorySyncConfigAttributes: description: Attributes for a Storage Management configuration. Fields other than `id` may be empty in the response immediately after a create or update; subsequent reads return the full configuration. properties: aws_account_id: description: AWS account ID for the inventory bucket. example: "123456789012" type: string aws_bucket_name: description: AWS S3 bucket name for inventory files. example: my-inventory-bucket type: string aws_region: description: AWS Region for the inventory bucket. example: us-east-1 type: string azure_client_id: description: Azure AD application (client) ID. example: 11111111-1111-1111-1111-111111111111 type: string azure_container_name: description: Azure blob container name. example: inventory-container type: string azure_storage_account_name: description: Azure storage account name. example: mystorageaccount type: string azure_tenant_id: description: Azure AD tenant ID. example: 22222222-2222-2222-2222-222222222222 type: string cloud_provider: $ref: "#/components/schemas/CloudInventoryCloudProviderId" error: description: Human-readable error detail when sync is unhealthy. example: "" readOnly: true type: string error_code: description: Machine-readable error code when sync is unhealthy. example: "" readOnly: true type: string gcp_bucket_name: description: GCS bucket name for inventory files Datadog reads. example: my-inventory-reports type: string gcp_project_id: description: GCP project ID. example: my-gcp-project type: string gcp_service_account_email: description: Service account email for bucket access. example: reader@my-gcp-project.iam.gserviceaccount.com type: string prefix: description: Object key prefix where inventory reports are written. Returns `/` when reports are written at the bucket root. example: logs/ readOnly: true type: string required: - aws_bucket_name - aws_account_id - aws_region - azure_storage_account_name - azure_container_name - azure_client_id - azure_tenant_id - gcp_bucket_name - gcp_project_id - gcp_service_account_email - cloud_provider - prefix - error - error_code type: object CloudInventorySyncConfigAzureRequestAttributes: description: Azure settings for the storage account and container with inventory data. properties: client_id: description: Azure AD application (client) ID used for access. example: 11111111-1111-1111-1111-111111111111 type: string container: description: Blob container name. example: inventory-container type: string resource_group: description: Resource group containing the storage account. example: my-resource-group type: string storage_account: description: Storage account name. example: mystorageaccount type: string subscription_id: description: Azure subscription ID. example: 33333333-3333-3333-3333-333333333333 type: string tenant_id: description: Azure AD tenant ID. example: 22222222-2222-2222-2222-222222222222 type: string required: - client_id - tenant_id - subscription_id - resource_group - storage_account - container type: object CloudInventorySyncConfigGCPRequestAttributes: description: GCP settings for buckets involved in inventory reporting. properties: destination_bucket_name: description: GCS bucket name where Datadog reads inventory reports. example: my-inventory-reports type: string project_id: description: GCP project ID for the inventory destination bucket. example: my-gcp-project type: string service_account_email: description: Service account email used to read the destination bucket. example: reader@my-gcp-project.iam.gserviceaccount.com type: string source_bucket_name: description: GCS bucket name that inventory reports are generated for. example: my-monitored-bucket type: string required: - project_id - destination_bucket_name - source_bucket_name - service_account_email type: object CloudInventorySyncConfigResourceType: description: Always `sync_configs`. enum: - sync_configs example: sync_configs type: string x-enum-varnames: - SYNC_CONFIGS CloudInventorySyncConfigResponse: description: Storage Management configuration returned after a create or update. Additional read-only fields appear on list and get responses. properties: data: $ref: "#/components/schemas/CloudInventorySyncConfigResponseData" required: - data type: object CloudInventorySyncConfigResponseData: description: Storage Management configuration data. properties: attributes: $ref: "#/components/schemas/CloudInventorySyncConfigAttributes" id: description: Unique identifier for this Storage Management configuration. example: abc123 type: string type: $ref: "#/components/schemas/CloudInventorySyncConfigResourceType" required: - id - type - attributes type: object CloudWorkloadSecurityAgentPoliciesListResponse: description: "Response object that includes a list of Agent policies" properties: data: description: "A list of Agent policy objects" items: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyData" type: array type: object CloudWorkloadSecurityAgentPolicyAttributes: description: "A Cloud Workload Security Agent policy returned by the API" properties: blockingRulesCount: description: "The number of rules with the blocking feature in this policy" example: 100 format: int32 maximum: 2147483647 type: integer datadogManaged: description: "Whether the policy is managed by Datadog" example: false type: boolean description: description: "The description of the policy" example: "My agent policy" type: string disabledRulesCount: description: "The number of rules that are disabled in this policy" example: 100 format: int32 maximum: 2147483647 type: integer enabled: description: "Whether the Agent policy is enabled" example: true type: boolean hostTags: description: "The host tags defining where this policy is deployed" items: description: "A host tag used to identify where this policy is deployed." type: string type: array hostTagsLists: description: "The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR" items: description: "A list of host tags linked with AND logic." items: description: "A host tag used to filter the deployment scope." type: string type: array type: array monitoringRulesCount: description: "The number of rules in the monitoring state in this policy" example: 100 format: int32 maximum: 2147483647 type: integer name: description: "The name of the policy" example: "my_agent_policy" type: string pinned: description: "Whether the policy is pinned" example: false type: boolean policyType: description: "The type of the policy" example: "policy" type: string policyVersion: description: "The version of the policy" example: "1" type: string priority: description: "The priority of the policy" example: 10 format: int64 type: integer ruleCount: description: "The number of rules in this policy" example: 100 format: int32 maximum: 2147483647 type: integer updateDate: description: "Timestamp in milliseconds when the policy was last updated" example: 1624366480320 format: int64 type: integer updatedAt: description: "When the policy was last updated, timestamp in milliseconds" example: 1624366480320 format: int64 type: integer updater: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdaterAttributes" versions: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyVersions" type: object CloudWorkloadSecurityAgentPolicyCreateAttributes: description: "Create a new Cloud Workload Security Agent policy" properties: description: description: "The description of the policy" example: "My agent policy" type: string enabled: description: "Whether the policy is enabled" example: true type: boolean hostTags: description: "The host tags defining where this policy is deployed" items: description: "A host tag used to identify where this policy is deployed." type: string type: array hostTagsLists: description: "The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR" items: description: "A list of host tags linked with AND logic." items: description: "A host tag used to filter the deployment scope." type: string type: array type: array name: description: "The name of the policy" example: "my_agent_policy" type: string required: - name type: object CloudWorkloadSecurityAgentPolicyCreateData: description: "Object for a single Agent rule" properties: attributes: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyCreateAttributes" type: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyType" required: - attributes - type type: object CloudWorkloadSecurityAgentPolicyCreateRequest: description: "Request object that includes the Agent policy to create" properties: data: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyCreateData" required: - data type: object CloudWorkloadSecurityAgentPolicyData: description: "Object for a single Agent policy" properties: attributes: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyAttributes" id: description: "The ID of the Agent policy" example: "6517fcc1-cec7-4394-a655-8d6e9d085255" type: string type: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyType" type: object CloudWorkloadSecurityAgentPolicyID: description: "The ID of the Agent policy" example: "6517fcc1-cec7-4394-a655-8d6e9d085255" type: string CloudWorkloadSecurityAgentPolicyResponse: description: "Response object that includes an Agent policy" properties: data: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyData" type: object CloudWorkloadSecurityAgentPolicyType: default: policy description: "The type of the resource, must always be `policy`" enum: - policy example: policy type: string x-enum-varnames: ["POLICY"] CloudWorkloadSecurityAgentPolicyUpdateAttributes: description: "Update an existing Cloud Workload Security Agent policy" properties: description: description: "The description of the policy" example: "My agent policy" type: string enabled: description: "Whether the policy is enabled" example: true type: boolean hostTags: description: "The host tags defining where this policy is deployed" items: description: "A host tag used to identify where this policy is deployed." type: string type: array hostTagsLists: description: "The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR" items: description: "A list of host tags linked with AND logic." items: description: "A host tag used to filter the deployment scope." type: string type: array type: array name: description: "The name of the policy" example: "my_agent_policy" type: string type: object CloudWorkloadSecurityAgentPolicyUpdateData: description: "Object for a single Agent policy" properties: attributes: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdateAttributes" id: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyID" type: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyType" required: - attributes - type type: object CloudWorkloadSecurityAgentPolicyUpdateRequest: description: "Request object that includes the Agent policy with the attributes to update" properties: data: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdateData" required: - data type: object CloudWorkloadSecurityAgentPolicyUpdaterAttributes: description: "The attributes of the user who last updated the policy" properties: handle: description: "The handle of the user" example: "datadog.user@example.com" type: string name: description: "The name of the user" example: "Datadog User" nullable: true type: string type: object CloudWorkloadSecurityAgentPolicyVersion: description: "The versions of the policy" properties: date: description: "The date and time the version was created" nullable: true type: string name: description: "The version of the policy" example: "1.47.0-rc2" type: string type: object CloudWorkloadSecurityAgentPolicyVersions: description: "The versions of the policy" items: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyVersion" type: array CloudWorkloadSecurityAgentRuleAction: description: "The action the rule can perform if triggered" properties: filter: description: "SECL expression used to target the container to apply the action on" type: string hash: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleActionHash" kill: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleKill" metadata: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleActionMetadata" set: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet" type: object CloudWorkloadSecurityAgentRuleActionHash: description: "Hash file specified by the field attribute" properties: field: description: "The field of the hash action" type: string type: object CloudWorkloadSecurityAgentRuleActionMetadata: description: "The metadata action applied on the scope matching the rule" properties: image_tag: description: "The image tag of the metadata action" type: string service: description: "The service of the metadata action" type: string short_image: description: "The short image of the metadata action" type: string type: object CloudWorkloadSecurityAgentRuleActionSet: description: "The set action applied on the scope matching the rule" properties: append: description: "Whether the value should be appended to the field." type: boolean default_value: description: "The default value of the set action" type: string expression: description: "The expression of the set action." type: string field: description: "The field of the set action" type: string inherited: description: "Whether the value should be inherited." type: boolean name: description: "The name of the set action" type: string scope: description: "The scope of the set action." type: string size: description: "The size of the set action." format: int64 type: integer ttl: description: "The time to live of the set action." format: int64 type: integer value: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleActionSetValue" type: object CloudWorkloadSecurityAgentRuleActionSetValue: description: "The value of the set action" oneOf: - type: string - type: integer - type: boolean CloudWorkloadSecurityAgentRuleActions: description: "The array of actions the rule can perform if triggered" items: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleAction" nullable: true type: array CloudWorkloadSecurityAgentRuleAttributes: description: "A Cloud Workload Security Agent rule returned by the API" properties: actions: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleActions" agentConstraint: description: "The version of the Agent" type: string blocking: description: "The blocking policies that the rule belongs to" items: description: "The ID of a blocking policy that this rule belongs to." type: string type: array category: description: "The category of the Agent rule" example: "Process Activity" type: string creationAuthorUuId: description: "The ID of the user who created the rule" example: e51c9744-d158-11ec-ad23-da7ad0900002 type: string creationDate: description: "When the Agent rule was created, timestamp in milliseconds" example: 1624366480320 format: int64 type: integer creator: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleCreatorAttributes" defaultRule: description: "Whether the rule is included by default" example: false type: boolean description: description: "The description of the Agent rule" example: "My Agent rule" type: string disabled: description: "The disabled policies that the rule belongs to" items: description: "The ID of a disabled policy that this rule belongs to." type: string type: array enabled: description: "Whether the Agent rule is enabled" example: true type: boolean expression: description: "The SECL expression of the Agent rule" example: 'exec.file.name == "sh"' type: string filters: description: "The platforms the Agent rule is supported on" items: description: "A platform filter that the Agent rule is supported on." type: string type: array monitoring: description: "The monitoring policies that the rule belongs to" items: description: "The ID of a monitoring policy that this rule belongs to." type: string type: array name: description: "The name of the Agent rule" example: "my_agent_rule" type: string product_tags: description: "The list of product tags associated with the rule" items: description: "A product tag associated with the rule." type: string type: array silent: description: "Whether the rule is silent." example: false type: boolean updateAuthorUuId: description: "The ID of the user who updated the rule" example: e51c9744-d158-11ec-ad23-da7ad0900002 type: string updateDate: description: "Timestamp in milliseconds when the Agent rule was last updated" example: 1624366480320 format: int64 type: integer updatedAt: description: "When the Agent rule was last updated, timestamp in milliseconds" example: 1624366480320 format: int64 type: integer updater: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleUpdaterAttributes" version: description: "The version of the Agent rule" example: 23 format: int64 type: integer type: object CloudWorkloadSecurityAgentRuleCreateAttributes: description: "Create a new Cloud Workload Security Agent rule." properties: actions: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleActions" agent_version: description: "Constrain the rule to specific versions of the Datadog Agent." type: string blocking: description: "The blocking policies that the rule belongs to." items: description: "The ID of a blocking policy that this rule belongs to." type: string type: array description: description: "The description of the Agent rule." example: "My Agent rule" type: string disabled: description: "The disabled policies that the rule belongs to." items: description: "The ID of a disabled policy that this rule belongs to." type: string type: array enabled: description: "Whether the Agent rule is enabled." example: true type: boolean expression: description: "The SECL expression of the Agent rule." example: 'exec.file.name == "sh"' type: string filters: description: "The platforms the Agent rule is supported on." items: description: "A platform filter that the Agent rule is supported on." type: string type: array monitoring: description: "The monitoring policies that the rule belongs to." items: description: "The ID of a monitoring policy that this rule belongs to." type: string type: array name: description: "The name of the Agent rule." example: "my_agent_rule" type: string policy_id: description: "The ID of the policy where the Agent rule is saved." example: "a8c8e364-6556-434d-b798-a4c23de29c0b" type: string product_tags: description: "The list of product tags associated with the rule." items: description: "A product tag associated with the rule." type: string type: array silent: description: "Whether the rule is silent." example: false type: boolean required: - name - expression type: object CloudWorkloadSecurityAgentRuleCreateData: description: "Object for a single Agent rule" properties: attributes: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleCreateAttributes" type: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleType" required: - attributes - type type: object CloudWorkloadSecurityAgentRuleCreateRequest: description: "Request object that includes the Agent rule to create" properties: data: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleCreateData" required: - data type: object CloudWorkloadSecurityAgentRuleCreatorAttributes: description: "The attributes of the user who created the Agent rule" properties: handle: description: "The handle of the user" example: "datadog.user@example.com" type: string name: description: "The name of the user" example: "Datadog User" nullable: true type: string type: object CloudWorkloadSecurityAgentRuleData: description: "Object for a single Agent rule" properties: attributes: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleAttributes" id: description: "The ID of the Agent rule" example: "3dd-0uc-h1s" type: string type: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleType" type: object CloudWorkloadSecurityAgentRuleID: description: "The ID of the Agent rule" example: "3dd-0uc-h1s" type: string CloudWorkloadSecurityAgentRuleKill: description: "Kill system call applied on the container matching the rule" properties: signal: description: "Supported signals for the kill system call" type: string type: object CloudWorkloadSecurityAgentRuleResponse: description: "Response object that includes an Agent rule" properties: data: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleData" type: object CloudWorkloadSecurityAgentRuleType: default: agent_rule description: "The type of the resource, must always be `agent_rule`" enum: - agent_rule example: agent_rule type: string x-enum-varnames: ["AGENT_RULE"] CloudWorkloadSecurityAgentRuleUpdateAttributes: description: "Update an existing Cloud Workload Security Agent rule" properties: actions: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleActions" agent_version: description: "Constrain the rule to specific versions of the Datadog Agent" type: string blocking: description: "The blocking policies that the rule belongs to" items: description: "The ID of a blocking policy that this rule belongs to." type: string type: array description: description: "The description of the Agent rule" example: "My Agent rule" type: string disabled: description: "The disabled policies that the rule belongs to" items: description: "The ID of a disabled policy that this rule belongs to." type: string type: array enabled: description: "Whether the Agent rule is enabled" example: true type: boolean expression: description: "The SECL expression of the Agent rule" example: 'exec.file.name == "sh"' type: string monitoring: description: "The monitoring policies that the rule belongs to" items: description: "The ID of a monitoring policy that this rule belongs to." type: string type: array policy_id: description: "The ID of the policy where the Agent rule is saved" example: "a8c8e364-6556-434d-b798-a4c23de29c0b" type: string product_tags: description: "The list of product tags associated with the rule" items: description: "A product tag associated with the rule." type: string type: array silent: description: "Whether the rule is silent." example: false type: boolean type: object CloudWorkloadSecurityAgentRuleUpdateData: description: "Object for a single Agent rule" properties: attributes: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateAttributes" id: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleID" type: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleType" required: - attributes - type type: object CloudWorkloadSecurityAgentRuleUpdateRequest: description: "Request object that includes the Agent rule with the attributes to update" properties: data: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateData" required: - data type: object CloudWorkloadSecurityAgentRuleUpdaterAttributes: description: "The attributes of the user who last updated the Agent rule" properties: handle: description: "The handle of the user" example: "datadog.user@example.com" type: string name: description: "The name of the user" example: "Datadog User" nullable: true type: string type: object CloudWorkloadSecurityAgentRulesListResponse: description: "Response object that includes a list of Agent rule" properties: data: description: "A list of Agent rules objects" items: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleData" type: array type: object CloudflareAPIToken: description: The definition of the `CloudflareAPIToken` object. properties: api_token: description: The `CloudflareAPIToken` `api_token`. example: "" type: string type: $ref: "#/components/schemas/CloudflareAPITokenType" required: - type - api_token type: object CloudflareAPITokenType: description: The definition of the `CloudflareAPIToken` object. enum: - CloudflareAPIToken example: CloudflareAPIToken type: string x-enum-varnames: - CLOUDFLAREAPITOKEN CloudflareAPITokenUpdate: description: The definition of the `CloudflareAPIToken` object. properties: api_token: description: The `CloudflareAPITokenUpdate` `api_token`. type: string type: $ref: "#/components/schemas/CloudflareAPITokenType" required: - type type: object CloudflareAccountCreateRequest: description: Payload schema when adding a Cloudflare account. properties: data: $ref: "#/components/schemas/CloudflareAccountCreateRequestData" required: - data type: object CloudflareAccountCreateRequestAttributes: description: Attributes object for creating a Cloudflare account. properties: api_key: description: The API key (or token) for the Cloudflare account. example: "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" type: string email: description: The email associated with the Cloudflare account. If an API key is provided (and not a token), this field is also required. example: "test-email@example.com" type: string name: description: The name of the Cloudflare account. example: "test-name" type: string resources: description: An allowlist of resources to restrict pulling metrics for including `'web', 'dns', 'lb' (load balancer), 'worker'`. example: ["web", "dns", "lb", "worker"] items: description: A Cloudflare resource type (for example, `web`, `dns`, `lb`, `worker`). type: string type: array zones: description: An allowlist of zones to restrict pulling metrics for. example: ["zone_id_1", "zone_id_2"] items: description: A Cloudflare zone ID to restrict pulling metrics for. type: string type: array required: - api_key - name type: object CloudflareAccountCreateRequestData: description: Data object for creating a Cloudflare account. properties: attributes: $ref: "#/components/schemas/CloudflareAccountCreateRequestAttributes" type: $ref: "#/components/schemas/CloudflareAccountType" required: - attributes - type type: object CloudflareAccountResponse: description: The expected response schema when getting a Cloudflare account. properties: data: $ref: "#/components/schemas/CloudflareAccountResponseData" type: object CloudflareAccountResponseAttributes: description: Attributes object of a Cloudflare account. properties: email: description: The email associated with the Cloudflare account. example: "test-email@example.com" type: string name: description: The name of the Cloudflare account. example: "test-name" type: string resources: description: An allowlist of resources, such as `web`, `dns`, `lb` (load balancer), `worker`, that restricts pulling metrics from those resources. example: ["web", "dns", "lb", "worker"] items: description: A Cloudflare resource type (for example, `web`, `dns`, `lb`, `worker`). type: string type: array zones: description: An allowlist of zones to restrict pulling metrics for. example: ["zone_id_1", "zone_id_2"] items: description: A Cloudflare zone ID to restrict pulling metrics for. type: string type: array required: - name type: object CloudflareAccountResponseData: description: Data object of a Cloudflare account. properties: attributes: $ref: "#/components/schemas/CloudflareAccountResponseAttributes" id: description: The ID of the Cloudflare account, a hash of the account name. example: "c1a8e059bfd1e911cf10b626340c9a54" type: string type: $ref: "#/components/schemas/CloudflareAccountType" required: - attributes - id - type type: object CloudflareAccountType: default: cloudflare-accounts description: The JSON:API type for this API. Should always be `cloudflare-accounts`. enum: - cloudflare-accounts example: cloudflare-accounts type: string x-enum-varnames: - CLOUDFLARE_ACCOUNTS CloudflareAccountUpdateRequest: description: Payload schema when updating a Cloudflare account. properties: data: $ref: "#/components/schemas/CloudflareAccountUpdateRequestData" required: - data type: object CloudflareAccountUpdateRequestAttributes: description: Attributes object for updating a Cloudflare account. properties: api_key: description: The API key of the Cloudflare account. example: "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" type: string email: description: The email associated with the Cloudflare account. If an API key is provided (and not a token), this field is also required. example: "test-email@example.com" type: string name: description: The name of the Cloudflare account. type: string resources: description: An allowlist of resources to restrict pulling metrics for including `'web', 'dns', 'lb' (load balancer), 'worker'`. example: ["web", "dns", "lb", "worker"] items: description: A Cloudflare resource type (for example, `web`, `dns`, `lb`, `worker`). type: string type: array zones: description: An allowlist of zones to restrict pulling metrics for. example: ["zone_id_1", "zone_id_2"] items: description: A Cloudflare zone ID to restrict pulling metrics for. type: string type: array required: - api_key type: object CloudflareAccountUpdateRequestData: description: Data object for updating a Cloudflare account. properties: attributes: $ref: "#/components/schemas/CloudflareAccountUpdateRequestAttributes" type: $ref: "#/components/schemas/CloudflareAccountType" type: object CloudflareAccountsResponse: description: The expected response schema when getting Cloudflare accounts. properties: data: description: The JSON:API data schema. items: $ref: "#/components/schemas/CloudflareAccountResponseData" type: array type: object CloudflareCredentials: description: The definition of the `CloudflareCredentials` object. oneOf: - $ref: "#/components/schemas/CloudflareAPIToken" - $ref: "#/components/schemas/CloudflareGlobalAPIToken" CloudflareCredentialsUpdate: description: The definition of the `CloudflareCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/CloudflareAPITokenUpdate" - $ref: "#/components/schemas/CloudflareGlobalAPITokenUpdate" CloudflareGlobalAPIToken: description: The definition of the `CloudflareGlobalAPIToken` object. properties: auth_email: description: The `CloudflareGlobalAPIToken` `auth_email`. example: "" type: string global_api_key: description: The `CloudflareGlobalAPIToken` `global_api_key`. example: "" type: string type: $ref: "#/components/schemas/CloudflareGlobalAPITokenType" required: - type - auth_email - global_api_key type: object CloudflareGlobalAPITokenType: description: The definition of the `CloudflareGlobalAPIToken` object. enum: - CloudflareGlobalAPIToken example: CloudflareGlobalAPIToken type: string x-enum-varnames: - CLOUDFLAREGLOBALAPITOKEN CloudflareGlobalAPITokenUpdate: description: The definition of the `CloudflareGlobalAPIToken` object. properties: auth_email: description: The `CloudflareGlobalAPITokenUpdate` `auth_email`. type: string global_api_key: description: The `CloudflareGlobalAPITokenUpdate` `global_api_key`. type: string type: $ref: "#/components/schemas/CloudflareGlobalAPITokenType" required: - type type: object CloudflareIntegration: description: The definition of the `CloudflareIntegration` object. properties: credentials: $ref: "#/components/schemas/CloudflareCredentials" type: $ref: "#/components/schemas/CloudflareIntegrationType" required: - type - credentials type: object CloudflareIntegrationType: description: The definition of the `CloudflareIntegrationType` object. enum: - Cloudflare example: Cloudflare type: string x-enum-varnames: - CLOUDFLARE CloudflareIntegrationUpdate: description: The definition of the `CloudflareIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/CloudflareCredentialsUpdate" type: $ref: "#/components/schemas/CloudflareIntegrationType" required: - type type: object CodeLocation: description: Code vulnerability location. properties: file_path: description: Vulnerability location file path. example: "src/Class.java:100" type: string location: description: Vulnerability extracted location. example: "com.example.Class:100" type: string method: description: Vulnerability location method. example: FooBar type: string required: - location type: object CommitCoverageSummaryRequest: description: Request object for getting code coverage summary for a commit. properties: data: $ref: "#/components/schemas/CommitCoverageSummaryRequestData" required: - data type: object CommitCoverageSummaryRequestAttributes: description: Attributes for requesting code coverage summary for a commit. properties: commit_sha: description: The commit SHA (40-character hexadecimal string). example: 66adc9350f2cc9b250b69abddab733dd55e1a588 pattern: "^[a-fA-F0-9]{40}$" type: string repository_id: description: The repository identifier. example: github.com/datadog/shopist minLength: 1 type: string required: - repository_id - commit_sha type: object CommitCoverageSummaryRequestData: description: Data object for commit summary request. properties: attributes: $ref: "#/components/schemas/CommitCoverageSummaryRequestAttributes" type: $ref: "#/components/schemas/CommitCoverageSummaryRequestType" required: - type - attributes type: object CommitCoverageSummaryRequestType: description: JSON:API type for commit coverage summary request. The value must always be `ci_app_coverage_commit_summary_request`. enum: - ci_app_coverage_commit_summary_request example: ci_app_coverage_commit_summary_request type: string x-enum-varnames: - CI_APP_COVERAGE_COMMIT_SUMMARY_REQUEST CompletionCondition: description: The definition of `CompletionCondition` object. properties: operand1: description: The `CompletionCondition` `operand1`. operand2: description: The `CompletionCondition` `operand2`. operator: $ref: "#/components/schemas/CompletionConditionOperator" required: - operand1 - operator type: object CompletionConditionOperator: description: The definition of `CompletionConditionOperator` object. enum: - OPERATOR_EQUAL - OPERATOR_NOT_EQUAL - OPERATOR_GREATER_THAN - OPERATOR_LESS_THAN - OPERATOR_GREATER_THAN_OR_EQUAL_TO - OPERATOR_LESS_THAN_OR_EQUAL_TO - OPERATOR_CONTAINS - OPERATOR_DOES_NOT_CONTAIN - OPERATOR_IS_NULL - OPERATOR_IS_NOT_NULL - OPERATOR_IS_EMPTY - OPERATOR_IS_NOT_EMPTY example: OPERATOR_EQUAL type: string x-enum-varnames: - OPERATOR_EQUAL - OPERATOR_NOT_EQUAL - OPERATOR_GREATER_THAN - OPERATOR_LESS_THAN - OPERATOR_GREATER_THAN_OR_EQUAL_TO - OPERATOR_LESS_THAN_OR_EQUAL_TO - OPERATOR_CONTAINS - OPERATOR_DOES_NOT_CONTAIN - OPERATOR_IS_NULL - OPERATOR_IS_NOT_NULL - OPERATOR_IS_EMPTY - OPERATOR_IS_NOT_EMPTY CompletionGate: description: Used to create conditions before running subsequent actions. properties: completionCondition: $ref: "#/components/schemas/CompletionCondition" retryStrategy: $ref: "#/components/schemas/RetryStrategy" required: - completionCondition - retryStrategy type: object Component: description: "[Definition of a UI component in the app](https://docs.datadoghq.com/service_management/app_builder/components/)" properties: events: description: Events to listen for on the UI component. items: $ref: "#/components/schemas/AppBuilderEvent" type: array id: description: The ID of the UI component. This property is deprecated; use `name` to identify individual components instead. nullable: true type: string name: description: A unique identifier for this UI component. This name is also visible in the app editor. example: "" type: string properties: $ref: "#/components/schemas/ComponentProperties" type: $ref: "#/components/schemas/ComponentType" required: - name - type - properties type: object ComponentGrid: description: A grid component. The grid component is the root canvas for an app and contains all other components. properties: events: description: Events to listen for on the grid component. items: $ref: "#/components/schemas/AppBuilderEvent" type: array id: description: The ID of the grid component. This property is deprecated; use `name` to identify individual components instead. type: string name: description: A unique identifier for this grid component. This name is also visible in the app editor. example: "" type: string properties: $ref: "#/components/schemas/ComponentGridProperties" type: $ref: "#/components/schemas/ComponentGridType" required: - name - type - properties type: object ComponentGridProperties: description: Properties of a grid component. properties: backgroundColor: default: default description: The background color of the grid. type: string children: description: The child components of the grid. items: $ref: "#/components/schemas/Component" type: array isVisible: $ref: "#/components/schemas/ComponentGridPropertiesIsVisible" type: object ComponentGridPropertiesIsVisible: description: Whether the grid component and its children are visible. If a string, it must be a valid JavaScript expression that evaluates to a boolean. oneOf: - type: string - default: true type: boolean ComponentGridType: default: grid description: The grid component type. enum: - grid example: grid type: string x-enum-varnames: - GRID ComponentProperties: additionalProperties: {} description: Properties of a UI component. Different component types can have their own additional unique properties. See the [components documentation](https://docs.datadoghq.com/service_management/app_builder/components/) for more detail on each component type and its properties. properties: children: description: The child components of the UI component. items: $ref: "#/components/schemas/Component" type: array isVisible: $ref: "#/components/schemas/ComponentPropertiesIsVisible" type: object ComponentPropertiesIsVisible: description: Whether the UI component is visible. If this is a string, it must be a valid JavaScript expression that evaluates to a boolean. oneOf: - type: boolean - description: "If this is a string, it must be a valid JavaScript expression that evaluates to a boolean." example: "${true}" type: string ComponentRecommendation: description: Resource recommendation for a single Spark component (driver or executor). Contains estimation data used to patch Spark job specs. properties: estimation: $ref: "#/components/schemas/Estimation" required: [estimation] type: object ComponentType: description: The UI component type. enum: - table - textInput - textArea - button - text - select - modal - schemaForm - checkbox - tabs - vegaChart - radioButtons - numberInput - fileInput - jsonInput - gridCell - dateRangePicker - search - container - calloutValue example: text type: string x-enum-varnames: - TABLE - TEXTINPUT - TEXTAREA - BUTTON - TEXT - SELECT - MODAL - SCHEMAFORM - CHECKBOX - TABS - VEGACHART - RADIOBUTTONS - NUMBERINPUT - FILEINPUT - JSONINPUT - GRIDCELL - DATERANGEPICKER - SEARCH - CONTAINER - CALLOUTVALUE Condition: description: Targeting condition details. properties: attribute: description: The user or request attribute to evaluate. example: "country" type: string created_at: description: The timestamp when the condition was created. example: "2024-01-01T12:00:00Z" format: date-time type: string id: description: The unique identifier of the condition. example: "550e8400-e29b-41d4-a716-446655440070" format: uuid type: string operator: $ref: "#/components/schemas/ConditionOperator" updated_at: description: The timestamp when the condition was last updated. example: "2024-01-01T12:00:00Z" format: date-time type: string value: description: Values used by the selected operator. example: ["US", "CA"] items: description: Target value for the selected operator. type: string type: array required: - id - operator - attribute - value - created_at - updated_at type: object ConditionOperator: description: The operator used in a targeting condition. enum: - LT - LTE - GT - GTE - MATCHES - NOT_MATCHES - ONE_OF - NOT_ONE_OF - IS_NULL - EQUALS example: "ONE_OF" type: string x-enum-varnames: - LT - LTE - GT - GTE - MATCHES - NOT_MATCHES - ONE_OF - NOT_ONE_OF - IS_NULL - EQUALS ConditionRequest: description: Condition request payload for targeting rules. properties: attribute: description: The user or request attribute to evaluate. example: "user_tier" type: string operator: $ref: "#/components/schemas/ConditionOperator" value: description: Values used by the selected operator. example: ["premium", "enterprise"] items: description: Target value for the selected operator. type: string type: array required: - operator - attribute - value type: object ConfigCatCredentials: description: The definition of the `ConfigCatCredentials` object. oneOf: - $ref: "#/components/schemas/ConfigCatSDKKey" ConfigCatCredentialsUpdate: description: The definition of the `ConfigCatCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/ConfigCatSDKKeyUpdate" ConfigCatIntegration: description: The definition of the `ConfigCatIntegration` object. properties: credentials: $ref: "#/components/schemas/ConfigCatCredentials" type: $ref: "#/components/schemas/ConfigCatIntegrationType" required: - type - credentials type: object ConfigCatIntegrationType: description: The definition of the `ConfigCatIntegrationType` object. enum: - ConfigCat example: ConfigCat type: string x-enum-varnames: - CONFIGCAT ConfigCatIntegrationUpdate: description: The definition of the `ConfigCatIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/ConfigCatCredentialsUpdate" type: $ref: "#/components/schemas/ConfigCatIntegrationType" required: - type type: object ConfigCatSDKKey: description: The definition of the `ConfigCatSDKKey` object. properties: api_password: description: The `ConfigCatSDKKey` `api_password`. example: "" type: string api_username: description: The `ConfigCatSDKKey` `api_username`. example: "" type: string sdk_key: description: The `ConfigCatSDKKey` `sdk_key`. example: "" type: string type: $ref: "#/components/schemas/ConfigCatSDKKeyType" required: - type - sdk_key - api_username - api_password type: object ConfigCatSDKKeyType: description: The definition of the `ConfigCatSDKKey` object. enum: - ConfigCatSDKKey example: ConfigCatSDKKey type: string x-enum-varnames: - CONFIGCATSDKKEY ConfigCatSDKKeyUpdate: description: The definition of the `ConfigCatSDKKey` object. properties: api_password: description: The `ConfigCatSDKKeyUpdate` `api_password`. type: string api_username: description: The `ConfigCatSDKKeyUpdate` `api_username`. type: string sdk_key: description: The `ConfigCatSDKKeyUpdate` `sdk_key`. type: string type: $ref: "#/components/schemas/ConfigCatSDKKeyType" required: - type type: object ConfiguredSchedule: description: "Full resource representation of a configured schedule target with position (previous, current, or next)." properties: attributes: $ref: "#/components/schemas/ConfiguredScheduleTargetAttributes" id: description: "Specifies the unique identifier of the configured schedule target." example: "00000000-aba1-0000-0000-000000000000_previous" type: string relationships: $ref: "#/components/schemas/ConfiguredScheduleTargetRelationships" type: $ref: "#/components/schemas/ConfiguredScheduleTargetType" required: - type - id - attributes - relationships type: object ConfiguredScheduleTarget: description: "Relationship reference to a configured schedule target." properties: id: description: "Specifies the unique identifier of the configured schedule target." example: "00000000-aba1-0000-0000-000000000000_previous" type: string type: $ref: "#/components/schemas/ConfiguredScheduleTargetType" required: - type - id type: object ConfiguredScheduleTargetAttributes: description: "Attributes for a configured schedule target, including position." example: position: previous properties: position: $ref: "#/components/schemas/ScheduleTargetPosition" required: - position type: object ConfiguredScheduleTargetRelationships: description: "Represents the relationships of a configured schedule target." properties: schedule: $ref: "#/components/schemas/ConfiguredScheduleTargetRelationshipsSchedule" required: - schedule type: object ConfiguredScheduleTargetRelationshipsSchedule: description: "Holds the schedule reference for a configured schedule target." properties: data: $ref: "#/components/schemas/ScheduleTarget" required: - data type: object ConfiguredScheduleTargetType: default: schedule_target description: "Indicates that the resource is of type `schedule_target`." enum: - schedule_target example: schedule_target type: string x-enum-varnames: - SCHEDULE_TARGET ConfluentAccountCreateRequest: description: Payload schema when adding a Confluent account. properties: data: $ref: "#/components/schemas/ConfluentAccountCreateRequestData" required: - data type: object ConfluentAccountCreateRequestAttributes: description: Attributes associated with the account creation request. properties: api_key: description: The API key associated with your Confluent account. example: "TESTAPIKEY123" type: string api_secret: description: The API secret associated with your Confluent account. example: "test-api-secret-123" type: string resources: description: A list of Confluent resources associated with the Confluent account. items: $ref: "#/components/schemas/ConfluentAccountResourceAttributes" type: array tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: description: A tag for the Confluent resource. Can be a single key or a key-value pair separated by a colon. type: string type: array required: - api_key - api_secret type: object ConfluentAccountCreateRequestData: description: The data body for adding a Confluent account. properties: attributes: $ref: "#/components/schemas/ConfluentAccountCreateRequestAttributes" type: $ref: "#/components/schemas/ConfluentAccountType" required: - attributes - type type: object ConfluentAccountResourceAttributes: description: Attributes object for updating a Confluent resource. properties: enable_custom_metrics: default: false description: Enable the `custom.consumer_lag_offset` metric, which contains extra metric tags. example: false type: boolean id: description: The ID associated with a Confluent resource. example: "resource-id-123" type: string resource_type: description: The resource type of the Resource. Can be `kafka`, `connector`, `ksql`, or `schema_registry`. example: kafka type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: description: A tag for the Confluent resource. Can be a single key or a key-value pair separated by a colon. type: string type: array required: - resource_type type: object ConfluentAccountResponse: description: The expected response schema when getting a Confluent account. properties: data: $ref: "#/components/schemas/ConfluentAccountResponseData" type: object ConfluentAccountResponseAttributes: description: The attributes of a Confluent account. properties: api_key: description: The API key associated with your Confluent account. example: "TESTAPIKEY123" type: string resources: description: A list of Confluent resources associated with the Confluent account. items: $ref: "#/components/schemas/ConfluentResourceResponseAttributes" type: array tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: description: A tag for the Confluent resource. Can be a single key or a key-value pair separated by a colon. type: string type: array required: - api_key type: object ConfluentAccountResponseData: description: An API key and API secret pair that represents a Confluent account. properties: attributes: $ref: "#/components/schemas/ConfluentAccountResponseAttributes" id: description: A randomly generated ID associated with a Confluent account. example: "account_id_abc123" type: string type: $ref: "#/components/schemas/ConfluentAccountType" required: - attributes - id - type type: object ConfluentAccountType: default: confluent-cloud-accounts description: The JSON:API type for this API. Should always be `confluent-cloud-accounts`. enum: - confluent-cloud-accounts example: confluent-cloud-accounts type: string x-enum-varnames: - "CONFLUENT_CLOUD_ACCOUNTS" ConfluentAccountUpdateRequest: description: The JSON:API request for updating a Confluent account. properties: data: $ref: "#/components/schemas/ConfluentAccountUpdateRequestData" required: - data type: object ConfluentAccountUpdateRequestAttributes: description: Attributes object for updating a Confluent account. properties: api_key: description: The API key associated with your Confluent account. example: "TESTAPIKEY123" type: string api_secret: description: The API secret associated with your Confluent account. example: "test-api-secret-123" type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: description: A tag for the Confluent resource. Can be a single key or a key-value pair separated by a colon. type: string type: array required: - api_key - api_secret type: object ConfluentAccountUpdateRequestData: description: Data object for updating a Confluent account. properties: attributes: $ref: "#/components/schemas/ConfluentAccountUpdateRequestAttributes" type: $ref: "#/components/schemas/ConfluentAccountType" required: - attributes - type type: object ConfluentAccountsResponse: description: Confluent account returned by the API. properties: data: description: The Confluent account. items: $ref: "#/components/schemas/ConfluentAccountResponseData" type: array type: object ConfluentResourceRequest: description: The JSON:API request for updating a Confluent resource. properties: data: $ref: "#/components/schemas/ConfluentResourceRequestData" required: - data type: object ConfluentResourceRequestAttributes: description: Attributes object for updating a Confluent resource. properties: enable_custom_metrics: default: false description: Enable the `custom.consumer_lag_offset` metric, which contains extra metric tags. example: false type: boolean resource_type: description: The resource type of the Resource. Can be `kafka`, `connector`, `ksql`, or `schema_registry`. example: kafka type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: description: A tag for the Confluent resource. Can be a single key or a key-value pair separated by a colon. type: string type: array required: - resource_type type: object ConfluentResourceRequestData: description: JSON:API request for updating a Confluent resource. properties: attributes: $ref: "#/components/schemas/ConfluentResourceRequestAttributes" id: description: The ID associated with a Confluent resource. example: "resource-id-123" type: string type: $ref: "#/components/schemas/ConfluentResourceType" required: - attributes - type - id type: object ConfluentResourceResponse: description: Response schema when interacting with a Confluent resource. properties: data: $ref: "#/components/schemas/ConfluentResourceResponseData" type: object ConfluentResourceResponseAttributes: description: Model representation of a Confluent Cloud resource. properties: enable_custom_metrics: default: false description: Enable the `custom.consumer_lag_offset` metric, which contains extra metric tags. example: false type: boolean id: description: The ID associated with the Confluent resource. example: "resource_id_abc123" type: string resource_type: description: The resource type of the Resource. Can be `kafka`, `connector`, `ksql`, or `schema_registry`. example: kafka type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: description: A tag for the Confluent resource. Can be a single key or a key-value pair separated by a colon. type: string type: array required: - resource_type type: object ConfluentResourceResponseData: description: Confluent Cloud resource data. properties: attributes: $ref: "#/components/schemas/ConfluentResourceResponseAttributes" id: description: The ID associated with the Confluent resource. example: "resource_id_abc123" type: string type: $ref: "#/components/schemas/ConfluentResourceType" required: - attributes - type - id type: object ConfluentResourceType: default: confluent-cloud-resources description: The JSON:API type for this request. enum: - confluent-cloud-resources example: "confluent-cloud-resources" type: string x-enum-varnames: - "CONFLUENT_CLOUD_RESOURCES" ConfluentResourcesResponse: description: Response schema when interacting with a list of Confluent resources. properties: data: description: The JSON:API data attribute. items: $ref: "#/components/schemas/ConfluentResourceResponseData" type: array type: object ConnectedTeamRef: description: Reference to a team from an external system. properties: data: $ref: "#/components/schemas/ConnectedTeamRefData" type: object ConnectedTeamRefData: description: Reference to connected external team. properties: id: description: The connected team ID as it is referenced throughout the Datadog ecosystem. example: "@GitHubOrg/team-handle" type: string type: $ref: "#/components/schemas/ConnectedTeamRefDataType" required: - id - type type: object ConnectedTeamRefDataType: default: "github_team" description: External team resource type. enum: - github_team example: "github_team" type: string x-enum-varnames: - GITHUB_TEAM Connection: description: The definition of `Connection` object. properties: connectionId: description: The `Connection` `connectionId`. example: "" type: string label: description: The `Connection` `label`. example: "" type: string required: - connectionId - label type: object ConnectionEnv: description: "A list of connections or connection groups used in the workflow." properties: connectionGroups: description: The `ConnectionEnv` `connectionGroups`. items: $ref: "#/components/schemas/ConnectionGroup" type: array connections: description: The `ConnectionEnv` `connections`. items: $ref: "#/components/schemas/Connection" type: array env: $ref: "#/components/schemas/ConnectionEnvEnv" required: - env type: object ConnectionEnvEnv: description: The definition of `ConnectionEnvEnv` object. enum: - default example: default type: string x-enum-varnames: - DEFAULT ConnectionGroup: description: The definition of `ConnectionGroup` object. properties: connectionGroupId: description: The `ConnectionGroup` `connectionGroupId`. example: "" type: string label: description: The `ConnectionGroup` `label`. example: "" type: string tags: description: The `ConnectionGroup` `tags`. example: - "" items: description: A tag string in `key:value` format. type: string type: array required: - connectionGroupId - label - tags type: object ConnectionsPagePagination: description: Page-based pagination metadata. properties: first_number: description: The first page number. format: int64 type: integer last_number: description: The last page number. format: int64 type: integer next_number: description: The next page number. format: int64 nullable: true type: integer number: description: The current page number. format: int64 type: integer prev_number: description: The previous page number. format: int64 nullable: true type: integer size: description: The page size. format: int64 type: integer total: description: Total connections matching request. format: int64 type: integer type: description: Pagination type. example: "number_size" type: string type: object ConnectionsResponseMeta: description: Connections response metadata. properties: page: $ref: "#/components/schemas/ConnectionsPagePagination" type: object Container: description: Container object. properties: attributes: $ref: "#/components/schemas/ContainerAttributes" id: description: Container ID. type: string type: $ref: "#/components/schemas/ContainerType" type: object ContainerAttributes: description: Attributes for a container. properties: container_id: description: The ID of the container. type: string created_at: description: Time the container was created. type: string host: description: Hostname of the host running the container. type: string image_digest: description: Digest of the compressed image manifest. nullable: true type: string image_name: description: Name of the associated container image. type: string image_tags: description: List of image tags associated with the container image. items: description: An image tag associated with the container. type: string nullable: true type: array name: description: Name of the container. type: string started_at: description: Time the container was started. type: string state: description: State of the container. This depends on the container runtime. type: string tags: description: List of tags associated with the container. items: description: A tag associated with the container. type: string type: array type: object ContainerDataSource: default: container description: A data source for container-level infrastructure metrics. enum: - container example: container type: string x-enum-varnames: - CONTAINER ContainerGroup: description: Container group object. properties: attributes: $ref: "#/components/schemas/ContainerGroupAttributes" id: description: Container Group ID. type: string relationships: $ref: "#/components/schemas/ContainerGroupRelationships" type: $ref: "#/components/schemas/ContainerGroupType" type: object ContainerGroupAttributes: description: Attributes for a container group. properties: count: description: Number of containers in the group. format: int64 type: integer tags: description: Tags from the group name parsed in key/value format. type: object type: object ContainerGroupRelationships: description: Relationships to containers inside a container group. properties: containers: $ref: "#/components/schemas/ContainerGroupRelationshipsLink" type: object ContainerGroupRelationshipsData: description: Links data. items: description: A link data. type: string type: array ContainerGroupRelationshipsLink: description: Relationships to Containers inside a Container Group. properties: data: $ref: "#/components/schemas/ContainerGroupRelationshipsData" links: $ref: "#/components/schemas/ContainerGroupRelationshipsLinks" type: object ContainerGroupRelationshipsLinks: description: Links attributes. properties: related: description: Link to related containers. type: string type: object ContainerGroupType: default: container_group description: Type of container group. enum: - container_group example: container_group type: string x-enum-varnames: - CONTAINER_GROUP ContainerImage: description: Container Image object. properties: attributes: $ref: "#/components/schemas/ContainerImageAttributes" id: description: Container Image ID. type: string type: $ref: "#/components/schemas/ContainerImageType" type: object ContainerImageAttributes: description: Attributes for a Container Image. properties: container_count: description: Number of containers running the image. format: int64 type: integer image_flavors: description: |- List of platform-specific images associated with the image record. The list contains more than 1 entry for multi-architecture images. items: $ref: "#/components/schemas/ContainerImageFlavor" type: array image_tags: description: List of image tags associated with the Container Image. items: description: An image tag associated with the Container Image. type: string type: array images_built_at: description: |- List of build times associated with the Container Image. The list contains more than 1 entry for multi-architecture images. items: description: Time the platform-specific Container Image was built. type: string type: array name: description: Name of the Container Image. type: string os_architectures: description: List of Operating System architectures supported by the Container Image. items: description: Operating System architecture supported by the Container Image. example: amd64 type: string type: array os_names: description: List of Operating System names supported by the Container Image. items: description: Operating System supported by the Container Image. example: linux type: string type: array os_versions: description: List of Operating System versions supported by the Container Image. items: description: Operating System version supported by the Container Image. type: string type: array published_at: description: Time the image was pushed to the container registry. type: string registry: description: Registry the Container Image was pushed to. type: string repo_digest: description: Digest of the compressed image manifest. type: string repository: description: Repository where the Container Image is stored in. type: string short_image: description: Short version of the Container Image name. type: string sizes: description: |- List of size for each platform-specific image associated with the image record. The list contains more than 1 entry for multi-architecture images. items: description: Size of the platform-specific Container Image. format: int64 type: integer type: array sources: description: List of sources where the Container Image was collected from. items: description: Source where the Container Image was collected from. type: string type: array tags: description: List of tags associated with the Container Image. items: description: A tag associated with the Container Image. type: string type: array vulnerability_count: $ref: "#/components/schemas/ContainerImageVulnerabilities" type: object ContainerImageFlavor: description: Container Image breakdown by supported platform. properties: built_at: description: Time the platform-specific Container Image was built. type: string os_architecture: description: Operating System architecture supported by the Container Image. type: string os_name: description: Operating System name supported by the Container Image. type: string os_version: description: Operating System version supported by the Container Image. type: string size: description: Size of the platform-specific Container Image. format: int64 type: integer type: object ContainerImageGroup: description: Container Image Group object. properties: attributes: $ref: "#/components/schemas/ContainerImageGroupAttributes" id: description: Container Image Group ID. type: string relationships: $ref: "#/components/schemas/ContainerImageGroupRelationships" type: $ref: "#/components/schemas/ContainerImageGroupType" type: object ContainerImageGroupAttributes: description: Attributes for a Container Image Group. properties: count: description: Number of Container Images in the group. format: int64 type: integer name: description: Name of the Container Image group. type: string tags: description: Tags from the group name parsed in key/value format. type: object type: object ContainerImageGroupImagesRelationshipsLink: description: Relationships to Container Images inside a Container Image Group. properties: data: $ref: "#/components/schemas/ContainerImageGroupRelationshipsData" links: $ref: "#/components/schemas/ContainerImageGroupRelationshipsLinks" type: object ContainerImageGroupRelationships: description: Relationships inside a Container Image Group. properties: container_images: $ref: "#/components/schemas/ContainerImageGroupImagesRelationshipsLink" type: object ContainerImageGroupRelationshipsData: description: Links data. items: description: A link data. type: string type: array ContainerImageGroupRelationshipsLinks: description: Links attributes. properties: related: description: Link to related Container Images. type: string type: object ContainerImageGroupType: default: container_image_group description: Type of Container Image Group. enum: - container_image_group example: container_image_group type: string x-enum-varnames: - CONTAINER_IMAGE_GROUP ContainerImageItem: description: Possible Container Image models. oneOf: - $ref: "#/components/schemas/ContainerImage" - $ref: "#/components/schemas/ContainerImageGroup" ContainerImageMeta: description: Response metadata object. properties: pagination: $ref: "#/components/schemas/ContainerImageMetaPage" type: object ContainerImageMetaPage: description: Paging attributes. properties: cursor: description: The cursor used to get the current results, if any. type: string limit: description: Number of results returned format: int32 maximum: 10000 minimum: 0 type: integer next_cursor: description: The cursor used to get the next results, if any. type: string prev_cursor: description: The cursor used to get the previous results, if any. nullable: true type: string total: description: Total number of records that match the query. format: int64 type: integer type: $ref: "#/components/schemas/ContainerImageMetaPageType" type: object ContainerImageMetaPageType: default: cursor_limit description: Type of Container Image pagination. enum: - cursor_limit example: cursor_limit type: string x-enum-varnames: - CURSOR_LIMIT ContainerImageType: default: container_image description: Type of Container Image. enum: - container_image example: container_image type: string x-enum-varnames: - CONTAINER_IMAGE ContainerImageVulnerabilities: description: Vulnerability counts associated with the Container Image. properties: asset_id: description: ID of the Container Image. type: string critical: description: Number of vulnerabilities with CVSS Critical severity. format: int64 type: integer high: description: Number of vulnerabilities with CVSS High severity. format: int64 type: integer low: description: Number of vulnerabilities with CVSS Low severity. format: int64 type: integer medium: description: Number of vulnerabilities with CVSS Medium severity. format: int64 type: integer none: description: Number of vulnerabilities with CVSS None severity. format: int64 type: integer unknown: description: Number of vulnerabilities with an unknown CVSS severity. format: int64 type: integer type: object ContainerImagesResponse: description: List of Container Images. properties: data: description: Array of Container Image objects. items: $ref: "#/components/schemas/ContainerImageItem" type: array links: $ref: "#/components/schemas/ContainerImagesResponseLinks" meta: $ref: "#/components/schemas/ContainerImageMeta" type: object ContainerImagesResponseLinks: description: Pagination links. properties: first: description: Link to the first page. type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to previous page. nullable: true type: string self: description: Link to current page. type: string type: object ContainerItem: description: Possible Container models. oneOf: - $ref: "#/components/schemas/Container" - $ref: "#/components/schemas/ContainerGroup" ContainerMeta: description: Response metadata object. properties: pagination: $ref: "#/components/schemas/ContainerMetaPage" type: object ContainerMetaPage: description: Paging attributes. properties: cursor: description: The cursor used to get the current results, if any. type: string limit: description: Number of results returned format: int32 maximum: 10000 minimum: 0 type: integer next_cursor: description: The cursor used to get the next results, if any. type: string prev_cursor: description: The cursor used to get the previous results, if any. nullable: true type: string total: description: Total number of records that match the query. format: int64 type: integer type: $ref: "#/components/schemas/ContainerMetaPageType" type: object ContainerMetaPageType: default: cursor_limit description: Type of Container pagination. enum: - cursor_limit example: cursor_limit type: string x-enum-varnames: - CURSOR_LIMIT ContainerScalarQuery: description: A query for container-level metrics such as CPU and memory usage. properties: aggregator: $ref: "#/components/schemas/MetricsAggregator" cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/ContainerDataSource" is_normalized_cpu: description: Whether CPU metrics should be normalized by core count. type: boolean limit: description: Maximum number of results to return. format: int64 type: integer metric: description: The container metric to query. example: process.stat.container.cpu.total_pct type: string name: description: The variable name for use in formulas. example: query1 type: string sort: $ref: "#/components/schemas/QuerySortOrder" tag_filters: description: Tag filters to narrow down containers. items: description: A tag filter value. example: "env:prod" type: string type: array text_filter: description: A full-text search filter to match container names. type: string required: - data_source - name - metric type: object ContainerTimeseriesQuery: description: A query for container-level metrics such as CPU and memory usage. properties: cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/ContainerDataSource" is_normalized_cpu: description: Whether CPU metrics should be normalized by core count. type: boolean limit: description: Maximum number of results to return. format: int64 type: integer metric: description: The container metric to query. example: process.stat.container.cpu.total_pct type: string name: description: The variable name for use in formulas. example: query1 type: string sort: $ref: "#/components/schemas/QuerySortOrder" tag_filters: description: Tag filters to narrow down containers. items: description: A tag filter value. example: "env:prod" type: string type: array text_filter: description: A full-text search filter to match container names. type: string required: - data_source - name - metric type: object ContainerType: default: container description: Type of container. enum: - container example: container type: string x-enum-varnames: - CONTAINER ContainersResponse: description: List of containers. properties: data: description: Array of Container objects. items: $ref: "#/components/schemas/ContainerItem" type: array links: $ref: "#/components/schemas/ContainersResponseLinks" meta: $ref: "#/components/schemas/ContainerMeta" type: object ContainersResponseLinks: description: Pagination links. properties: first: description: Link to the first page. type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to previous page. nullable: true type: string self: description: Link to current page. type: string type: object ContentEncoding: description: HTTP header used to compress the media-type. enum: - identity - gzip - deflate type: string x-enum-varnames: - IDENTITY - GZIP - DEFLATE ConvertJobResultsToSignalsAttributes: description: Attributes for converting historical job results to signals. properties: id: description: Request ID. type: string jobResultIds: description: Job result IDs. example: - "" items: description: A job result ID. type: string type: array notifications: description: Notifications sent. example: - "" items: description: A notification recipient handle. type: string type: array signalMessage: description: Message of generated signals. example: A large number of failed login attempts. type: string signalSeverity: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" required: - jobResultIds - signalSeverity - signalMessage - notifications type: object ConvertJobResultsToSignalsData: description: Data for converting historical job results to signals. properties: attributes: $ref: "#/components/schemas/ConvertJobResultsToSignalsAttributes" type: $ref: "#/components/schemas/ConvertJobResultsToSignalsDataType" type: object ConvertJobResultsToSignalsDataType: description: Type of payload. enum: - historicalDetectionsJobResultSignalConversion type: string x-enum-varnames: - HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION ConvertJobResultsToSignalsRequest: description: Request for converting historical job results to signals. properties: data: $ref: "#/components/schemas/ConvertJobResultsToSignalsData" type: object CostAggregationType: description: "Controls how costs are aggregated when using `start_date`. The `cumulative` option returns month-to-date running totals." enum: - cumulative type: string x-enum-varnames: - CUMULATIVE CostAnomaliesResponse: description: Response object containing a list of detected Cloud Cost Management anomalies and aggregated totals. properties: data: $ref: "#/components/schemas/CostAnomaliesResponseData" type: object CostAnomaliesResponseData: description: Resource wrapper for the list of cost anomalies and aggregated totals. properties: attributes: $ref: "#/components/schemas/CostAnomaliesResponseDataAttributes" id: description: Static identifier of the cost anomalies collection resource. example: anomalies type: string type: $ref: "#/components/schemas/CostAnomaliesResponseDataType" required: - id - type - attributes type: object CostAnomaliesResponseDataAttributes: description: Cost anomaly results and aggregated totals for the queried window. properties: anomalies: description: The list of cost anomalies that match the request. items: $ref: "#/components/schemas/CostAnomaly" type: array avg_daily_anomalous_cost: description: Average daily anomalous cost change across the queried window. example: 625.375 format: double type: number total_actual_cost: description: Total actual cost spent across the queried window for the matching providers. example: 3001.24 format: double type: number total_anomalous_cost: description: Sum of the anomalous cost change across all returned anomalies. example: 1250.75 format: double type: number total_count: description: Total number of anomalies that match the request. example: 1 format: int64 type: integer required: - anomalies - total_count - total_anomalous_cost - total_actual_cost - avg_daily_anomalous_cost type: object CostAnomaliesResponseDataType: default: anomalies description: Type of the cost anomalies collection resource. Must be `anomalies`. enum: - anomalies example: anomalies type: string x-enum-varnames: - ANOMALIES CostAnomaly: description: A single detected Cloud Cost Management anomaly. properties: actual_cost: description: Actual cost incurred during the anomaly window. example: 3001.24 format: double type: number anomalous_cost_change: description: Anomalous cost change relative to the expected baseline. example: 1250.75 format: double type: number anomaly_end: description: Anomaly end timestamp in Unix milliseconds. example: 1730429150000 format: int64 type: integer anomaly_start: description: Anomaly start timestamp in Unix milliseconds. example: 1730259950000 format: int64 type: integer correlated_tags: $ref: "#/components/schemas/CostAnomalyCorrelatedTags" dimensions: $ref: "#/components/schemas/CostAnomalyDimensions" dismissal: $ref: "#/components/schemas/CostAnomalyDismissal" max_cost: description: Maximum cost observed during the anomaly window. example: 5000.5 format: double type: number provider: description: Cloud or SaaS provider associated with the anomaly (for example `aws`, `gcp`, `azure`). example: aws type: string query: description: The metrics query that detected the anomaly. example: sum:aws.cost.net.amortized{aws_cost_type IN (Usage,DiscountedUsage,SavingsPlanCoveredUsage) AND aws_product NOT IN (supportenterprise) AND service:"ec2"}.rollup(sum, daily) type: string uuid: description: The unique identifier of the anomaly. example: b0a6aaa9-3c4c-48cb-9447-a0d1338b3e09 type: string required: - uuid - anomaly_start - anomaly_end - query - dimensions - correlated_tags - anomalous_cost_change - actual_cost - max_cost - provider type: object CostAnomalyCorrelatedTags: additionalProperties: description: The list of correlated values for the tag key. items: type: string type: array description: Map of correlated tag keys to the list of correlated tag values. example: region: - us-east-1 - us-west-2 nullable: true type: object CostAnomalyDimensions: additionalProperties: description: The dimension value. type: string description: Map of cost dimension keys to their values for the anomaly grouping. example: service: ec2 type: object CostAnomalyDismissal: description: Resolution metadata for an anomaly that has been dismissed. properties: cause: description: Reason the anomaly was dismissed. example: false_positive type: string dismissal_id: description: Unique identifier of the dismissal record. example: 12345678-1234-1234-1234-123456789abc type: string message: description: Optional message explaining the dismissal. example: This was expected due to planned infrastructure changes. type: string updated_at: description: Timestamp of the last dismissal update in Unix milliseconds. example: 1730344150000 format: int64 type: integer updated_by: description: Identifier of the user that last updated the dismissal. example: user@example.com type: string required: - dismissal_id - cause - message - updated_at - updated_by type: object CostAnomalyResponse: description: Response object containing a single Cloud Cost Management anomaly. properties: data: $ref: "#/components/schemas/CostAnomalyResponseData" type: object CostAnomalyResponseData: description: Resource wrapper for a single cost anomaly. properties: attributes: $ref: "#/components/schemas/CostAnomaly" id: description: The unique identifier of the anomaly. example: b0a6aaa9-3c4c-48cb-9447-a0d1338b3e09 type: string type: $ref: "#/components/schemas/CostAnomaliesResponseDataType" required: - id - type - attributes type: object CostAttributionAggregates: description: An array of available aggregates. items: $ref: "#/components/schemas/CostAttributionAggregatesBody" type: array CostAttributionAggregatesBody: description: The object containing the aggregates. properties: agg_type: description: The aggregate type. example: "sum" type: string field: description: The field. example: "infra_host_committed_cost" type: string value: description: The value for a given field. format: double type: number type: object CostAttributionTagNames: additionalProperties: description: |- A list of values that are associated with each tag key. - An empty list means the resource use wasn't tagged with the respective tag. - Multiple values means the respective tag was applied multiple times on the resource. - An `` value means the resource was tagged with the respective tag but did not have a value. items: description: A given tag in a list. example: "datadog-integrations-lab" type: string type: array description: |- Tag keys and values. A `null` value here means that the requested tag breakdown cannot be applied because it does not match the [tags configured for usage attribution](https://docs.datadoghq.com/account_management/billing/usage_attribution/#getting-started). In this scenario the API returns the total cost, not broken down by tags. nullable: true type: object CostAttributionType: default: cost_by_tag description: Type of cost attribution data. enum: - cost_by_tag example: cost_by_tag type: string x-enum-varnames: - COST_BY_TAG CostByOrg: description: Cost data. properties: attributes: $ref: "#/components/schemas/CostByOrgAttributes" id: description: Unique ID of the response. type: string type: $ref: "#/components/schemas/CostByOrgType" type: object CostByOrgAttributes: description: Cost attributes data. properties: account_name: description: The account name. type: string account_public_id: description: The account public ID. type: string charges: description: List of charges data reported for the requested month. items: $ref: "#/components/schemas/ChargebackBreakdown" type: array date: description: The month requested. format: date-time type: string org_name: description: The organization name. type: string public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string total_cost: description: The total cost of products for the month. format: double type: number type: object CostByOrgResponse: description: Chargeback Summary response. properties: data: description: Response containing Chargeback Summary. items: $ref: "#/components/schemas/CostByOrg" type: array type: object CostByOrgType: default: cost_by_org description: Type of cost data. enum: - cost_by_org example: cost_by_org type: string x-enum-varnames: - COST_BY_ORG CostTag: description: A Cloud Cost Management tag. properties: attributes: $ref: "#/components/schemas/CostTagAttributes" id: description: The tag identifier, equal to its `key:value` representation. example: providername:aws type: string type: $ref: "#/components/schemas/CostTagType" required: - attributes - id - type type: object CostTagAttributes: description: Attributes of a Cloud Cost Management tag. properties: sources: description: List of sources that define this tag. example: - focus items: description: A tag source. type: string type: array value: description: The tag value in `key:value` format. example: providername:aws type: string required: - sources - value type: object CostTagDescription: description: A Cloud Cost Management tag key description, either cross-cloud or scoped to a single cloud provider. properties: attributes: $ref: "#/components/schemas/CostTagDescriptionAttributes" id: description: Stable identifier of the tag description. Equals the tag key when the description is the cross-cloud default; encodes both the cloud and the tag key when the description is cloud-specific. example: account_id type: string type: $ref: "#/components/schemas/CostTagDescriptionType" required: - attributes - id - type type: object CostTagDescriptionAttributes: description: Human-readable description and metadata attached to a Cloud Cost Management tag key, optionally scoped to a single cloud provider. properties: cloud: description: Cloud provider this description applies to (for example, `aws`). Empty when the description is the cross-cloud default for the tag key. example: aws type: string created_at: description: Timestamp when the description was created, in RFC 3339 format. example: "2026-01-01T12:00:00Z" type: string description: description: The human-readable description for the tag key. example: AWS account that owns this cost. type: string source: $ref: "#/components/schemas/CostTagDescriptionSource" tag_key: description: The tag key this description applies to. example: account_id type: string updated_at: description: Timestamp when the description was last updated, in RFC 3339 format. example: "2026-01-01T12:00:00Z" type: string required: - cloud - created_at - description - source - tag_key - updated_at type: object CostTagDescriptionSource: description: Origin of the description. `human` indicates the description was written by a user, `ai_generated` was produced by AI, and `datadog` is a default supplied by Datadog. enum: - human - ai_generated - datadog example: human type: string x-enum-varnames: - HUMAN - AI_GENERATED - DATADOG CostTagDescriptionType: default: cost_tag_description description: Type of the Cloud Cost Management tag description resource. enum: - cost_tag_description example: cost_tag_description type: string x-enum-varnames: - COST_TAG_DESCRIPTION CostTagDescriptionsResponse: description: List of Cloud Cost Management tag key descriptions for the organization, optionally filtered to a single cloud provider. example: data: - attributes: cloud: aws created_at: "2026-01-01T12:00:00Z" description: AWS account that owns this cost. source: human tag_key: account_id updated_at: "2026-01-01T12:00:00Z" id: account_id type: cost_tag_description properties: data: description: List of tag key descriptions. items: $ref: "#/components/schemas/CostTagDescription" type: array required: - data type: object CostTagKey: description: A Cloud Cost Management tag key. properties: attributes: $ref: "#/components/schemas/CostTagKeyAttributes" id: description: The tag key identifier. example: providername type: string type: $ref: "#/components/schemas/CostTagKeyType" required: - attributes - id - type type: object CostTagKeyAttributes: description: Attributes of a Cloud Cost Management tag key. properties: details: $ref: "#/components/schemas/CostTagKeyDetails" sources: description: List of sources that define this tag key. example: - focus items: description: A tag key source. type: string type: array value: description: The tag key name. example: providername type: string required: - sources - value type: object CostTagKeyDetails: description: Additional details for a Cloud Cost Management tag key, including its description and example tag values. properties: description: description: Description of the tag key. example: The cloud provider name reported for the cost line item. type: string tag_values: description: Example tag values observed for this tag key. example: - aws - gcp - azure items: description: A tag value observed for this tag key. type: string type: array required: - description - tag_values type: object CostTagKeyResponse: description: A single Cloud Cost Management tag key. example: data: attributes: details: description: The cloud provider name reported for the cost line item. tag_values: - aws - gcp - azure sources: - focus value: providername id: providername type: cost_tag_key properties: data: $ref: "#/components/schemas/CostTagKey" required: - data type: object CostTagKeyType: default: cost_tag_key description: Type of the Cloud Cost Management tag key resource. enum: - cost_tag_key example: cost_tag_key type: string x-enum-varnames: - COST_TAG_KEY CostTagKeysResponse: description: A list of Cloud Cost Management tag keys. example: data: - attributes: sources: - focus value: providername id: providername type: cost_tag_key - attributes: sources: [] value: service id: service type: cost_tag_key properties: data: description: The list of Cloud Cost Management tag keys. items: $ref: "#/components/schemas/CostTagKey" type: array required: - data type: object CostTagType: default: cost_tag description: Type of the Cloud Cost Management tag resource. enum: - cost_tag example: cost_tag type: string x-enum-varnames: - COST_TAG CostTagsResponse: description: A list of Cloud Cost Management tags. example: data: - attributes: sources: - focus value: providername:aws id: providername:aws type: cost_tag - attributes: sources: - focus value: providername:gcp id: providername:gcp type: cost_tag properties: data: description: The list of Cloud Cost Management tags. items: $ref: "#/components/schemas/CostTag" type: array required: - data type: object CoverageSummaryAttributes: description: Attributes object for code coverage summary response. properties: codeowners: additionalProperties: $ref: "#/components/schemas/CoverageSummaryCodeownerStats" description: Coverage statistics broken down by code owner. nullable: true type: object evaluated_flags_count: description: Total number of coverage flags evaluated. example: 8 format: int64 type: integer evaluated_reports_count: description: Total number of coverage reports evaluated. example: 12 format: int64 type: integer patch_coverage: description: Overall patch coverage percentage. example: 70.1 format: double nullable: true type: number services: additionalProperties: $ref: "#/components/schemas/CoverageSummaryServiceStats" description: Coverage statistics broken down by service. nullable: true type: object total_coverage: description: Overall total coverage percentage. example: 82.4 format: double nullable: true type: number type: object CoverageSummaryCodeownerStats: description: Coverage statistics for a specific code owner. properties: evaluated_flags_count: description: Number of coverage flags evaluated for the code owner. example: 2 format: int64 type: integer evaluated_reports_count: description: Number of coverage reports evaluated for the code owner. example: 4 format: int64 type: integer patch_coverage: description: Patch coverage percentage for the code owner. example: 75.2 format: double nullable: true type: number total_coverage: description: Total coverage percentage for the code owner. example: 88.7 format: double nullable: true type: number type: object CoverageSummaryData: description: Data object for coverage summary response. properties: attributes: $ref: "#/components/schemas/CoverageSummaryAttributes" id: description: Unique identifier for the coverage summary (base64-hashed). example: ZGQxMjM0NV9tYWluXzE3MDk1NjQwMDA= type: string type: $ref: "#/components/schemas/CoverageSummaryType" type: object CoverageSummaryResponse: description: Response object containing code coverage summary. properties: data: $ref: "#/components/schemas/CoverageSummaryData" type: object CoverageSummaryServiceStats: description: Coverage statistics for a specific service. properties: evaluated_flags_count: description: Number of coverage flags evaluated for the service. example: 3 format: int64 type: integer evaluated_reports_count: description: Number of coverage reports evaluated for the service. example: 5 format: int64 type: integer patch_coverage: description: Patch coverage percentage for the service. example: 72.3 format: double nullable: true type: number total_coverage: description: Total coverage percentage for the service. example: 85.5 format: double nullable: true type: number type: object CoverageSummaryType: description: JSON:API type for coverage summary response. The value must always be `ci_app_coverage_summary`. enum: - ci_app_coverage_summary example: ci_app_coverage_summary type: string x-enum-varnames: - CI_APP_COVERAGE_SUMMARY Cpu: description: CPU usage statistics derived from historical Spark job metrics. Provides multiple estimates so users can choose between conservative and cost-saving risk profiles. properties: max: description: Maximum CPU usage observed for the job, expressed in millicores. This represents the upper bound of usage. format: int64 type: integer p75: description: 75th percentile of CPU usage (millicores). Represents a cost-saving configuration while covering most workloads. format: int64 type: integer p95: description: 95th percentile of CPU usage (millicores). Balances performance and cost, providing a safer margin than p75. format: int64 type: integer type: object x-model-simple-name: SpaCpu CreateActionConnectionRequest: description: Request used to create an action connection. properties: data: $ref: "#/components/schemas/ActionConnectionData" required: - data type: object CreateActionConnectionResponse: description: The response for a created connection properties: data: $ref: "#/components/schemas/ActionConnectionData" type: object CreateAllocationsRequest: description: Request to create targeting rules (allocations) for a feature flag in an environment. properties: data: $ref: "#/components/schemas/AllocationDataRequest" required: - data type: object CreateAppRequest: description: A request object for creating a new app. example: data: attributes: components: - events: [] name: grid0 properties: children: - events: [] name: gridCell0 properties: children: - events: [] name: calloutValue0 properties: isDisabled: false isLoading: false isVisible: true label: CPU Usage size: sm style: vivid_yellow unit: kB value: "42" type: calloutValue isVisible: "true" layout: default: height: 8 width: 2 x: 0 "y": 0 type: gridCell type: grid description: "This is a simple example app" name: "Example App" queries: [] rootInstanceName: grid0 type: appDefinitions properties: data: $ref: "#/components/schemas/CreateAppRequestData" type: object CreateAppRequestData: description: The data object containing the app definition. properties: attributes: $ref: "#/components/schemas/CreateAppRequestDataAttributes" type: $ref: "#/components/schemas/AppDefinitionType" required: - type type: object CreateAppRequestDataAttributes: description: App definition attributes such as name, description, and components. properties: components: description: The UI components that make up the app. items: $ref: "#/components/schemas/ComponentGrid" type: array description: description: A human-readable description for the app. type: string name: description: The name of the app. type: string queries: description: An array of queries, such as external actions and state variables, that the app uses. items: $ref: "#/components/schemas/Query" type: array rootInstanceName: description: The name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: A list of tags for the app, which can be used to filter apps. example: - "service:webshop-backend" - "team:webshop" items: description: An individual tag for the app. type: string type: array type: object CreateAppResponse: description: The response object after a new app is successfully created, with the app ID. properties: data: $ref: "#/components/schemas/CreateAppResponseData" type: object CreateAppResponseData: description: The data object containing the app ID. properties: id: description: The ID of the created app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDefinitionType" required: - id - type type: object CreateAppsDatastoreRequest: description: Request to create a new datastore with specified configuration and metadata. properties: data: $ref: "#/components/schemas/CreateAppsDatastoreRequestData" type: object CreateAppsDatastoreRequestData: description: Data wrapper containing the configuration needed to create a new datastore. properties: attributes: $ref: "#/components/schemas/CreateAppsDatastoreRequestDataAttributes" id: description: Optional ID for the new datastore. If not provided, one will be generated automatically. type: string type: $ref: "#/components/schemas/DatastoreDataType" required: - type type: object CreateAppsDatastoreRequestDataAttributes: description: Configuration and metadata to create a new datastore. properties: description: description: A human-readable description about the datastore. type: string name: description: The display name for the new datastore. example: "datastore-name" type: string org_access: $ref: "#/components/schemas/CreateAppsDatastoreRequestDataAttributesOrgAccess" primary_column_name: $ref: "#/components/schemas/DatastoreAttributesPrimaryColumnName" primary_key_generation_strategy: $ref: "#/components/schemas/DatastorePrimaryKeyGenerationStrategy" required: - name - primary_column_name type: object CreateAppsDatastoreRequestDataAttributesOrgAccess: description: The organization access level for the datastore. For example, 'contributor'. enum: - contributor - viewer - manager type: string x-enum-varnames: - CONTRIBUTOR - VIEWER - MANAGER CreateAppsDatastoreResponse: description: Response after successfully creating a new datastore, containing the datastore's assigned ID. properties: data: $ref: "#/components/schemas/CreateAppsDatastoreResponseData" type: object CreateAppsDatastoreResponseData: description: The newly created datastore's data. properties: id: description: The unique identifier assigned to the newly created datastore. type: string type: $ref: "#/components/schemas/DatastoreDataType" required: - type type: object CreateAttachmentRequest: description: Create request for an attachment. properties: data: $ref: "#/components/schemas/CreateAttachmentRequestData" type: object CreateAttachmentRequestData: description: Attachment data for a create request. properties: attributes: $ref: "#/components/schemas/CreateAttachmentRequestDataAttributes" id: description: The unique identifier of the attachment. type: string type: $ref: "#/components/schemas/IncidentAttachmentType" required: - type type: object CreateAttachmentRequestDataAttributes: description: The attributes for creating an attachment. properties: attachment: $ref: "#/components/schemas/CreateAttachmentRequestDataAttributesAttachment" attachment_type: $ref: "#/components/schemas/AttachmentDataAttributesAttachmentType" type: object CreateAttachmentRequestDataAttributesAttachment: description: The attachment object for creating an attachment. properties: documentUrl: description: The URL of the attachment. example: https://app.datadoghq.com/notebook/123/Postmortem-IR-123 type: string title: description: The title of the attachment. example: Postmortem-IR-123 type: string type: object CreateBackfilledDegradationRequest: description: Request object for creating a backfilled degradation. example: data: attributes: title: Past API Outage updates: - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: degraded description: We detected elevated error rates in the API. started_at: "2026-04-27T13:37:31.038001628Z" status: investigating - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: degraded description: Root cause identified as a misconfigured deployment. started_at: "2026-04-27T14:07:31.038001628Z" status: identified - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational description: The issue has been resolved and API is operating normally. started_at: "2026-04-27T14:37:31.038001628Z" status: resolved type: degradations properties: data: $ref: "#/components/schemas/CreateBackfilledDegradationRequestData" type: object CreateBackfilledDegradationRequestData: description: The data object for creating a backfilled degradation. properties: attributes: $ref: "#/components/schemas/CreateBackfilledDegradationRequestDataAttributes" type: $ref: "#/components/schemas/PatchDegradationRequestDataType" required: - type type: object CreateBackfilledDegradationRequestDataAttributes: description: The supported attributes for creating a backfilled degradation. properties: title: description: The title of the backfilled degradation. example: "" type: string updates: description: The list of status updates describing the timeline of the degradation. items: $ref: "#/components/schemas/CreateBackfilledDegradationRequestDataAttributesUpdatesItems" type: array required: - title - updates type: object CreateBackfilledDegradationRequestDataAttributesUpdatesItems: description: A backfilled degradation update entry. properties: components_affected: description: The components affected. items: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesComponentsAffectedItems" type: array description: description: A description of the update. type: string started_at: description: Timestamp of when the update occurred. example: "" format: date-time type: string status: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesStatus" required: - started_at - status type: object CreateBackfilledMaintenanceRequest: description: Request object for creating a backfilled maintenance. example: data: attributes: title: Past Database Maintenance updates: - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: maintenance description: Database maintenance is in progress. started_at: "2026-04-27T13:37:31.038003786Z" status: in_progress - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational description: Database maintenance has been completed successfully. started_at: "2026-04-27T14:37:31.038003786Z" status: completed type: maintenances properties: data: $ref: "#/components/schemas/CreateBackfilledMaintenanceRequestData" type: object CreateBackfilledMaintenanceRequestData: description: The data object for creating a backfilled maintenance. properties: attributes: $ref: "#/components/schemas/CreateBackfilledMaintenanceRequestDataAttributes" type: $ref: "#/components/schemas/PatchMaintenanceRequestDataType" required: - type type: object CreateBackfilledMaintenanceRequestDataAttributes: description: The supported attributes for creating a backfilled maintenance. properties: title: description: The title of the backfilled maintenance. example: "" type: string updates: description: "The list of updates. Exactly two updates are required: the start (`in_progress`) and the end (`completed`)." items: $ref: "#/components/schemas/CreateBackfilledMaintenanceRequestDataAttributesUpdatesItems" maxItems: 2 minItems: 2 type: array required: - title - updates type: object CreateBackfilledMaintenanceRequestDataAttributesUpdatesItems: description: A backfilled maintenance update entry. properties: components_affected: description: The components affected. items: $ref: "#/components/schemas/CreateMaintenanceRequestDataAttributesComponentsAffectedItems" type: array description: description: A description of the update. example: "" type: string started_at: description: Timestamp of when the update occurred. example: "" format: date-time type: string status: $ref: "#/components/schemas/CreateMaintenanceRequestDataAttributesUpdatesItemsStatus" required: - components_affected - description - started_at - status type: object CreateCampaignRequest: description: Request to create a new campaign. properties: data: $ref: "#/components/schemas/CreateCampaignRequestData" required: - data type: object CreateCampaignRequestAttributes: description: Attributes for creating a new campaign. properties: description: description: The description of the campaign. example: Campaign to improve security posture for Q1 2024. type: string due_date: description: The due date of the campaign. example: "2024-03-31T23:59:59Z" format: date-time type: string entity_scope: description: Entity scope query to filter entities for this campaign. example: kind:service AND team:platform type: string guidance: description: Guidance for the campaign. example: Please ensure all services pass the security requirements. type: string key: description: The unique key for the campaign. example: q1-security-2024 type: string name: description: The name of the campaign. example: Q1 Security Campaign type: string owner_id: description: The UUID of the campaign owner. example: 550e8400-e29b-41d4-a716-446655440000 type: string rule_ids: description: Array of rule IDs associated with this campaign. example: ["q8MQxk8TCqrHnWkx", "r9NRyl9UDrsIoXly"] items: description: The unique ID of a scorecard rule. type: string type: array start_date: description: The start date of the campaign. example: "2024-01-01T00:00:00Z" format: date-time type: string status: $ref: "#/components/schemas/CampaignStatus" required: - name - key - owner_id - start_date - rule_ids type: object CreateCampaignRequestData: description: Data for creating a new campaign. properties: attributes: $ref: "#/components/schemas/CreateCampaignRequestAttributes" type: $ref: "#/components/schemas/CampaignType" required: - type - attributes type: object CreateCaseRequestArray: description: List of requests to create cases for security findings. properties: data: description: Array of case creation request data objects. items: $ref: "#/components/schemas/CreateCaseRequestData" type: array required: - data type: object CreateCaseRequestData: description: Data of the case to create. properties: attributes: $ref: "#/components/schemas/CreateCaseRequestDataAttributes" relationships: $ref: "#/components/schemas/CreateCaseRequestDataRelationships" type: $ref: "#/components/schemas/CaseDataType" required: - type type: object CreateCaseRequestDataAttributes: description: Attributes of the case to create. properties: assignee_id: description: Unique identifier of the user assigned to the case. example: "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0" type: string description: description: Description of the case. If not provided, the description will be automatically generated. example: "A description of the case." type: string priority: $ref: "#/components/schemas/CasePriority" description: Priority of the case. If not provided, the priority will be automatically set to "NOT_DEFINED". example: "P4" title: description: Title of the case. If not provided, the title will be automatically generated. example: "A title for the case." type: string type: object CreateCaseRequestDataRelationships: description: Relationships of the case to create. properties: findings: $ref: "#/components/schemas/Findings" description: Security findings to create a case for. project: $ref: "#/components/schemas/CaseManagementProject" description: Case management project in which the case will be created. required: - findings - project type: object CreateComponentRequest: description: Request object for creating a component. example: data: attributes: name: Metrics Intake position: 0 type: component relationships: group: data: type: components properties: data: $ref: "#/components/schemas/CreateComponentRequestData" type: object CreateComponentRequestData: description: The data object for creating a component. properties: attributes: $ref: "#/components/schemas/CreateComponentRequestDataAttributes" relationships: $ref: "#/components/schemas/CreateComponentRequestDataRelationships" type: $ref: "#/components/schemas/StatusPagesComponentGroupType" required: - attributes - type type: object CreateComponentRequestDataAttributes: description: The supported attributes for creating a component. properties: components: description: If creating a component of type `group`, the components to create within the group. example: - name: Login position: 0 type: component - name: Settings position: 1 type: component items: $ref: "#/components/schemas/CreateComponentRequestDataAttributesComponentsItems" type: array name: description: The name of the component. example: Web App type: string position: description: The zero-indexed position of the component. example: 0 format: int64 type: integer type: $ref: "#/components/schemas/CreateComponentRequestDataAttributesType" description: The type of the component. example: group required: - name - position - type type: object CreateComponentRequestDataAttributesComponentsItems: description: A component to be created within a group. properties: name: description: The name of the grouped component. example: "" type: string position: description: The zero-indexed position of the grouped component relative to the other components in the group. example: 0 format: int64 type: integer type: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsType" required: - name - position - type type: object CreateComponentRequestDataAttributesType: description: The type of the component. enum: - component - group example: component type: string x-enum-varnames: - COMPONENT - GROUP CreateComponentRequestDataRelationships: description: The supported relationships for creating a component. properties: group: $ref: "#/components/schemas/CreateComponentRequestDataRelationshipsGroup" description: The group to create the component within. type: object CreateComponentRequestDataRelationshipsGroup: description: The group to create the component within. properties: data: $ref: "#/components/schemas/CreateComponentRequestDataRelationshipsGroupData" required: - data type: object CreateComponentRequestDataRelationshipsGroupData: description: The data object identifying the group to create the component within. nullable: true properties: id: description: The ID of the group. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPagesComponentGroupType" required: - type - id type: object CreateConnectionRequest: description: Request body for creating a new data source connection for an entity. example: data: attributes: fields: - description: Customer subscription tier from `CRM` display_name: Customer Tier id: customer_tier source_name: subscription_tier type: string - description: Customer lifetime value in `USD` display_name: Lifetime Value id: lifetime_value source_name: ltv type: number join_attribute: user_email join_type: email type: ref_table id: crm-integration type: connection_id properties: data: $ref: "#/components/schemas/CreateConnectionRequestData" type: object CreateConnectionRequestData: description: The data object containing the resource type and attributes for creating a new connection. properties: attributes: $ref: "#/components/schemas/CreateConnectionRequestDataAttributes" id: description: Unique identifier for the new connection resource. type: string type: $ref: "#/components/schemas/UpdateConnectionRequestDataType" required: - type type: object CreateConnectionRequestDataAttributes: description: Attributes defining the data source connection, including join configuration and custom fields. properties: fields: description: List of custom attribute fields to import from the data source. items: $ref: "#/components/schemas/CreateConnectionRequestDataAttributesFieldsItems" type: array join_attribute: description: The attribute in the data source used to join records with the entity. example: "" type: string join_type: description: The type of join key used to link the data source to the entity (for example, email or user_id). example: "" type: string metadata: additionalProperties: type: string description: Additional key-value metadata associated with the connection. type: object type: description: The type of data source connection (for example, ref_table). example: "" type: string required: - join_attribute - join_type - type type: object CreateConnectionRequestDataAttributesFieldsItems: description: Definition of a custom attribute field to import from a data source connection. properties: description: description: Human-readable explanation of what the field represents. type: string display_name: description: The human-readable label for the field shown in the UI. type: string groups: description: List of group labels used to categorize the field. items: description: A group label name for categorizing the field. type: string type: array id: description: The unique identifier for the field within the connection. example: "" type: string source_name: description: The name of the column or attribute in the source data system that maps to this field. example: "" type: string type: description: The data type of the field (for example, string or number). example: "" type: string required: - id - source_name - type type: object CreateCustomFrameworkRequest: description: Request object to create a custom framework. properties: data: $ref: "#/components/schemas/CustomFrameworkData" required: - data type: object CreateCustomFrameworkResponse: description: Response object to create a custom framework. properties: data: $ref: "#/components/schemas/FrameworkHandleAndVersionResponseData" required: - data type: object CreateDataDeletionRequestBody: description: Object needed to create a data deletion request. properties: data: $ref: "#/components/schemas/CreateDataDeletionRequestBodyData" required: - data type: object CreateDataDeletionRequestBodyAttributes: description: Attributes for creating a data deletion request. properties: from: description: Start of requested time window, milliseconds since Unix epoch. example: 1672527600000 format: int64 type: integer indexes: description: List of indexes for the search. If not provided, the search is performed in all indexes. example: ["test-index", "test-index-2"] items: description: Individual index. type: string type: array query: additionalProperties: type: string description: Query for creating a data deletion request. example: {"host": "abc", "service": "xyz"} type: object to: description: End of requested time window, milliseconds since Unix epoch. example: 1704063600000 format: int64 type: integer required: - query - from - to type: object CreateDataDeletionRequestBodyData: description: Data needed to create a data deletion request. properties: attributes: $ref: "#/components/schemas/CreateDataDeletionRequestBodyAttributes" type: $ref: "#/components/schemas/CreateDataDeletionRequestBodyDataType" required: - attributes - type type: object CreateDataDeletionRequestBodyDataType: description: The deletion request type. enum: - create_deletion_req example: "create_deletion_req" type: string x-enum-varnames: - CREATE_DELETION_REQ CreateDataDeletionResponseBody: description: The response from the create data deletion request endpoint. properties: data: $ref: "#/components/schemas/DataDeletionResponseItem" meta: $ref: "#/components/schemas/DataDeletionResponseMeta" type: object CreateDegradationRequest: description: Request object for creating a degradation. example: data: attributes: components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: degraded description: Our API is experiencing elevated latency. We are investigating the issue. status: investigating title: Elevated API Latency type: degradations properties: data: $ref: "#/components/schemas/CreateDegradationRequestData" type: object CreateDegradationRequestData: description: The data object for creating a degradation. properties: attributes: $ref: "#/components/schemas/CreateDegradationRequestDataAttributes" type: $ref: "#/components/schemas/PatchDegradationRequestDataType" required: - attributes - type type: object CreateDegradationRequestDataAttributes: description: The supported attributes for creating a degradation. properties: components_affected: description: The components affected by the degradation. example: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: degraded items: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesComponentsAffectedItems" type: array description: description: The description of the degradation. example: Our API is experiencing elevated latency. We are investigating the issue. type: string status: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesStatus" description: The status of the degradation. example: investigating title: description: The title of the degradation. example: Elevated API Latency type: string updates: items: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesUpdatesItems" type: array required: - components_affected - status - title type: object CreateDegradationRequestDataAttributesComponentsAffectedItems: description: A component affected by a degradation. properties: id: description: The ID of the component. Must be a component of type `component`. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/StatusPagesComponentDataAttributesStatus" required: - id - status type: object CreateDegradationRequestDataAttributesStatus: description: The status of the degradation. enum: - investigating - identified - monitoring - resolved example: investigating type: string x-enum-varnames: - INVESTIGATING - IDENTIFIED - MONITORING - RESOLVED CreateDegradationRequestDataAttributesUpdatesItems: description: A degradation update entry. properties: components_affected: description: The components affected. items: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesUpdatesItemsComponentsAffectedItems" type: array description: description: A description of the update. example: "" type: string started_at: description: Timestamp of when the update occurred. example: "" format: date-time type: string status: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesStatus" required: - components_affected - description - started_at - status type: object CreateDegradationRequestDataAttributesUpdatesItemsComponentsAffectedItems: description: A component affected by a degradation update. properties: id: description: The ID of the component. Must be a component of type `component`. example: "" type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/StatusPagesComponentDataAttributesStatus" required: - id - status type: object CreateDeploymentGateParams: description: Parameters for creating a deployment gate. properties: data: $ref: "#/components/schemas/CreateDeploymentGateParamsData" required: - data type: object CreateDeploymentGateParamsData: description: Parameters for creating a deployment gate. properties: attributes: $ref: "#/components/schemas/CreateDeploymentGateParamsDataAttributes" type: $ref: "#/components/schemas/DeploymentGateDataType" required: - type - attributes type: object CreateDeploymentGateParamsDataAttributes: description: Parameters for creating a deployment gate. properties: dry_run: default: false description: Whether this gate is run in dry-run mode. example: false type: boolean env: description: The environment of the deployment gate. example: "production" type: string identifier: default: default description: The identifier of the deployment gate. example: "pre" type: string service: description: The service of the deployment gate. example: "my-service" type: string required: - env - service type: object CreateDeploymentRuleParams: description: Parameters for creating a deployment rule. properties: data: $ref: "#/components/schemas/CreateDeploymentRuleParamsData" type: object CreateDeploymentRuleParamsData: description: Parameters for creating a deployment rule. properties: attributes: $ref: "#/components/schemas/CreateDeploymentRuleParamsDataAttributes" type: $ref: "#/components/schemas/DeploymentRuleDataType" required: - type - attributes type: object CreateDeploymentRuleParamsDataAttributes: description: Parameters for creating a deployment rule. properties: dry_run: default: false description: Whether this rule is run in dry-run mode. example: false type: boolean name: description: The name of the deployment rule. example: "My deployment rule" type: string options: $ref: "#/components/schemas/DeploymentRulesOptions" type: description: The type of the deployment rule (faulty_deployment_detection or monitor). example: "faulty_deployment_detection" type: string required: - name - options - type type: object CreateEmailNotificationChannelConfig: description: "Configuration to create an e-mail notification channel" properties: address: description: "The e-mail address to be notified" example: "" type: string formats: description: Preferred content formats for notifications. example: - html items: $ref: "#/components/schemas/NotificationChannelEmailFormatType" type: array type: $ref: "#/components/schemas/NotificationChannelEmailConfigType" required: - type - address - formats type: object CreateEnvironmentAttributes: description: Attributes for creating a new environment. properties: is_production: default: false description: Indicates whether this is a production environment. example: false type: boolean name: description: The name of the environment. example: "env-search-term" type: string queries: description: List of queries to define the environment scope. example: ["staging", "test"] items: description: A query string used to match the environment scope. type: string minItems: 1 type: array require_feature_flag_approval: default: false description: Indicates whether feature flag changes require approval in this environment. example: false type: boolean required: - name - queries type: object CreateEnvironmentData: description: Data for creating a new environment. properties: attributes: $ref: "#/components/schemas/CreateEnvironmentAttributes" type: $ref: "#/components/schemas/CreateEnvironmentDataType" required: - type - attributes type: object CreateEnvironmentDataType: description: The resource type. enum: - "environments" example: "environments" type: string x-enum-varnames: - ENVIRONMENTS CreateEnvironmentRequest: description: Request to create a new environment. properties: data: $ref: "#/components/schemas/CreateEnvironmentData" required: - data type: object CreateFeatureFlagAttributes: description: Attributes for creating a new feature flag. properties: default_variant_key: description: The key of the default variant. example: "variant-abc123" nullable: true type: string description: description: The description of the feature flag. example: "This is an example feature flag for demonstration" type: string json_schema: description: JSON schema for validation when value_type is JSON. example: '{"type": "object", "properties": {"enabled": {"type": "boolean"}}}' nullable: true type: string key: description: The unique key of the feature flag. example: "feature-flag-abc123" type: string name: description: The name of the feature flag. example: "Feature Flag ABC123" type: string value_type: $ref: "#/components/schemas/ValueType" variants: description: The variants of the feature flag. items: $ref: "#/components/schemas/CreateVariant" type: array required: - key - name - description - value_type - variants type: object CreateFeatureFlagData: description: Data for creating a new feature flag. properties: attributes: $ref: "#/components/schemas/CreateFeatureFlagAttributes" type: $ref: "#/components/schemas/CreateFeatureFlagDataType" required: - type - attributes type: object CreateFeatureFlagDataType: description: The resource type. enum: - "feature-flags" example: "feature-flags" type: string x-enum-varnames: - FEATURE_FLAGS CreateFeatureFlagRequest: description: Request to create a new feature flag. properties: data: $ref: "#/components/schemas/CreateFeatureFlagData" required: - data type: object CreateIncidentNotificationRuleRequest: description: Create request for a notification rule. properties: data: $ref: "#/components/schemas/IncidentNotificationRuleCreateData" required: - data type: object CreateIncidentNotificationTemplateRequest: description: Create request for a notification template. properties: data: $ref: "#/components/schemas/IncidentNotificationTemplateCreateData" required: - data type: object CreateJiraIssueRequestArray: description: List of requests to create Jira issues for security findings. properties: data: description: Array of Jira issue creation request data objects. items: $ref: "#/components/schemas/CreateJiraIssueRequestData" type: array required: - data type: object CreateJiraIssueRequestData: description: Data of the Jira issue to create. properties: attributes: $ref: "#/components/schemas/CreateJiraIssueRequestDataAttributes" relationships: $ref: "#/components/schemas/CreateJiraIssueRequestDataRelationships" type: $ref: "#/components/schemas/JiraIssuesDataType" required: - type type: object CreateJiraIssueRequestDataAttributes: description: Attributes of the Jira issue to create. properties: assignee_id: description: Unique identifier of the Datadog user assigned to the Jira issue. example: "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0" type: string description: description: Description of the Jira issue. If not provided, the description will be automatically generated. example: "A description of the Jira issue." type: string fields: additionalProperties: {} description: Custom fields of the Jira issue to create. For the list of available fields, see [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-createmeta-projectidorkey-issuetypes-issuetypeid-get). example: {"key1": "value", "key2": ["value"], "key3": {"key4": "value"}} type: object priority: $ref: "#/components/schemas/CasePriority" description: Datadog case priority mapped to the Jira issue priority. If not provided, the priority will be automatically set to "NOT_DEFINED". To configure the mapping, see [Bidirectional ticket syncing with Jira](https://docs.datadoghq.com/security/ticketing_integrations/#bidirectional-ticket-syncing-with-jira). example: "P4" title: description: Title of the Jira issue. If not provided, the title will be automatically generated. example: "A title for the Jira issue." type: string type: object CreateJiraIssueRequestDataRelationships: description: Relationships of the Jira issue to create. properties: findings: $ref: "#/components/schemas/Findings" description: Security findings to create a Jira issue for. project: $ref: "#/components/schemas/CaseManagementProject" description: Case management project configured with the Jira integration. It is used to create the Jira issue. To configure the Jira integration, see [Bidirectional ticket syncing with Jira](https://docs.datadoghq.com/security/ticketing_integrations/#bidirectional-ticket-syncing-with-jira). required: - findings - project type: object CreateMaintenanceRequest: description: Request object for creating a maintenance. example: data: attributes: completed_date: "2026-02-18T19:51:13.332360075Z" completed_description: We have completed maintenance on the API to improve performance. components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational in_progress_description: We are currently performing maintenance on the API to improve performance. scheduled_description: We will be performing maintenance on the API to improve performance. start_date: "2026-02-18T19:21:13.332360075Z" title: API Maintenance type: maintenances properties: data: $ref: "#/components/schemas/CreateMaintenanceRequestData" type: object CreateMaintenanceRequestData: description: The data object for creating a maintenance. properties: attributes: $ref: "#/components/schemas/CreateMaintenanceRequestDataAttributes" type: $ref: "#/components/schemas/PatchMaintenanceRequestDataType" required: - attributes - type type: object CreateMaintenanceRequestDataAttributes: description: The supported attributes for creating a maintenance. properties: completed_date: description: Timestamp of when the maintenance was completed. example: "2026-02-18T19:51:13.332360075Z" format: date-time type: string completed_description: description: The description shown when the maintenance is completed. example: "We have completed maintenance on the API to improve performance." type: string components_affected: description: The components affected by the maintenance. items: $ref: "#/components/schemas/CreateMaintenanceRequestDataAttributesComponentsAffectedItems" type: array in_progress_description: description: The description shown while the maintenance is in progress. example: "We are currently performing maintenance on the API to improve performance." type: string scheduled_description: description: The description shown when the maintenance is scheduled. example: "We will be performing maintenance on the API to improve performance." type: string start_date: description: Timestamp of when the maintenance is scheduled to start. example: "2026-02-18T19:21:13.332360075Z" format: date-time type: string title: description: The title of the maintenance. example: "API Maintenance" type: string updates: items: $ref: "#/components/schemas/CreateMaintenanceRequestDataAttributesUpdatesItems" type: array required: - components_affected - title - completed_date - completed_description - scheduled_description - start_date - in_progress_description type: object CreateMaintenanceRequestDataAttributesComponentsAffectedItems: description: A component affected by a maintenance. properties: id: description: The ID of the component. Must be a component of type `component`. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/PatchMaintenanceRequestDataAttributesComponentsAffectedItemsStatus" required: - id - status type: object CreateMaintenanceRequestDataAttributesUpdatesItems: description: A maintenance update entry. properties: components_affected: description: The components affected. items: $ref: "#/components/schemas/CreateMaintenanceRequestDataAttributesUpdatesItemsComponentsAffectedItems" type: array description: description: A description of the update. example: "" type: string started_at: description: Timestamp of when the update occurred. example: "" format: date-time type: string status: $ref: "#/components/schemas/CreateMaintenanceRequestDataAttributesUpdatesItemsStatus" required: - components_affected - description - started_at - status type: object CreateMaintenanceRequestDataAttributesUpdatesItemsComponentsAffectedItems: description: A component affected by a maintenance update. properties: id: description: The ID of the component. Must be a component of type `component`. example: "" type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/PatchMaintenanceRequestDataAttributesComponentsAffectedItemsStatus" required: - id - status type: object CreateMaintenanceRequestDataAttributesUpdatesItemsStatus: description: The status of a maintenance update. enum: - in_progress - completed example: in_progress type: string x-enum-varnames: - IN_PROGRESS - COMPLETED CreateNotificationChannelAttributes: description: Attributes for creating an on-call notification channel. properties: config: $ref: "#/components/schemas/CreateNotificationChannelConfig" description: Notification channel configuration type: object CreateNotificationChannelConfig: description: "Defines the configuration for creating an On-Call notification channel" oneOf: - $ref: "#/components/schemas/CreatePhoneNotificationChannelConfig" - $ref: "#/components/schemas/CreateEmailNotificationChannelConfig" CreateNotificationChannelData: description: Data for creating an on-call notification channel properties: attributes: $ref: "#/components/schemas/CreateNotificationChannelAttributes" type: $ref: "#/components/schemas/NotificationChannelType" required: - type type: object CreateNotificationRuleParameters: description: Body of the notification rule create request. properties: data: $ref: "#/components/schemas/CreateNotificationRuleParametersData" type: object CreateNotificationRuleParametersData: description: |- Data of the notification rule create request: the rule type, and the rule attributes. All fields are required. properties: attributes: $ref: "#/components/schemas/CreateNotificationRuleParametersDataAttributes" type: $ref: "#/components/schemas/NotificationRulesType" required: - attributes - type type: object CreateNotificationRuleParametersDataAttributes: description: |- Attributes of the notification rule create request. properties: enabled: $ref: "#/components/schemas/Enabled" name: $ref: "#/components/schemas/RuleName" selectors: $ref: "#/components/schemas/Selectors" targets: $ref: "#/components/schemas/Targets" time_aggregation: $ref: "#/components/schemas/TimeAggregation" required: - selectors - name - targets type: object CreateOnCallNotificationRuleRequest: description: A top-level wrapper for creating a notification rule for a user example: data: attributes: "category": "high_urgency" channel_settings: method: "sms" type: "phone" "delay_minutes": 1 relationships: channel: data: id: 1562fab3-a8c2-49e2-8f3a-28dcda2405e2 type: notification_channels type: notification_rules properties: data: $ref: "#/components/schemas/CreateOnCallNotificationRuleRequestData" required: - data type: object CreateOnCallNotificationRuleRequestData: description: Data for creating an on-call notification rule properties: attributes: $ref: "#/components/schemas/OnCallNotificationRuleRequestAttributes" relationships: $ref: "#/components/schemas/OnCallNotificationRuleRelationships" type: $ref: "#/components/schemas/OnCallNotificationRuleType" required: - type type: object CreateOpenAPIResponse: description: Response for `CreateOpenAPI` operation. properties: data: $ref: "#/components/schemas/CreateOpenAPIResponseData" type: object CreateOpenAPIResponseAttributes: description: Attributes for `CreateOpenAPI`. properties: failed_endpoints: description: List of endpoints which couldn't be parsed. items: $ref: "#/components/schemas/OpenAPIEndpoint" type: array type: object CreateOpenAPIResponseData: description: Data envelope for `CreateOpenAPIResponse`. properties: attributes: $ref: "#/components/schemas/CreateOpenAPIResponseAttributes" id: $ref: "#/components/schemas/ApiID" type: object CreateOrUpdateWidgetRequest: description: Request body for creating or updating a widget. properties: data: $ref: "#/components/schemas/CreateOrUpdateWidgetRequestData" required: - data type: object CreateOrUpdateWidgetRequestAttributes: description: Attributes for creating or updating a widget. properties: definition: $ref: "#/components/schemas/WidgetDefinition" tags: description: User-defined tags for organizing the widget. items: description: A single user-defined tag. type: string nullable: true type: array required: - definition type: object CreateOrUpdateWidgetRequestData: description: Data for creating or updating a widget. properties: attributes: $ref: "#/components/schemas/CreateOrUpdateWidgetRequestAttributes" type: description: Widgets resource type. example: widgets type: string required: - type - attributes type: object CreatePageRequest: description: Full request to trigger an On-Call Page. example: data: attributes: description: Page details. tags: - service:test target: identifier: my-team type: team_handle title: Page title urgency: low type: pages properties: data: $ref: "#/components/schemas/CreatePageRequestData" type: object CreatePageRequestData: description: The main request body, including attributes and resource type. properties: attributes: $ref: "#/components/schemas/CreatePageRequestDataAttributes" type: $ref: "#/components/schemas/CreatePageRequestDataType" required: - type type: object CreatePageRequestDataAttributes: description: Details about the On-Call Page you want to create. properties: description: description: A short summary of the issue or context. type: string tags: description: Tags to help categorize or filter the page. items: description: A single tag for categorizing the page. type: string type: array target: $ref: "#/components/schemas/CreatePageRequestDataAttributesTarget" title: description: The title of the page. example: "Service: Test is down" type: string urgency: $ref: "#/components/schemas/PageUrgency" required: - target - title - urgency type: object CreatePageRequestDataAttributesTarget: description: Information about the target to notify (such as a team or user). properties: identifier: description: Identifier for the target (for example, team handle or user ID). type: string type: $ref: "#/components/schemas/OnCallPageTargetType" type: object CreatePageRequestDataType: default: pages description: The type of resource used when creating an On-Call Page. enum: - pages example: pages type: string x-enum-varnames: - PAGES CreatePageResponse: description: The full response object after creating a new On-Call Page. example: data: id: 15e74b8b-f865-48d0-bcc5-453323ed2c8f type: pages properties: data: $ref: "#/components/schemas/CreatePageResponseData" type: object CreatePageResponseData: description: The information returned after successfully creating a page. properties: id: description: The unique ID of the created page. type: string type: $ref: "#/components/schemas/CreatePageResponseDataType" required: - type type: object CreatePageResponseDataType: default: pages description: The type of resource used when creating an On-Call Page. enum: - pages example: pages type: string x-enum-varnames: - PAGES CreatePhoneNotificationChannelConfig: description: "Configuration to create a phone notification channel" properties: number: description: "The E-164 formatted phone number (e.g. +3371234567)" example: "" type: string type: $ref: "#/components/schemas/NotificationChannelPhoneConfigType" required: - type - number type: object CreateRuleRequest: description: Scorecard create rule request. properties: data: $ref: "#/components/schemas/CreateRuleRequestData" type: object CreateRuleRequestData: description: Scorecard create rule request data. properties: attributes: $ref: "#/components/schemas/RuleAttributesRequest" type: $ref: "#/components/schemas/RuleType" type: object CreateRuleResponse: description: Created rule in response. properties: data: $ref: "#/components/schemas/CreateRuleResponseData" type: object CreateRuleResponseData: description: Create rule response data. properties: attributes: $ref: "#/components/schemas/RuleAttributes" id: $ref: "#/components/schemas/RuleId" relationships: $ref: "#/components/schemas/RelationshipToRule" type: $ref: "#/components/schemas/RuleType" type: object CreateRulesetRequest: description: The definition of `CreateRulesetRequest` object. example: data: attributes: enabled: true rules: - enabled: true mapping: metadata: name: Add Cost Center Tag query: addition: key: cost_center value: engineering case_insensitivity: false if_tag_exists: do_not_apply query: account_id:"123456789" AND service:"web-api" reference_table: id: New Ruleset type: create_ruleset properties: data: $ref: "#/components/schemas/CreateRulesetRequestData" type: object CreateRulesetRequestData: description: The definition of `CreateRulesetRequestData` object. properties: attributes: $ref: "#/components/schemas/CreateRulesetRequestDataAttributes" id: description: The `CreateRulesetRequestData` `id`. type: string type: $ref: "#/components/schemas/CreateRulesetRequestDataType" required: - type type: object CreateRulesetRequestDataAttributes: description: The definition of `CreateRulesetRequestDataAttributes` object. properties: enabled: description: The `attributes` `enabled`. type: boolean rules: description: The `attributes` `rules`. items: $ref: "#/components/schemas/CreateRulesetRequestDataAttributesRulesItems" type: array required: - rules type: object CreateRulesetRequestDataAttributesRulesItems: description: The definition of `CreateRulesetRequestDataAttributesRulesItems` object. properties: enabled: description: The `items` `enabled`. example: false type: boolean mapping: $ref: "#/components/schemas/DataAttributesRulesItemsMapping" metadata: $ref: "#/components/schemas/RulesetItemMetadata" name: description: The `items` `name`. example: "" type: string query: $ref: "#/components/schemas/CreateRulesetRequestDataAttributesRulesItemsQuery" reference_table: $ref: "#/components/schemas/CreateRulesetRequestDataAttributesRulesItemsReferenceTable" required: - enabled - name type: object CreateRulesetRequestDataAttributesRulesItemsQuery: description: The definition of `CreateRulesetRequestDataAttributesRulesItemsQuery` object. nullable: true properties: addition: $ref: "#/components/schemas/CreateRulesetRequestDataAttributesRulesItemsQueryAddition" case_insensitivity: description: The `query` `case_insensitivity`. type: boolean if_not_exists: deprecated: true description: Deprecated. Use `if_tag_exists` instead. The `query` `if_not_exists`. type: boolean if_tag_exists: $ref: "#/components/schemas/DataAttributesRulesItemsIfTagExists" query: description: The `query` `query`. example: "" type: string required: - addition - query type: object CreateRulesetRequestDataAttributesRulesItemsQueryAddition: description: The definition of `CreateRulesetRequestDataAttributesRulesItemsQueryAddition` object. nullable: true properties: key: description: The `addition` `key`. example: "" type: string value: description: The `addition` `value`. example: "" type: string required: - key - value type: object CreateRulesetRequestDataAttributesRulesItemsReferenceTable: description: The definition of `CreateRulesetRequestDataAttributesRulesItemsReferenceTable` object. nullable: true properties: case_insensitivity: description: The `reference_table` `case_insensitivity`. type: boolean field_pairs: description: The `reference_table` `field_pairs`. items: $ref: "#/components/schemas/CreateRulesetRequestDataAttributesRulesItemsReferenceTableFieldPairsItems" type: array if_not_exists: deprecated: true description: Deprecated. Use `if_tag_exists` instead. The `reference_table` `if_not_exists`. type: boolean if_tag_exists: $ref: "#/components/schemas/DataAttributesRulesItemsIfTagExists" source_keys: description: The `reference_table` `source_keys`. example: - "" items: description: A source key for the reference table lookup. type: string type: array table_name: description: The `reference_table` `table_name`. example: "" type: string required: - field_pairs - source_keys - table_name type: object CreateRulesetRequestDataAttributesRulesItemsReferenceTableFieldPairsItems: description: The definition of `CreateRulesetRequestDataAttributesRulesItemsReferenceTableFieldPairsItems` object. properties: input_column: description: The `items` `input_column`. example: "" type: string output_key: description: The `items` `output_key`. example: "" type: string required: - input_column - output_key type: object CreateRulesetRequestDataType: default: create_ruleset description: Create ruleset resource type. enum: - create_ruleset example: create_ruleset type: string x-enum-varnames: - CREATE_RULESET CreateStatusPageRequest: description: Request object for creating a status page. example: data: attributes: company_logo: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAIKMMMM components: - name: API position: 0 type: component - components: - name: Login position: 0 type: component - name: Settings position: 1 type: component name: Web App position: 1 type: group - name: Webhooks position: 2 type: component domain_prefix: status-page-us1 email_header_image: data:image/png;base64,pQSLAw0KGgoAAAANSUhEUgAAAQ4AASJKFF favicon: data:image/png;base64,kWMRNw0KGgoAAAANSUhEUgAAAEAAAABACA name: Status Page US1 subscriptions_enabled: true type: public visualization_type: bars_and_uptime_percentage type: status_pages properties: data: $ref: "#/components/schemas/CreateStatusPageRequestData" type: object CreateStatusPageRequestData: description: The data object for creating a status page. properties: attributes: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributes" type: $ref: "#/components/schemas/StatusPageDataType" required: - attributes - type type: object CreateStatusPageRequestDataAttributes: description: The supported attributes for creating a status page. properties: company_logo: description: The base64-encoded image data displayed on the status page. example: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAIKMMMM type: string components: description: The components displayed on the status page. example: - components: - name: Login position: 0 type: component - name: Settings position: 1 type: component name: Web App position: 0 type: group - name: API position: 1 type: component - name: Webhooks position: 2 type: component items: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesComponentsItems" type: array domain_prefix: description: The subdomain of the status page's url taking the form `https://{domain_prefix}.statuspage.datadoghq.com`. Globally unique across Datadog Status Pages. example: status-page-us1 type: string email_header_image: description: Base64-encoded image data included in email notifications sent to status page subscribers. example: data:image/png;base64,pQSLAw0KGgoAAAANSUhEUgAAAQ4AASJKFF type: string favicon: description: Base64-encoded image data displayed in the browser tab. example: data:image/png;base64,kWMRNw0KGgoAAAANSUhEUgAAAEAAAABACA type: string name: description: The name of the status page. example: Status Page US1 type: string subscriptions_enabled: description: Whether users can subscribe to the status page. example: true type: boolean type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesType" example: public visualization_type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesVisualizationType" example: bars_and_uptime_percentage required: - domain_prefix - name - type - visualization_type type: object CreateStatusPageRequestDataAttributesComponentsItems: description: A component to be created on a status page. properties: components: description: If creating a component of type `group`, the components to create within the group. items: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesComponentsItemsComponentsItems" type: array id: description: The ID of the component. format: uuid readOnly: true type: string name: description: The name of the component. type: string position: description: The zero-indexed position of the component. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/CreateComponentRequestDataAttributesType" type: object CreateStatusPageRequestDataAttributesComponentsItemsComponentsItems: description: A grouped component to be created within a status page component group. properties: id: description: The ID of the grouped component. format: uuid readOnly: true type: string name: description: The name of the grouped component. type: string position: description: The zero-indexed position of the grouped component. Relative to the other components in the group. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsType" type: object CreateStatusPageRequestDataAttributesType: description: The type of the status page controlling how the status page is accessed. enum: - public - internal example: public type: string x-enum-varnames: - PUBLIC - INTERNAL CreateStatusPageRequestDataAttributesVisualizationType: description: The visualization type of the status page. enum: - bars_and_uptime_percentage - bars_only - component_name_only example: bars_and_uptime_percentage type: string x-enum-varnames: - BARS_AND_UPTIME_PERCENTAGE - BARS_ONLY - COMPONENT_NAME_ONLY CreateTableRequest: description: Request body for creating a new reference table from a local file or cloud storage. properties: data: $ref: "#/components/schemas/CreateTableRequestData" type: object CreateTableRequestData: additionalProperties: false description: The data object containing the table definition. properties: attributes: $ref: "#/components/schemas/CreateTableRequestDataAttributes" type: $ref: "#/components/schemas/CreateTableRequestDataType" required: - type type: object CreateTableRequestDataAttributes: description: Attributes that define the reference table's configuration and properties. properties: description: description: Optional text describing the purpose or contents of this reference table. type: string file_metadata: $ref: "#/components/schemas/CreateTableRequestDataAttributesFileMetadata" schema: $ref: "#/components/schemas/CreateTableRequestDataAttributesSchema" source: $ref: "#/components/schemas/ReferenceTableCreateSourceType" table_name: description: Name to identify this reference table. example: "table_1" type: string tags: description: Tags for organizing and filtering reference tables. example: - "tag_1" - "tag_2" items: description: A tag associated with the reference table. type: string type: array required: - table_name - schema - source type: object CreateTableRequestDataAttributesFileMetadata: description: Metadata specifying where and how to access the reference table's data file. oneOf: - $ref: "#/components/schemas/CreateTableRequestDataAttributesFileMetadataCloudStorage" - $ref: "#/components/schemas/CreateTableRequestDataAttributesFileMetadataLocalFile" CreateTableRequestDataAttributesFileMetadataCloudStorage: additionalProperties: false description: Cloud storage file metadata for create requests. Both access_details and sync_enabled are required. properties: access_details: $ref: "#/components/schemas/CreateTableRequestDataAttributesFileMetadataOneOfAccessDetails" sync_enabled: description: Whether this table is synced automatically. example: false type: boolean required: - access_details - sync_enabled title: CloudFileMetadataV2 type: object CreateTableRequestDataAttributesFileMetadataLocalFile: additionalProperties: false description: Local file metadata for create requests using the upload ID. properties: upload_id: description: The upload ID. example: "00000000-0000-0000-0000-000000000000" type: string required: - upload_id title: LocalFileMetadataV2 type: object CreateTableRequestDataAttributesFileMetadataOneOfAccessDetails: description: Cloud storage access configuration for the reference table data file. properties: aws_detail: $ref: "#/components/schemas/CreateTableRequestDataAttributesFileMetadataOneOfAccessDetailsAwsDetail" azure_detail: $ref: "#/components/schemas/CreateTableRequestDataAttributesFileMetadataOneOfAccessDetailsAzureDetail" gcp_detail: $ref: "#/components/schemas/CreateTableRequestDataAttributesFileMetadataOneOfAccessDetailsGcpDetail" type: object CreateTableRequestDataAttributesFileMetadataOneOfAccessDetailsAwsDetail: description: Amazon Web Services S3 storage access configuration. properties: aws_account_id: description: AWS account ID where the S3 bucket is located. example: "123456789000" type: string aws_bucket_name: description: S3 bucket containing the CSV file. example: "example-data-bucket" type: string file_path: description: The relative file path from the S3 bucket root to the CSV file. example: "reference-tables/users.csv" type: string required: - aws_account_id - aws_bucket_name - file_path type: object x-oneOf-parent: - AwsDetail CreateTableRequestDataAttributesFileMetadataOneOfAccessDetailsAzureDetail: description: Azure Blob Storage access configuration. properties: azure_client_id: description: Azure service principal (application) client ID with permissions to read from the container. example: "aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb" type: string azure_container_name: description: Azure Blob Storage container containing the CSV file. example: "reference-data" type: string azure_storage_account_name: description: Azure storage account where the container is located. example: "examplestorageaccount" type: string azure_tenant_id: description: Azure Active Directory tenant ID. example: "cccccccc-4444-5555-6666-dddddddddddd" type: string file_path: description: The relative file path from the Azure container root to the CSV file. example: "tables/users.csv" type: string required: - azure_client_id - azure_container_name - azure_storage_account_name - azure_tenant_id - file_path type: object x-oneOf-parent: - AzureDetail CreateTableRequestDataAttributesFileMetadataOneOfAccessDetailsGcpDetail: description: Google Cloud Platform storage access configuration. properties: file_path: description: The relative file path from the GCS bucket root to the CSV file. example: "data/reference_tables/users.csv" type: string gcp_bucket_name: description: GCP bucket containing the CSV file. example: "example-data-bucket" type: string gcp_project_id: description: GCP project ID where the bucket is located. example: "example-gcp-project-12345" type: string gcp_service_account_email: description: Service account email with read permissions for the GCS bucket. example: "example-service@example-gcp-project-12345.iam.gserviceaccount.com" type: string required: - file_path - gcp_bucket_name - gcp_project_id - gcp_service_account_email type: object x-oneOf-parent: - GcpDetail CreateTableRequestDataAttributesSchema: description: Schema defining the structure and columns of the reference table. properties: fields: description: The schema fields. items: $ref: "#/components/schemas/CreateTableRequestDataAttributesSchemaFieldsItems" type: array primary_keys: description: List of field names that serve as primary keys for the table. Only one primary key is supported, and it is used as an ID to retrieve rows. example: - "field_1" items: description: A field name used as a primary key. type: string type: array required: - fields - primary_keys type: object CreateTableRequestDataAttributesSchemaFieldsItems: description: A single field (column) in the reference table schema to be created. properties: name: description: The field name. example: "field_1" type: string type: $ref: "#/components/schemas/ReferenceTableSchemaFieldType" required: - name - type type: object CreateTableRequestDataType: default: reference_table description: Reference table resource type. enum: - reference_table example: reference_table type: string x-enum-varnames: - REFERENCE_TABLE CreateTenancyConfigData: description: The data object for creating a new OCI tenancy integration configuration, including the tenancy ID, type, and configuration attributes. properties: attributes: $ref: "#/components/schemas/CreateTenancyConfigDataAttributes" id: description: The OCID of the OCI tenancy to configure. example: "" type: string type: $ref: "#/components/schemas/UpdateTenancyConfigDataType" required: - type - id type: object CreateTenancyConfigDataAttributes: description: Attributes for creating a new OCI tenancy integration configuration, including credentials, region settings, and collection options. properties: auth_credentials: $ref: "#/components/schemas/CreateTenancyConfigDataAttributesAuthCredentials" config_version: description: Version number of the integration the tenancy is integrated with format: int64 nullable: true type: integer cost_collection_enabled: description: Whether cost data collection from OCI is enabled for the tenancy. type: boolean dd_compartment_id: description: The OCID of the OCI compartment used by the Datadog integration stack. type: string dd_stack_id: description: The OCID of the OCI Resource Manager stack used by the Datadog integration. type: string home_region: description: The home region of the OCI tenancy (for example, us-ashburn-1). example: "" type: string logs_config: $ref: "#/components/schemas/CreateTenancyConfigDataAttributesLogsConfig" metrics_config: $ref: "#/components/schemas/CreateTenancyConfigDataAttributesMetricsConfig" regions_config: $ref: "#/components/schemas/CreateTenancyConfigDataAttributesRegionsConfig" resource_collection_enabled: description: Whether resource collection from OCI is enabled for the tenancy. type: boolean user_ocid: description: The OCID of the OCI user used by the Datadog integration for authentication. example: "" type: string required: - auth_credentials - home_region - user_ocid type: object CreateTenancyConfigDataAttributesAuthCredentials: description: OCI API signing key credentials used to authenticate the Datadog integration with the OCI tenancy. properties: fingerprint: description: The fingerprint of the OCI API signing key used for authentication. type: string private_key: description: The PEM-encoded private key corresponding to the OCI API signing key fingerprint. example: "" type: string required: - private_key type: object CreateTenancyConfigDataAttributesLogsConfig: description: Log collection configuration for an OCI tenancy, controlling which compartments and services have log collection enabled. properties: compartment_tag_filters: description: List of compartment tag filters to scope log collection to specific compartments. items: description: A compartment tag filter in key:value format (for example, datadog:true). type: string type: array enabled: description: Whether log collection is enabled for the tenancy. type: boolean enabled_services: description: List of OCI service names for which log collection is enabled. items: description: An OCI service name for which log collection is enabled (for example, compute). type: string type: array type: object CreateTenancyConfigDataAttributesMetricsConfig: description: Metrics collection configuration for an OCI tenancy, controlling which compartments and services are included or excluded. properties: compartment_tag_filters: description: List of compartment tag filters to scope metrics collection to specific compartments. items: description: A compartment tag filter in key:value format (for example, datadog:true). type: string type: array enabled: description: Whether metrics collection is enabled for the tenancy. type: boolean excluded_services: description: List of OCI service names to exclude from metrics collection. items: description: An OCI service name to exclude from metrics collection (for example, compute). type: string type: array type: object CreateTenancyConfigDataAttributesRegionsConfig: description: Region configuration for an OCI tenancy, specifying which regions are available, enabled, or disabled for data collection. properties: available: description: List of OCI regions available for data collection in the tenancy. items: description: An OCI region identifier (for example, us-ashburn-1). type: string type: array disabled: description: List of OCI regions explicitly disabled for data collection. items: description: An OCI region identifier (for example, us-phoenix-1). type: string type: array enabled: description: List of OCI regions enabled for data collection. items: description: An OCI region identifier (for example, us-ashburn-1). type: string type: array type: object CreateTenancyConfigRequest: description: Request body for creating a new OCI tenancy integration configuration. example: data: attributes: auth_credentials: fingerprint: "" private_key: |- ----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdvSMmlfLyeD4M QsA3WlrWBqKdWa5eVV3/uODyqT3wWMEMIJHcG3/quNs8nh9xrK1/JkQT2qoKEHqR C5k59jN6Vp8em8ARJthMgam9K37ELt+IQ/G8ySTSuqZG8T4cHp/cs3fAclNqttOl YnGr4RbVAgMBAAECggEAGZNLGbyCUbIRTW6Kh4d8ZVC+eZtJMqGmGJ3KfVaW8Pjn QGWfSuJCEe2o2Y8G3phlidFauICnZ44enXA17Rhi+I/whnr7FIyQk2bR7rv+1Uhc mOJygWX5eFFMsledgVAdIAl9Luk2nykx7Un3g6rtbl/Vs+5k4m7ITLFMpCHzsJLU nm8kBzDOqY2JUkMd08nL88KL6QywWtal05UESzQpNFXd0e5kxYfexeMCsLsWP0mc quMLRbn7NuBjCbe9VU2kmIvcfDDaWjurT7d5m1OXx1cc8p6P4PFZTVyCjdhiWOr3 LQXZ4/vdZNR3zgEHypRoM6D9Yq99LWUOUEMrdiSLQQKBgQDQkh7C1OtAXnpy7F6R W+/I3zBHici2p7A57UT7VECQ1IVGg37/uus83DkuOtdZ33JmHLAVrwLFJvUlbyjx l6dc/1ms40L5HFdLgaVtd4k0rSPFeOSDr6evz0lX4yBuzlP0fEh+o3XHW7mwe2G+ rWCULF/Uqza66fjbCSKMNgLIXQKBgQDBm9nZg/s4S0THWCFNWcB1tXBG0p/sH5eY PC1H/VmTEINIixStrS4ufczf31X8rcoSjSbO7+vZDTTATdk7OLn1I2uGFVYl8M59 86BYT2Hi7cwp7YVzOc/cJigVeBAqSRW/iYYyWBEUTiW1gbkV0sRWwhPp67m+c0sP XpY/iEZA2QKBgB1w8tynt4l/jKNaUEMOijt9ndALWATIiOy0XG9pxi9rgGCiwTOS DBCsOXoYHjv2eayGUijNaoOv6xzcoxfvQ1WySdNIxTRq1ru20kYwgHKqGgmO9hrM mcwMY5r/WZ2qjFlPjeAqbL62aPDLidGjoaVo2iIoBPK/gjxQ/5f0MS4N/YQ0zWoYBueSQ0DGs -----END PRIVATE KEY----- config_version: cost_collection_enabled: true dd_compartment_id: ocid.compartment.test dd_stack_id: ocid.stack.test home_region: us-ashburn-1 logs_config: compartment_tag_filters: - datadog:true - env:prod enabled: true enabled_services: - service_1 - service_2 metrics_config: compartment_tag_filters: - datadog:true - env:prod enabled: true excluded_services: - service_1 - service_2 regions_config: available: - us-ashburn-1 - us-phoenix-1 disabled: - us-phoenix-1 enabled: - us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy properties: data: $ref: "#/components/schemas/CreateTenancyConfigData" required: - data type: object CreateUploadRequest: description: Request to create an upload for a file to be ingested into a reference table. example: data: attributes: headers: - product_id - product_name - price part_count: 3 part_size: 10000000 table_name: my_products_table type: upload properties: data: $ref: "#/components/schemas/CreateUploadRequestData" type: object CreateUploadRequestData: additionalProperties: false description: Request data for creating an upload for a file to be ingested into a reference table. properties: attributes: $ref: "#/components/schemas/CreateUploadRequestDataAttributes" type: $ref: "#/components/schemas/CreateUploadRequestDataType" required: - type type: object CreateUploadRequestDataAttributes: description: Upload configuration specifying how data is uploaded by the user, and properties of the table to associate the upload with. properties: headers: description: The CSV file headers that define the schema fields, provided in the same order as the columns in the uploaded file. example: - "field_1" - "field_2" items: description: A column header name from the CSV file. type: string type: array part_count: description: Number of parts to split the file into for multipart upload. example: 3 format: int32 maximum: 20 type: integer part_size: description: >- The size of each part in the upload in bytes. All parts except the last one must be at least 5,000,000 bytes. example: 10000000 format: int64 type: integer table_name: description: Name of the table to associate with this upload. example: "" type: string required: - headers - table_name - part_count - part_size type: object CreateUploadRequestDataType: default: upload description: Upload resource type. enum: - upload example: upload type: string x-enum-varnames: - UPLOAD CreateUploadResponse: description: Information about the upload created containing the upload ID and pre-signed URLs to PUT chunks of the CSV file to. properties: data: $ref: "#/components/schemas/CreateUploadResponseData" type: object CreateUploadResponseData: additionalProperties: false description: Upload ID and attributes of the created upload. properties: attributes: $ref: "#/components/schemas/CreateUploadResponseDataAttributes" id: description: Unique identifier for this upload. Use this ID when creating the reference table. type: string type: $ref: "#/components/schemas/CreateUploadResponseDataType" required: - type type: object CreateUploadResponseDataAttributes: description: Pre-signed URLs for uploading parts of the file. properties: part_urls: description: The pre-signed URLs for uploading parts. These URLs expire after 5 minutes. items: description: A pre-signed URL for uploading a single file part. type: string type: array type: object CreateUploadResponseDataType: default: upload description: Upload resource type. enum: - upload example: upload type: string x-enum-varnames: - UPLOAD CreateUserNotificationChannelRequest: description: A top-level wrapper for creating a notification channel for a user example: data: attributes: config: address: "foo@bar.com" formats: ["html"] type: "email" type: notification_channels properties: data: $ref: "#/components/schemas/CreateNotificationChannelData" required: - data type: object CreateVariant: description: Request to create a variant. properties: key: description: The unique key of the variant. example: "variant-abc123" type: string name: description: The name of the variant. example: "Variant ABC123" type: string value: description: The value of the variant as a string. example: "true" type: string required: - key - name - value type: object CreateWorkflowRequest: description: A request object for creating a new workflow. example: data: attributes: description: "A sample workflow." name: "Example Workflow" published: true spec: annotations: - display: bounds: height: 150 width: 300 x: -375 y: -0.5 id: 99999999-9999-9999-9999-999999999999 markdownTextAnnotation: text: "Example annotation." connectionEnvs: - connections: - connectionId: "11111111-1111-1111-1111-111111111111" label: "INTEGRATION_DATADOG" env: "default" handle: "my-handle" inputSchema: parameters: - defaultValue: "default" name: "input" type: "STRING" outputSchema: parameters: - name: "output" type: "ARRAY_OBJECT" value: "{{ Steps.Step1 }}" steps: - actionId: "com.datadoghq.dd.monitor.listMonitors" connectionLabel: "INTEGRATION_DATADOG" name: "Step1" outboundEdges: - branchName: "main" nextStepName: "Step2" parameters: - name: "tags" value: "service:monitoring" - actionId: "com.datadoghq.core.noop" name: "Step2" triggers: - monitorTrigger: rateLimit: count: 1 interval: "3600s" startStepNames: ["Step1"] - githubWebhookTrigger: {} startStepNames: ["Step1"] tags: - "team:infra" - "service:monitoring" - "foo:bar" type: "workflows" properties: data: $ref: "#/components/schemas/WorkflowData" required: - data type: object CreateWorkflowResponse: description: The response object after creating a new workflow. properties: data: $ref: "#/components/schemas/WorkflowData" required: - data type: object Creator: description: Creator of the object. properties: email: description: Email of the creator. type: string handle: description: Handle of the creator. type: string name: description: Name of the creator. nullable: true type: string type: object CrossOrgUuids: description: >- Organization UUIDs to query when using [cross-organization visibility](/account_management/org_settings/cross_org_visibility/). Limited to one organization UUID. items: description: An organization UUID. type: string maxItems: 1 type: array CsmAgentData: description: Single Agent Data. properties: attributes: $ref: "#/components/schemas/CsmAgentsAttributes" id: description: "The ID of the Agent." example: "fffffc5505f6a006fdf7cf5aae053653" type: string type: $ref: "#/components/schemas/CSMAgentsType" type: object CsmAgentsAttributes: description: "A CSM Agent returned by the API." properties: agent_version: description: Version of the Datadog Agent. type: string aws_fargate: description: AWS Fargate details. type: string cluster_name: description: List of cluster names associated with the Agent. items: description: A cluster name associated with the Agent. type: string type: array datadog_agent: description: Unique identifier for the Datadog Agent. type: string ecs_fargate_task_arn: description: ARN of the ECS Fargate task. type: string envs: description: List of environments associated with the Agent. items: description: An environment name associated with the Agent. type: string nullable: true type: array host_id: description: ID of the host. format: int64 type: integer hostname: description: Name of the host. type: string install_method_installer_version: description: Version of the installer used for installing the Datadog Agent. type: string install_method_tool: description: Tool used for installing the Datadog Agent. type: string is_csm_vm_containers_enabled: description: Indicates if CSM VM Containers is enabled. nullable: true type: boolean is_csm_vm_hosts_enabled: description: Indicates if CSM VM Hosts is enabled. nullable: true type: boolean is_cspm_enabled: description: Indicates if CSPM is enabled. nullable: true type: boolean is_cws_enabled: description: Indicates if CWS is enabled. nullable: true type: boolean is_cws_remote_configuration_enabled: description: Indicates if CWS Remote Configuration is enabled. nullable: true type: boolean is_remote_configuration_enabled: description: Indicates if Remote Configuration is enabled. nullable: true type: boolean os: description: Operating system of the host. type: string type: object CsmAgentsResponse: description: Response object that includes a list of CSM Agents. properties: data: description: A list of Agents. items: $ref: "#/components/schemas/CsmAgentData" type: array meta: $ref: "#/components/schemas/CSMAgentsMetadata" type: object CsmCloudAccountsCoverageAnalysisAttributes: description: CSM Cloud Accounts Coverage Analysis attributes. properties: aws_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" azure_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" gcp_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" org_id: description: The ID of your organization. example: 123456 format: int64 type: integer total_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" type: object CsmCloudAccountsCoverageAnalysisData: description: CSM Cloud Accounts Coverage Analysis data. properties: attributes: $ref: "#/components/schemas/CsmCloudAccountsCoverageAnalysisAttributes" id: description: "The ID of your organization." example: "66b3c6b5-5c9a-457e-b1c3-f247ca23afa3" type: string type: default: "get_cloud_accounts_coverage_analysis_response_public_v0" description: "The type of the resource. The value should always be `get_cloud_accounts_coverage_analysis_response_public_v0`." example: "get_cloud_accounts_coverage_analysis_response_public_v0" type: string type: object CsmCloudAccountsCoverageAnalysisResponse: description: CSM Cloud Accounts Coverage Analysis response. properties: data: $ref: "#/components/schemas/CsmCloudAccountsCoverageAnalysisData" type: object CsmCoverageAnalysis: description: CSM Coverage Analysis. properties: configured_resources_count: description: The number of fully configured resources. example: 8 format: int64 type: integer coverage: description: The coverage percentage. example: 0.8 format: double type: number partially_configured_resources_count: description: The number of partially configured resources. example: 0 format: int64 type: integer total_resources_count: description: The total number of resources. example: 10 format: int64 type: integer type: object CsmHostsAndContainersCoverageAnalysisAttributes: description: CSM Hosts and Containers Coverage Analysis attributes. properties: cspm_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" cws_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" org_id: description: The ID of your organization. example: 123456 format: int64 type: integer total_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" vm_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" type: object CsmHostsAndContainersCoverageAnalysisData: description: CSM Hosts and Containers Coverage Analysis data. properties: attributes: $ref: "#/components/schemas/CsmHostsAndContainersCoverageAnalysisAttributes" id: description: "The ID of your organization." example: "66b3c6b5-5c9a-457e-b1c3-f247ca23afa3" type: string type: default: "get_hosts_and_containers_coverage_analysis_response_public_v0" description: "The type of the resource. The value should always be `get_hosts_and_containers_coverage_analysis_response_public_v0`." example: "get_hosts_and_containers_coverage_analysis_response_public_v0" type: string type: object CsmHostsAndContainersCoverageAnalysisResponse: description: CSM Hosts and Containers Coverage Analysis response. properties: data: $ref: "#/components/schemas/CsmHostsAndContainersCoverageAnalysisData" type: object CsmServerlessCoverageAnalysisAttributes: description: CSM Serverless Resources Coverage Analysis attributes. properties: cws_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" org_id: description: The ID of your organization. example: 123456 format: int64 type: integer total_coverage: $ref: "#/components/schemas/CsmCoverageAnalysis" type: object CsmServerlessCoverageAnalysisData: description: CSM Serverless Resources Coverage Analysis data. properties: attributes: $ref: "#/components/schemas/CsmServerlessCoverageAnalysisAttributes" id: description: "The ID of your organization." example: "66b3c6b5-5c9a-457e-b1c3-f247ca23afa3" type: string type: default: "get_serverless_coverage_analysis_response_public_v0" description: "The type of the resource. The value should always be `get_serverless_coverage_analysis_response_public_v0`." example: "get_serverless_coverage_analysis_response_public_v0" type: string type: object CsmServerlessCoverageAnalysisResponse: description: CSM Serverless Resources Coverage Analysis response. properties: data: $ref: "#/components/schemas/CsmServerlessCoverageAnalysisData" type: object CustomAttributeConfig: description: The definition of `CustomAttributeConfig` object. properties: attributes: $ref: "#/components/schemas/CustomAttributeConfigResourceAttributes" id: description: Custom attribute configs identifier example: "aeadc05e-98a8-11ec-ac2c-da7ad0900001" type: string type: $ref: "#/components/schemas/CustomAttributeConfigResourceType" type: object CustomAttributeConfigAttributesCreate: description: Custom attribute config resource attributes properties: description: description: Custom attribute description. example: "AWS Region, must be a valid region supported by AWS" type: string display_name: description: Custom attribute name. example: "AWS Region" type: string is_multi: description: Whether multiple values can be set example: true type: boolean key: description: Custom attribute key. This will be the value use to search on this custom attribute example: "aws_region" type: string type: $ref: "#/components/schemas/CustomAttributeType" required: - display_name - key - type - is_multi type: object CustomAttributeConfigCreate: description: Custom attribute config properties: attributes: $ref: "#/components/schemas/CustomAttributeConfigAttributesCreate" type: $ref: "#/components/schemas/CustomAttributeConfigResourceType" required: - attributes - type type: object CustomAttributeConfigCreateRequest: description: Custom attribute config create request properties: data: $ref: "#/components/schemas/CustomAttributeConfigCreate" required: - data type: object CustomAttributeConfigResourceAttributes: description: Custom attribute resource attributes properties: case_type_id: description: Custom attribute config identifier. example: "aeadc05e-98a8-11ec-ac2c-da7ad0900001" type: string description: description: Custom attribute description. example: "AWS Region, must be a valid region supported by AWS" type: string display_name: description: Custom attribute name. example: "AWS Region" type: string is_multi: description: Whether multiple values can be set example: true type: boolean key: description: Custom attribute key. This will be the value use to search on this custom attribute example: "aws_region" type: string type: $ref: "#/components/schemas/CustomAttributeType" required: - case_type_id - display_name - key - type - is_multi type: object CustomAttributeConfigResourceType: default: custom_attribute description: Custom attributes config JSON:API resource type enum: - custom_attribute example: custom_attribute type: string x-enum-varnames: - CUSTOM_ATTRIBUTE CustomAttributeConfigResponse: description: Custom attribute config response. properties: data: $ref: "#/components/schemas/CustomAttributeConfig" type: object CustomAttributeConfigsResponse: description: Custom attribute configs response. properties: data: description: List of custom attribute configs of case type items: $ref: "#/components/schemas/CustomAttributeConfig" type: array type: object CustomAttributeMultiNumberValue: description: Values of multi NUMBER custom attribute items: description: NUMBER value format: double type: number type: array CustomAttributeMultiStringValue: description: Value of multi TEXT/URL/NUMBER/SELECT custom attribute items: description: TEXT/URL/NUMBER/SELECT Value type: string type: array CustomAttributeNumberValue: description: Value of NUMBER custom attribute format: double type: number CustomAttributeStringValue: description: Value of TEXT/URL/NUMBER/SELECT custom attribute type: string CustomAttributeType: description: Custom attributes type enum: - URL - TEXT - NUMBER - SELECT example: NUMBER type: string x-enum-varnames: - URL - TEXT - NUMBER - SELECT CustomAttributeValue: description: Custom attribute values properties: is_multi: description: If true, value must be an array example: false type: boolean type: $ref: "#/components/schemas/CustomAttributeType" value: $ref: "#/components/schemas/CustomAttributeValuesUnion" required: - type - is_multi - value type: object CustomAttributeValuesUnion: description: Union of supported value for a custom attribute example: "" oneOf: - $ref: "#/components/schemas/CustomAttributeStringValue" - $ref: "#/components/schemas/CustomAttributeMultiStringValue" - $ref: "#/components/schemas/CustomAttributeNumberValue" - $ref: "#/components/schemas/CustomAttributeMultiNumberValue" CustomConnection: description: A custom connection used by an app. properties: attributes: $ref: "#/components/schemas/CustomConnectionAttributes" id: description: The ID of the custom connection. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/CustomConnectionType" type: object CustomConnectionAttributes: description: The custom connection attributes. properties: name: description: The name of the custom connection. type: string onPremRunner: $ref: "#/components/schemas/CustomConnectionAttributesOnPremRunner" type: object CustomConnectionAttributesOnPremRunner: description: Information about the Private Action Runner used by the custom connection, if the custom connection is associated with a Private Action Runner. properties: id: description: The Private Action Runner ID. type: string url: description: The URL of the Private Action Runner. type: string type: object CustomConnectionType: default: custom_connections description: The custom connection type. enum: - custom_connections example: custom_connections type: string x-enum-varnames: - CUSTOM_CONNECTIONS CustomCostGetResponseMeta: description: Meta for the response from the Get Custom Costs endpoints. properties: version: description: Version of Custom Costs file type: string type: object CustomCostListResponseMeta: description: Meta for the response from the List Custom Costs endpoints. properties: count_by_status: additionalProperties: format: int64 type: integer description: Number of Custom Costs files per status. type: object providers: description: List of available providers. items: description: A provider name. type: string type: array total_filtered_count: description: Number of Custom Costs files returned by the List Custom Costs endpoint format: int64 type: integer version: description: Version of Custom Costs file type: string type: object CustomCostUploadResponseMeta: description: Meta for the response from the Upload Custom Costs endpoints. properties: version: description: Version of Custom Costs file type: string type: object CustomCostsFileGetResponse: description: Response for Get Custom Costs files. properties: data: $ref: "#/components/schemas/CustomCostsFileMetadataWithContentHighLevel" meta: $ref: "#/components/schemas/CustomCostGetResponseMeta" type: object CustomCostsFileLineItem: description: Line item details from a Custom Costs file. properties: BilledCost: description: Total cost in the cost file. example: 100.50 format: double type: number BillingCurrency: description: Currency used in the Custom Costs file. example: "USD" type: string ChargeDescription: description: Description for the line item cost. example: "Monthly usage charge for my service" type: string ChargePeriodEnd: description: End date of the usage charge. example: "2023-02-28" pattern: ^\d{4}-\d{2}-\d{2}$ type: string ChargePeriodStart: description: Start date of the usage charge. example: "2023-02-01" pattern: ^\d{4}-\d{2}-\d{2}$ type: string ProviderName: description: Name of the provider for the line item. type: string Tags: additionalProperties: type: string description: Additional tags for the line item. type: object type: object CustomCostsFileListResponse: description: Response for List Custom Costs files. properties: data: description: List of Custom Costs files. items: $ref: "#/components/schemas/CustomCostsFileMetadataHighLevel" type: array meta: $ref: "#/components/schemas/CustomCostListResponseMeta" type: object CustomCostsFileMetadata: description: Schema of a Custom Costs metadata. properties: billed_cost: description: Total cost in the cost file. example: 100.50 format: double type: number billing_currency: description: Currency used in the Custom Costs file. example: "USD" type: string charge_period: $ref: "#/components/schemas/CustomCostsFileUsageChargePeriod" name: description: Name of the Custom Costs file. example: "my_file.json" type: string provider_names: description: Providers contained in the Custom Costs file. items: description: Name of the provider. example: "my_provider" type: string type: array status: description: Status of the Custom Costs file. example: "active" type: string uploaded_at: description: Timestamp, in millisecond, of the upload time of the Custom Costs file. example: 1704067200000 format: double type: number uploaded_by: $ref: "#/components/schemas/CustomCostsUser" type: object CustomCostsFileMetadataHighLevel: description: JSON API format for a Custom Costs file. properties: attributes: $ref: "#/components/schemas/CustomCostsFileMetadata" id: description: ID of the Custom Costs metadata. type: string type: description: Type of the Custom Costs file metadata. type: string type: object CustomCostsFileMetadataWithContent: description: Schema of a cost file's metadata. properties: billed_cost: description: Total cost in the cost file. example: 100.50 format: double type: number billing_currency: description: Currency used in the Custom Costs file. example: "USD" type: string charge_period: $ref: "#/components/schemas/CustomCostsFileUsageChargePeriod" content: description: Detail of the line items from the Custom Costs file. items: $ref: "#/components/schemas/CustomCostsFileLineItem" type: array name: description: Name of the Custom Costs file. example: "my_file.json" type: string provider_names: description: Providers contained in the Custom Costs file. items: description: Name of a provider. example: "my_provider" type: string type: array status: description: Status of the Custom Costs file. example: "active" type: string uploaded_at: description: Timestamp in millisecond of the upload time of the Custom Costs file. example: 1704067200000 format: double type: number uploaded_by: $ref: "#/components/schemas/CustomCostsUser" type: object CustomCostsFileMetadataWithContentHighLevel: description: JSON API format of for a Custom Costs file with content. properties: attributes: $ref: "#/components/schemas/CustomCostsFileMetadataWithContent" id: description: ID of the Custom Costs metadata. type: string type: description: Type of the Custom Costs file metadata. type: string type: object CustomCostsFileUploadRequest: description: Request for uploading a Custom Costs file. items: $ref: "#/components/schemas/CustomCostsFileLineItem" type: array CustomCostsFileUploadResponse: description: Response for Uploaded Custom Costs files. properties: data: $ref: "#/components/schemas/CustomCostsFileMetadataHighLevel" meta: $ref: "#/components/schemas/CustomCostUploadResponseMeta" type: object CustomCostsFileUsageChargePeriod: description: Usage charge period of a Custom Costs file. properties: end: description: End of the usage of the Custom Costs file. example: 1706745600000 format: double type: number start: description: Start of the usage of the Custom Costs file. example: 1704067200000 format: double type: number type: object CustomCostsUser: description: Metadata of the user that has uploaded the Custom Costs file. properties: email: description: The name of the Custom Costs file. example: "email.test@datadohq.com" type: string icon: description: The name of the Custom Costs file. example: "icon.png" type: string name: description: Name of the user. example: "Test User" type: string type: object CustomDestinationAttributeTagsRestrictionListType: default: ALLOW_LIST description: |- How `forward_tags_restriction_list` parameter should be interpreted. If `ALLOW_LIST`, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. `BLOCK_LIST` works the opposite way. It does not forward the tags matching the ones on the list. enum: - ALLOW_LIST - BLOCK_LIST example: ALLOW_LIST type: string x-enum-varnames: - ALLOW_LIST - BLOCK_LIST CustomDestinationCreateRequest: description: The custom destination. properties: data: $ref: "#/components/schemas/CustomDestinationCreateRequestDefinition" type: object CustomDestinationCreateRequestAttributes: description: The attributes associated with the custom destination. properties: enabled: default: true description: Whether logs matching this custom destination should be forwarded or not. example: true type: boolean forward_tags: default: true description: Whether tags from the forwarded logs should be forwarded or not. example: true type: boolean forward_tags_restriction_list: default: [] description: |- List of [keys of tags](https://docs.datadoghq.com/getting_started/tagging/#define-tags) to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on `forward_tags_restriction_list_type` parameter. example: ["datacenter", "host"] items: description: The [key part of a tag](https://docs.datadoghq.com/getting_started/tagging/#define-tags). type: string maxItems: 10 minItems: 0 type: array forward_tags_restriction_list_type: $ref: "#/components/schemas/CustomDestinationAttributeTagsRestrictionListType" forwarder_destination: $ref: "#/components/schemas/CustomDestinationForwardDestination" name: description: The custom destination name. example: Nginx logs type: string query: default: "" description: The custom destination query and filter. Logs matching this query are forwarded to the destination. example: source:nginx type: string required: - name - forwarder_destination type: object CustomDestinationCreateRequestDefinition: description: The definition of a custom destination. properties: attributes: $ref: "#/components/schemas/CustomDestinationCreateRequestAttributes" type: $ref: "#/components/schemas/CustomDestinationType" required: - type - attributes type: object CustomDestinationElasticsearchDestinationAuth: description: Basic access authentication. properties: password: description: The password of the authentication. This field is not returned by the API. example: datadog-custom-destination-password type: string writeOnly: true username: description: The username of the authentication. This field is not returned by the API. example: datadog-custom-destination-username type: string writeOnly: true required: - username - password type: object CustomDestinationForwardDestination: description: A custom destination's location to forward logs. oneOf: - $ref: "#/components/schemas/CustomDestinationForwardDestinationHttp" - $ref: "#/components/schemas/CustomDestinationForwardDestinationSplunk" - $ref: "#/components/schemas/CustomDestinationForwardDestinationElasticsearch" - $ref: "#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinel" CustomDestinationForwardDestinationElasticsearch: description: The Elasticsearch destination. properties: auth: $ref: "#/components/schemas/CustomDestinationElasticsearchDestinationAuth" endpoint: description: |- The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed. example: https://example.com type: string index_name: description: Name of the Elasticsearch index (must follow [Elasticsearch's criteria](https://www.elastic.co/guide/en/elasticsearch/reference/8.11/indices-create-index.html#indices-create-api-path-params)). example: nginx-logs type: string index_rotation: description: |- Date pattern with US locale and UTC timezone to be appended to the index name after adding `-` (that is, `${index_name}-${indexPattern}`). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: `yyyy-MM-dd-HH` (as an example, it would render: `2022-10-19-09`) - Daily: `yyyy-MM-dd` (as an example, it would render: `2022-10-19`) - Weekly: `yyyy-'W'ww` (as an example, it would render: `2022-W42`) - Monthly: `yyyy-MM` (as an example, it would render: `2022-10`) If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation). example: yyyy-MM-dd type: string type: $ref: "#/components/schemas/CustomDestinationForwardDestinationElasticsearchType" required: - type - endpoint - auth - index_name type: object CustomDestinationForwardDestinationElasticsearchType: default: elasticsearch description: Type of the Elasticsearch destination. enum: - elasticsearch example: elasticsearch type: string x-enum-varnames: - ELASTICSEARCH CustomDestinationForwardDestinationHttp: description: The HTTP destination. properties: auth: $ref: "#/components/schemas/CustomDestinationHttpDestinationAuth" endpoint: description: |- The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed. example: https://example.com type: string type: $ref: "#/components/schemas/CustomDestinationForwardDestinationHttpType" required: - type - endpoint - auth type: object CustomDestinationForwardDestinationHttpType: default: http description: Type of the HTTP destination. enum: - http example: http type: string x-enum-varnames: - HTTP CustomDestinationForwardDestinationMicrosoftSentinel: description: The Microsoft Sentinel destination. properties: client_id: description: Client ID from the Datadog Azure integration. example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71 type: string data_collection_endpoint: description: Azure data collection endpoint. example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com type: string data_collection_rule_id: description: Azure data collection rule ID. example: dcr-000a00a000a00000a000000aa000a0aa type: string stream_name: description: Azure stream name. example: Custom-MyTable type: string writeOnly: true tenant_id: description: Tenant ID from the Datadog Azure integration. example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2 type: string type: $ref: "#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinelType" required: - type - tenant_id - client_id - data_collection_endpoint - data_collection_rule_id - stream_name type: object CustomDestinationForwardDestinationMicrosoftSentinelType: default: microsoft_sentinel description: Type of the Microsoft Sentinel destination. enum: - microsoft_sentinel example: microsoft_sentinel type: string x-enum-varnames: - MICROSOFT_SENTINEL CustomDestinationForwardDestinationSplunk: description: The Splunk HTTP Event Collector (HEC) destination. properties: access_token: description: Access token of the Splunk HTTP Event Collector. This field is not returned by the API. example: splunk_access_token type: string writeOnly: true endpoint: description: |- The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed. example: https://example.com type: string sourcetype: description: |- The Splunk sourcetype for the events sent to this Splunk destination. If the field is absent from the request and no sourcetype has been previously set on this destination, the default sourcetype `_json` is used. On update, if the field is absent from the request but a sourcetype was previously set, the previous value is kept. If set to `null`, the sourcetype field is omitted from the forwarded event entirely. Otherwise, the provided string value is used as the sourcetype. example: my-source nullable: true type: string type: $ref: "#/components/schemas/CustomDestinationForwardDestinationSplunkType" required: - type - endpoint - access_token type: object CustomDestinationForwardDestinationSplunkType: default: splunk_hec description: Type of the Splunk HTTP Event Collector (HEC) destination. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC CustomDestinationHttpDestinationAuth: description: Authentication method of the HTTP requests. oneOf: - $ref: "#/components/schemas/CustomDestinationHttpDestinationAuthBasic" - $ref: "#/components/schemas/CustomDestinationHttpDestinationAuthCustomHeader" CustomDestinationHttpDestinationAuthBasic: description: Basic access authentication. properties: password: description: The password of the authentication. This field is not returned by the API. example: datadog-custom-destination-password type: string writeOnly: true type: $ref: "#/components/schemas/CustomDestinationHttpDestinationAuthBasicType" username: description: The username of the authentication. This field is not returned by the API. example: datadog-custom-destination-username type: string writeOnly: true required: - type - username - password type: object CustomDestinationHttpDestinationAuthBasicType: default: basic description: Type of the basic access authentication. enum: - basic example: basic type: string x-enum-varnames: - BASIC CustomDestinationHttpDestinationAuthCustomHeader: description: Custom header access authentication. properties: header_name: description: The header name of the authentication. example: CUSTOM-HEADER-NAME type: string header_value: description: The header value of the authentication. This field is not returned by the API. example: CUSTOM-HEADER-AUTHENTICATION-VALUE type: string writeOnly: true type: $ref: "#/components/schemas/CustomDestinationHttpDestinationAuthCustomHeaderType" required: - type - header_name - header_value type: object CustomDestinationHttpDestinationAuthCustomHeaderType: default: custom_header description: Type of the custom header access authentication. enum: - custom_header example: custom_header type: string x-enum-varnames: - CUSTOM_HEADER CustomDestinationResponse: description: The custom destination. properties: data: $ref: "#/components/schemas/CustomDestinationResponseDefinition" type: object CustomDestinationResponseAttributes: description: The attributes associated with the custom destination. properties: enabled: default: true description: Whether logs matching this custom destination should be forwarded or not. example: true type: boolean forward_tags: default: true description: Whether tags from the forwarded logs should be forwarded or not. example: true type: boolean forward_tags_restriction_list: default: [] description: |- List of [keys of tags](https://docs.datadoghq.com/getting_started/tagging/#define-tags) to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on `forward_tags_restriction_list_type` parameter. example: ["datacenter", "host"] items: description: The [key part of a tag](https://docs.datadoghq.com/getting_started/tagging/#define-tags). type: string maxItems: 10 minItems: 0 type: array forward_tags_restriction_list_type: $ref: "#/components/schemas/CustomDestinationAttributeTagsRestrictionListType" forwarder_destination: $ref: "#/components/schemas/CustomDestinationResponseForwardDestination" name: description: The custom destination name. example: Nginx logs type: string query: default: "" description: The custom destination query filter. Logs matching this query are forwarded to the destination. example: source:nginx type: string type: object CustomDestinationResponseDefinition: description: The definition of a custom destination. properties: attributes: $ref: "#/components/schemas/CustomDestinationResponseAttributes" id: description: The custom destination ID. example: be5d7a69-d0c8-4d4d-8ee8-bba292d98139 readOnly: true type: string type: $ref: "#/components/schemas/CustomDestinationType" type: object CustomDestinationResponseElasticsearchDestinationAuth: additionalProperties: description: Basic access authentication. description: Basic access authentication. type: object CustomDestinationResponseForwardDestination: description: A custom destination's location to forward logs. oneOf: - $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationHttp" - $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationSplunk" - $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearch" - $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinel" CustomDestinationResponseForwardDestinationElasticsearch: description: The Elasticsearch destination. properties: auth: $ref: "#/components/schemas/CustomDestinationResponseElasticsearchDestinationAuth" endpoint: description: |- The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed. example: https://example.com type: string index_name: description: Name of the Elasticsearch index (must follow [Elasticsearch's criteria](https://www.elastic.co/guide/en/elasticsearch/reference/8.11/indices-create-index.html#indices-create-api-path-params)). example: nginx-logs type: string index_rotation: description: |- Date pattern with US locale and UTC timezone to be appended to the index name after adding `-` (that is, `${index_name}-${indexPattern}`). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: `yyyy-MM-dd-HH` (as an example, it would render: `2022-10-19-09`) - Daily: `yyyy-MM-dd` (as an example, it would render: `2022-10-19`) - Weekly: `yyyy-'W'ww` (as an example, it would render: `2022-W42`) - Monthly: `yyyy-MM` (as an example, it would render: `2022-10`) If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation). example: yyyy-MM-dd type: string type: $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearchType" required: - type - endpoint - auth - index_name type: object CustomDestinationResponseForwardDestinationElasticsearchType: default: elasticsearch description: Type of the Elasticsearch destination. enum: - elasticsearch example: elasticsearch type: string x-enum-varnames: - ELASTICSEARCH CustomDestinationResponseForwardDestinationHttp: description: The HTTP destination. properties: auth: $ref: "#/components/schemas/CustomDestinationResponseHttpDestinationAuth" endpoint: description: |- The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed. example: https://example.com type: string type: $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationHttpType" required: - type - endpoint - auth type: object CustomDestinationResponseForwardDestinationHttpType: default: http description: Type of the HTTP destination. enum: - http example: http type: string x-enum-varnames: - HTTP CustomDestinationResponseForwardDestinationMicrosoftSentinel: description: The Microsoft Sentinel destination. properties: client_id: description: Client ID from the Datadog Azure integration. example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71 type: string data_collection_endpoint: description: Azure data collection endpoint. example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com type: string data_collection_rule_id: description: Azure data collection rule ID. example: dcr-000a00a000a00000a000000aa000a0aa type: string stream_name: description: Azure stream name. example: Custom-MyTable type: string writeOnly: true tenant_id: description: Tenant ID from the Datadog Azure integration. example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2 type: string type: $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinelType" required: - type - tenant_id - client_id - data_collection_endpoint - data_collection_rule_id - stream_name type: object CustomDestinationResponseForwardDestinationMicrosoftSentinelType: default: microsoft_sentinel description: Type of the Microsoft Sentinel destination. enum: - microsoft_sentinel example: microsoft_sentinel type: string x-enum-varnames: - MICROSOFT_SENTINEL CustomDestinationResponseForwardDestinationSplunk: description: The Splunk HTTP Event Collector (HEC) destination. properties: endpoint: description: |- The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed. example: https://example.com type: string sourcetype: description: |- The Splunk sourcetype for the events sent to this Splunk destination. If the field is absent from the request and no sourcetype has been previously set on this destination, the default sourcetype `_json` is used. On update, if the field is absent from the request but a sourcetype was previously set, the previous value is kept. If set to `null`, the sourcetype field is omitted from the forwarded event entirely. Otherwise, the provided string value is used as the sourcetype. example: my-source nullable: true type: string type: $ref: "#/components/schemas/CustomDestinationResponseForwardDestinationSplunkType" required: - type - endpoint type: object CustomDestinationResponseForwardDestinationSplunkType: default: splunk_hec description: Type of the Splunk HTTP Event Collector (HEC) destination. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC CustomDestinationResponseHttpDestinationAuth: description: Authentication method of the HTTP requests. oneOf: - $ref: "#/components/schemas/CustomDestinationResponseHttpDestinationAuthBasic" - $ref: "#/components/schemas/CustomDestinationResponseHttpDestinationAuthCustomHeader" CustomDestinationResponseHttpDestinationAuthBasic: description: Basic access authentication. properties: type: $ref: "#/components/schemas/CustomDestinationResponseHttpDestinationAuthBasicType" required: - type type: object CustomDestinationResponseHttpDestinationAuthBasicType: default: basic description: Type of the basic access authentication. enum: - basic example: basic type: string x-enum-varnames: - BASIC CustomDestinationResponseHttpDestinationAuthCustomHeader: description: Custom header access authentication. properties: header_name: description: The header name of the authentication. example: CUSTOM-HEADER-NAME type: string type: $ref: "#/components/schemas/CustomDestinationResponseHttpDestinationAuthCustomHeaderType" required: - type - header_name type: object CustomDestinationResponseHttpDestinationAuthCustomHeaderType: default: custom_header description: Type of the custom header access authentication. enum: - custom_header example: custom_header type: string x-enum-varnames: - CUSTOM_HEADER CustomDestinationType: default: custom_destination description: The type of the resource. The value should always be `custom_destination`. enum: - custom_destination example: custom_destination type: string x-enum-varnames: - CUSTOM_DESTINATION CustomDestinationUpdateRequest: description: The custom destination. properties: data: $ref: "#/components/schemas/CustomDestinationUpdateRequestDefinition" type: object CustomDestinationUpdateRequestAttributes: description: The attributes associated with the custom destination. properties: enabled: default: true description: Whether logs matching this custom destination should be forwarded or not. example: true type: boolean forward_tags: default: true description: Whether tags from the forwarded logs should be forwarded or not. example: true type: boolean forward_tags_restriction_list: default: [] description: |- List of [keys of tags](https://docs.datadoghq.com/getting_started/tagging/#define-tags) to be restricted from being forwarded. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on `forward_tags_restriction_list_type` parameter. example: ["datacenter", "host"] items: description: The [key part of a tag](https://docs.datadoghq.com/getting_started/tagging/#define-tags). type: string maxItems: 10 minItems: 0 type: array forward_tags_restriction_list_type: $ref: "#/components/schemas/CustomDestinationAttributeTagsRestrictionListType" forwarder_destination: $ref: "#/components/schemas/CustomDestinationForwardDestination" name: description: The custom destination name. example: Nginx logs type: string query: default: "" description: The custom destination query and filter. Logs matching this query are forwarded to the destination. example: source:nginx type: string type: object CustomDestinationUpdateRequestDefinition: description: The definition of a custom destination. properties: attributes: $ref: "#/components/schemas/CustomDestinationUpdateRequestAttributes" id: description: The custom destination ID. example: be5d7a69-d0c8-4d4d-8ee8-bba292d98139 type: string type: $ref: "#/components/schemas/CustomDestinationType" required: - type - id type: object CustomDestinationsResponse: description: The available custom destinations. properties: data: description: A list of custom destinations. items: $ref: "#/components/schemas/CustomDestinationResponseDefinition" type: array type: object CustomFrameworkControl: description: Framework Control. properties: name: description: Control Name. example: A1.2 type: string rules_id: description: Rule IDs. example: - '["def-000-abc"]' items: description: A rule ID associated with the control. type: string type: array required: - name - rules_id type: object CustomFrameworkData: description: Contains type and attributes for custom frameworks. properties: attributes: $ref: "#/components/schemas/CustomFrameworkDataAttributes" type: $ref: "#/components/schemas/CustomFrameworkType" required: - type - attributes type: object CustomFrameworkDataAttributes: description: Framework Data Attributes. properties: description: description: Framework Description type: string handle: description: Framework Handle example: sec2 type: string icon_url: description: Framework Icon URL type: string name: description: Framework Name example: security-framework type: string requirements: description: Framework Requirements items: $ref: "#/components/schemas/CustomFrameworkRequirement" type: array version: description: Framework Version example: "2" type: string required: - handle - version - name - requirements type: object CustomFrameworkDataHandleAndVersion: description: Framework Handle and Version. properties: handle: description: Framework Handle example: sec2 type: string version: description: Framework Version example: "2" type: string type: object CustomFrameworkMetadata: description: Metadata for custom frameworks. properties: attributes: $ref: "#/components/schemas/CustomFrameworkWithoutRequirements" id: description: The ID of the custom framework. example: handle-version type: string type: $ref: "#/components/schemas/CustomFrameworkType" type: object CustomFrameworkRequirement: description: Framework Requirement. properties: controls: description: Requirement Controls. items: $ref: "#/components/schemas/CustomFrameworkControl" type: array name: description: Requirement Name. example: criteria type: string required: - name - controls type: object CustomFrameworkType: default: custom_framework description: The type of the resource. The value must be `custom_framework`. enum: - custom_framework example: custom_framework type: string x-enum-varnames: - CUSTOM_FRAMEWORK CustomFrameworkWithoutRequirements: description: Framework without requirements. properties: description: description: Framework Description example: this is a security description type: string handle: description: Framework Handle example: sec2 type: string icon_url: description: Framework Icon URL example: https://example.com/icon.png type: string name: description: Framework Name example: security-framework type: string version: description: Framework Version example: "2" type: string required: - handle - version - name type: object CustomRule: description: A custom static analysis rule within a ruleset. properties: created_at: description: Creation timestamp example: "2026-01-09T13:00:57.473141Z" format: date-time type: string created_by: description: Creator identifier example: foobarbaz type: string last_revision: $ref: "#/components/schemas/CustomRuleRevision" description: Most recent revision nullable: true name: description: Rule name example: my-rule type: string required: - name - created_at - created_by - last_revision type: object CustomRuleDataType: description: Resource type enum: [custom_rule] example: custom_rule type: string x-enum-varnames: - CUSTOM_RULE CustomRuleRequest: description: Request body for creating or updating a custom rule. properties: data: $ref: "#/components/schemas/CustomRuleRequestData" type: object CustomRuleRequestData: description: Data object for a custom rule create or update request. properties: attributes: $ref: "#/components/schemas/CustomRuleRequestDataAttributes" id: description: Rule identifier type: string type: $ref: "#/components/schemas/CustomRuleDataType" type: object CustomRuleRequestDataAttributes: description: Attributes for creating or updating a custom rule. properties: name: description: Rule name type: string type: object CustomRuleResponse: description: Response containing a single custom rule. properties: data: $ref: "#/components/schemas/CustomRuleResponseData" required: - data type: object CustomRuleResponseData: description: Data object returned in a custom rule response, including its ID, type, and attributes. properties: attributes: $ref: "#/components/schemas/CustomRule" id: description: Rule identifier example: my-rule type: string type: $ref: "#/components/schemas/CustomRuleDataType" required: - id - type - attributes type: object CustomRuleRevision: description: A specific revision of a custom static analysis rule. properties: attributes: $ref: "#/components/schemas/CustomRuleRevisionAttributes" id: description: Revision identifier example: revision-123 type: string type: $ref: "#/components/schemas/CustomRuleRevisionDataType" required: - id - type - attributes type: object CustomRuleRevisionAttributes: description: Attributes of a custom rule revision, including code, metadata, and test cases. properties: arguments: description: Rule arguments items: $ref: "#/components/schemas/Argument" type: array category: $ref: "#/components/schemas/CustomRuleRevisionAttributesCategory" checksum: description: Code checksum example: 8a66c4e4e631099ad71be3c1ea3ea8fc2d57193e56db2c296e2dd8a508b26b99 type: string code: description: Rule code example: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== type: string created_at: description: Creation timestamp example: "2026-01-09T13:00:57.473141Z" format: date-time type: string created_by: description: Creator identifier example: foobarbaz type: string creation_message: description: Revision creation message example: Initial revision type: string cve: description: Associated CVE example: CVE-2024-1234 nullable: true type: string cwe: description: Associated CWE example: CWE-79 nullable: true type: string description: description: Full description example: bG9uZyBkZXNjcmlwdGlvbg== type: string documentation_url: description: Documentation URL example: https://docs.example.com/rules/my-rule nullable: true type: string is_published: description: Whether the revision is published example: false type: boolean is_testing: description: Whether this is a testing revision example: false type: boolean language: $ref: "#/components/schemas/Language" severity: $ref: "#/components/schemas/CustomRuleRevisionAttributesSeverity" short_description: description: Short description example: c2hvcnQgZGVzY3JpcHRpb24= type: string should_use_ai_fix: description: Whether to use AI for fixes example: false type: boolean tags: description: Rule tags example: - security - custom items: description: A tag attached to the rule. type: string type: array tests: description: Rule tests items: $ref: "#/components/schemas/CustomRuleRevisionTest" type: array tree_sitter_query: description: Tree-sitter query example: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== type: string required: - creation_message - short_description - description - code - checksum - language - tree_sitter_query - created_at - created_by - severity - category - cve - cwe - arguments - tests - tags - is_published - should_use_ai_fix - documentation_url - is_testing type: object CustomRuleRevisionAttributesCategory: description: Rule category enum: [SECURITY, BEST_PRACTICES, CODE_STYLE, ERROR_PRONE, PERFORMANCE] example: SECURITY type: string x-enum-varnames: - SECURITY - BEST_PRACTICES - CODE_STYLE - ERROR_PRONE - PERFORMANCE CustomRuleRevisionAttributesSeverity: description: Rule severity enum: [ERROR, WARNING, NOTICE] example: ERROR type: string x-enum-varnames: - ERROR - WARNING - NOTICE CustomRuleRevisionDataType: description: Resource type enum: [custom_rule_revision] example: custom_rule_revision type: string x-enum-varnames: - CUSTOM_RULE_REVISION CustomRuleRevisionInputAttributes: description: Input attributes for creating or updating a custom rule revision. properties: arguments: description: Rule arguments items: $ref: "#/components/schemas/Argument" type: array category: $ref: "#/components/schemas/CustomRuleRevisionAttributesCategory" code: description: Rule code example: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== type: string creation_message: description: Revision creation message example: Initial revision type: string cve: description: Associated CVE example: CVE-2024-1234 nullable: true type: string cwe: description: Associated CWE example: CWE-79 nullable: true type: string description: description: Full description example: bG9uZyBkZXNjcmlwdGlvbg== type: string documentation_url: description: Documentation URL example: https://docs.example.com/rules/my-rule nullable: true type: string is_published: description: Whether the revision is published example: false type: boolean is_testing: description: Whether this is a testing revision example: false type: boolean language: $ref: "#/components/schemas/Language" severity: $ref: "#/components/schemas/CustomRuleRevisionAttributesSeverity" short_description: description: Short description example: c2hvcnQgZGVzY3JpcHRpb24= type: string should_use_ai_fix: description: Whether to use AI for fixes example: false type: boolean tags: description: Rule tags example: - security - custom items: description: A tag attached to the rule. type: string type: array tests: description: Rule tests items: $ref: "#/components/schemas/CustomRuleRevisionTest" type: array tree_sitter_query: description: Tree-sitter query example: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== type: string required: - creation_message - short_description - description - code - language - tree_sitter_query - severity - category - cve - cwe - arguments - tests - tags - is_published - should_use_ai_fix - documentation_url - is_testing type: object CustomRuleRevisionRequest: description: Request body for creating a new custom rule revision. properties: data: $ref: "#/components/schemas/CustomRuleRevisionRequestData" type: object CustomRuleRevisionRequestData: description: Data object for a custom rule revision create request. properties: attributes: $ref: "#/components/schemas/CustomRuleRevisionInputAttributes" id: description: Revision identifier type: string type: $ref: "#/components/schemas/CustomRuleRevisionDataType" type: object CustomRuleRevisionResponse: description: Response containing a single custom rule revision. properties: data: $ref: "#/components/schemas/CustomRuleRevision" required: - data type: object CustomRuleRevisionTest: description: A test case associated with a custom rule revision, used to validate rule behavior. properties: annotation_count: description: Expected violation count example: 1 format: int64 type: integer code: description: Test code example: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== type: string filename: description: Test filename example: test.yaml type: string required: - filename - code - annotation_count type: object CustomRuleRevisionsResponse: description: Response containing a paginated list of custom rule revisions. properties: data: description: List of custom rule revisions. items: $ref: "#/components/schemas/CustomRuleRevision" type: array type: object CustomRuleset: description: A custom static analysis ruleset containing a set of user-defined rules. properties: attributes: $ref: "#/components/schemas/CustomRulesetAttributes" id: description: Ruleset identifier example: my-ruleset type: string type: $ref: "#/components/schemas/CustomRulesetDataType" required: - id - type - attributes type: object CustomRulesetAttributes: description: Attributes of a custom ruleset, including its name, description, and rules. properties: created_at: description: Creation timestamp example: "2026-01-09T13:00:57.473141Z" format: date-time type: string created_by: description: Creator identifier example: foobarbaz type: string description: description: Base64-encoded full description example: bG9uZyBkZXNjcmlwdGlvbg== type: string name: description: Ruleset name example: my-ruleset type: string rules: description: Rules in the ruleset items: $ref: "#/components/schemas/CustomRule" nullable: true type: array short_description: description: Base64-encoded short description example: c2hvcnQgZGVzY3JpcHRpb24= type: string required: - name - short_description - description - created_at - created_by - rules type: object CustomRulesetDataType: description: Resource type enum: [custom_ruleset] example: custom_ruleset type: string x-enum-varnames: - CUSTOM_RULESET CustomRulesetRequest: description: Request body for creating or updating a custom ruleset. properties: data: $ref: "#/components/schemas/CustomRulesetRequestData" type: object CustomRulesetRequestData: description: Data object for a custom ruleset create or update request. properties: attributes: $ref: "#/components/schemas/CustomRulesetRequestDataAttributes" id: description: Ruleset identifier type: string type: $ref: "#/components/schemas/CustomRulesetDataType" type: object CustomRulesetRequestDataAttributes: description: Attributes for creating or updating a custom ruleset. properties: description: description: Base64-encoded full description type: string name: description: Ruleset name type: string rules: description: Rules in the ruleset items: $ref: "#/components/schemas/CustomRule" nullable: true type: array short_description: description: Base64-encoded short description type: string type: object CustomRulesetResponse: description: Response containing a single custom ruleset. properties: data: $ref: "#/components/schemas/CustomRuleset" required: - data type: object DORACustomTags: description: A list of user-defined tags. The tags must follow the `key:value` pattern. Up to 100 may be added per event. example: - language:java - department:engineering items: description: Tags in the form of `key:value`. type: string nullable: true type: array DORADeploymentFetchResponse: description: Response for fetching a single deployment event. properties: data: $ref: "#/components/schemas/DORADeploymentObject" type: object DORADeploymentObject: description: A DORA deployment event. example: attributes: custom_tags: - "language:java" - "department:engineering" - "region:us-east-1" env: "production" finished_at: 1693491984000000000 git: commit_sha: "66adc9350f2cc9b250b69abddab733dd55e1a588" repository_id: "github.com/organization/example-repository" service: "shopist" started_at: 1693491974000000000 team: "backend" version: "v1.12.07" id: "4242fcdd31586083" type: "dora_deployment" properties: attributes: $ref: "#/components/schemas/DORADeploymentObjectAttributes" id: description: The ID of the deployment event. type: string type: $ref: "#/components/schemas/DORADeploymentType" type: object DORADeploymentObjectAttributes: description: The attributes of the deployment event. properties: custom_tags: $ref: "#/components/schemas/DORACustomTags" env: description: Environment name to where the service was deployed. example: production type: string finished_at: description: Unix timestamp when the deployment finished. example: 1693491984000000000 format: int64 type: integer git: $ref: "#/components/schemas/DORAGitInfoResponse" service: description: Service name. example: shopist type: string started_at: description: Unix timestamp when the deployment started. example: 1693491974000000000 format: int64 type: integer team: description: Name of the team owning the deployed service. example: backend type: string version: description: Version to correlate with APM Deployment Tracking. example: v1.12.07 type: string required: - service - started_at - finished_at type: object DORADeploymentPatchRemediation: description: Remediation details for the deployment. Optional, but required to calculate failed deployment recovery time. properties: id: description: The ID of the remediation deployment. Required when the failed deployment must be linked to a remediation deployment. example: eG42zNIkVjM type: string type: $ref: "#/components/schemas/DORADeploymentPatchRemediationType" type: object DORADeploymentPatchRemediationType: description: The type of remediation action taken. Required when the failed deployment must be linked to a remediation deployment. enum: - rollback - rollforward example: rollback type: string x-enum-varnames: - ROLLBACK - ROLLFORWARD DORADeploymentPatchRequest: description: Request to patch a DORA deployment event. example: data: attributes: change_failure: true remediation: id: "eG42zNIkVjM" type: "rollback" id: "z_RwVLi7v4Y" type: "dora_deployment_patch_request" properties: data: $ref: "#/components/schemas/DORADeploymentPatchRequestData" required: - data type: object DORADeploymentPatchRequestAttributes: description: Attributes for patching a DORA deployment event. properties: change_failure: description: Indicates whether the deployment resulted in a change failure. example: true type: boolean remediation: $ref: "#/components/schemas/DORADeploymentPatchRemediation" type: object DORADeploymentPatchRequestData: description: The JSON:API data for patching a deployment. example: attributes: change_failure: true remediation: id: "eG42zNIkVjM" type: "rollback" id: "z_RwVLi7v4Y" type: "dora_deployment_patch_request" properties: attributes: $ref: "#/components/schemas/DORADeploymentPatchRequestAttributes" id: description: The ID of the deployment to patch. example: z_RwVLi7v4Y type: string type: $ref: "#/components/schemas/DORADeploymentPatchRequestDataType" required: - type - id - attributes type: object DORADeploymentPatchRequestDataType: default: dora_deployment_patch_request description: JSON:API type for DORA deployment patch request. enum: - dora_deployment_patch_request example: dora_deployment_patch_request type: string x-enum-varnames: - DORA_DEPLOYMENT_PATCH_REQUEST DORADeploymentRequest: description: Request to create a DORA deployment event. properties: data: $ref: "#/components/schemas/DORADeploymentRequestData" required: - data type: object DORADeploymentRequestAttributes: description: Attributes to create a DORA deployment event. properties: custom_tags: $ref: "#/components/schemas/DORACustomTags" env: description: Environment name to where the service was deployed. example: staging type: string finished_at: description: Unix timestamp when the deployment finished. It must be in nanoseconds, milliseconds, or seconds. example: 1693491984000000000 format: int64 type: integer git: $ref: "#/components/schemas/DORAGitInfo" id: description: Deployment ID. Must be 16-128 characters and contain only alphanumeric characters, hyphens, underscores, periods, and colons (a-z, A-Z, 0-9, -, _, ., :). type: string service: description: Service name. example: shopist type: string started_at: description: Unix timestamp when the deployment started. It must be in nanoseconds, milliseconds, or seconds. example: 1693491974000000000 format: int64 type: integer team: description: Name of the team owning the deployed service. If not provided, this is automatically populated with the team associated with the service in the Service Catalog. example: backend type: string version: description: "Version to correlate with [APM Deployment Tracking](https://docs.datadoghq.com/tracing/services/deployment_tracking/)." example: v1.12.07 type: string required: - service - started_at - finished_at type: object DORADeploymentRequestData: description: The JSON:API data. properties: attributes: $ref: "#/components/schemas/DORADeploymentRequestAttributes" required: - attributes type: object DORADeploymentResponse: description: Response after receiving a DORA deployment event. properties: data: $ref: "#/components/schemas/DORADeploymentResponseData" required: - data type: object DORADeploymentResponseData: description: The JSON:API data. properties: id: description: The ID of the received DORA deployment event. example: 4242fcdd31586083 type: string type: $ref: "#/components/schemas/DORADeploymentType" required: - id type: object DORADeploymentType: default: dora_deployment description: JSON:API type for DORA deployment events. enum: - dora_deployment example: dora_deployment type: string x-enum-varnames: - DORA_DEPLOYMENT DORADeploymentsListResponse: description: Response for the list deployments endpoint. example: data: - attributes: custom_tags: - "language:java" - "department:engineering" - "region:us-east-1" env: "production" finished_at: 1693491984000000000 git: commit_sha: "66adc9350f2cc9b250b69abddab733dd55e1a588" repository_id: "github.com/organization/example-repository" service: "shopist" started_at: 1693491974000000000 team: "backend" version: "v1.12.07" id: "4242fcdd31586083" type: "dora_deployment" - attributes: custom_tags: - "language:go" - "department:platform" env: "production" finished_at: 1693492084000000000 git: commit_sha: "77bdc9350f2cc9b250b69abddab733dd55e1a599" repository_id: "github.com/organization/api-service" service: "api-service" started_at: 1693492074000000000 team: "backend" version: "v2.1.0" id: "4242fcdd31586084" type: "dora_deployment" properties: data: description: The list of DORA deployment events. items: $ref: "#/components/schemas/DORADeploymentObject" type: array type: object DORAFailureFetchResponse: description: Response for fetching a single incident event. properties: data: $ref: "#/components/schemas/DORAIncidentObject" type: object DORAFailureRequest: description: Request to create a DORA incident event. properties: data: $ref: "#/components/schemas/DORAFailureRequestData" required: - data type: object DORAFailureRequestAttributes: description: Attributes to create a DORA incident event. properties: custom_tags: $ref: "#/components/schemas/DORACustomTags" env: description: Environment name that was impacted by the incident. example: staging type: string finished_at: description: Unix timestamp when the incident finished. It must be in nanoseconds, milliseconds, or seconds. example: 1693491984000000000 format: int64 type: integer git: $ref: "#/components/schemas/DORAGitInfo" id: description: Incident ID. Must be 16-128 characters and contain only alphanumeric characters, hyphens, underscores, periods, and colons (a-z, A-Z, 0-9, -, _, ., :). type: string name: description: Incident name. example: Webserver is down failing all requests. type: string services: description: Service names impacted by the incident. If possible, use names registered in the Service Catalog. Required when the team field is not provided. example: [shopist] items: description: A service name impacted by the incident. type: string type: array severity: description: Incident severity. example: High type: string started_at: description: Unix timestamp when the incident started. It must be in nanoseconds, milliseconds, or seconds. example: 1693491974000000000 format: int64 type: integer team: description: Name of the team owning the services impacted. If possible, use team handles registered in Datadog. Required when the services field is not provided. example: backend type: string version: description: "Version to correlate with [APM Deployment Tracking](https://docs.datadoghq.com/tracing/services/deployment_tracking/)." example: v1.12.07 type: string required: - started_at type: object DORAFailureRequestData: description: The JSON:API data. properties: attributes: $ref: "#/components/schemas/DORAFailureRequestAttributes" required: - attributes type: object DORAFailureResponse: description: Response after receiving a DORA incident event. properties: data: $ref: "#/components/schemas/DORAFailureResponseData" required: - data type: object DORAFailureResponseData: description: Response after receiving a DORA incident event. properties: id: description: The ID of the received DORA incident event. example: 4242fcdd31586083 type: string type: $ref: "#/components/schemas/DORAFailureType" required: - id type: object DORAFailureType: default: dora_failure description: JSON:API type for DORA incident events. enum: - dora_failure example: dora_failure type: string x-enum-varnames: - DORA_FAILURE DORAFailuresListResponse: description: Response for the list incidents endpoint. example: data: - attributes: custom_tags: - "incident_type:database" - "department:engineering" env: "production" finished_at: 1693492274000000000 name: "Database outage" services: - "shopist" severity: "SEV-1" started_at: 1693492174000000000 team: "backend" id: "4242fcdd31586085" type: "dora_incident" - attributes: custom_tags: - "incident_type:service_down" - "department:platform" env: "production" finished_at: 1693492474000000000 name: "API service outage" services: - "api-service" - "payment-service" severity: "SEV-2" started_at: 1693492374000000000 team: "backend" id: "4242fcdd31586086" type: "dora_incident" properties: data: description: The list of DORA incident events. items: $ref: "#/components/schemas/DORAIncidentObject" type: array type: object DORAGitInfo: description: "Git info for DORA Metrics events." properties: commit_sha: $ref: "#/components/schemas/GitCommitSHA" repository_url: $ref: "#/components/schemas/GitRepositoryURL" required: - repository_url - commit_sha type: object DORAGitInfoResponse: description: "Git info returned by DORA Metrics events." properties: commit_sha: $ref: "#/components/schemas/GitCommitSHA" repository_id: $ref: "#/components/schemas/GitRepositoryID" required: - repository_id - commit_sha type: object DORAIncidentObject: description: A DORA incident event. example: attributes: custom_tags: - "incident_type:database" - "department:engineering" env: "production" finished_at: 1693492274000000000 git: commit_sha: "66adc9350f2cc9b250b69abddab733dd55e1a588" repository_url: "https://github.com/organization/example-repository" name: "Database outage" services: - "shopist" severity: "SEV-1" started_at: 1693492174000000000 team: "backend" id: "4242fcdd31586085" type: "dora_incident" properties: attributes: $ref: "#/components/schemas/DORAIncidentObjectAttributes" id: description: The ID of the incident event. type: string type: $ref: "#/components/schemas/DORAFailureType" type: object DORAIncidentObjectAttributes: description: The attributes of the incident event. properties: custom_tags: $ref: "#/components/schemas/DORACustomTags" env: description: Environment name that was impacted by the incident. example: production type: string finished_at: description: Unix timestamp when the incident finished. example: 1693491984000000000 format: int64 type: integer git: $ref: "#/components/schemas/DORAGitInfo" name: description: Incident name. example: Database outage type: string services: description: Service names impacted by the incident. example: ["shopist"] items: description: A service name impacted by the incident. type: string type: array severity: description: Incident severity. example: SEV-1 type: string started_at: description: Unix timestamp when the incident started. example: 1693491974000000000 format: int64 type: integer team: description: Name of the team owning the services impacted. example: backend type: string version: description: Version to correlate with APM Deployment Tracking. example: v1.12.07 type: string required: - started_at type: object DORAListDeploymentsRequest: description: Request to get a list of deployments. example: data: attributes: from: "2025-01-01T00:00:00Z" limit: 100 query: "service:(shopist OR api-service) env:production team:backend" sort: "-finished_at" to: "2025-01-31T23:59:59Z" type: "dora_deployments_list_request" properties: data: $ref: "#/components/schemas/DORAListDeploymentsRequestData" required: - data type: object DORAListDeploymentsRequestAttributes: description: Attributes to get a list of deployments. properties: from: description: Minimum timestamp for requested events. example: "2025-01-01T00:00:00Z" format: date-time type: string limit: default: 10 description: Maximum number of events in the response. example: 500 format: int32 maximum: 1000 type: integer query: description: Search query with event platform syntax. example: "service:(shopist OR api-service OR payment-service) env:(production OR staging) team:(backend OR platform)" type: string sort: description: Sort order (prefixed with `-` for descending). example: "-finished_at" type: string to: description: Maximum timestamp for requested events. example: "2025-01-31T23:59:59Z" format: date-time type: string type: object DORAListDeploymentsRequestData: description: The JSON:API data. example: attributes: from: "2025-01-15T08:00:00Z" limit: 200 query: "env:production service:payment-service version:*v2*" sort: "-finished_at" to: "2025-01-15T18:00:00Z" type: "dora_deployments_list_request" properties: attributes: $ref: "#/components/schemas/DORAListDeploymentsRequestAttributes" type: $ref: "#/components/schemas/DORAListDeploymentsRequestDataType" required: - attributes type: object DORAListDeploymentsRequestDataType: default: dora_deployments_list_request description: The definition of `DORAListDeploymentsRequestDataType` object. enum: - dora_deployments_list_request example: dora_deployments_list_request type: string x-enum-varnames: - DORA_DEPLOYMENTS_LIST_REQUEST DORAListFailuresRequest: description: Request to get a list of incidents. example: data: attributes: from: "2025-01-01T00:00:00Z" limit: 100 query: "severity:(SEV-1 OR SEV-2) env:production team:backend" sort: "-started_at" to: "2025-01-31T23:59:59Z" type: "dora_failures_list_request" properties: data: $ref: "#/components/schemas/DORAListFailuresRequestData" required: - data type: object DORAListFailuresRequestAttributes: description: Attributes to get a list of incidents. properties: from: description: Minimum timestamp for requested events. example: "2025-01-01T00:00:00Z" format: date-time type: string limit: default: 10 description: Maximum number of events in the response. example: 500 format: int32 maximum: 1000 type: integer query: description: Search query with event platform syntax. example: "severity:(SEV-1 OR SEV-2) env:(production OR staging) service:(shopist OR api-service OR payment-service) team:(backend OR platform OR payments)" type: string sort: description: Sort order (prefixed with `-` for descending). example: "-started_at" type: string to: description: Maximum timestamp for requested events. example: "2025-01-31T23:59:59Z" format: date-time type: string type: object DORAListFailuresRequestData: description: The JSON:API data. example: attributes: from: "2025-01-15T00:00:00Z" limit: 200 query: "severity:SEV-1 service:(api-service OR payment-service) env:production" sort: "-finished_at" to: "2025-01-15T23:59:59Z" type: "dora_failures_list_request" properties: attributes: $ref: "#/components/schemas/DORAListFailuresRequestAttributes" type: $ref: "#/components/schemas/DORAListFailuresRequestDataType" required: - attributes type: object DORAListFailuresRequestDataType: default: dora_failures_list_request description: The definition of `DORAListFailuresRequestDataType` object. enum: - dora_failures_list_request example: dora_failures_list_request type: string x-enum-varnames: - DORA_FAILURES_LIST_REQUEST DashboardListAddItemsRequest: description: Request containing a list of dashboards to add. properties: dashboards: description: List of dashboards to add the dashboard list. items: $ref: "#/components/schemas/DashboardListItemRequest" type: array type: object DashboardListAddItemsResponse: description: Response containing a list of added dashboards. properties: added_dashboards_to_list: description: List of dashboards added to the dashboard list. items: $ref: "#/components/schemas/DashboardListItemResponse" type: array type: object DashboardListDeleteItemsRequest: description: Request containing a list of dashboards to delete. properties: dashboards: description: List of dashboards to delete from the dashboard list. items: $ref: "#/components/schemas/DashboardListItemRequest" type: array type: object DashboardListDeleteItemsResponse: description: Response containing a list of deleted dashboards. properties: deleted_dashboards_from_list: description: List of dashboards deleted from the dashboard list. items: $ref: "#/components/schemas/DashboardListItemResponse" type: array type: object DashboardListItem: description: A dashboard within a list. properties: author: $ref: "#/components/schemas/Creator" created: description: Date of creation of the dashboard. format: date-time readOnly: true type: string icon: description: URL to the icon of the dashboard. nullable: true readOnly: true type: string id: description: ID of the dashboard. example: "q5j-nti-fv6" type: string integration_id: description: The short name of the integration. nullable: true readOnly: true type: string is_favorite: description: Whether or not the dashboard is in the favorites. readOnly: true type: boolean is_read_only: description: Whether or not the dashboard is read only. readOnly: true type: boolean is_shared: description: Whether the dashboard is publicly shared or not. readOnly: true type: boolean modified: description: Date of last edition of the dashboard. format: date-time readOnly: true type: string popularity: description: Popularity of the dashboard. format: int32 maximum: 5 readOnly: true type: integer tags: description: List of team names representing ownership of a dashboard. items: description: The name of a Datadog team, formatted as `team:` type: string maxItems: 5 nullable: true readOnly: true type: array title: description: Title of the dashboard. readOnly: true type: string type: $ref: "#/components/schemas/DashboardType" url: description: URL path to the dashboard. readOnly: true type: string required: - type - id type: object DashboardListItemRequest: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: "q5j-nti-fv6" type: string type: $ref: "#/components/schemas/DashboardType" required: - type - id type: object DashboardListItemResponse: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: "q5j-nti-fv6" readOnly: true type: string type: $ref: "#/components/schemas/DashboardType" required: - type - id type: object DashboardListItems: description: Dashboards within a list. properties: dashboards: description: List of dashboards in the dashboard list. example: [] items: $ref: "#/components/schemas/DashboardListItem" type: array total: description: Number of dashboards in the dashboard list. format: int64 readOnly: true type: integer required: - dashboards type: object DashboardListUpdateItemsRequest: description: Request containing the list of dashboards to update to. properties: dashboards: description: List of dashboards to update the dashboard list to. items: $ref: "#/components/schemas/DashboardListItemRequest" type: array type: object DashboardListUpdateItemsResponse: description: Response containing a list of updated dashboards. properties: dashboards: description: List of dashboards in the dashboard list. items: $ref: "#/components/schemas/DashboardListItemResponse" type: array type: object DashboardTriggerWrapper: description: "Schema for a Dashboard-based trigger." properties: dashboardTrigger: description: "Trigger a workflow from a Dashboard." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - dashboardTrigger type: object DashboardType: description: The type of the dashboard. enum: - custom_timeboard - custom_screenboard - integration_screenboard - integration_timeboard - host_timeboard example: host_timeboard type: string x-enum-varnames: - CUSTOM_TIMEBOARD - CUSTOM_SCREENBOARD - INTEGRATION_SCREENBOARD - INTEGRATION_TIMEBOARD - HOST_TIMEBOARD DataAttributesRulesItemsIfTagExists: description: The behavior when the tag already exists. enum: - append - do_not_apply - replace type: string x-enum-varnames: - APPEND - DO_NOT_APPLY - REPLACE DataAttributesRulesItemsMapping: description: The definition of `DataAttributesRulesItemsMapping` object. nullable: true properties: destination_key: description: The `mapping` `destination_key`. example: "" type: string if_not_exists: deprecated: true description: Deprecated. Use `if_tag_exists` instead. The `mapping` `if_not_exists`. type: boolean if_tag_exists: $ref: "#/components/schemas/DataAttributesRulesItemsIfTagExists" source_keys: description: The `mapping` `source_keys`. example: - "" items: description: A source key for the mapping rule. type: string type: array required: - destination_key - source_keys type: object DataDeletionResponseItem: description: The created data deletion request information. properties: attributes: $ref: "#/components/schemas/DataDeletionResponseItemAttributes" id: description: The ID of the created data deletion request. example: "1" type: string type: description: The type of the request created. example: "deletion_request" type: string required: - id - type - attributes type: object DataDeletionResponseItemAttributes: description: Deletion attribute for data deletion response. properties: created_at: description: Creation time of the deletion request. example: "2024-01-01T00:00:00.000000Z" type: string created_by: description: User who created the deletion request. example: "test.user@datadoghq.com" type: string from_time: description: Start of requested time window, milliseconds since Unix epoch. example: 1672527600000 format: int64 type: integer indexes: description: List of indexes for the search. If not provided, the search is performed in all indexes. example: ["test-index", "test-index-2"] items: description: Individual index. type: string type: array is_created: description: Whether the deletion request is fully created or not. It can take several minutes to fully create a deletion request depending on the target query and timeframe. example: true type: boolean org_id: description: Organization ID. example: 321813 format: int64 type: integer product: description: Product name. example: "logs" type: string query: description: Query for creating a data deletion request. example: "service:xyz host:abc" type: string starting_at: description: Starting time of the process to delete the requested data. example: "2024-01-01T02:00:00.000000Z" type: string status: description: Status of the deletion request. example: "pending" type: string to_time: description: End of requested time window, milliseconds since Unix epoch. example: 1704063600000 format: int64 type: integer total_unrestricted: description: Total number of elements to be deleted. Only the data accessible to the current user that matches the query and timeframe provided will be deleted. example: 100 format: int64 type: integer updated_at: description: Update time of the deletion request. example: "2024-01-01T00:00:00.000000Z" type: string required: - created_at - created_by - from_time - is_created - org_id - product - query - starting_at - status - to_time - total_unrestricted - updated_at type: object DataDeletionResponseMeta: description: The metadata of the data deletion response. properties: count_product: additionalProperties: format: int64 type: integer description: The total deletion requests created by product. example: {"logs": 8, "rum": 7} type: object count_status: additionalProperties: format: int64 type: integer description: The total deletion requests created by status. example: {"completed": 10, "pending": 5} type: object next_page: description: The next page when searching deletion requests created in the current organization. example: "cGFnZTI=" type: string product: description: The product of the deletion request. example: "logs" type: string request_status: description: The status of the executed request. example: "canceled" type: string type: object DataExportConfig: description: AWS Cost and Usage Report data export configuration. properties: bucket_name: description: Name of the S3 bucket where the Cost and Usage Report is stored. example: "billing" type: string bucket_region: description: AWS region of the S3 bucket. example: "us-east-1" type: string report_name: description: Name of the Cost and Usage Report. example: "cost-and-usage-report" type: string report_prefix: description: S3 prefix where the Cost and Usage Report is stored. example: "reports" type: string report_type: description: |- Type of the Cost and Usage Report. Currently only `CUR2.0` is supported. example: "CUR2.0" type: string required: - report_name - report_prefix - report_type - bucket_name - bucket_region type: object DataRelationshipsTeams: description: Associates teams with this schedule in a data structure. properties: data: description: An array of team references for this schedule. items: $ref: "#/components/schemas/DataRelationshipsTeamsDataItems" type: array type: object DataRelationshipsTeamsDataItems: description: |- Relates a team to this schedule, identified by `id` and `type` (must be `teams`). properties: id: description: The unique identifier of the team in this relationship. example: "00000000-da3a-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/DataRelationshipsTeamsDataItemsType" required: - type - id type: object DataRelationshipsTeamsDataItemsType: default: teams description: |- Teams resource type. enum: - teams example: teams type: string x-enum-varnames: - TEAMS DataScalarColumn: description: A column containing the numerical results for a formula or query. properties: meta: $ref: "#/components/schemas/ScalarMeta" name: description: The name referencing the formula or query for this column. example: a type: string type: $ref: "#/components/schemas/ScalarColumnTypeNumber" values: description: The array of numerical values for one formula or query. example: [0.5] items: description: An individual value for a given column and group-by. example: 0.5 format: double nullable: true type: number type: array type: object DataTransform: description: A data transformer, which is custom JavaScript code that executes and transforms data when its inputs change. properties: id: description: The ID of the data transformer. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string name: description: A unique identifier for this data transformer. This name is also used to access the transformer's result throughout the app. example: "combineTwoOrders" type: string properties: $ref: "#/components/schemas/DataTransformProperties" type: $ref: "#/components/schemas/DataTransformType" required: - id - name - type - properties type: object DataTransformProperties: description: The properties of the data transformer. properties: outputs: description: A JavaScript function that returns the transformed data. example: "${(() => {return {\n allItems: [...fetchOrder1.outputs.items, ...fetchOrder2.outputs.items],\n}})()}" type: string type: object DataTransformType: default: dataTransform description: The data transform type. enum: - dataTransform example: dataTransform type: string x-enum-varnames: - DATATRANSFORM DatabaseMonitoringTriggerWrapper: description: "Schema for a Database Monitoring-based trigger." properties: databaseMonitoringTrigger: description: "Trigger a workflow from Database Monitoring." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - databaseMonitoringTrigger type: object DatadogAPIKey: description: The definition of the `DatadogAPIKey` object. properties: api_key: description: The `DatadogAPIKey` `api_key`. example: "" type: string app_key: description: The `DatadogAPIKey` `app_key`. example: "" type: string datacenter: description: The `DatadogAPIKey` `datacenter`. example: "" type: string subdomain: description: Custom subdomain used for Datadog URLs generated with this Connection. For example, if this org uses `https://acme.datadoghq.com` to access Datadog, set this field to `acme`. If this field is omitted, generated URLs will use the default site URL for its datacenter (see [https://docs.datadoghq.com/getting_started/site](https://docs.datadoghq.com/getting_started/site)). type: string type: $ref: "#/components/schemas/DatadogAPIKeyType" required: - type - datacenter - api_key - app_key type: object DatadogAPIKeyType: description: The definition of the `DatadogAPIKey` object. enum: - DatadogAPIKey example: DatadogAPIKey type: string x-enum-varnames: - DATADOGAPIKEY DatadogAPIKeyUpdate: description: The definition of the `DatadogAPIKey` object. properties: api_key: description: The `DatadogAPIKeyUpdate` `api_key`. type: string app_key: description: The `DatadogAPIKeyUpdate` `app_key`. type: string datacenter: description: The `DatadogAPIKeyUpdate` `datacenter`. type: string subdomain: description: Custom subdomain used for Datadog URLs generated with this Connection. For example, if this org uses `https://acme.datadoghq.com` to access Datadog, set this field to `acme`. If this field is omitted, generated URLs will use the default site URL for its datacenter (see [https://docs.datadoghq.com/getting_started/site](https://docs.datadoghq.com/getting_started/site)). type: string type: $ref: "#/components/schemas/DatadogAPIKeyType" required: - type type: object DatadogCredentials: description: The definition of the `DatadogCredentials` object. oneOf: - $ref: "#/components/schemas/DatadogAPIKey" DatadogCredentialsUpdate: description: The definition of the `DatadogCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/DatadogAPIKeyUpdate" DatadogIntegration: description: The definition of the `DatadogIntegration` object. properties: credentials: $ref: "#/components/schemas/DatadogCredentials" type: $ref: "#/components/schemas/DatadogIntegrationType" required: - type - credentials type: object DatadogIntegrationType: description: The definition of the `DatadogIntegrationType` object. enum: - Datadog example: Datadog type: string x-enum-varnames: - DATADOG DatadogIntegrationUpdate: description: The definition of the `DatadogIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/DatadogCredentialsUpdate" type: $ref: "#/components/schemas/DatadogIntegrationType" required: - type type: object DatasetAttributesRequest: description: Dataset metadata and configurations. properties: name: description: Name of the dataset. example: "Security Audit Dataset" type: string principals: description: |- List of access principals, formatted as `principal_type:id`. Principal can be 'team' or 'role'. example: - "role:94172442-be03-11e9-a77a-3b7612558ac1" items: description: An access principal identifier formatted as `principal_type:id`. example: "role:94172442-be03-11e9-a77a-3b7612558ac1" type: string type: array product_filters: description: List of product-specific filters. items: $ref: "#/components/schemas/FiltersPerProduct" type: array required: - name - product_filters - principals type: object DatasetAttributesResponse: description: Dataset metadata and configuration(s). properties: created_at: description: Timestamp when the dataset was created. format: date-time nullable: true type: string created_by: description: Unique ID of the user who created the dataset. format: uuid type: string name: description: Name of the dataset. example: "Security Audit Dataset" type: string principals: description: |- List of access principals, formatted as `principal_type:id`. Principal can be 'team' or 'role'. example: - "role:86245fce-0a4e-11f0-92bd-da7ad0900002" items: description: An access principal identifier formatted as `principal_type:id`. example: "role:86245fce-0a4e-11f0-92bd-da7ad0900002" type: string type: array product_filters: description: List of product-specific filters. items: $ref: "#/components/schemas/FiltersPerProduct" type: array type: object DatasetCreateRequest: description: Create request for a dataset. properties: data: $ref: "#/components/schemas/DatasetRequest" required: - data type: object DatasetRequest: description: |- **Datasets Object Constraints** - **Tag limit per dataset**: - Each restricted dataset supports a maximum of 10 key:value pairs per product. - **Tag key rules per telemetry type**: - Only one tag key or attribute may be used to define access within a single telemetry type. - The same or different tag key may be used across different telemetry types. - **Tag value uniqueness**: - Tag values must be unique within a single dataset. - A tag value used in one dataset cannot be reused in another dataset of the same telemetry type. properties: attributes: $ref: "#/components/schemas/DatasetAttributesRequest" type: $ref: "#/components/schemas/DatasetType" required: - type - attributes type: object DatasetResponse: description: |- **Datasets Object Constraints** - **Tag Limit per Dataset**: - Each restricted dataset supports a maximum of 10 key:value pairs per product. - **Tag Key Rules per Telemetry Type**: - Only one tag key or attribute may be used to define access within a single telemetry type. - The same or different tag key may be used across different telemetry types. - **Tag Value Uniqueness**: - Tag values must be unique within a single dataset. - A tag value used in one dataset cannot be reused in another dataset of the same telemetry type. properties: attributes: $ref: "#/components/schemas/DatasetAttributesResponse" id: description: Unique identifier for the dataset. example: "123e4567-e89b-12d3-a456-426614174000" type: string type: $ref: "#/components/schemas/DatasetType" type: object DatasetResponseMulti: description: Response containing a list of datasets. properties: data: description: The list of datasets returned in response. items: $ref: "#/components/schemas/DatasetResponse" type: array type: object DatasetResponseSingle: description: Response containing a single dataset object. properties: data: $ref: "#/components/schemas/DatasetResponse" type: object DatasetType: default: dataset description: Resource type, always set to `dataset`. enum: - dataset example: dataset type: string x-enum-varnames: - DATASET DatasetUpdateRequest: description: Edit request for a dataset. properties: data: $ref: "#/components/schemas/DatasetRequest" required: - data type: object Datastore: description: A datastore's complete configuration and metadata. properties: data: $ref: "#/components/schemas/DatastoreData" type: object DatastoreArray: description: A collection of datastores returned by list operations. properties: data: description: An array of datastore objects containing their configurations and metadata. items: $ref: "#/components/schemas/DatastoreData" type: array required: - data type: object DatastoreAttributesPrimaryColumnName: description: >- The name of the primary key column for this datastore. Primary column names: - Must abide by both [PostgreSQL naming conventions](https://www.postgresql.org/docs/7.0/syntax525.htm) - Cannot exceed 63 characters example: "" maxLength: 63 type: string DatastoreData: description: Core information about a datastore, including its unique identifier and attributes. properties: attributes: $ref: "#/components/schemas/DatastoreDataAttributes" id: description: The unique identifier of the datastore. type: string type: $ref: "#/components/schemas/DatastoreDataType" required: - type type: object DatastoreDataAttributes: description: Detailed information about a datastore. properties: created_at: description: Timestamp when the datastore was created. format: date-time type: string creator_user_id: description: The numeric ID of the user who created the datastore. format: int64 type: integer creator_user_uuid: description: The UUID of the user who created the datastore. type: string description: description: A human-readable description about the datastore. type: string modified_at: description: Timestamp when the datastore was last modified. format: date-time type: string name: description: The display name of the datastore. type: string org_id: description: The ID of the organization that owns this datastore. format: int64 type: integer primary_column_name: $ref: "#/components/schemas/DatastoreAttributesPrimaryColumnName" primary_key_generation_strategy: $ref: "#/components/schemas/DatastorePrimaryKeyGenerationStrategy" type: object DatastoreDataType: default: datastores description: The resource type for datastores. enum: - datastores example: datastores type: string x-enum-varnames: - DATASTORES DatastoreItemConflictMode: description: How to handle conflicts when inserting items that already exist in the datastore. enum: - fail_on_conflict - overwrite_on_conflict example: overwrite_on_conflict type: string x-enum-varnames: - FAIL_ON_CONFLICT - OVERWRITE_ON_CONFLICT DatastoreItemValues: description: An array of items to add to the datastore, where each item is a set of key-value pairs representing the item's data. Up to 100 items can be updated in a single request. example: - data: "example data" key: "value" - data: "example data2" key: "value2" items: additionalProperties: {} description: A single item's data as key-value pairs. Key names cannot exceed 63 characters. type: object maxItems: 100 type: array DatastoreItemsDataType: default: items description: The resource type for datastore items. enum: - items example: items type: string x-enum-varnames: - ITEMS DatastorePrimaryKeyGenerationStrategy: description: Can be set to `uuid` to automatically generate primary keys when new items are added. Default value is `none`, which requires you to supply a primary key for each new item. enum: - none - uuid type: string x-enum-varnames: - NONE - UUID DatastoreTrigger: description: "Trigger a workflow from a Datastore. For automatic triggering a handle must be configured and the workflow must be published." properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object DatastoreTriggerWrapper: description: "Schema for a Datastore-based trigger." properties: datastoreTrigger: $ref: "#/components/schemas/DatastoreTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - datastoreTrigger type: object Date: description: Date as Unix timestamp in milliseconds. example: 1722439510282 format: int64 type: integer Degradation: description: Response object for a single degradation. properties: data: $ref: "#/components/schemas/DegradationData" included: description: The included related resources of a degradation. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/DegradationIncluded" type: array type: object DegradationArray: description: Response object for a list of degradations. properties: data: description: A list of degradation data objects. items: $ref: "#/components/schemas/DegradationData" type: array included: description: The included related resources of a degradation. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/DegradationIncluded" type: array meta: $ref: "#/components/schemas/PaginationMeta" required: - data type: object DegradationData: description: The data object for a degradation. properties: attributes: $ref: "#/components/schemas/DegradationDataAttributes" id: description: The ID of the degradation. format: uuid type: string relationships: $ref: "#/components/schemas/DegradationDataRelationships" type: $ref: "#/components/schemas/PatchDegradationRequestDataType" required: - type type: object DegradationDataAttributes: description: The attributes of a degradation. properties: components_affected: description: Components affected by the degradation. items: $ref: "#/components/schemas/DegradationDataAttributesComponentsAffectedItems" type: array created_at: description: Timestamp of when the degradation was created. format: date-time type: string description: description: Description of the degradation. type: string modified_at: description: Timestamp of when the degradation was last modified. format: date-time type: string source: $ref: "#/components/schemas/DegradationDataAttributesSource" status: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesStatus" title: description: Title of the degradation. type: string updates: description: Past updates made to the degradation. items: $ref: "#/components/schemas/DegradationDataAttributesUpdatesItems" type: array type: object DegradationDataAttributesComponentsAffectedItems: description: A component affected by a degradation. properties: id: description: The ID of the component. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/StatusPagesComponentDataAttributesStatus" required: - id - status type: object DegradationDataAttributesSource: description: The source of the degradation. properties: created_at: description: Timestamp of when the source was created. example: "" format: date-time type: string source_id: description: The ID of the source. example: "" type: string type: $ref: "#/components/schemas/DegradationDataAttributesSourceType" required: - created_at - source_id - type type: object DegradationDataAttributesSourceType: description: The type of the source. enum: - incident example: incident type: string x-enum-varnames: - INCIDENT DegradationDataAttributesUpdatesItems: description: A status update recorded during a degradation. properties: components_affected: description: The components affected at the time of the update. items: $ref: "#/components/schemas/DegradationDataAttributesUpdatesItemsComponentsAffectedItems" type: array created_at: description: Timestamp of when the update was created. format: date-time readOnly: true type: string description: description: Description of the update. type: string id: description: Identifier of the update. format: uuid readOnly: true type: string modified_at: description: Timestamp of when the update was last modified. format: date-time readOnly: true type: string started_at: description: Timestamp of when the update started. format: date-time type: string status: $ref: "#/components/schemas/CreateDegradationRequestDataAttributesStatus" type: object DegradationDataAttributesUpdatesItemsComponentsAffectedItems: description: A component affected at the time of a degradation update. properties: id: description: Identifier of the component affected at the time of the update. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component affected at the time of the update. readOnly: true type: string status: $ref: "#/components/schemas/StatusPagesComponentDataAttributesStatus" description: The status of the component affected at the time of the update. required: - id - status type: object DegradationDataRelationships: description: The relationships of a degradation. properties: created_by_user: $ref: "#/components/schemas/DegradationDataRelationshipsCreatedByUser" description: The Datadog user who created the degradation. last_modified_by_user: $ref: "#/components/schemas/DegradationDataRelationshipsLastModifiedByUser" description: The Datadog user who last modified the degradation. status_page: $ref: "#/components/schemas/DegradationDataRelationshipsStatusPage" description: The status page the degradation belongs to. type: object DegradationDataRelationshipsCreatedByUser: description: The Datadog user who created the degradation. properties: data: $ref: "#/components/schemas/DegradationDataRelationshipsCreatedByUserData" required: - data type: object DegradationDataRelationshipsCreatedByUserData: description: The data object identifying the Datadog user who created the degradation. properties: id: description: The ID of the Datadog user who created the degradation. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object DegradationDataRelationshipsLastModifiedByUser: description: The Datadog user who last modified the degradation. properties: data: $ref: "#/components/schemas/DegradationDataRelationshipsLastModifiedByUserData" required: - data type: object DegradationDataRelationshipsLastModifiedByUserData: description: The data object identifying the Datadog user who last modified the degradation. properties: id: description: The ID of the Datadog user who last modified the degradation. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object DegradationDataRelationshipsStatusPage: description: The status page the degradation belongs to. properties: data: $ref: "#/components/schemas/DegradationDataRelationshipsStatusPageData" required: - data type: object DegradationDataRelationshipsStatusPageData: description: The data object identifying the status page the degradation belongs to. properties: id: description: The ID of the status page. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPageDataType" required: - type - id type: object DegradationIncluded: description: An included resource related to a degradation or maintenance. oneOf: - $ref: "#/components/schemas/StatusPagesUser" - $ref: "#/components/schemas/StatusPageAsIncluded" DeleteAppResponse: description: The response object after an app is successfully deleted. properties: data: $ref: "#/components/schemas/DeleteAppResponseData" type: object DeleteAppResponseData: description: The definition of `DeleteAppResponseData` object. properties: id: description: The ID of the deleted app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDefinitionType" required: - id - type type: object DeleteAppsDatastoreItemRequest: description: Request to delete a specific item from a datastore by its primary key. properties: data: $ref: "#/components/schemas/DeleteAppsDatastoreItemRequestData" type: object DeleteAppsDatastoreItemRequestData: description: Data wrapper containing the information needed to identify and delete a specific datastore item. properties: attributes: $ref: "#/components/schemas/DeleteAppsDatastoreItemRequestDataAttributes" type: $ref: "#/components/schemas/DatastoreItemsDataType" required: - type type: object DeleteAppsDatastoreItemRequestDataAttributes: description: Attributes specifying which datastore item to delete by its primary key. properties: id: description: Optional unique identifier of the item to delete. example: "a7656bcc-51d4-4884-adf7-4d0d9a3e0633" type: string item_key: description: The primary key value that identifies the item to delete. Cannot exceed 256 characters. example: "primaryKey" maxLength: 256 type: string required: - item_key type: object DeleteAppsDatastoreItemResponse: description: Response from successfully deleting a datastore item. properties: data: $ref: "#/components/schemas/DeleteAppsDatastoreItemResponseData" type: object DeleteAppsDatastoreItemResponseArray: description: The definition of `DeleteAppsDatastoreItemResponseArray` object. properties: data: description: The `DeleteAppsDatastoreItemResponseArray` `data`. items: $ref: "#/components/schemas/DeleteAppsDatastoreItemResponseData" type: array required: - data type: object DeleteAppsDatastoreItemResponseData: description: Data containing the identifier of the datastore item that was successfully deleted. properties: id: description: The unique identifier of the item that was deleted. type: string type: $ref: "#/components/schemas/DatastoreItemsDataType" required: - type type: object DeleteAppsRequest: description: A request object for deleting multiple apps by ID. example: data: - id: aea2ed17-b45f-40d0-ba59-c86b7972c901 type: appDefinitions - id: f69bb8be-6168-4fe7-a30d-370256b6504a type: appDefinitions - id: ab1ed73e-13ad-4426-b0df-a0ff8876a088 type: appDefinitions properties: data: description: An array of objects containing the IDs of the apps to delete. items: $ref: "#/components/schemas/DeleteAppsRequestDataItems" type: array type: object DeleteAppsRequestDataItems: description: An object containing the ID of an app to delete. properties: id: description: The ID of the app to delete. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDefinitionType" required: - id - type type: object DeleteAppsResponse: description: The response object after multiple apps are successfully deleted. properties: data: description: An array of objects containing the IDs of the deleted apps. items: $ref: "#/components/schemas/DeleteAppsResponseDataItems" type: array type: object DeleteAppsResponseDataItems: description: An object containing the ID of a deleted app. properties: id: description: The ID of the deleted app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDefinitionType" required: - id - type type: object DeleteCustomFrameworkResponse: description: Response object to delete a custom framework. properties: data: $ref: "#/components/schemas/CustomFrameworkMetadata" required: - data type: object DeletedSuiteResponseData: description: Data object for a deleted Synthetic test suite. properties: attributes: $ref: "#/components/schemas/DeletedSuiteResponseDataAttributes" id: description: The public ID of the deleted Synthetic test suite. type: string type: $ref: "#/components/schemas/SyntheticsSuiteTypes" type: object DeletedSuiteResponseDataAttributes: description: Attributes of a deleted Synthetic test suite, including deletion timestamp and public ID. properties: deleted_at: description: Deletion timestamp of the Synthetic suite ID. type: string public_id: description: The Synthetic suite ID deleted. type: string type: object DeletedSuitesRequestDelete: description: Data object for a bulk delete Synthetic test suites request. properties: attributes: $ref: "#/components/schemas/DeletedSuitesRequestDeleteAttributes" id: description: An optional identifier for the delete request. type: string type: $ref: "#/components/schemas/DeletedSuitesRequestType" required: - attributes type: object DeletedSuitesRequestDeleteAttributes: description: Attributes for a bulk delete Synthetic test suites request. properties: force_delete_dependencies: description: Whether to force deletion of suites that have dependent resources. type: boolean public_ids: description: List of public IDs of the Synthetic test suites to delete. example: - "" items: description: The public ID of a Synthetic test suite to delete. type: string type: array required: - public_ids type: object DeletedSuitesRequestDeleteRequest: description: Request body for bulk deleting Synthetic test suites. properties: data: $ref: "#/components/schemas/DeletedSuitesRequestDelete" required: - data type: object DeletedSuitesRequestType: default: delete_suites_request description: Type for the bulk delete Synthetic suites request, `delete_suites_request`. enum: - delete_suites_request example: delete_suites_request type: string x-enum-varnames: - DELETE_SUITES_REQUEST DeletedSuitesResponse: description: Response containing the list of deleted Synthetic test suites. properties: data: description: List of deleted Synthetic suite data objects. items: $ref: "#/components/schemas/DeletedSuiteResponseData" type: array type: object DeletedTestResponseData: description: Data object for a deleted Synthetic test. properties: attributes: $ref: "#/components/schemas/DeletedTestResponseDataAttributes" id: description: The public ID of the deleted Synthetic test. type: string type: $ref: "#/components/schemas/DeletedTestsResponseType" type: object DeletedTestResponseDataAttributes: description: Attributes of a deleted Synthetic test, including deletion timestamp and public ID. properties: deleted_at: description: Deletion timestamp of the Synthetic test ID. type: string public_id: description: The Synthetic test ID deleted. type: string type: object DeletedTestsRequestDelete: description: Data object for a bulk delete Synthetic tests request. properties: attributes: $ref: "#/components/schemas/DeletedTestsRequestDeleteAttributes" id: description: An optional identifier for the delete request. type: string type: $ref: "#/components/schemas/DeletedTestsRequestType" required: - attributes type: object DeletedTestsRequestDeleteAttributes: description: Attributes for a bulk delete Synthetic tests request. properties: force_delete_dependencies: description: Whether to force deletion of tests that have dependent resources. type: boolean public_ids: description: List of public IDs of the Synthetic tests to delete. example: - abc-def-123 items: description: The public ID of a Synthetic test to delete. type: string type: array required: - public_ids type: object DeletedTestsRequestDeleteRequest: description: Request body for bulk deleting Synthetic tests. properties: data: $ref: "#/components/schemas/DeletedTestsRequestDelete" required: - data type: object DeletedTestsRequestType: default: delete_tests_request description: Type for the bulk delete Synthetic tests request, `delete_tests_request`. enum: - delete_tests_request example: delete_tests_request type: string x-enum-varnames: - DELETE_TESTS_REQUEST DeletedTestsResponse: description: Response containing the list of deleted Synthetic tests. properties: data: description: List of deleted Synthetic test data objects. items: $ref: "#/components/schemas/DeletedTestResponseData" type: array type: object DeletedTestsResponseType: default: delete_tests description: Type for the bulk delete Synthetic tests response, `delete_tests`. enum: - delete_tests example: delete_tests type: string x-enum-varnames: - DELETE_TESTS DependencyLocation: description: Static library vulnerability location. properties: column_end: description: Location column end. example: 140 format: int64 type: integer column_start: description: Location column start. example: 5 format: int64 type: integer file_name: description: Location file name. example: src/go.mod type: string line_end: description: Location line end. example: 10 format: int64 type: integer line_start: description: Location line start. example: 1 format: int64 type: integer required: - file_name - line_start - line_end - column_start - column_end type: object Deployment: description: The version of the app that was published. properties: attributes: $ref: "#/components/schemas/DeploymentAttributes" id: description: The deployment ID. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string meta: $ref: "#/components/schemas/DeploymentMetadata" type: $ref: "#/components/schemas/AppDeploymentType" type: object DeploymentAttributes: description: The attributes object containing the version ID of the published app. properties: app_version_id: description: The version ID of the app that was published. For an unpublished app, this is always the nil UUID (`00000000-0000-0000-0000-000000000000`). example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: object DeploymentGateDataType: description: Deployment gate resource type. enum: - deployment_gate example: deployment_gate type: string x-enum-varnames: - DEPLOYMENT_GATE DeploymentGateResponse: description: Response for a deployment gate. properties: data: $ref: "#/components/schemas/DeploymentGateResponseData" type: object DeploymentGateResponseData: description: Data for a deployment gate. properties: attributes: $ref: "#/components/schemas/DeploymentGateResponseDataAttributes" id: description: Unique identifier of the deployment gate. example: "1111-2222-3333-4444-555566667777" type: string type: $ref: "#/components/schemas/DeploymentGateDataType" required: - type - attributes - id type: object DeploymentGateResponseDataAttributes: description: Basic information about a deployment gate. properties: created_at: description: The timestamp when the deployment gate was created. example: "2021-01-01T00:00:00Z" format: date-time type: string created_by: $ref: "#/components/schemas/DeploymentGateResponseDataAttributesCreatedBy" dry_run: description: Whether this gate is run in dry-run mode. example: false type: boolean env: description: The environment of the deployment gate. example: "production" type: string identifier: description: The identifier of the deployment gate. example: "pre" type: string service: description: The service of the deployment gate. example: "my-service" type: string updated_at: description: The timestamp when the deployment gate was last updated. example: "2021-01-01T00:00:00Z" format: date-time type: string updated_by: $ref: "#/components/schemas/DeploymentGateResponseDataAttributesUpdatedBy" required: - created_at - created_by - dry_run - env - identifier - service type: object DeploymentGateResponseDataAttributesCreatedBy: description: Information about the user who created the deployment gate. properties: handle: description: The handle of the user who created the deployment rule. example: "test-user" type: string id: description: The ID of the user who created the deployment rule. example: "1111-2222-3333-4444-555566667777" type: string name: description: The name of the user who created the deployment rule. example: "Test User" type: string required: - id type: object DeploymentGateResponseDataAttributesUpdatedBy: description: Information about the user who updated the deployment gate. properties: handle: description: The handle of the user who updated the deployment rule. example: "test-user" type: string id: description: The ID of the user who updated the deployment rule. example: "1111-2222-3333-4444-555566667777" type: string name: description: The name of the user who updated the deployment rule. example: "Test User" type: string required: - id type: object DeploymentGateRulesResponse: description: Response for a deployment gate rules. properties: data: $ref: "#/components/schemas/ListDeploymentRuleResponseData" type: object DeploymentGatesEvaluationRequest: description: Request body for triggering a deployment gate evaluation. properties: data: $ref: "#/components/schemas/DeploymentGatesEvaluationRequestData" required: - data type: object DeploymentGatesEvaluationRequestAttributes: description: Attributes for a deployment gate evaluation request. properties: env: description: The environment of the deployment. example: "staging" type: string identifier: default: default description: The identifier of the deployment gate. Defaults to "default". example: "pre-deploy" type: string primary_tag: description: A primary tag to scope APM Faulty Deployment Detection rules. example: "region:us-east-1" type: string service: description: The service being deployed. example: "transaction-backend" type: string version: description: The version of the deployment. Required for APM Faulty Deployment Detection rules. example: "v1.2.3" type: string required: - env - service type: object DeploymentGatesEvaluationRequestData: description: Data for a deployment gate evaluation request. properties: attributes: $ref: "#/components/schemas/DeploymentGatesEvaluationRequestAttributes" type: $ref: "#/components/schemas/DeploymentGatesEvaluationRequestDataType" required: - type - attributes type: object DeploymentGatesEvaluationRequestDataType: default: deployment_gates_evaluation_request description: JSON:API type for a deployment gate evaluation request. enum: - deployment_gates_evaluation_request example: deployment_gates_evaluation_request type: string x-enum-varnames: - DEPLOYMENT_GATES_EVALUATION_REQUEST DeploymentGatesEvaluationResponse: description: Response for a deployment gate evaluation request. properties: data: $ref: "#/components/schemas/DeploymentGatesEvaluationResponseData" type: object DeploymentGatesEvaluationResponseAttributes: description: Attributes for a deployment gate evaluation response. properties: evaluation_id: description: The unique identifier of the gate evaluation. example: "e9d2f04f-4f4b-494b-86e5-52f03e10c8e9" type: string required: - evaluation_id type: object DeploymentGatesEvaluationResponseData: description: Data for a deployment gate evaluation response. properties: attributes: $ref: "#/components/schemas/DeploymentGatesEvaluationResponseAttributes" id: description: The unique identifier of the evaluation response. example: "e9d2f04f-4f4b-494b-86e5-52f03e10c8e9" format: uuid type: string type: $ref: "#/components/schemas/DeploymentGatesEvaluationResponseDataType" required: - type - attributes - id type: object DeploymentGatesEvaluationResponseDataType: default: deployment_gates_evaluation_response description: JSON:API type for a deployment gate evaluation response. enum: - deployment_gates_evaluation_response example: deployment_gates_evaluation_response type: string x-enum-varnames: - DEPLOYMENT_GATES_EVALUATION_RESPONSE DeploymentGatesEvaluationResultResponse: description: Response containing the result of a deployment gate evaluation. properties: data: $ref: "#/components/schemas/DeploymentGatesEvaluationResultResponseData" type: object DeploymentGatesEvaluationResultResponseAttributes: description: Attributes for a deployment gate evaluation result response. properties: dry_run: description: Whether the gate was evaluated in dry-run mode. example: false type: boolean evaluation_id: description: The unique identifier of the gate evaluation. example: "e9d2f04f-4f4b-494b-86e5-52f03e10c8e9" type: string evaluation_url: description: A URL to view the evaluation details in the Datadog UI. example: "https://app.datadoghq.com/ci/deployment-gates/evaluations?index=cdgates&query=level%3Agate+%40evaluation_id%3Ae9d2f04f-4f4b-494b-86e5-52f03e10c8e9" type: string gate_id: description: The unique identifier of the deployment gate. example: "e140302e-0cba-40d2-978c-6780647f8f1c" format: uuid type: string gate_status: $ref: "#/components/schemas/DeploymentGatesEvaluationResultResponseAttributesGateStatus" rules: description: The results of individual rule evaluations. items: $ref: "#/components/schemas/DeploymentGatesRuleResponse" type: array required: - dry_run - evaluation_id - evaluation_url - gate_id - gate_status - rules type: object DeploymentGatesEvaluationResultResponseAttributesGateStatus: description: |- The overall status of the gate evaluation. - `in_progress`: The evaluation is still running. - `pass`: All rules passed successfully and the deployment is allowed to proceed. - `fail`: One or more rules did not pass; the deployment should not proceed. enum: - in_progress - pass - fail example: "pass" type: string x-enum-varnames: - IN_PROGRESS - PASS - FAIL DeploymentGatesEvaluationResultResponseData: description: Data for a deployment gate evaluation result response. properties: attributes: $ref: "#/components/schemas/DeploymentGatesEvaluationResultResponseAttributes" id: description: The unique identifier of the evaluation. example: "e9d2f04f-4f4b-494b-86e5-52f03e10c8e9" type: string type: $ref: "#/components/schemas/DeploymentGatesEvaluationResultResponseDataType" required: - type - attributes - id type: object DeploymentGatesEvaluationResultResponseDataType: default: deployment_gates_evaluation_result_response description: JSON:API type for a deployment gate evaluation result response. enum: - deployment_gates_evaluation_result_response example: deployment_gates_evaluation_result_response type: string x-enum-varnames: - DEPLOYMENT_GATES_EVALUATION_RESULT_RESPONSE DeploymentGatesListResponse: description: Response containing a paginated list of deployment gates. properties: data: description: Array of deployment gates. items: $ref: "#/components/schemas/DeploymentGateResponseData" type: array meta: $ref: "#/components/schemas/DeploymentGatesListResponseMeta" type: object DeploymentGatesListResponseMeta: description: Metadata for a list of deployment gates response. properties: page: $ref: "#/components/schemas/DeploymentGatesListResponseMetaPage" type: object DeploymentGatesListResponseMetaPage: description: Pagination information for a list of deployment gates. properties: cursor: description: The cursor used for the current page. type: string next_cursor: description: The cursor to use to fetch the next page. This is absent when there are no more pages. type: string size: default: 50 description: The number of results per page. format: int64 maximum: 1000 minimum: 1 type: integer type: object DeploymentGatesRuleResponse: description: The result of a single rule evaluation. properties: dry_run: description: Whether this rule was evaluated in dry-run mode. example: false type: boolean name: description: The name of the rule. example: "Check service monitors" type: string reason: description: The reason for the rule result, if applicable. example: "One or more monitors in ALERT state" type: string status: $ref: "#/components/schemas/DeploymentGatesEvaluationResultResponseAttributesGateStatus" type: object DeploymentMetadata: description: Metadata object containing the publication creation information. properties: created_at: description: Timestamp of when the app was published. format: date-time type: string user_id: description: The ID of the user who published the app. format: int64 type: integer user_name: description: The name (or email address) of the user who published the app. type: string user_uuid: description: The UUID of the user who published the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: object DeploymentRelationship: description: Information pointing to the app's publication status. properties: data: $ref: "#/components/schemas/DeploymentRelationshipData" meta: $ref: "#/components/schemas/DeploymentMetadata" type: object DeploymentRelationshipData: description: Data object containing the deployment ID. properties: id: description: The deployment ID. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDeploymentType" type: object DeploymentRuleDataType: description: Deployment rule resource type. enum: - deployment_rule example: deployment_rule type: string x-enum-varnames: - DEPLOYMENT_RULE DeploymentRuleOptionsFaultyDeploymentDetection: additionalProperties: false description: Faulty deployment detection options for deployment rules. properties: duration: description: The duration for faulty deployment detection. example: 3600 format: int64 type: integer excluded_resources: description: Resources to exclude from faulty deployment detection. example: ["resource1", "resource2"] items: description: A resource name to exclude from faulty deployment detection. type: string type: array type: object DeploymentRuleOptionsMonitor: additionalProperties: false description: Monitor options for deployment rules. properties: duration: description: Seconds the monitor needs to stay in OK status for the rule to pass. example: 3600 format: int64 type: integer query: description: Monitors that match this query are evaluated. example: "service:my-service env:prod" type: string required: - query type: object DeploymentRuleResponse: description: Response for a deployment rule. properties: data: $ref: "#/components/schemas/DeploymentRuleResponseData" type: object DeploymentRuleResponseData: description: Data for a deployment rule. properties: attributes: $ref: "#/components/schemas/DeploymentRuleResponseDataAttributes" id: description: Unique identifier of the deployment rule. example: "1111-2222-3333-4444-555566667777" type: string type: $ref: "#/components/schemas/DeploymentRuleDataType" required: - type - attributes - id type: object DeploymentRuleResponseDataAttributes: description: Basic information about a deployment rule. properties: created_at: description: The timestamp when the deployment rule was created. example: "2021-01-01T00:00:00Z" format: date-time type: string created_by: $ref: "#/components/schemas/DeploymentRuleResponseDataAttributesCreatedBy" dry_run: description: Whether this rule is run in dry-run mode. example: false type: boolean gate_id: description: The ID of the deployment gate. example: "1111-2222-3333-4444-555566667777" type: string name: description: The name of the deployment rule. example: "My deployment rule" type: string options: $ref: "#/components/schemas/DeploymentRulesOptions" type: $ref: "#/components/schemas/DeploymentRuleResponseDataAttributesType" updated_at: description: The timestamp when the deployment rule was last updated. format: date-time type: string updated_by: $ref: "#/components/schemas/DeploymentRuleResponseDataAttributesUpdatedBy" required: - created_at - created_by - dry_run - gate_id - name - options - type type: object DeploymentRuleResponseDataAttributesCreatedBy: description: Information about the user who created the deployment rule. properties: handle: description: The handle of the user who created the deployment rule. example: "test-user" type: string id: description: The ID of the user who created the deployment rule. example: "1111-2222-3333-4444-555566667777" type: string name: description: The name of the user who created the deployment rule. example: "Test User" type: string required: - id type: object DeploymentRuleResponseDataAttributesType: description: The type of the deployment rule. enum: - faulty_deployment_detection - monitor example: faulty_deployment_detection type: string x-enum-varnames: - FAULTY_DEPLOYMENT_DETECTION - MONITOR DeploymentRuleResponseDataAttributesUpdatedBy: description: Information about the user who updated the deployment rule. properties: handle: description: The handle of the user who updated the deployment rule. example: "test-user" type: string id: description: The ID of the user who updated the deployment rule. example: "1111-2222-3333-4444-555566667777" type: string name: description: The name of the user who updated the deployment rule. example: "Test User" type: string required: - id type: object DeploymentRulesOptions: description: Options for deployment rule response representing either faulty deployment detection or monitor options. oneOf: - $ref: "#/components/schemas/DeploymentRuleOptionsFaultyDeploymentDetection" - $ref: "#/components/schemas/DeploymentRuleOptionsMonitor" DetachCaseRequest: description: Request for detaching security findings from their case. properties: data: $ref: "#/components/schemas/DetachCaseRequestData" type: object DetachCaseRequestData: description: Data for detaching security findings from their case. properties: relationships: $ref: "#/components/schemas/DetachCaseRequestDataRelationships" type: $ref: "#/components/schemas/CaseDataType" required: - type type: object DetachCaseRequestDataRelationships: description: Relationships detaching security findings from their case. properties: findings: $ref: "#/components/schemas/Findings" description: Security findings to detach from their case. required: - findings type: object DetailedFinding: description: A single finding with with message and resource configuration. properties: attributes: $ref: "#/components/schemas/DetailedFindingAttributes" id: $ref: "#/components/schemas/FindingID" type: $ref: "#/components/schemas/DetailedFindingType" type: object DetailedFindingAttributes: description: The JSON:API attributes of the detailed finding. properties: evaluation: $ref: "#/components/schemas/FindingEvaluation" evaluation_changed_at: $ref: "#/components/schemas/FindingEvaluationChangedAt" message: description: The remediation message for this finding. example: "## Remediation\n\n### From the console\n\n1. Go to Storage Account\n2. For each Storage Account, navigate to Data Protection\n3. Select Set soft delete enabled and enter the number of days to retain soft deleted data." type: string mute: $ref: "#/components/schemas/FindingMute" resource: $ref: "#/components/schemas/FindingResource" resource_configuration: description: The resource configuration for this finding. type: object resource_discovery_date: $ref: "#/components/schemas/FindingResourceDiscoveryDate" resource_type: $ref: "#/components/schemas/FindingResourceType" rule: $ref: "#/components/schemas/FindingRule" status: $ref: "#/components/schemas/FindingStatus" tags: $ref: "#/components/schemas/FindingTags" type: object DetailedFindingType: default: detailed_finding description: The JSON:API type for findings that have the message and resource configuration. enum: - detailed_finding example: detailed_finding type: string x-enum-varnames: ["DETAILED_FINDING"] DeviceAttributes: description: The device attributes properties: description: description: The device description example: a device monitored with NDM type: string device_type: description: The device type example: other type: string integration: description: The device integration example: snmp type: string interface_statuses: $ref: "#/components/schemas/DeviceAttributesInterfaceStatuses" ip_address: description: The device IP address example: 1.2.3.4 type: string location: description: The device location example: paris type: string model: description: The device model example: xx-123 type: string name: description: The device name example: example device type: string os_hostname: description: The device OS hostname type: string os_name: description: The device OS name example: example OS type: string os_version: description: The device OS version example: 1.0.2 type: string ping_status: description: The device ping status example: unmonitored type: string product_name: description: The device product name example: example device type: string serial_number: description: The device serial number example: X12345 type: string status: description: The device SNMP status example: ok type: string subnet: description: The device subnet example: 1.2.3.4/24 type: string sys_object_id: description: The device `sys_object_id` example: 1.3.6.1.4.1.99999 type: string tags: description: The list of device tags example: ["device_ip:1.2.3.4", "device_id:example:1.2.3.4"] items: description: A tag string in `key:value` format. type: string type: array vendor: description: The device vendor example: example vendor type: string version: description: The device version example: 1.2.3 type: string type: object DeviceAttributesInterfaceStatuses: description: Count of the device interfaces by status example: down: 1 "off": 2 up: 12 warning: 5 properties: down: description: The number of interfaces that are down format: int64 type: integer "off": description: The number of interfaces that are off format: int64 type: integer up: description: The number of interfaces that are up format: int64 type: integer warning: description: The number of interfaces that are in a warning state format: int64 type: integer type: object DevicesListData: description: The devices list data properties: attributes: $ref: "#/components/schemas/DeviceAttributes" id: description: The device ID example: example:1.2.3.4 type: string type: description: The type of the resource. The value should always be device. type: string type: object DnsMetricKey: description: The metric key for DNS metrics. enum: - dns_total_requests - dns_failures - dns_successful_responses - dns_failed_responses - dns_timeouts - dns_responses.nxdomain - dns_responses.servfail - dns_responses.other - dns_success_latency_percentile - dns_failure_latency_percentile type: string x-enum-descriptions: - The total number of DNS requests made by the client. - The total number of timeouts and errors in DNS requests. - The total number of successful DNS responses. - The total number of failed DNS responses. - The total number of DNS timeouts. - The total number of DNS responses with the NXDOMAIN error code. - The total number of DNS responses with the SERVFAIL error code. - The total number of DNS responses with other error codes. - The latency percentile for successful DNS responses. - The latency percentile for failed DNS responses. x-enum-varnames: - DNS_TOTAL_REQUESTS - DNS_FAILURES - DNS_SUCCESSFUL_RESPONSES - DNS_FAILED_RESPONSES - DNS_TIMEOUTS - DNS_RESPONSES_NXDOMAIN - DNS_RESPONSES_SERVFAIL - DNS_RESPONSES_OTHER - DNS_SUCCESS_LATENCY_PERCENTILE - DNS_FAILURE_LATENCY_PERCENTILE DomainAllowlist: description: The email domain allowlist for an org. properties: attributes: $ref: "#/components/schemas/DomainAllowlistAttributes" id: description: The unique identifier of the org. nullable: true type: string type: $ref: "#/components/schemas/DomainAllowlistType" required: - type type: object DomainAllowlistAttributes: description: The details of the email domain allowlist. properties: domains: description: The list of domains in the email domain allowlist. items: description: An email domain in the allowlist. type: string type: array enabled: description: Whether the email domain allowlist is enabled for the org. type: boolean type: object DomainAllowlistRequest: description: Request containing the desired email domain allowlist configuration. properties: data: $ref: "#/components/schemas/DomainAllowlist" required: - data type: object DomainAllowlistResponse: description: Response containing information about the email domain allowlist. properties: data: $ref: "#/components/schemas/DomainAllowlistResponseData" type: object DomainAllowlistResponseData: description: The email domain allowlist response for an org. properties: attributes: $ref: "#/components/schemas/DomainAllowlistResponseDataAttributes" id: description: The unique identifier of the org. nullable: true type: string type: $ref: "#/components/schemas/DomainAllowlistType" required: - type type: object DomainAllowlistResponseDataAttributes: description: The details of the email domain allowlist. properties: domains: description: The list of domains in the email domain allowlist. items: description: An email domain in the allowlist. type: string type: array enabled: description: Whether the email domain allowlist is enabled for the org. type: boolean type: object DomainAllowlistType: default: domain_allowlist description: Email domain allowlist allowlist type. enum: - domain_allowlist example: domain_allowlist type: string x-enum-varnames: - DOMAIN_ALLOWLIST DowntimeCreateRequest: description: Request for creating a downtime. properties: data: $ref: "#/components/schemas/DowntimeCreateRequestData" required: - data type: object DowntimeCreateRequestAttributes: description: Downtime details. properties: display_timezone: $ref: "#/components/schemas/DowntimeDisplayTimezone" message: $ref: "#/components/schemas/DowntimeMessage" monitor_identifier: $ref: "#/components/schemas/DowntimeMonitorIdentifier" mute_first_recovery_notification: $ref: "#/components/schemas/DowntimeMuteFirstRecoveryNotification" notify_end_states: $ref: "#/components/schemas/DowntimeNotifyEndStates" notify_end_types: $ref: "#/components/schemas/DowntimeNotifyEndTypes" schedule: $ref: "#/components/schemas/DowntimeScheduleCreateRequest" scope: $ref: "#/components/schemas/DowntimeScope" required: - scope - monitor_identifier type: object DowntimeCreateRequestData: description: Object to create a downtime. properties: attributes: $ref: "#/components/schemas/DowntimeCreateRequestAttributes" type: $ref: "#/components/schemas/DowntimeResourceType" required: - type - attributes type: object DowntimeDisplayTimezone: default: "UTC" description: |- The timezone in which to display the downtime's start and end times in Datadog applications. This is not used as an offset for scheduling. example: "America/New_York" nullable: true type: string DowntimeIncludedMonitorType: default: monitors description: Monitor resource type. enum: - monitors example: "monitors" type: string x-enum-varnames: - MONITORS DowntimeMessage: description: |- A message to include with notifications for this downtime. Email notifications can be sent to specific users by using the same `@username` notation as events. example: "Message about the downtime" nullable: true type: string DowntimeMeta: description: Pagination metadata returned by the API. properties: page: $ref: "#/components/schemas/DowntimeMetaPage" type: object DowntimeMetaPage: description: Object containing the total filtered count. properties: total_filtered_count: description: Total count of elements matched by the filter. format: int64 type: integer type: object DowntimeMonitorIdentifier: description: Monitor identifier for the downtime. oneOf: - $ref: "#/components/schemas/DowntimeMonitorIdentifierId" - $ref: "#/components/schemas/DowntimeMonitorIdentifierTags" DowntimeMonitorIdentifierId: additionalProperties: {} description: Object of the monitor identifier. properties: monitor_id: description: ID of the monitor to prevent notifications. example: 123 format: int64 type: integer required: - monitor_id type: object DowntimeMonitorIdentifierTags: additionalProperties: {} description: Object of the monitor tags. properties: monitor_tags: description: |- A list of monitor tags. For example, tags that are applied directly to monitors, not tags that are used in monitor queries (which are filtered by the scope parameter), to which the downtime applies. The resulting downtime applies to monitors that match **all** provided monitor tags. Setting `monitor_tags` to `[*]` configures the downtime to mute all monitors for the given scope. example: ["service:postgres", "team:frontend"] items: description: A list of monitor tags. example: "service:postgres" type: string minItems: 1 type: array required: - monitor_tags type: object DowntimeMonitorIncludedAttributes: description: Attributes of the monitor identified by the downtime. properties: name: description: The name of the monitor identified by the downtime. example: "A monitor name" type: string type: object DowntimeMonitorIncludedItem: description: Information about the monitor identified by the downtime. properties: attributes: $ref: "#/components/schemas/DowntimeMonitorIncludedAttributes" id: description: ID of the monitor identified by the downtime. example: 12345 format: int64 type: integer type: $ref: "#/components/schemas/DowntimeIncludedMonitorType" type: object DowntimeMuteFirstRecoveryNotification: description: If the first recovery notification during a downtime should be muted. example: false type: boolean DowntimeNotifyEndStateActions: description: Action that will trigger a monitor notification if the downtime is in the `notify_end_types` state. enum: - canceled - expired example: "canceled" type: string x-enum-varnames: - CANCELED - EXPIRED DowntimeNotifyEndStateTypes: description: State that will trigger a monitor notification when the `notify_end_types` action occurs. enum: - alert - no data - warn example: "alert" type: string x-enum-varnames: - ALERT - NO_DATA - WARN DowntimeNotifyEndStates: description: States that will trigger a monitor notification when the `notify_end_types` action occurs. example: ["alert", "warn"] items: $ref: "#/components/schemas/DowntimeNotifyEndStateTypes" type: array DowntimeNotifyEndTypes: description: Actions that will trigger a monitor notification if the downtime is in the `notify_end_types` state. example: ["canceled", "expired"] items: $ref: "#/components/schemas/DowntimeNotifyEndStateActions" type: array DowntimeRelationships: description: All relationships associated with downtime. properties: created_by: $ref: "#/components/schemas/DowntimeRelationshipsCreatedBy" monitor: $ref: "#/components/schemas/DowntimeRelationshipsMonitor" type: object DowntimeRelationshipsCreatedBy: description: The user who created the downtime. properties: data: $ref: "#/components/schemas/DowntimeRelationshipsCreatedByData" type: object DowntimeRelationshipsCreatedByData: description: Data for the user who created the downtime. nullable: true properties: id: description: User ID of the downtime creator. example: "00000000-0000-1234-0000-000000000000" type: string type: $ref: "#/components/schemas/UsersType" type: object DowntimeRelationshipsMonitor: description: The monitor identified by the downtime. properties: data: $ref: "#/components/schemas/DowntimeRelationshipsMonitorData" type: object DowntimeRelationshipsMonitorData: description: Data for the monitor. nullable: true properties: id: description: Monitor ID of the downtime. example: "12345" type: string type: $ref: "#/components/schemas/DowntimeIncludedMonitorType" type: object DowntimeResourceType: default: downtime description: Downtime resource type. enum: - downtime example: "downtime" type: string x-enum-varnames: - DOWNTIME DowntimeResponse: description: |- Downtiming gives you greater control over monitor notifications by allowing you to globally exclude scopes from alerting. Downtime settings, which can be scheduled with start and end times, prevent all alerting related to specified Datadog tags. properties: data: $ref: "#/components/schemas/DowntimeResponseData" included: description: Array of objects related to the downtime that the user requested. items: $ref: "#/components/schemas/DowntimeResponseIncludedItem" type: array type: object DowntimeResponseAttributes: description: Downtime details. properties: canceled: description: Time that the downtime was canceled. example: "2020-01-02T03:04:05.282979+0000" format: date-time nullable: true type: string created: description: Creation time of the downtime. example: "2020-01-02T03:04:05.282979+0000" format: date-time type: string display_timezone: $ref: "#/components/schemas/DowntimeDisplayTimezone" message: $ref: "#/components/schemas/DowntimeMessage" modified: description: Time that the downtime was last modified. example: "2020-01-02T03:04:05.282979+0000" format: date-time type: string monitor_identifier: $ref: "#/components/schemas/DowntimeMonitorIdentifier" mute_first_recovery_notification: $ref: "#/components/schemas/DowntimeMuteFirstRecoveryNotification" notify_end_states: $ref: "#/components/schemas/DowntimeNotifyEndStates" notify_end_types: $ref: "#/components/schemas/DowntimeNotifyEndTypes" schedule: $ref: "#/components/schemas/DowntimeScheduleResponse" scope: $ref: "#/components/schemas/DowntimeScope" status: $ref: "#/components/schemas/DowntimeStatus" type: object DowntimeResponseData: description: Downtime data. properties: attributes: $ref: "#/components/schemas/DowntimeResponseAttributes" id: description: The downtime ID. example: "00000000-0000-1234-0000-000000000000" type: string relationships: $ref: "#/components/schemas/DowntimeRelationships" type: $ref: "#/components/schemas/DowntimeResourceType" type: object DowntimeResponseIncludedItem: description: An object related to a downtime. oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/DowntimeMonitorIncludedItem" DowntimeScheduleCreateRequest: description: Schedule for the downtime. oneOf: - $ref: "#/components/schemas/DowntimeScheduleRecurrencesCreateRequest" - $ref: "#/components/schemas/DowntimeScheduleOneTimeCreateUpdateRequest" DowntimeScheduleCurrentDowntimeResponse: description: |- The most recent actual start and end dates for a recurring downtime. For a canceled downtime, this is the previously occurring downtime. For active downtimes, this is the ongoing downtime, and for scheduled downtimes it is the upcoming downtime. properties: end: description: The end of the current downtime. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string start: description: The start of the current downtime. example: 2020-01-02 03:04:00+00:00 format: date-time type: string type: object DowntimeScheduleOneTimeCreateUpdateRequest: additionalProperties: false description: A one-time downtime definition. properties: end: description: |- ISO-8601 Datetime to end the downtime. Must include a UTC offset of zero. If not provided, the downtime continues forever. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string start: description: |- ISO-8601 Datetime to start the downtime. Must include a UTC offset of zero. If not provided, the downtime starts the moment it is created. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string type: object DowntimeScheduleOneTimeResponse: description: A one-time downtime definition. properties: end: description: ISO-8601 Datetime to end the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string start: description: ISO-8601 Datetime to start the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time type: string required: - start type: object DowntimeScheduleRecurrenceCreateUpdateRequest: additionalProperties: {} description: An object defining the recurrence of the downtime. properties: duration: $ref: "#/components/schemas/DowntimeScheduleRecurrenceDuration" rrule: $ref: "#/components/schemas/DowntimeScheduleRecurrenceRrule" start: description: |- ISO-8601 Datetime to start the downtime. Must not include a UTC offset. If not provided, the downtime starts the moment it is created. example: 2020-01-02T03:04 nullable: true type: string required: - duration - rrule type: object DowntimeScheduleRecurrenceDuration: description: The length of the downtime. Must begin with an integer and end with one of 'm', 'h', d', or 'w'. example: 123d type: string DowntimeScheduleRecurrenceResponse: description: An RRULE-based recurring downtime. properties: duration: $ref: "#/components/schemas/DowntimeScheduleRecurrenceDuration" rrule: $ref: "#/components/schemas/DowntimeScheduleRecurrenceRrule" start: description: |- ISO-8601 Datetime to start the downtime. Must not include a UTC offset. If not provided, the downtime starts the moment it is created. example: 2020-01-02T03:04 type: string type: object DowntimeScheduleRecurrenceRrule: description: |- The `RRULE` standard for defining recurring events. For example, to have a recurring event on the first day of each month, set the type to `rrule` and set the `FREQ` to `MONTHLY` and `BYMONTHDAY` to `1`. Most common `rrule` options from the [iCalendar Spec](https://tools.ietf.org/html/rfc5545) are supported. **Note**: Attributes specifying the duration in `RRULE` are not supported (for example, `DTSTART`, `DTEND`, `DURATION`). More examples available in this [downtime guide](https://docs.datadoghq.com/monitors/guide/suppress-alert-with-downtimes/?tab=api). example: FREQ=MONTHLY;BYSETPOS=3;BYDAY=WE;INTERVAL=1 type: string DowntimeScheduleRecurrencesCreateRequest: description: A recurring downtime schedule definition. properties: recurrences: description: A list of downtime recurrences. items: $ref: "#/components/schemas/DowntimeScheduleRecurrenceCreateUpdateRequest" type: array timezone: default: UTC description: The timezone in which to schedule the downtime. example: America/New_York type: string required: - recurrences type: object DowntimeScheduleRecurrencesResponse: description: A recurring downtime schedule definition. properties: current_downtime: $ref: "#/components/schemas/DowntimeScheduleCurrentDowntimeResponse" recurrences: description: A list of downtime recurrences. items: $ref: "#/components/schemas/DowntimeScheduleRecurrenceResponse" maxItems: 5 minItems: 1 type: array timezone: default: UTC description: |- The timezone in which to schedule the downtime. This affects recurring start and end dates. Must match `display_timezone`. example: "America/New_York" type: string required: - recurrences type: object DowntimeScheduleRecurrencesUpdateRequest: additionalProperties: false description: A recurring downtime schedule definition. properties: recurrences: description: A list of downtime recurrences. items: $ref: "#/components/schemas/DowntimeScheduleRecurrenceCreateUpdateRequest" type: array timezone: default: UTC description: The timezone in which to schedule the downtime. example: America/New_York type: string type: object DowntimeScheduleResponse: description: |- The schedule that defines when the monitor starts, stops, and recurs. There are two types of schedules: one-time and recurring. Recurring schedules may have up to five RRULE-based recurrences. If no schedules are provided, the downtime will begin immediately and never end. oneOf: - $ref: "#/components/schemas/DowntimeScheduleRecurrencesResponse" - $ref: "#/components/schemas/DowntimeScheduleOneTimeResponse" DowntimeScheduleUpdateRequest: description: Schedule for the downtime. oneOf: - $ref: "#/components/schemas/DowntimeScheduleRecurrencesUpdateRequest" - $ref: "#/components/schemas/DowntimeScheduleOneTimeCreateUpdateRequest" DowntimeScope: description: |- The scope to which the downtime applies. Must follow the [common search syntax](https://docs.datadoghq.com/logs/explorer/search_syntax/). example: "env:(staging OR prod) AND datacenter:us-east-1" type: string DowntimeStatus: description: The current status of the downtime. enum: - active - canceled - ended - scheduled example: "active" type: string x-enum-varnames: - ACTIVE - CANCELED - ENDED - SCHEDULED DowntimeUpdateRequest: description: Request for editing a downtime. properties: data: $ref: "#/components/schemas/DowntimeUpdateRequestData" required: - data type: object DowntimeUpdateRequestAttributes: description: Attributes of the downtime to update. properties: display_timezone: $ref: "#/components/schemas/DowntimeDisplayTimezone" message: $ref: "#/components/schemas/DowntimeMessage" monitor_identifier: $ref: "#/components/schemas/DowntimeMonitorIdentifier" mute_first_recovery_notification: $ref: "#/components/schemas/DowntimeMuteFirstRecoveryNotification" notify_end_states: $ref: "#/components/schemas/DowntimeNotifyEndStates" notify_end_types: $ref: "#/components/schemas/DowntimeNotifyEndTypes" schedule: $ref: "#/components/schemas/DowntimeScheduleUpdateRequest" scope: $ref: "#/components/schemas/DowntimeScope" type: object DowntimeUpdateRequestData: description: Object to update a downtime. properties: attributes: $ref: "#/components/schemas/DowntimeUpdateRequestAttributes" id: description: ID of this downtime. example: "00000000-0000-1234-0000-000000000000" type: string type: $ref: "#/components/schemas/DowntimeResourceType" required: - id - type - attributes type: object EPSS: description: Vulnerability EPSS severity. properties: score: description: Vulnerability EPSS severity score. example: 0.2 format: double type: number severity: $ref: "#/components/schemas/VulnerabilitySeverity" required: - score - severity type: object Enabled: description: Field used to enable or disable the rule. example: true type: boolean EntityAttributes: description: Entity attributes. properties: apiVersion: description: The API version. type: string description: description: The description. type: string displayName: description: The display name. type: string kind: description: The kind. type: string name: description: The name. type: string namespace: description: The namespace. type: string owner: description: The owner. type: string tags: description: The tags. items: description: A tag string in the format key:value. type: string type: array type: object EntityData: description: Entity data. properties: attributes: $ref: "#/components/schemas/EntityAttributes" id: description: Entity ID. type: string meta: $ref: "#/components/schemas/EntityMeta" relationships: $ref: "#/components/schemas/EntityRelationships" type: description: Entity. type: string type: object EntityMeta: description: Entity metadata. properties: createdAt: description: The creation time. type: string ingestionSource: description: The ingestion source. type: string modifiedAt: description: The modification time. type: string origin: description: The origin. type: string type: object EntityRaw: description: Entity definition in raw JSON or YAML representation. example: |- apiVersion: v3 kind: service metadata: name: myservice type: string EntityReference: description: The unique reference for an IDP entity. example: "service:my-service" type: string EntityRelationships: description: Entity relationships. properties: incidents: $ref: "#/components/schemas/EntityToIncidents" oncall: $ref: "#/components/schemas/EntityToOncalls" rawSchema: $ref: "#/components/schemas/EntityToRawSchema" relatedEntities: $ref: "#/components/schemas/EntityToRelatedEntities" schema: $ref: "#/components/schemas/EntityToSchema" type: object EntityResponseArray: description: Response object containing an array of entity data items. properties: data: description: Array of entity response data items. items: $ref: "#/components/schemas/PreviewEntityResponseData" type: array required: - data type: object EntityResponseData: description: List of entity data. items: $ref: "#/components/schemas/EntityData" type: array EntityResponseDataAttributes: description: Entity response attributes containing core entity metadata fields. properties: apiVersion: description: The API version of the entity schema. type: string description: description: A short description of the entity. type: string displayName: description: The user-friendly display name of the entity. type: string kind: description: The kind of the entity (e.g. service, datastore, queue). type: string name: description: The unique name of the entity within its kind and namespace. type: string namespace: description: The namespace the entity belongs to. type: string owner: description: The owner of the entity, usually a team. type: string properties: additionalProperties: {} description: Additional custom properties for the entity. type: object tags: description: A set of custom tags assigned to the entity. items: description: A tag string in the format key:value. type: string type: array type: object EntityResponseDataRelationships: description: Entity relationships including incidents, oncalls, schemas, and related entities. properties: incidents: $ref: "#/components/schemas/EntityResponseDataRelationshipsIncidents" oncalls: $ref: "#/components/schemas/EntityResponseDataRelationshipsOncalls" rawSchema: $ref: "#/components/schemas/EntityResponseDataRelationshipsRawSchema" relatedEntities: $ref: "#/components/schemas/EntityResponseDataRelationshipsRelatedEntities" schema: $ref: "#/components/schemas/EntityResponseDataRelationshipsSchema" type: object EntityResponseDataRelationshipsIncidents: description: Incidents relationship containing a list of incident resources associated with this entity. properties: data: description: List of incident relationship data items. items: $ref: "#/components/schemas/EntityResponseDataRelationshipsIncidentsDataItems" type: array type: object EntityResponseDataRelationshipsIncidentsDataItems: description: Incident relationship data item containing the incident resource identifier and type. properties: id: description: Incident resource unique identifier. example: "" type: string type: $ref: "#/components/schemas/EntityResponseDataRelationshipsIncidentsDataItemsType" required: - type - id type: object EntityResponseDataRelationshipsIncidentsDataItemsType: default: incident description: Incident resource type. enum: - incident example: incident type: string x-enum-varnames: - INCIDENT EntityResponseDataRelationshipsOncalls: description: Oncalls relationship containing a list of oncall resources associated with this entity. properties: data: description: List of oncall relationship data items. items: $ref: "#/components/schemas/EntityResponseDataRelationshipsOncallsDataItems" type: array type: object EntityResponseDataRelationshipsOncallsDataItems: description: Oncall relationship data item containing the oncall resource identifier and type. properties: id: description: Oncall resource unique identifier. example: "" type: string type: $ref: "#/components/schemas/EntityResponseDataRelationshipsOncallsDataItemsType" required: - type - id type: object EntityResponseDataRelationshipsOncallsDataItemsType: default: oncall description: Oncall resource type. enum: - oncall example: oncall type: string x-enum-varnames: - ONCALL EntityResponseDataRelationshipsRawSchema: description: Raw schema relationship linking an entity to its raw schema resource. properties: data: $ref: "#/components/schemas/EntityResponseDataRelationshipsRawSchemaData" required: - data type: object EntityResponseDataRelationshipsRawSchemaData: description: Raw schema relationship data containing the raw schema resource identifier and type. properties: id: description: Raw schema unique identifier. example: "" type: string type: $ref: "#/components/schemas/EntityResponseDataRelationshipsRawSchemaDataType" required: - type - id type: object EntityResponseDataRelationshipsRawSchemaDataType: default: rawSchema description: Raw schema resource type. enum: - rawSchema example: rawSchema type: string x-enum-varnames: - RAWSCHEMA EntityResponseDataRelationshipsRelatedEntities: description: Related entities relationship containing a list of entity references related to this entity. properties: data: description: List of related entity relationship data items. items: $ref: "#/components/schemas/EntityResponseDataRelationshipsRelatedEntitiesDataItems" type: array type: object EntityResponseDataRelationshipsRelatedEntitiesDataItems: description: Related entity relationship data item containing the related entity resource identifier and type. properties: id: description: Related entity unique identifier. example: "" type: string type: $ref: "#/components/schemas/EntityResponseDataRelationshipsRelatedEntitiesDataItemsType" required: - type - id type: object EntityResponseDataRelationshipsRelatedEntitiesDataItemsType: default: relatedEntity description: Related entity resource type. enum: - relatedEntity example: relatedEntity type: string x-enum-varnames: - RELATEDENTITY EntityResponseDataRelationshipsSchema: description: Schema relationship linking an entity to its associated schema resource. properties: data: $ref: "#/components/schemas/EntityResponseDataRelationshipsSchemaData" required: - data type: object EntityResponseDataRelationshipsSchemaData: description: Schema relationship data containing the schema resource identifier and type. properties: id: description: Entity schema unique identifier. example: "" type: string type: $ref: "#/components/schemas/EntityResponseDataRelationshipsSchemaDataType" required: - type - id type: object EntityResponseDataRelationshipsSchemaDataType: default: schema description: Schema resource type. enum: - schema example: schema type: string x-enum-varnames: - SCHEMA EntityResponseDataType: default: entity description: Entity resource type. enum: - entity example: entity type: string x-enum-varnames: - ENTITY EntityResponseIncludedIncident: description: Included incident. properties: attributes: $ref: "#/components/schemas/EntityResponseIncludedRelatedIncidentAttributes" id: description: Incident ID. type: string type: $ref: "#/components/schemas/EntityResponseIncludedIncidentType" type: object EntityResponseIncludedIncidentType: description: Incident description. enum: - incident type: string x-enum-varnames: - INCIDENT EntityResponseIncludedOncall: description: Included oncall. properties: attributes: $ref: "#/components/schemas/EntityResponseIncludedRelatedOncallAttributes" id: description: Oncall ID. type: string type: $ref: "#/components/schemas/EntityResponseIncludedOncallType" type: object EntityResponseIncludedOncallType: description: Oncall type. enum: - oncall type: string x-enum-varnames: - ONCALL EntityResponseIncludedRawSchema: description: Included raw schema. properties: attributes: $ref: "#/components/schemas/EntityResponseIncludedRawSchemaAttributes" id: description: Raw schema ID. type: string type: $ref: "#/components/schemas/EntityResponseIncludedRawSchemaType" type: object EntityResponseIncludedRawSchemaAttributes: description: Included raw schema attributes. properties: rawSchema: description: Schema from user input in base64 encoding. type: string type: object EntityResponseIncludedRawSchemaType: description: Raw schema type. enum: - rawSchema type: string x-enum-varnames: - RAW_SCHEMA EntityResponseIncludedRelatedEntity: description: Included related entity. properties: attributes: $ref: "#/components/schemas/EntityResponseIncludedRelatedEntityAttributes" id: description: Entity UUID. type: string meta: $ref: "#/components/schemas/EntityResponseIncludedRelatedEntityMeta" type: $ref: "#/components/schemas/EntityResponseIncludedRelatedEntityType" type: object EntityResponseIncludedRelatedEntityAttributes: description: Related entity attributes. properties: kind: description: Entity kind. type: string name: description: Entity name. type: string namespace: description: Entity namespace. type: string type: description: Entity relation type to the associated entity. type: string type: object EntityResponseIncludedRelatedEntityMeta: description: Included related entity meta. properties: createdAt: description: Entity creation time. format: date-time type: string defined_by: description: Entity relation defined by. type: string modifiedAt: description: Entity modification time. format: date-time type: string source: description: Entity relation source. type: string type: object EntityResponseIncludedRelatedEntityType: description: Related entity. enum: - relatedEntity type: string x-enum-varnames: - RELATED_ENTITY EntityResponseIncludedRelatedIncidentAttributes: description: Incident attributes. properties: createdAt: description: Incident creation time. format: date-time type: string htmlURL: description: Incident URL. type: string provider: description: Incident provider. type: string status: description: Incident status. type: string title: description: Incident title. type: string type: object EntityResponseIncludedRelatedOncallAttributes: description: Included related oncall attributes. properties: escalations: $ref: "#/components/schemas/EntityResponseIncludedRelatedOncallEscalations" provider: description: Oncall provider. type: string type: object EntityResponseIncludedRelatedOncallEscalationItem: description: Oncall escalation. properties: email: description: Oncall email. type: string escalationLevel: description: Oncall level. format: int64 type: integer name: description: Oncall name. type: string type: object EntityResponseIncludedRelatedOncallEscalations: description: Oncall escalations. items: $ref: "#/components/schemas/EntityResponseIncludedRelatedOncallEscalationItem" type: array EntityResponseIncludedSchema: description: Included detail entity schema. properties: attributes: $ref: "#/components/schemas/EntityResponseIncludedSchemaAttributes" id: description: Entity ID. type: string type: $ref: "#/components/schemas/EntityResponseIncludedSchemaType" type: object EntityResponseIncludedSchemaAttributes: description: Included schema. properties: schema: $ref: "#/components/schemas/EntityV3" type: object EntityResponseIncludedSchemaType: description: Schema type. enum: - schema type: string x-enum-varnames: - SCHEMA EntityResponseMeta: description: Entity metadata. properties: count: description: Total entities count. format: int64 type: integer includeCount: description: Total included data count. format: int64 type: integer type: object EntityToIncidents: description: Entity to incidents relationship. properties: data: $ref: "#/components/schemas/RelationshipArray" type: object EntityToOncalls: description: Entity to oncalls relationship. properties: data: $ref: "#/components/schemas/RelationshipArray" type: object EntityToRawSchema: description: Entity to raw schema relationship. properties: data: $ref: "#/components/schemas/RelationshipItem" type: object EntityToRelatedEntities: description: Entity to related entities relationship. properties: data: $ref: "#/components/schemas/RelationshipArray" type: object EntityToSchema: description: Entity to detail schema relationship. properties: data: $ref: "#/components/schemas/RelationshipItem" type: object EntityV3: description: Entity schema v3. oneOf: - $ref: "#/components/schemas/EntityV3Service" - $ref: "#/components/schemas/EntityV3Datastore" - $ref: "#/components/schemas/EntityV3Queue" - $ref: "#/components/schemas/EntityV3System" - $ref: "#/components/schemas/EntityV3API" EntityV3API: additionalProperties: false description: Schema for API entities. properties: apiVersion: $ref: "#/components/schemas/EntityV3APIVersion" datadog: $ref: "#/components/schemas/EntityV3APIDatadog" extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: "#/components/schemas/EntityV3Integrations" kind: $ref: "#/components/schemas/EntityV3APIKind" metadata: $ref: "#/components/schemas/EntityV3Metadata" spec: $ref: "#/components/schemas/EntityV3APISpec" required: - apiVersion - kind - metadata type: object EntityV3APIDatadog: additionalProperties: false description: Datadog product integrations for the API entity. properties: codeLocations: $ref: "#/components/schemas/EntityV3DatadogCodeLocations" events: $ref: "#/components/schemas/EntityV3DatadogEvents" logs: $ref: "#/components/schemas/EntityV3DatadogLogs" performanceData: $ref: "#/components/schemas/EntityV3DatadogPerformance" pipelines: $ref: "#/components/schemas/EntityV3DatadogPipelines" type: object EntityV3APIKind: description: The definition of Entity V3 API Kind object. enum: - api example: api type: string x-enum-varnames: - API EntityV3APISpec: additionalProperties: false description: The definition of Entity V3 API Spec object. properties: implementedBy: description: Services which implemented the API. items: description: A service entity reference string. type: string type: array interface: $ref: "#/components/schemas/EntityV3APISpecInterface" lifecycle: description: The lifecycle state of the component. minLength: 1 type: string tier: description: The importance of the component. minLength: 1 type: string type: description: The type of API. type: string type: object EntityV3APISpecInterface: additionalProperties: false description: The API definition. oneOf: - $ref: "#/components/schemas/EntityV3APISpecInterfaceFileRef" - $ref: "#/components/schemas/EntityV3APISpecInterfaceDefinition" EntityV3APISpecInterfaceDefinition: additionalProperties: false description: The definition of `EntityV3APISpecInterfaceDefinition` object. properties: definition: description: The API definition. type: object type: object EntityV3APISpecInterfaceFileRef: additionalProperties: false description: The definition of `EntityV3APISpecInterfaceFileRef` object. properties: fileRef: description: The reference to the API definition file. type: string type: object EntityV3APIVersion: description: The version of the schema data that was used to populate this entity's data. This could be via the API, Terraform, or YAML file in a repository. The field is known as schema-version in the previous version. enum: - v3 - v2.2 - v2.1 - v2 example: v3 type: string x-enum-varnames: - V3 - V2_2 - V2_1 - V2 EntityV3DatadogCodeLocationItem: additionalProperties: false description: Code location item. properties: paths: description: The paths (glob) to the source code of the service. items: description: A glob pattern path to source code files. type: string type: array repositoryURL: description: The repository path of the source code of the entity. type: string type: object EntityV3DatadogCodeLocations: additionalProperties: false description: Schema for mapping source code locations to an entity. items: $ref: "#/components/schemas/EntityV3DatadogCodeLocationItem" type: array EntityV3DatadogEventItem: additionalProperties: false description: Events association item. properties: name: description: The name of the query. type: string query: description: The query to run. type: string type: object EntityV3DatadogEvents: additionalProperties: false description: Events associations. items: $ref: "#/components/schemas/EntityV3DatadogEventItem" type: array EntityV3DatadogIntegrationOpsgenie: additionalProperties: false description: An Opsgenie integration schema. properties: region: description: The region for the Opsgenie integration. minLength: 1 type: string serviceURL: description: The service URL for the Opsgenie integration. example: "https://www.opsgenie.com/service/shopping-cart" minLength: 1 type: string required: - serviceURL type: object EntityV3DatadogIntegrationPagerduty: additionalProperties: false description: A PagerDuty integration schema. properties: serviceURL: description: The service URL for the PagerDuty integration. example: "https://www.pagerduty.com/service-directory/Pshopping-cart" minLength: 1 type: string required: - serviceURL type: object EntityV3DatadogLogItem: additionalProperties: false description: Log association item. properties: name: description: The name of the query. type: string query: description: The query to run. type: string type: object EntityV3DatadogLogs: additionalProperties: false description: Logs association. items: $ref: "#/components/schemas/EntityV3DatadogLogItem" type: array EntityV3DatadogPerformance: additionalProperties: false description: Performance stats association. properties: tags: description: A list of APM entity tags that associates the APM Stats data with the entity. items: description: An APM tag string in the format key:value. type: string type: array type: object EntityV3DatadogPipelines: additionalProperties: false description: CI Pipelines association. properties: fingerprints: description: A list of CI Fingerprints that associate CI Pipelines with the entity. items: description: A CI pipeline fingerprint string. type: string type: array type: object EntityV3Datastore: additionalProperties: false description: Schema for datastore entities. properties: apiVersion: $ref: "#/components/schemas/EntityV3APIVersion" datadog: $ref: "#/components/schemas/EntityV3DatastoreDatadog" extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client side metadata. No Datadog features are affected by this field. type: object integrations: $ref: "#/components/schemas/EntityV3Integrations" kind: $ref: "#/components/schemas/EntityV3DatastoreKind" metadata: $ref: "#/components/schemas/EntityV3Metadata" spec: $ref: "#/components/schemas/EntityV3DatastoreSpec" required: - apiVersion - kind - metadata type: object EntityV3DatastoreDatadog: additionalProperties: false description: Datadog product integrations for the datastore entity. properties: events: $ref: "#/components/schemas/EntityV3DatadogEvents" logs: $ref: "#/components/schemas/EntityV3DatadogLogs" performanceData: $ref: "#/components/schemas/EntityV3DatadogPerformance" type: object EntityV3DatastoreKind: description: The definition of Entity V3 Datastore Kind object. enum: - datastore example: datastore type: string x-enum-varnames: - DATASTORE EntityV3DatastoreSpec: additionalProperties: false description: The definition of Entity V3 Datastore Spec object. properties: componentOf: description: A list of components the datastore is a part of items: description: A component entity reference string. type: string type: array lifecycle: description: The lifecycle state of the datastore. minLength: 1 type: string tier: description: The importance of the datastore. minLength: 1 type: string type: description: The type of datastore. type: string type: object EntityV3Integrations: additionalProperties: false description: A base schema for defining third-party integrations. properties: opsgenie: $ref: "#/components/schemas/EntityV3DatadogIntegrationOpsgenie" pagerduty: $ref: "#/components/schemas/EntityV3DatadogIntegrationPagerduty" type: object EntityV3Metadata: additionalProperties: false description: The definition of Entity V3 Metadata object. properties: additionalOwners: additionalProperties: false description: The additional owners of the entity, usually a team. items: $ref: "#/components/schemas/EntityV3MetadataAdditionalOwnersItems" type: array contacts: additionalProperties: false description: A list of contacts for the entity. items: $ref: "#/components/schemas/EntityV3MetadataContactsItems" type: array description: description: Short description of the entity. The UI can leverage the description for display. type: string displayName: description: User friendly name of the entity. The UI can leverage the display name for display. type: string id: description: A read-only globally unique identifier for the entity generated by Datadog. User supplied values are ignored. example: 4b163705-23c0-4573-b2fb-f6cea2163fcb minLength: 1 type: string inheritFrom: description: The entity reference from which to inherit metadata example: application:default/myapp type: string links: additionalProperties: false description: A list of links for the entity. items: $ref: "#/components/schemas/EntityV3MetadataLinksItems" type: array managed: additionalProperties: {} description: A read-only set of Datadog managed attributes generated by Datadog. User supplied values are ignored. type: object name: description: "Unique name given to an entity under the kind/namespace." example: myService minLength: 1 type: string namespace: description: "Namespace is a part of unique identifier. It has a default value of 'default'." example: default minLength: 1 type: string owner: description: The owner of the entity, usually a team. type: string tags: description: A set of custom tags. example: [this:tag, that:tag] items: description: A tag string in the format key:value. type: string type: array required: - name type: object EntityV3MetadataAdditionalOwnersItems: description: The definition of Entity V3 Metadata Additional Owners Items object. properties: name: description: Team name. example: "" type: string type: description: Team type. type: string required: - name type: object EntityV3MetadataContactsItems: additionalProperties: false description: The definition of Entity V3 Metadata Contacts Items object. properties: contact: description: Contact value. example: "https://slack/" type: string name: description: Contact name. minLength: 2 type: string type: description: Contact type. example: slack type: string required: - type - contact type: object EntityV3MetadataLinksItems: additionalProperties: false description: The definition of Entity V3 Metadata Links Items object. properties: name: description: Link name. example: mylink type: string provider: description: Link provider. type: string type: default: other description: Link type. example: link type: string url: description: Link URL. example: "https://mylink" type: string required: - name - type - url type: object EntityV3Queue: additionalProperties: false description: Schema for queue entities. properties: apiVersion: $ref: "#/components/schemas/EntityV3APIVersion" datadog: $ref: "#/components/schemas/EntityV3QueueDatadog" extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: "#/components/schemas/EntityV3Integrations" kind: $ref: "#/components/schemas/EntityV3QueueKind" metadata: $ref: "#/components/schemas/EntityV3Metadata" spec: $ref: "#/components/schemas/EntityV3QueueSpec" required: - apiVersion - kind - metadata type: object EntityV3QueueDatadog: additionalProperties: false description: Datadog product integrations for the datastore entity. properties: events: $ref: "#/components/schemas/EntityV3DatadogEvents" logs: $ref: "#/components/schemas/EntityV3DatadogLogs" performanceData: $ref: "#/components/schemas/EntityV3DatadogPerformance" type: object EntityV3QueueKind: description: The definition of Entity V3 Queue Kind object. enum: - queue example: queue type: string x-enum-varnames: - QUEUE EntityV3QueueSpec: additionalProperties: false description: The definition of Entity V3 Queue Spec object. properties: componentOf: description: A list of components the queue is a part of items: description: A component entity reference string. type: string type: array lifecycle: description: The lifecycle state of the queue. minLength: 1 type: string tier: description: The importance of the queue. minLength: 1 type: string type: description: The type of queue. type: string type: object EntityV3Service: additionalProperties: false description: Schema for service entities. properties: apiVersion: $ref: "#/components/schemas/EntityV3APIVersion" datadog: $ref: "#/components/schemas/EntityV3ServiceDatadog" extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: "#/components/schemas/EntityV3Integrations" kind: $ref: "#/components/schemas/EntityV3ServiceKind" metadata: $ref: "#/components/schemas/EntityV3Metadata" spec: $ref: "#/components/schemas/EntityV3ServiceSpec" required: - apiVersion - kind - metadata type: object EntityV3ServiceDatadog: additionalProperties: false description: Datadog product integrations for the service entity. properties: codeLocations: $ref: "#/components/schemas/EntityV3DatadogCodeLocations" events: $ref: "#/components/schemas/EntityV3DatadogEvents" logs: $ref: "#/components/schemas/EntityV3DatadogLogs" performanceData: $ref: "#/components/schemas/EntityV3DatadogPerformance" pipelines: $ref: "#/components/schemas/EntityV3DatadogPipelines" type: object EntityV3ServiceKind: description: The definition of Entity V3 Service Kind object. enum: - service example: service type: string x-enum-varnames: - SERVICE EntityV3ServiceSpec: additionalProperties: false description: The definition of Entity V3 Service Spec object. properties: componentOf: description: A list of components the service is a part of items: description: A component entity reference string. type: string type: array dependsOn: description: A list of components the service depends on. items: description: A component entity reference string. type: string type: array languages: description: The service's programming language. items: description: A programming language name. type: string type: array lifecycle: description: The lifecycle state of the component. minLength: 1 type: string tier: description: The importance of the component. minLength: 1 type: string type: description: The type of service. type: string type: object EntityV3System: additionalProperties: false description: Schema for system entities. properties: apiVersion: $ref: "#/components/schemas/EntityV3APIVersion" datadog: $ref: "#/components/schemas/EntityV3SystemDatadog" extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: "#/components/schemas/EntityV3Integrations" kind: $ref: "#/components/schemas/EntityV3SystemKind" metadata: $ref: "#/components/schemas/EntityV3Metadata" spec: $ref: "#/components/schemas/EntityV3SystemSpec" required: - apiVersion - kind - metadata type: object EntityV3SystemDatadog: additionalProperties: false description: Datadog product integrations for the service entity. properties: events: $ref: "#/components/schemas/EntityV3DatadogEvents" logs: $ref: "#/components/schemas/EntityV3DatadogLogs" performanceData: $ref: "#/components/schemas/EntityV3DatadogPerformance" pipelines: $ref: "#/components/schemas/EntityV3DatadogPipelines" type: object EntityV3SystemKind: description: The definition of Entity V3 System Kind object. enum: - system example: system type: string x-enum-varnames: - SYSTEM EntityV3SystemSpec: additionalProperties: false description: The definition of Entity V3 System Spec object. properties: components: description: A list of components belongs to the system. items: description: A component entity reference string. type: string type: array lifecycle: description: The lifecycle state of the component. minLength: 1 type: string tier: description: An entity reference to the owner of the component. minLength: 1 type: string type: object Environment: description: A feature flag environment resource. properties: attributes: $ref: "#/components/schemas/EnvironmentAttributes" id: description: The unique identifier of the environment. example: "550e8400-e29b-41d4-a716-446655440001" format: uuid type: string type: $ref: "#/components/schemas/CreateEnvironmentDataType" required: - id - type - attributes type: object EnvironmentAttributes: description: Attributes of an environment. properties: created_at: description: The timestamp when the environment was created. example: "2023-01-01T00:00:00Z" format: date-time type: string description: description: The description of the environment. example: "Test environment XYZ789" nullable: true type: string is_production: description: Indicates whether this is a production environment. example: false type: boolean key: description: The unique key of the environment. example: "env-search-term" type: string name: description: The name of the environment. example: "env-search-term" type: string queries: description: List of queries to define the environment scope. example: ["staging", "test"] items: description: A query string used to match the environment scope. type: string minItems: 1 type: array require_feature_flag_approval: description: Indicates whether feature flag changes require approval in this environment. example: false type: boolean updated_at: description: The timestamp when the environment was last updated. example: "2023-01-01T00:00:00Z" format: date-time type: string required: - name type: object EnvironmentResponse: description: Response containing an environment. properties: data: $ref: "#/components/schemas/Environment" required: - data type: object EnvironmentsPaginationMeta: description: Pagination metadata for environments. properties: page: $ref: "#/components/schemas/EnvironmentsPaginationMetaPage" type: object EnvironmentsPaginationMetaPage: description: Pagination metadata for environments list responses. properties: total_count: description: Total number of items. example: 10 format: int64 type: integer total_filtered_count: description: Total number of items matching the filter. example: 5 format: int64 type: integer type: object ErrorHandler: description: Used to handle errors in an action. properties: fallbackStepName: description: The `ErrorHandler` `fallbackStepName`. example: "" type: string retryStrategy: $ref: "#/components/schemas/RetryStrategy" required: - retryStrategy - fallbackStepName type: object Escalation: description: Represents an escalation policy step. properties: id: description: Unique identifier of the escalation step. type: string relationships: $ref: "#/components/schemas/EscalationRelationships" type: $ref: "#/components/schemas/EscalationType" required: - type type: object EscalationPolicy: description: "Represents a complete escalation policy response, including policy data and optionally included related resources." example: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 id: 00000000-aba1-0000-0000-000000000000 relationships: steps: data: - id: 00000000-aba1-0000-0000-000000000000 type: steps teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies included: - attributes: avatar: "" description: Team 1 description handle: team1 name: Team 1 id: 00000000-da3a-0000-0000-000000000000 type: teams - attributes: assignment: default escalate_after_seconds: 3600 id: 00000000-aba1-0000-0000-000000000000 relationships: targets: data: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules - id: 00000000-aba2-0000-0000-000000000000_previous type: schedule_target - id: 00000000-aba3-0000-0000-000000000000 type: teams type: steps - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules - attributes: position: previous id: 00000000-aba2-0000-0000-000000000000_previous relationships: schedule: data: id: 00000000-aba2-0000-0000-000000000000 type: schedules type: schedule_target - id: 00000000-aba3-0000-0000-000000000000 type: teams properties: data: $ref: "#/components/schemas/EscalationPolicyData" included: description: "Provides any included related resources, such as steps or targets, returned with the policy." items: $ref: "#/components/schemas/EscalationPolicyIncluded" type: array type: object EscalationPolicyCreateRequest: description: "Represents a request to create a new escalation policy, including the policy data." example: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 steps: - assignment: default escalate_after_seconds: 3600 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - config: schedule: position: previous id: 00000000-aba2-0000-0000-000000000000 type: schedules - id: 00000000-aba3-0000-0000-000000000000 type: teams - assignment: round-robin escalate_after_seconds: 3600 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-abb1-0000-0000-000000000000 type: users relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies properties: data: $ref: "#/components/schemas/EscalationPolicyCreateRequestData" required: - data type: object EscalationPolicyCreateRequestData: description: "Represents the data for creating an escalation policy, including its attributes, relationships, and resource type." properties: attributes: $ref: "#/components/schemas/EscalationPolicyCreateRequestDataAttributes" relationships: $ref: "#/components/schemas/EscalationPolicyCreateRequestDataRelationships" type: $ref: "#/components/schemas/EscalationPolicyCreateRequestDataType" required: - type - attributes type: object EscalationPolicyCreateRequestDataAttributes: description: "Defines the attributes for creating an escalation policy, including its description, name, resolution behavior, retries, and steps." properties: name: description: "Specifies the name for the new escalation policy." example: "On-Call Escalation Policy" minLength: 1 type: string resolve_page_on_policy_end: description: "Indicates whether the page is automatically resolved when the policy ends." type: boolean retries: description: "Specifies how many times the escalation sequence is retried if there is no response." format: int64 maximum: 10 minimum: 0 type: integer steps: description: "A list of escalation steps, each defining assignment, escalation timeout, and targets for the new policy." items: $ref: "#/components/schemas/EscalationPolicyCreateRequestDataAttributesStepsItems" maxItems: 10 minItems: 1 type: array required: - name - steps type: object EscalationPolicyCreateRequestDataAttributesStepsItems: description: "Defines a single escalation step within an escalation policy creation request. Contains assignment strategy, escalation timeout, and a list of targets." properties: assignment: $ref: "#/components/schemas/EscalationPolicyStepAttributesAssignment" escalate_after_seconds: description: "Defines how many seconds to wait before escalating to the next step." example: 3600 format: int64 maximum: 36000 minimum: 60 type: integer targets: description: "Specifies the collection of escalation targets for this step." example: - "users" items: $ref: "#/components/schemas/EscalationPolicyStepTarget" type: array required: - targets type: object EscalationPolicyCreateRequestDataRelationships: description: "Represents relationships in an escalation policy creation request, including references to teams." properties: teams: $ref: "#/components/schemas/DataRelationshipsTeams" type: object EscalationPolicyCreateRequestDataType: default: policies description: "Indicates that the resource is of type `policies`." enum: - policies example: policies type: string x-enum-varnames: - POLICIES EscalationPolicyData: description: "Represents the data for a single escalation policy, including its attributes, ID, relationships, and resource type." properties: attributes: $ref: "#/components/schemas/EscalationPolicyDataAttributes" id: description: "Specifies the unique identifier of the escalation policy." example: "ab000000-0000-0000-0000-000000000000" type: string relationships: $ref: "#/components/schemas/EscalationPolicyDataRelationships" type: $ref: "#/components/schemas/EscalationPolicyDataType" required: - type type: object EscalationPolicyDataAttributes: description: "Defines the main attributes of an escalation policy, such as its name and behavior on policy end." properties: name: description: "Specifies the name of the escalation policy." example: "On-Call Escalation Policy" minLength: 1 type: string resolve_page_on_policy_end: description: "Indicates whether the page is automatically resolved when the policy ends." type: boolean retries: description: "Specifies how many times the escalation sequence is retried if there is no response." format: int64 maximum: 10 minimum: 0 type: integer required: - name type: object EscalationPolicyDataRelationships: description: "Represents the relationships for an escalation policy, including references to steps and teams." properties: steps: $ref: "#/components/schemas/EscalationPolicyDataRelationshipsSteps" teams: $ref: "#/components/schemas/DataRelationshipsTeams" required: - steps type: object EscalationPolicyDataRelationshipsSteps: description: "Defines the relationship to a collection of steps within an escalation policy. Contains an array of step data references." properties: data: description: "An array of references to the steps defined in this escalation policy." items: $ref: "#/components/schemas/EscalationPolicyDataRelationshipsStepsDataItems" type: array type: object EscalationPolicyDataRelationshipsStepsDataItems: description: "Defines a relationship to a single step within an escalation policy. Contains the step's `id` and `type`." properties: id: description: "Specifies the unique identifier for the step resource." example: "00000000-aba1-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/EscalationPolicyDataRelationshipsStepsDataItemsType" required: - type - id type: object EscalationPolicyDataRelationshipsStepsDataItemsType: default: steps description: "Indicates that the resource is of type `steps`." enum: - steps example: steps type: string x-enum-varnames: - STEPS EscalationPolicyDataType: default: policies description: "Indicates that the resource is of type `policies`." enum: - policies example: policies type: string x-enum-varnames: - POLICIES EscalationPolicyIncluded: description: "Represents included related resources when retrieving an escalation policy, such as teams, steps, or targets." oneOf: - $ref: "#/components/schemas/EscalationPolicyStep" - $ref: "#/components/schemas/EscalationPolicyUser" - $ref: "#/components/schemas/ScheduleData" - $ref: "#/components/schemas/ConfiguredSchedule" - $ref: "#/components/schemas/TeamReference" EscalationPolicyStep: description: "Represents a single step in an escalation policy, including its attributes, relationships, and resource type." properties: attributes: $ref: "#/components/schemas/EscalationPolicyStepAttributes" id: description: "Specifies the unique identifier of this escalation policy step." type: string relationships: $ref: "#/components/schemas/EscalationPolicyStepRelationships" type: $ref: "#/components/schemas/EscalationPolicyStepType" required: - type type: object EscalationPolicyStepAttributes: description: "Defines attributes for an escalation policy step, such as assignment strategy and escalation timeout." properties: assignment: $ref: "#/components/schemas/EscalationPolicyStepAttributesAssignment" escalate_after_seconds: description: "Specifies how many seconds to wait before escalating to the next step." format: int64 type: integer type: object EscalationPolicyStepAttributesAssignment: description: "Specifies how this escalation step will assign targets (example `default` or `round-robin`)." enum: - default - round-robin type: string x-enum-varnames: - DEFAULT - ROUND_ROBIN EscalationPolicyStepRelationships: description: "Represents the relationship of an escalation policy step to its targets." properties: targets: $ref: "#/components/schemas/EscalationTargets" type: object EscalationPolicyStepTarget: description: "Defines a single escalation target within a step for an escalation policy creation request. Contains `id`, `type`, and optional `config`." properties: config: $ref: "#/components/schemas/EscalationPolicyStepTargetConfig" id: description: "Specifies the unique identifier for this target." example: "00000000-aba1-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/EscalationPolicyStepTargetType" type: object EscalationPolicyStepTargetConfig: description: "Configuration for an escalation target, such as schedule position." properties: schedule: $ref: "#/components/schemas/EscalationPolicyStepTargetConfigSchedule" type: object EscalationPolicyStepTargetConfigSchedule: description: "Schedule-specific configuration for an escalation target." properties: position: $ref: "#/components/schemas/ScheduleTargetPosition" type: object EscalationPolicyStepTargetType: description: "Specifies the type of escalation target (example `users`, `schedules`, or `teams`)." enum: - users - schedules - teams example: "users" type: string x-enum-varnames: - USERS - SCHEDULES - TEAMS EscalationPolicyStepType: default: steps description: "Indicates that the resource is of type `steps`." enum: - steps example: steps type: string x-enum-varnames: - STEPS EscalationPolicyUpdateRequest: description: "Represents a request to update an existing escalation policy, including the updated policy data." example: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: false retries: 2 steps: - assignment: default escalate_after_seconds: 3600 id: 00000000-aba1-0000-0000-000000000000 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules id: a3000000-0000-0000-0000-000000000000 relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies properties: data: $ref: "#/components/schemas/EscalationPolicyUpdateRequestData" required: - data type: object EscalationPolicyUpdateRequestData: description: "Represents the data for updating an existing escalation policy, including its ID, attributes, relationships, and resource type." properties: attributes: $ref: "#/components/schemas/EscalationPolicyUpdateRequestDataAttributes" id: description: "Specifies the unique identifier of the escalation policy being updated." example: "00000000-aba1-0000-0000-000000000000" type: string relationships: $ref: "#/components/schemas/EscalationPolicyUpdateRequestDataRelationships" type: $ref: "#/components/schemas/EscalationPolicyUpdateRequestDataType" required: - type - id - attributes type: object EscalationPolicyUpdateRequestDataAttributes: description: "Defines the attributes that can be updated for an escalation policy, such as description, name, resolution behavior, retries, and steps." properties: name: description: "Specifies the name of the escalation policy." example: "On-Call Escalation Policy" minLength: 1 type: string resolve_page_on_policy_end: description: "Indicates whether the page is automatically resolved when the policy ends." type: boolean retries: description: "Specifies how many times the escalation sequence is retried if there is no response." format: int64 maximum: 10 minimum: 0 type: integer steps: description: "A list of escalation steps, each defining assignment, escalation timeout, and targets." items: $ref: "#/components/schemas/EscalationPolicyUpdateRequestDataAttributesStepsItems" maxItems: 10 minItems: 1 type: array required: - name - steps type: object EscalationPolicyUpdateRequestDataAttributesStepsItems: description: "Defines a single escalation step within an escalation policy update request. Contains assignment strategy, escalation timeout, an optional step ID, and a list of targets." properties: assignment: $ref: "#/components/schemas/EscalationPolicyStepAttributesAssignment" escalate_after_seconds: description: "Defines how many seconds to wait before escalating to the next step." example: 3600 format: int64 maximum: 36000 minimum: 60 type: integer id: description: "Specifies the unique identifier of this step." example: "00000000-aba1-0000-0000-000000000000" type: string targets: description: "Specifies the collection of escalation targets for this step." items: $ref: "#/components/schemas/EscalationPolicyStepTarget" type: array required: - targets type: object EscalationPolicyUpdateRequestDataRelationships: description: "Represents relationships in an escalation policy update request, including references to teams." properties: teams: $ref: "#/components/schemas/DataRelationshipsTeams" type: object EscalationPolicyUpdateRequestDataType: default: policies description: "Indicates that the resource is of type `policies`." enum: - policies example: policies type: string x-enum-varnames: - POLICIES EscalationPolicyUser: description: Represents a user object in the context of an escalation policy, including their `id`, type, and basic attributes. properties: attributes: $ref: "#/components/schemas/EscalationPolicyUserAttributes" id: description: The unique user identifier. type: string type: $ref: "#/components/schemas/EscalationPolicyUserType" required: - type type: object EscalationPolicyUserAttributes: description: Provides basic user information for an escalation policy, including a name and email address. properties: email: description: The user's email address. example: "jane.doe@example.com" type: string name: description: The user's name. example: "Jane Doe" type: string status: $ref: "#/components/schemas/UserAttributesStatus" type: object EscalationPolicyUserType: default: users description: |- Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS EscalationRelationships: description: Contains the relationships of an escalation object, including its responders. properties: responders: $ref: "#/components/schemas/EscalationRelationshipsResponders" type: object EscalationRelationshipsResponders: description: Lists the users involved in a specific step of the escalation policy. properties: data: description: Array of user references assigned as responders for this escalation step. items: $ref: "#/components/schemas/EscalationRelationshipsRespondersDataItems" type: array type: object EscalationRelationshipsRespondersDataItems: description: Represents a user assigned to an escalation step. properties: id: description: Unique identifier of the user assigned to the escalation step. example: "" type: string type: $ref: "#/components/schemas/EscalationRelationshipsRespondersDataItemsType" required: - type - id type: object EscalationRelationshipsRespondersDataItemsType: default: users description: Represents the resource type for users assigned as responders in an escalation step. enum: - users example: users type: string x-enum-varnames: - USERS EscalationTarget: description: "Represents an escalation target, which can be a team, user, schedule, or configured schedule target." oneOf: - $ref: "#/components/schemas/TeamTarget" - $ref: "#/components/schemas/UserTarget" - $ref: "#/components/schemas/ScheduleTarget" - $ref: "#/components/schemas/ConfiguredScheduleTarget" EscalationTargets: description: "A list of escalation targets for a step" properties: data: description: The `EscalationTargets` `data`. items: $ref: "#/components/schemas/EscalationTarget" type: array type: object EscalationType: default: escalation_policy_steps description: Represents the resource type for individual steps in an escalation policy used during incident response. enum: - escalation_policy_steps example: escalation_policy_steps type: string x-enum-varnames: - ESCALATION_POLICY_STEPS Estimation: description: Recommended resource values for a Spark driver or executor, derived from recent real usage metrics. Used by SPA to propose more efficient pod sizing. properties: cpu: $ref: "#/components/schemas/Cpu" ephemeral_storage: description: Recommended ephemeral storage allocation (in MiB). Derived from job temporary storage patterns. format: int64 type: integer heap: description: Recommended JVM heap size (in MiB). format: int64 type: integer memory: description: Recommended total memory allocation (in MiB). Includes both heap and overhead. format: int64 type: integer overhead: description: Recommended JVM overhead (in MiB). Computed as total memory - heap. format: int64 type: integer type: object Event: description: The metadata associated with a request. properties: id: description: Event ID. example: "6509751066204996294" type: string name: description: The event name. type: string source_id: description: Event source ID. example: 36 format: int64 type: integer type: description: Event type. example: "error_tracking_alert" type: string type: object EventAttributes: description: Object description of attributes from your event. properties: aggregation_key: description: Aggregation key of the event. type: string date_happened: description: |- POSIX timestamp of the event. Must be sent as an integer (no quotation marks). Limited to events no older than 18 hours. format: int64 type: integer device_name: description: A device name. type: string duration: description: The duration between the triggering of the event and its recovery in nanoseconds. format: int64 type: integer event_object: description: The event title. example: "Did you hear the news today?" type: string evt: $ref: "#/components/schemas/Event" hostname: description: |- Host name to associate with the event. Any tags associated with the host are also applied to this event. type: string monitor: $ref: "#/components/schemas/MonitorType" monitor_groups: description: List of groups referred to in the event. items: description: Group referred to in the event. type: string nullable: true type: array monitor_id: description: ID of the monitor that triggered the event. When an event isn't related to a monitor, this field is empty. format: int64 nullable: true type: integer priority: $ref: "#/components/schemas/EventPriority" related_event_id: description: Related event ID. format: int64 type: integer service: description: Service that triggered the event. example: "datadog-api" type: string source_type_name: description: |- The type of event being posted. For example, `nagios`, `hudson`, `jenkins`, `my_apps`, `chef`, `puppet`, `git` or `bitbucket`. The list of standard source attribute values is [available here](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value). type: string sourcecategory: description: Identifier for the source of the event, such as a monitor alert, an externally-submitted event, or an integration. type: string status: $ref: "#/components/schemas/EventStatusType" tags: description: A list of tags to apply to the event. example: ["environment:test"] items: description: A tag. type: string type: array timestamp: description: POSIX timestamp of your event in milliseconds. example: 1652274265000 format: int64 type: integer title: description: The event title. example: "Oh boy!" type: string type: object EventCategory: description: |- Event category identifying the type of event. enum: - change - alert example: change type: string x-enum-varnames: - CHANGE - ALERT EventCreateRequest: description: An event object. properties: attributes: $ref: "#/components/schemas/EventPayload" type: $ref: "#/components/schemas/EventCreateRequestType" required: - type - attributes type: object EventCreateRequestPayload: description: Payload for creating an event. properties: data: $ref: "#/components/schemas/EventCreateRequest" required: - data type: object EventCreateRequestType: description: Entity type. enum: - event example: "event" type: string x-enum-varnames: - EVENT EventCreateResponse: description: Event object. properties: attributes: $ref: "#/components/schemas/EventCreateResponseAttributes" type: description: Entity type. example: "event" type: string type: object EventCreateResponseAttributes: description: Event attributes. properties: attributes: $ref: "#/components/schemas/EventCreateResponseAttributesAttributes" type: object EventCreateResponseAttributesAttributes: description: JSON object for category-specific attributes. properties: evt: $ref: "#/components/schemas/EventCreateResponseAttributesAttributesEvt" type: object EventCreateResponseAttributesAttributesEvt: description: JSON object of event system attributes. properties: id: deprecated: true description: |- Event identifier. This field is deprecated and will be removed in a future version. Use the `uid` field instead. type: string uid: description: |- A unique identifier for the event. You can use this identifier to query or reference the event. type: string type: object EventCreateResponsePayload: description: Event creation response. properties: data: $ref: "#/components/schemas/EventCreateResponse" links: $ref: "#/components/schemas/EventCreateResponsePayloadLinks" type: object EventCreateResponsePayloadLinks: description: |- Links to the event. properties: self: description: |- The URL of the event. This link is only functional when using the default subdomain. type: string type: object EventPayload: additionalProperties: false description: Event attributes. properties: aggregation_key: description: |- A string used for aggregation when [correlating](https://docs.datadoghq.com/service_management/events/correlation/) events. If you specify a key, events are deduplicated to alerts based on this key. Limited to 100 characters. example: "aggregation_key_123" maxLength: 100 minLength: 1 type: string attributes: $ref: "#/components/schemas/EventPayloadAttributes" category: $ref: "#/components/schemas/EventCategory" host: description: |- Host name to associate with the event. Any tags associated with the host are also applied to this event. Limited to 255 characters. example: "hostname" maxLength: 255 minLength: 1 type: string integration_id: $ref: "#/components/schemas/EventPayloadIntegrationId" message: description: |- Free formed text associated with the event. It's suggested to use `data.attributes.attributes.custom` for well-structured attributes. Limited to 4000 characters. example: "payment_processed feature flag has been enabled" maxLength: 4000 minLength: 1 type: string tags: description: |- A list of tags associated with the event. Maximum of 100 tags allowed. Refer to [Tags docs](https://docs.datadoghq.com/getting_started/tagging/). example: ["env:api_client_test"] items: description: A tag. maxLength: 200 minLength: 1 type: string maxItems: 100 minItems: 1 type: array timestamp: description: |- Timestamp when the event occurred. Must follow [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format. For example `"2017-01-15T01:30:15.010000Z"`. Defaults to the timestamp of receipt. Limited to values no older than 18 hours. type: string title: description: The title of the event. Limited to 500 characters. example: "payment_processed feature flag updated" maxLength: 500 minLength: 1 type: string required: - title - category - attributes type: object EventPayloadAttributes: description: |- JSON object for category-specific attributes. Schema is different per event category. oneOf: - $ref: "#/components/schemas/ChangeEventCustomAttributes" - $ref: "#/components/schemas/AlertEventCustomAttributes" EventPayloadIntegrationId: description: |- Integration ID sourced from integration manifests. enum: - custom-events example: "custom-events" type: string x-enum-varnames: - CUSTOM_EVENTS EventPriority: description: |- The priority of the event's monitor. For example, `normal` or `low`. enum: - normal - low example: "normal" nullable: true type: string x-enum-varnames: - NORMAL - LOW EventResponse: description: The object description of an event after being processed and stored by Datadog. properties: attributes: $ref: "#/components/schemas/EventResponseAttributes" id: description: the unique ID of the event. example: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" type: string type: $ref: "#/components/schemas/EventType" type: object EventResponseAttributes: description: The object description of an event response attribute. properties: attributes: $ref: "#/components/schemas/EventAttributes" message: description: The message of the event. type: string tags: description: An array of tags associated with the event. example: ["team:A"] items: description: The tag associated with the event. type: string type: array timestamp: description: The timestamp of the event. example: "2019-01-02T09:42:36.320Z" format: date-time type: string type: object EventStatusType: description: |- If an alert event is enabled, its status is one of the following: `failure`, `error`, `warning`, `info`, `success`, `user_update`, `recommendation`, or `snapshot`. enum: - failure - error - warning - info - success - user_update - recommendation - snapshot example: "info" type: string x-enum-varnames: - FAILURE - ERROR - WARNING - INFO - SUCCESS - USER_UPDATE - RECOMMENDATION - SNAPSHOT EventSystemAttributes: description: JSON object of event system attributes. properties: category: $ref: "#/components/schemas/EventSystemAttributesCategory" id: description: Event identifier. This field is deprecated and will be removed in a future version. Use the `uid` field instead. type: string integration_id: $ref: "#/components/schemas/EventSystemAttributesIntegrationId" source_id: description: The source type ID of the event. format: int64 type: integer uid: description: A unique identifier for the event. You can use this identifier to query or reference the event. type: string type: object EventSystemAttributesCategory: description: Event category identifying the type of event. enum: - change - alert example: "change" type: string x-enum-varnames: - CHANGE - ALERT EventSystemAttributesIntegrationId: description: Integration ID sourced from integration manifests. enum: - custom-events example: "custom-events" type: string x-enum-varnames: - CUSTOM_EVENTS EventType: default: event description: Type of the event. enum: - event example: "event" type: string x-enum-varnames: - EVENT EventsAggregation: default: count description: The type of aggregation that can be performed on events-based queries. enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg example: count type: string x-enum-varnames: - COUNT - CARDINALITY - PC75 - PC90 - PC95 - PC98 - PC99 - SUM - MIN - MAX - AVG EventsCompute: description: The instructions for what to compute for this query. properties: aggregation: $ref: "#/components/schemas/EventsAggregation" interval: description: Interval for compute in milliseconds. example: 60000 format: int64 type: integer metric: description: The "measure" attribute on which to perform the computation. type: string required: - aggregation type: object EventsDataSource: default: logs description: A data source that is powered by the Events Platform. enum: - logs - spans - network - rum - security_signals - profiles - audit - events - ci_tests - ci_pipelines - incident_analytics - product_analytics - on_call_events - dora example: logs type: string x-enum-varnames: - LOGS - SPANS - NETWORK - RUM - SECURITY_SIGNALS - PROFILES - AUDIT - EVENTS - CI_TESTS - CI_PIPELINES - INCIDENT_ANALYTICS - PRODUCT_ANALYTICS - ON_CALL_EVENTS - DORA EventsGroupBy: description: A dimension on which to split a query's results. properties: facet: description: The facet by which to split groups. example: "@error.type" type: string limit: default: 10 description: |- The maximum buckets to return for this group by. Note: at most 10000 buckets are allowed. If grouping by multiple facets, the product of limits must not exceed 10000. example: 10 format: int32 maximum: 10000 type: integer sort: $ref: "#/components/schemas/EventsGroupBySort" required: - facet type: object EventsGroupBySort: description: The dimension by which to sort a query's results. properties: aggregation: $ref: "#/components/schemas/EventsAggregation" metric: description: The metric's calculated value which should be used to define the sort order of a query's results. example: "@duration" type: string order: $ref: "#/components/schemas/QuerySortOrder" type: $ref: "#/components/schemas/EventsSortType" required: - aggregation type: object EventsListRequest: description: |- The object sent with the request to retrieve a list of events from your organization. properties: filter: $ref: "#/components/schemas/EventsQueryFilter" options: $ref: "#/components/schemas/EventsQueryOptions" page: $ref: "#/components/schemas/EventsRequestPage" sort: $ref: "#/components/schemas/EventsSort" type: object EventsListResponse: description: The response object with all events matching the request and pagination information. properties: data: description: An array of events matching the request. items: $ref: "#/components/schemas/EventResponse" type: array links: $ref: "#/components/schemas/EventsListResponseLinks" meta: $ref: "#/components/schemas/EventsResponseMetadata" type: object EventsListResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of results. Note that the request can also be made using the POST endpoint. example: "https://app.datadoghq.com/api/v2/events?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object EventsQueryFilter: description: The search and filter query settings. properties: from: default: "now-15m" description: |- The minimum time for the requested events. Supports date math and regular timestamps in milliseconds. example: "now-15m" type: string query: default: "*" description: The search query following the event search syntax. example: "service:web* AND @http.status_code:[200 TO 299]" type: string to: default: "now" description: |- The maximum time for the requested events. Supports date math and regular timestamps in milliseconds. example: "now" type: string type: object EventsQueryGroupBys: description: The list of facets on which to split results. items: $ref: "#/components/schemas/EventsGroupBy" type: array EventsQueryOptions: description: |- The global query options that are used. Either provide a timezone or a time offset but not both, otherwise the query fails. properties: timeOffset: description: The time offset to apply to the query in seconds. format: int64 type: integer timezone: default: "UTC" description: |- The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: "GMT" type: string type: object EventsRequestPage: description: Pagination settings. properties: cursor: description: The returned paging point to use to get the next results. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string limit: default: 10 description: The maximum number of logs in the response. example: 25 format: int32 maximum: 1000 type: integer type: object EventsResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: "#/components/schemas/EventsResponseMetadataPage" request_id: description: The identifier of the request. example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: description: The request status. example: "done" type: string warnings: description: |- A list of warnings (non-fatal errors) encountered. Partial results might be returned if warnings are present in the response. items: $ref: "#/components/schemas/EventsWarning" type: array type: object EventsResponseMetadataPage: description: Pagination attributes. properties: after: description: |- The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object EventsScalarQuery: description: >- An individual scalar query for logs, RUM, traces, CI pipelines, security signals, and other event-based data sources. Use this query type for any data source powered by the Events Platform. See the data_source field for the full list of supported sources. properties: compute: $ref: "#/components/schemas/EventsCompute" cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/EventsDataSource" group_by: $ref: "#/components/schemas/EventsQueryGroupBys" indexes: description: The indexes in which to search. example: ["main"] items: description: The unique index name. example: main type: string type: array name: description: The variable name for use in formulas. type: string search: $ref: "#/components/schemas/EventsSearch" required: - data_source - compute type: object EventsSearch: description: Configuration of the search/filter for an events query. properties: query: description: The search/filter string for an events query. example: "status:warn service:foo" type: string type: object EventsSort: description: The sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING EventsSortType: description: The type of sort to use on the calculated value. enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE EventsTimeseriesQuery: description: >- An individual timeseries query for logs, RUM, traces, CI pipelines, security signals, and other event-based data sources. Use this query type for any data source powered by the Events Platform. See the data_source field for the full list of supported sources. properties: compute: $ref: "#/components/schemas/EventsCompute" cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/EventsDataSource" group_by: $ref: "#/components/schemas/EventsQueryGroupBys" indexes: description: The indexes in which to search. example: ["main"] items: description: The unique index name. example: main type: string type: array name: description: The variable name for use in formulas. type: string search: $ref: "#/components/schemas/EventsSearch" required: - data_source - compute type: object EventsWarning: description: A warning message indicating something is wrong with the query. properties: code: description: A unique code for this type of warning. example: "unknown_index" type: string detail: description: A detailed explanation of this specific warning. example: "indexes: foo, bar" type: string title: description: A short human-readable summary of the warning. example: "One or several indexes are missing or invalid. Results hold data from the other indexes." type: string type: object ExposureRolloutStepRequest: description: Rollout step request payload. properties: exposure_ratio: description: The exposure ratio for this step. example: 0.5 format: double maximum: 1 minimum: 0 type: number grouped_step_index: description: Logical index grouping related steps. example: 1 format: int64 minimum: 0 type: integer id: description: The unique identifier of the progression step. example: "550e8400-e29b-41d4-a716-446655440040" format: uuid type: string interval_ms: description: Step duration in milliseconds. example: 3600000 format: int64 nullable: true type: integer is_pause_record: description: Whether this step represents a pause record. example: false type: boolean required: - exposure_ratio - is_pause_record - grouped_step_index type: object ExposureScheduleRequest: description: Progressive release request payload. properties: absolute_start_time: description: The absolute UTC start time for this schedule. example: "2025-06-13T12:00:00Z" format: date-time nullable: true type: string control_variant_id: description: The control variant ID used for experiment comparisons. example: "550e8400-e29b-41d4-a716-446655440012" nullable: true type: string control_variant_key: description: The control variant key used during creation workflows. example: "control" nullable: true type: string id: description: The unique identifier of the progressive rollout. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string rollout_options: $ref: "#/components/schemas/RolloutOptionsRequest" rollout_steps: description: Ordered progression steps for exposure. items: $ref: "#/components/schemas/ExposureRolloutStepRequest" minItems: 1 type: array required: - rollout_options - rollout_steps type: object FacetInfoRequest: description: Request body for retrieving facet value information for a specified attribute with optional filtering. example: data: attributes: facet_id: first_browser_name limit: 10 search: query: user_org_id:5001 AND first_country_code:US term_search: value: Chrome id: facet_info_request type: users_facet_info_request properties: data: $ref: "#/components/schemas/FacetInfoRequestData" type: object FacetInfoRequestData: description: The data object containing the resource type and attributes for the facet info request. properties: attributes: $ref: "#/components/schemas/FacetInfoRequestDataAttributes" id: description: Unique identifier for the facet info request resource. type: string type: $ref: "#/components/schemas/FacetInfoRequestDataType" required: - type type: object FacetInfoRequestDataAttributes: description: Attributes for the facet info request, specifying which facet to query and optional filters to apply. properties: facet_id: description: The identifier of the facet attribute to retrieve value information for. example: "" type: string limit: description: Maximum number of facet values to return in the response. example: 0 format: int64 type: integer search: $ref: "#/components/schemas/FacetInfoRequestDataAttributesSearch" term_search: $ref: "#/components/schemas/FacetInfoRequestDataAttributesTermSearch" required: - facet_id - limit type: object FacetInfoRequestDataAttributesSearch: description: Query-based search configuration for filtering the audience context when retrieving facet values. properties: query: description: The filter expression used to scope the audience from which facet values are retrieved. type: string type: object FacetInfoRequestDataAttributesTermSearch: description: Term-level search configuration for filtering facet values by an exact or partial term match. properties: value: description: The term string to match against facet values. type: string type: object FacetInfoRequestDataType: default: users_facet_info_request description: Users facet info request resource type. enum: - users_facet_info_request example: users_facet_info_request type: string x-enum-varnames: - USERS_FACET_INFO_REQUEST FacetInfoResponse: description: Response containing facet information for an attribute, including its distinct values and occurrence counts. example: data: attributes: result: values: - count: 4892 value: Chrome - count: 2341 value: Safari - count: 1567 value: Firefox - count: 892 value: Edge - count: 234 value: Opera id: facet_info_response type: users_facet_info properties: data: $ref: "#/components/schemas/FacetInfoResponseData" type: object FacetInfoResponseData: description: The data object containing the resource type and attributes for the facet info response. properties: attributes: $ref: "#/components/schemas/FacetInfoResponseDataAttributes" id: description: Unique identifier for the facet info response resource. type: string type: $ref: "#/components/schemas/FacetInfoResponseDataType" required: - type type: object FacetInfoResponseDataAttributes: description: Attributes of the facet info response, containing the facet result data. properties: result: $ref: "#/components/schemas/FacetInfoResponseDataAttributesResult" type: object FacetInfoResponseDataAttributesResult: description: The facet query result containing discrete value counts or a numeric range for the requested facet. properties: range: $ref: "#/components/schemas/FacetInfoResponseDataAttributesResultRange" values: description: List of discrete facet values with their occurrence counts. items: $ref: "#/components/schemas/FacetInfoResponseDataAttributesResultValuesItems" type: array type: object FacetInfoResponseDataAttributesResultRange: description: The numeric range of a facet attribute, representing the minimum and maximum observed values. properties: max: description: The maximum observed value for the numeric facet attribute. type: object min: description: The minimum observed value for the numeric facet attribute. type: object type: object FacetInfoResponseDataAttributesResultValuesItems: description: A single facet value with its occurrence count in the dataset. properties: count: description: The number of records that have this facet value. format: int64 type: integer value: description: The facet value (for example, a browser name or country code). type: string type: object FacetInfoResponseDataType: default: users_facet_info description: Users facet info resource type. enum: - users_facet_info example: users_facet_info type: string x-enum-varnames: - USERS_FACET_INFO FastlyAPIKey: description: The definition of the `FastlyAPIKey` object. properties: api_key: description: The `FastlyAPIKey` `api_key`. example: "" type: string type: $ref: "#/components/schemas/FastlyAPIKeyType" required: - type - api_key type: object FastlyAPIKeyType: description: The definition of the `FastlyAPIKey` object. enum: - FastlyAPIKey example: FastlyAPIKey type: string x-enum-varnames: - FASTLYAPIKEY FastlyAPIKeyUpdate: description: The definition of the `FastlyAPIKey` object. properties: api_key: description: The `FastlyAPIKeyUpdate` `api_key`. type: string type: $ref: "#/components/schemas/FastlyAPIKeyType" required: - type type: object FastlyAccounResponseAttributes: description: Attributes object of a Fastly account. properties: name: description: The name of the Fastly account. example: "test-name" type: string services: description: A list of services belonging to the parent account. items: $ref: "#/components/schemas/FastlyService" type: array required: - name type: object FastlyAccountCreateRequest: description: Payload schema when adding a Fastly account. properties: data: $ref: "#/components/schemas/FastlyAccountCreateRequestData" required: - data type: object FastlyAccountCreateRequestAttributes: description: Attributes object for creating a Fastly account. properties: api_key: description: The API key for the Fastly account. example: "ABCDEFG123" type: string name: description: The name of the Fastly account. example: "test-name" type: string services: description: A list of services belonging to the parent account. items: $ref: "#/components/schemas/FastlyService" type: array required: - api_key - name type: object FastlyAccountCreateRequestData: description: Data object for creating a Fastly account. properties: attributes: $ref: "#/components/schemas/FastlyAccountCreateRequestAttributes" type: $ref: "#/components/schemas/FastlyAccountType" required: - attributes - type type: object FastlyAccountResponse: description: The expected response schema when getting a Fastly account. properties: data: $ref: "#/components/schemas/FastlyAccountResponseData" type: object FastlyAccountResponseData: description: Data object of a Fastly account. properties: attributes: $ref: "#/components/schemas/FastlyAccounResponseAttributes" id: description: The ID of the Fastly account, a hash of the account name. example: "abc123" type: string type: $ref: "#/components/schemas/FastlyAccountType" required: - attributes - id - type type: object FastlyAccountType: default: fastly-accounts description: The JSON:API type for this API. Should always be `fastly-accounts`. enum: - fastly-accounts example: fastly-accounts type: string x-enum-varnames: - FASTLY_ACCOUNTS FastlyAccountUpdateRequest: description: Payload schema when updating a Fastly account. properties: data: $ref: "#/components/schemas/FastlyAccountUpdateRequestData" required: - data type: object FastlyAccountUpdateRequestAttributes: description: Attributes object for updating a Fastly account. properties: api_key: description: The API key of the Fastly account. example: "ABCDEFG123" type: string name: description: The name of the Fastly account. type: string type: object FastlyAccountUpdateRequestData: description: Data object for updating a Fastly account. properties: attributes: $ref: "#/components/schemas/FastlyAccountUpdateRequestAttributes" type: $ref: "#/components/schemas/FastlyAccountType" type: object FastlyAccountsResponse: description: The expected response schema when getting Fastly accounts. properties: data: description: The JSON:API data schema. items: $ref: "#/components/schemas/FastlyAccountResponseData" type: array type: object FastlyCredentials: description: The definition of the `FastlyCredentials` object. oneOf: - $ref: "#/components/schemas/FastlyAPIKey" FastlyCredentialsUpdate: description: The definition of the `FastlyCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/FastlyAPIKeyUpdate" FastlyIntegration: description: The definition of the `FastlyIntegration` object. properties: credentials: $ref: "#/components/schemas/FastlyCredentials" type: $ref: "#/components/schemas/FastlyIntegrationType" required: - type - credentials type: object FastlyIntegrationType: description: The definition of the `FastlyIntegrationType` object. enum: - Fastly example: Fastly type: string x-enum-varnames: - FASTLY FastlyIntegrationUpdate: description: The definition of the `FastlyIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/FastlyCredentialsUpdate" type: $ref: "#/components/schemas/FastlyIntegrationType" required: - type type: object FastlyService: description: The schema representation of a Fastly service. properties: id: description: The ID of the Fastly service example: 6abc7de6893AbcDe9fghIj type: string tags: description: A list of tags for the Fastly service. example: - myTag - myTag2:myValue items: description: A tag for the Fastly service. type: string type: array required: - id type: object FastlyServiceAttributes: description: Attributes object for Fastly service requests. properties: tags: description: A list of tags for the Fastly service. example: - myTag - myTag2:myValue items: description: A tag for the Fastly service. type: string type: array type: object FastlyServiceData: description: Data object for Fastly service requests. properties: attributes: $ref: "#/components/schemas/FastlyServiceAttributes" id: description: The ID of the Fastly service. example: "abc123" type: string type: $ref: "#/components/schemas/FastlyServiceType" required: - id - type type: object FastlyServiceRequest: description: Payload schema for Fastly service requests. properties: data: $ref: "#/components/schemas/FastlyServiceData" required: - data type: object FastlyServiceResponse: description: The expected response schema when getting a Fastly service. properties: data: $ref: "#/components/schemas/FastlyServiceData" type: object FastlyServiceType: default: fastly-services description: The JSON:API type for this API. Should always be `fastly-services`. enum: - fastly-services example: fastly-services type: string x-enum-varnames: - FASTLY_SERVICES FastlyServicesResponse: description: The expected response schema when getting Fastly services. properties: data: description: The JSON:API data schema. items: $ref: "#/components/schemas/FastlyServiceData" type: array type: object FeatureFlag: description: A feature flag resource. properties: attributes: $ref: "#/components/schemas/FeatureFlagAttributes" id: description: The unique identifier of the feature flag. example: "550e8400-e29b-41d4-a716-446655440000" format: uuid type: string type: $ref: "#/components/schemas/CreateFeatureFlagDataType" required: - id - type - attributes type: object FeatureFlagAttributes: description: Attributes of a feature flag. properties: archived_at: description: The timestamp when the feature flag was archived. example: "2023-01-01T00:00:00Z" format: date-time nullable: true type: string created_at: description: The timestamp when the feature flag was created. example: "2023-01-01T00:00:00Z" format: date-time type: string created_by: description: The ID of the user who created the feature flag. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string description: description: The description of the feature flag. example: "This is an example feature flag for demonstration" type: string distribution_channel: description: Distribution channel for the feature flag. example: "ALL" type: string feature_flag_environments: description: Environment-specific settings for the feature flag. items: $ref: "#/components/schemas/FeatureFlagEnvironment" type: array json_schema: description: JSON schema for validation when value_type is JSON. example: '{"type": "object", "properties": {"enabled": {"type": "boolean"}}}' nullable: true type: string key: description: The unique key of the feature flag. example: "feature-flag-abc123" type: string last_updated_by: description: The ID of the user who last updated the feature flag. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string name: description: The name of the feature flag. example: "Feature Flag ABC123" type: string require_approval: description: Indicates whether this feature flag requires approval for changes. example: false type: boolean staleness_status: description: Indicates the whether a feature flag is stale or not. example: "ACTIVE" type: string tags: description: Tags associated with the feature flag. example: [] items: description: A tag associated with the feature flag. type: string type: array updated_at: description: The timestamp when the feature flag was last updated. example: "2023-01-01T00:00:00Z" format: date-time type: string value_type: $ref: "#/components/schemas/ValueType" variants: description: The variants of the feature flag. items: $ref: "#/components/schemas/Variant" type: array required: - key - name - description - value_type - variants type: object FeatureFlagEnvironment: description: Environment-specific settings for a feature flag. properties: allocations: additionalProperties: {} description: Allocation metadata for this environment. nullable: true type: object default_allocation_key: description: The allocation key used for the default variant. example: "allocation-default-123abc" type: string default_variant_id: description: The ID of the default variant for this environment. example: "550e8400-e29b-41d4-a716-446655440002" nullable: true type: string environment_id: description: The ID of the environment. example: "550e8400-e29b-41d4-a716-446655440001" format: uuid type: string environment_name: description: The name of the environment. example: "env-search-term" type: string environment_queries: description: Queries that target this environment. example: - "test-feature-flag" - "env-search-term" items: description: A query string targeting the environment. type: string type: array is_production: description: Indicates whether the environment is production. example: false type: boolean override_allocation_key: description: The allocation key used for the override variant. example: "allocation-override-123abc" type: string override_variant_id: description: The ID of the override variant for this environment. example: "550e8400-e29b-41d4-a716-446655440003" nullable: true type: string pending_suggestion_id: description: Pending suggestion identifier, if approval is required. example: "550e8400-e29b-41d4-a716-446655440099" nullable: true type: string require_feature_flag_approval: description: Indicates whether feature flag changes require approval in this environment. example: false type: boolean status: $ref: "#/components/schemas/FeatureFlagStatus" required: - environment_id - status type: object FeatureFlagEnvironmentListItem: description: Environment-specific settings for a feature flag in list responses. properties: default_allocation_key: description: The allocation key used for the default variant. example: "allocation-default-123abc" type: string default_variant_id: description: The ID of the default variant for this environment. example: "550e8400-e29b-41d4-a716-446655440002" nullable: true type: string environment_id: description: The ID of the environment. example: "550e8400-e29b-41d4-a716-446655440001" format: uuid type: string environment_name: description: The name of the environment. example: "env-search-term" type: string environment_queries: description: Queries that target this environment. example: - "test-feature-flag" - "env-search-term" items: description: A query string targeting the environment. type: string type: array is_production: description: Indicates whether the environment is production. example: false type: boolean override_allocation_key: description: The allocation key used for the override variant. example: "allocation-override-123abc" type: string override_variant_id: description: The ID of the override variant for this environment. example: "550e8400-e29b-41d4-a716-446655440003" nullable: true type: string pending_suggestion_id: description: Pending suggestion identifier, if approval is required. example: "550e8400-e29b-41d4-a716-446655440099" nullable: true type: string require_feature_flag_approval: description: Indicates whether feature flag changes require approval in this environment. example: false type: boolean status: $ref: "#/components/schemas/FeatureFlagStatus" required: - environment_id - status type: object FeatureFlagListItem: description: A feature flag resource for list responses. properties: attributes: $ref: "#/components/schemas/FeatureFlagListItemAttributes" id: description: The unique identifier of the feature flag. example: "550e8400-e29b-41d4-a716-446655440000" format: uuid type: string type: $ref: "#/components/schemas/CreateFeatureFlagDataType" required: - id - type - attributes type: object FeatureFlagListItemAttributes: description: Attributes of a feature flag in list responses. properties: archived_at: description: The timestamp when the feature flag was archived. example: "2023-01-01T00:00:00Z" format: date-time nullable: true type: string created_at: description: The timestamp when the feature flag was created. example: "2023-01-01T00:00:00Z" format: date-time type: string created_by: description: The ID of the user who created the feature flag. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string description: description: The description of the feature flag. example: "This is an example feature flag for demonstration" type: string distribution_channel: description: Distribution channel for the feature flag. example: "ALL" type: string feature_flag_environments: description: Environment-specific settings for the feature flag. items: $ref: "#/components/schemas/FeatureFlagEnvironmentListItem" type: array json_schema: description: JSON schema for validation when value_type is JSON. example: '{"type": "object", "properties": {"enabled": {"type": "boolean"}}}' nullable: true type: string key: description: The unique key of the feature flag. example: "feature-flag-abc123" type: string last_updated_by: description: The ID of the user who last updated the feature flag. example: "550e8400-e29b-41d4-a716-446655440010" format: uuid type: string name: description: The name of the feature flag. example: "Feature Flag ABC123" type: string require_approval: description: Indicates whether this feature flag requires approval for changes. example: false type: boolean staleness_status: description: Indicates the staleness status of the feature flag. example: "ACTIVE" type: string tags: description: Tags associated with the feature flag. example: [] items: description: A tag associated with the feature flag. type: string type: array updated_at: description: The timestamp when the feature flag was last updated. example: "2023-01-01T00:00:00Z" format: date-time type: string value_type: $ref: "#/components/schemas/ValueType" variants: description: The variants of the feature flag. items: $ref: "#/components/schemas/Variant" type: array required: - key - name - description - value_type - variants type: object FeatureFlagResponse: description: Response containing a feature flag. properties: data: $ref: "#/components/schemas/FeatureFlag" required: - data type: object FeatureFlagStatus: description: The status of a feature flag in an environment. enum: - ENABLED - DISABLED example: "ENABLED" type: string x-enum-varnames: - ENABLED - DISABLED FeatureFlagsPaginationMeta: description: Pagination metadata for feature flags. properties: page: $ref: "#/components/schemas/FeatureFlagsPaginationMetaPage" type: object FeatureFlagsPaginationMetaPage: description: Pagination metadata for feature flags list responses. properties: total_count: description: Total number of items. example: 100 format: int64 type: integer total_filtered_count: description: Total number of items matching the filter. example: 25 format: int64 type: integer type: object FiltersPerProduct: description: Product-specific filters for the dataset. properties: filters: description: |- Defines the list of tag-based filters used to restrict access to telemetry data for a specific product. These filters act as access control rules. Each filter must follow the tag query syntax used by Datadog (such as `@tag.key:value`), and only one tag or attribute may be used to define the access strategy per telemetry type. example: - "@application.id:ABCD" items: description: A tag-based filter expression using Datadog tag query syntax. example: "@application.id:ABCD" type: string type: array product: description: |- Name of the product the dataset is for. Possible values are 'apm', 'rum', 'metrics', 'logs', 'error_tracking', 'cloud_cost', and 'sd_repoinfo'. example: "logs" type: string required: - product - filters type: object Finding: description: A single finding without the message and resource configuration. properties: attributes: $ref: "#/components/schemas/FindingAttributes" id: $ref: "#/components/schemas/FindingID" type: $ref: "#/components/schemas/FindingType" type: object FindingAttributes: description: The JSON:API attributes of the finding. properties: datadog_link: $ref: "#/components/schemas/FindingDatadogLink" description: $ref: "#/components/schemas/FindingDescription" evaluation: $ref: "#/components/schemas/FindingEvaluation" evaluation_changed_at: $ref: "#/components/schemas/FindingEvaluationChangedAt" external_id: $ref: "#/components/schemas/FindingExternalId" mute: $ref: "#/components/schemas/FindingMute" resource: $ref: "#/components/schemas/FindingResource" resource_discovery_date: $ref: "#/components/schemas/FindingResourceDiscoveryDate" resource_type: $ref: "#/components/schemas/FindingResourceType" rule: $ref: "#/components/schemas/FindingRule" status: $ref: "#/components/schemas/FindingStatus" tags: $ref: "#/components/schemas/FindingTags" vulnerability_type: $ref: "#/components/schemas/FindingVulnerabilityType" type: object FindingCaseResponse: description: Case response. properties: data: $ref: "#/components/schemas/FindingCaseResponseData" type: object FindingCaseResponseArray: description: List of case responses. properties: data: description: Array of case response data objects. items: $ref: "#/components/schemas/FindingCaseResponseData" type: array required: - data type: object FindingCaseResponseData: description: Data of the case. properties: attributes: $ref: "#/components/schemas/FindingCaseResponseDataAttributes" id: description: Unique identifier of the case. example: "c1234567-89ab-cdef-0123-456789abcdef" type: string relationships: $ref: "#/components/schemas/FindingCaseResponseDataRelationships" type: $ref: "#/components/schemas/CaseDataType" required: - type type: object FindingCaseResponseDataAttributes: description: Attributes of the case. properties: archived_at: description: Timestamp of when the case was archived. example: "2025-01-01T00:00:00.000Z" format: date-time type: string assigned_to: $ref: "#/components/schemas/RelationshipToUser" description: User assigned to the case. attributes: additionalProperties: items: description: A custom attribute value string. type: string type: array description: Custom attributes associated with the case as key-value pairs where values are string arrays. type: object closed_at: description: Timestamp of when the case was closed. example: "2025-01-01T00:00:00.000Z" format: date-time type: string created_at: description: Timestamp of when the case was created. example: "2025-01-01T00:00:00.000Z" format: date-time type: string creation_source: description: Source of the case creation. example: "CS_SECURITY_FINDING" type: string description: description: Description of the case. example: "A description of the case." type: string due_date: description: Due date of the case. example: "2025-01-01" type: string insights: description: Insights of the case. items: $ref: "#/components/schemas/CaseInsightsItems" type: array jira_issue: $ref: "#/components/schemas/FindingJiraIssue" description: Jira issue associated with the case. key: description: Key of the case. example: "PROJ-123" type: string modified_at: description: Timestamp of when the case was last modified. example: "2025-01-01T00:00:00.000Z" format: date-time type: string priority: description: Priority of the case. example: "P4" type: string status: description: Status of the case. example: "OPEN" type: string status_group: description: Status group of the case. example: "SG_OPEN" type: string status_name: description: Status name of the case. example: "Open" type: string title: description: Title of the case. example: "A title for the case." type: string type: description: Type of the case. For security cases, this is always "SECURITY". example: "SECURITY" type: string type: object FindingCaseResponseDataRelationships: description: Relationships of the case. properties: created_by: $ref: "#/components/schemas/RelationshipToUser" description: User who created the case. modified_by: $ref: "#/components/schemas/RelationshipToUser" description: User who last modified the case. project: $ref: "#/components/schemas/CaseManagementProject" description: Project in which the case was created. type: object FindingData: description: Data object representing a security finding. properties: id: description: Unique identifier of the security finding. example: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==" type: string type: $ref: "#/components/schemas/FindingDataType" required: - type - id type: object FindingDataType: default: findings description: Security findings resource type. enum: - findings example: findings type: string x-enum-varnames: - FINDINGS FindingDatadogLink: description: The Datadog relative link for this finding. example: "/security/compliance?panels=cpfinding%7Cevent%7CruleId%3Adef-000-u5t%7CresourceId%3Ae8c9ab7c52ebd7bf2fdb4db641082d7d%7CtabId%3Aoverview" type: string FindingDescription: description: The description and remediation steps for this finding. example: "## Remediation\n\n1. In the console, go to **Storage Account**.\n2. For each Storage Account, navigate to **Data Protection**.\n3. Select **Set soft delete enabled** and enter the number of days to retain soft deleted data." type: string FindingEvaluation: description: The evaluation of the finding. enum: - pass - fail example: pass type: string x-enum-varnames: ["PASS", "FAIL"] FindingEvaluationChangedAt: description: The date on which the evaluation for this finding changed (Unix ms). example: 1678721573794 format: int64 minimum: 1 type: integer FindingExternalId: description: The cloud-based ID for the resource related to the finding. example: "arn:aws:s3:::my-example-bucket" type: string FindingID: description: The unique ID for this finding. example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== type: string FindingJiraIssue: description: Jira issue associated with the case. properties: error_message: description: Error message if the Jira issue creation failed. example: '{"errorMessages":["An error occured."],"errors":{}}' type: string result: $ref: "#/components/schemas/FindingJiraIssueResult" status: description: Status of the Jira issue creation. Can be "COMPLETED" if the Jira issue was created successfully, or "FAILED" if the Jira issue creation failed. example: "COMPLETED" type: string type: object FindingJiraIssueResult: description: Result of the Jira issue creation. properties: account_id: description: Account ID of the Jira issue. example: "463a8631-680e-455c-bfd3-3ed04d326eb7" type: string issue_id: description: Unique identifier of the Jira issue. example: "2871276" type: string issue_key: description: Key of the Jira issue. example: "PROJ-123" type: string issue_url: description: URL of the Jira issue. example: "https://domain.atlassian.net/browse/PROJ-123" type: string type: object FindingMute: additionalProperties: false description: Information about the mute status of this finding. properties: description: description: Additional information about the reason why this finding is muted or unmuted. example: To be resolved later type: string expiration_date: description: The expiration date of the mute or unmute action (Unix ms). example: 1778721573794 format: int64 type: integer muted: description: Whether this finding is muted or unmuted. example: true type: boolean reason: $ref: "#/components/schemas/FindingMuteReason" start_date: description: The start of the mute period. example: 1678721573794 format: int64 type: integer uuid: description: The ID of the user who muted or unmuted this finding. example: e51c9744-d158-11ec-ad23-da7ad0900002 type: string type: object FindingMuteReason: description: The reason why this finding is muted or unmuted. enum: - PENDING_FIX - FALSE_POSITIVE - ACCEPTED_RISK - NO_PENDING_FIX - HUMAN_ERROR - NO_LONGER_ACCEPTED_RISK - OTHER example: ACCEPTED_RISK type: string x-enum-varnames: ["PENDING_FIX", "FALSE_POSITIVE", "ACCEPTED_RISK", "NO_PENDING_FIX", "HUMAN_ERROR", "NO_LONGER_ACCEPTED_RISK", "OTHER"] FindingResource: description: The resource name of this finding. example: my_resource_name type: string FindingResourceDiscoveryDate: description: The date on which the resource was discovered (Unix ms). example: 1678721573794 format: int64 minimum: 1 type: integer FindingResourceType: description: The resource type of this finding. example: azure_storage_account type: string FindingRule: additionalProperties: false description: The rule that triggered this finding. properties: id: description: The ID of the rule that triggered this finding. example: dv2-jzf-41i type: string name: description: The name of the rule that triggered this finding. example: Soft delete is enabled for Azure Storage type: string type: object FindingStatus: description: The status of the finding. enum: - critical - high - medium - low - info example: critical type: string x-enum-varnames: ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"] FindingTags: description: The tags associated with this finding. example: - cloud_provider:aws - myTag:myValue items: description: The list of tags. type: string type: array FindingType: default: finding description: The JSON:API type for findings. enum: - finding example: finding type: string x-enum-varnames: ["FINDING"] FindingVulnerabilityType: description: The vulnerability type of the finding. enum: - misconfiguration - attack_path - identity_risk - api_security example: misconfiguration type: string x-enum-varnames: - MISCONFIGURATION - ATTACK_PATH - IDENTITY_RISK - API_SECURITY Findings: description: A list of security findings. properties: data: description: Array of security finding data objects. items: $ref: "#/components/schemas/FindingData" type: array type: object FlakyTest: description: A flaky test object. properties: attributes: $ref: "#/components/schemas/FlakyTestAttributes" id: description: Test's ID. This ID is the hash of the test's Fully Qualified Name and Git repository ID. On the Test Runs UI it is the same as the `test_fingerprint_fqn` tag. type: string type: $ref: "#/components/schemas/FlakyTestType" type: object FlakyTestAttributes: description: Attributes of a flaky test. properties: attempt_to_fix_id: description: |- Unique identifier for the attempt to fix this flaky test. Use this ID in the Git commit message in order to trigger the attempt to fix workflow. When the workflow is triggered the test is automatically retried by the tracer a certain number of configurable times. When all retries pass, the test is automatically marked as fixed in Flaky Test Management. Test runs are tagged with @test.test_management.attempt_to_fix_passed and @test.test_management.is_attempt_to_fix when the attempt to fix workflow is triggered. example: I42TEO type: string codeowners: description: The name of the test's code owners as inferred from the repository configuration. example: ["@foo", "@bar"] items: description: A code owner of the test as inferred from the repository configuration. type: string type: array envs: description: List of environments where this test has been flaky. example: prod items: description: An environment name where this test has been flaky. type: string type: array first_flaked_branch: description: The branch name where the test exhibited flakiness for the first time. example: main type: string first_flaked_sha: description: The commit SHA where the test exhibited flakiness for the first time. example: 0c6be03165b7f7ffe96e076ffb29afb2825616c3 type: string first_flaked_ts: description: Unix timestamp when the test exhibited flakiness for the first time. example: 1757688149 format: int64 type: integer flaky_category: description: The category of a flaky test. example: Timeout nullable: true type: string flaky_state: $ref: "#/components/schemas/FlakyTestAttributesFlakyState" history: description: |- Chronological history of status changes for this flaky test, ordered from most recent to oldest. Includes state transitions like new -> quarantined -> fixed, along with the associated commit SHA when available. example: - commit_sha: abc123def456 policy_id: ftm_policy.quarantine.failure_rate policy_meta: config: failure_rate: 0.1 required_runs: 100 failure_rate: 0.25 total_runs: 200 status: quarantined timestamp: 1704067200000 - commit_sha: "" policy_id: unknown policy_meta: status: new timestamp: 1703980800000 items: $ref: "#/components/schemas/FlakyTestHistory" type: array last_flaked_branch: description: The branch name where the test exhibited flakiness for the last time. example: main type: string last_flaked_sha: description: The commit SHA where the test exhibited flakiness for the last time. example: 0c6be03165b7f7ffe96e076ffb29afb2825616c3 type: string last_flaked_ts: description: Unix timestamp when the test exhibited flakiness for the last time. example: 1757688149 format: int64 type: integer module: description: |- The name of the test module. The definition of module changes slightly per language: - In .NET, a test module groups every test that is run under the same unit test project. - In Swift, a test module groups every test that is run for a given bundle. - In JavaScript, the test modules map one-to-one to test sessions. - In Java, a test module groups every test that is run by the same Maven Surefire/Failsafe or Gradle Test task execution. - In Python, a test module groups every test that is run under the same `.py` file as part of a test suite, which is typically managed by a framework like `unittest` or `pytest`. - In Ruby, a test module groups every test that is run within the same test file, which is typically managed by a framework like `RSpec` or `Minitest`. example: TestModule nullable: true type: string name: description: The test name. A concise name for a test case. Defined in the test itself. example: TestName type: string pipeline_stats: $ref: "#/components/schemas/FlakyTestPipelineStats" nullable: true services: description: |- List of test service names where this test has been flaky. A test service is a group of tests associated with a project or repository. It contains all the individual tests for your code, optionally organized into test suites, which are like folders for your tests. example: ["foo", "bar"] items: description: A test service name where this test has been flaky. type: string type: array suite: description: The name of the test suite. A group of tests exercising the same unit of code depending on your language and testing framework. example: TestSuite type: string test_run_metadata: $ref: "#/components/schemas/FlakyTestRunMetadata" test_stats: $ref: "#/components/schemas/FlakyTestStats" type: object FlakyTestAttributesFlakyState: description: The current state of the flaky test. enum: [active, fixed, quarantined, disabled] example: active type: string x-enum-varnames: [ACTIVE, FIXED, QUARANTINED, DISABLED] FlakyTestHistory: description: A single history entry representing a status change for a flaky test. properties: commit_sha: description: The commit SHA associated with this status change. Will be an empty string if the commit SHA is not available. example: abc123def456 type: string policy_id: $ref: "#/components/schemas/FlakyTestHistoryPolicyId" policy_meta: $ref: "#/components/schemas/FlakyTestHistoryPolicyMeta" nullable: true status: description: The test status at this point in history. example: quarantined type: string timestamp: description: Unix timestamp in milliseconds when this status change occurred. example: 1704067200000 format: int64 type: integer required: - status - commit_sha - timestamp type: object FlakyTestHistoryPolicyId: description: The policy that triggered this status change. enum: - ftm_policy.manual - ftm_policy.fixed - ftm_policy.disable.failure_rate - ftm_policy.disable.branch_flake - ftm_policy.disable.days_active - ftm_policy.quarantine.failure_rate - ftm_policy.quarantine.branch_flake - ftm_policy.quarantine.days_active - unknown example: ftm_policy.quarantine.failure_rate nullable: false type: string x-enum-varnames: - MANUAL - FIXED - DISABLE_FAILURE_RATE - DISABLE_BRANCH_FLAKE - DISABLE_DAYS_ACTIVE - QUARANTINE_FAILURE_RATE - QUARANTINE_BRANCH_FLAKE - QUARANTINE_DAYS_ACTIVE - UNKNOWN FlakyTestHistoryPolicyMeta: description: Metadata about the policy that triggered this status change. properties: branches: description: Branches where the test was flaky at the time of the status change. example: ["main", "develop"] items: type: string nullable: true type: array config: $ref: "#/components/schemas/FlakyTestHistoryPolicyMetaConfig" nullable: true days_active: description: The number of days the test has been active at the time of the status change. example: 15 format: int32 maximum: 2147483647 nullable: true type: integer days_without_flake: description: The number of days since the test last exhibited flakiness. example: 30 format: int32 maximum: 2147483647 nullable: true type: integer failure_rate: description: The failure rate of the test at the time of the status change. example: 0.25 format: double maximum: 1 minimum: 0 nullable: true type: number state: description: The previous state of the test. example: quarantined nullable: true type: string total_runs: description: The total number of test runs at the time of the status change. example: 200 format: int32 maximum: 2147483647 nullable: true type: integer type: object FlakyTestHistoryPolicyMetaConfig: description: Configuration parameters of the policy that triggered this status change. properties: branches: description: The branches considered by the policy. example: ["main"] items: type: string nullable: true type: array days_active: description: The number of days a test must have been active for the policy to trigger. example: 30 format: int32 maximum: 2147483647 nullable: true type: integer failure_rate: description: The failure rate threshold for the policy to trigger. example: 0.7 format: double maximum: 1 minimum: 0 nullable: true type: number forget_branches: description: Branches excluded from the policy evaluation. example: ["release"] items: type: string nullable: true type: array required_runs: description: The minimum number of test runs required for the policy to trigger. example: 100 format: int32 maximum: 2147483647 nullable: true type: integer state: description: The target state the policy transitions the test from. example: quarantined nullable: true type: string test_services: description: Test services excluded from the policy evaluation. example: ["my-service"] items: type: string nullable: true type: array type: object FlakyTestPipelineStats: description: CI pipeline related statistics for the flaky test. This information is only available if test runs are associated with CI pipeline events from CI Visibility. properties: failed_pipelines: description: The number of pipelines that failed due to this test for the past 7 days. This is computed as the sum of failed CI pipeline events associated with test runs where the flaky test failed. example: 319 format: int64 nullable: true type: integer total_lost_time_ms: description: The total time lost by CI pipelines due to this flaky test in milliseconds. This is computed as the sum of the duration of failed CI pipeline events associated with test runs where the flaky test failed. example: 1527550000 format: int64 nullable: true type: integer type: object FlakyTestRunMetadata: description: Metadata about the latest failed test run of the flaky test. properties: duration_ms: description: The duration of the test run in milliseconds. example: 27398 format: int64 nullable: true type: integer error_message: description: The error message from the test failure. example: "Expecting actual not to be empty" nullable: true type: string error_stack: description: The stack trace from the test failure. example: "Traceback (most recent call last):\n File \"test_foo.py\", line 10, in test_foo\n assert actual == expected\nAssertionError: Expecting actual not to be empty" nullable: true type: string source_end: description: The line number where the test ends in the source file. example: 20 format: int64 nullable: true type: integer source_file: description: The source file where the test is defined. example: test_foo.py nullable: true type: string source_start: description: The line number where the test starts in the source file. example: 10 format: int64 nullable: true type: integer type: object FlakyTestStats: description: Test statistics for the flaky test. properties: failure_rate_pct: description: The failure rate percentage of the test for the past 7 days. This is the number of failed test runs divided by the total number of test runs (excluding skipped test runs). example: 0.1 format: double nullable: true type: number type: object FlakyTestType: description: The type of the flaky test from Flaky Test Management. enum: [flaky_test] type: string x-enum-varnames: [FLAKY_TEST] FlakyTestsPagination: description: Pagination metadata for flaky tests. properties: next_page: description: Cursor for the next page of results. nullable: true type: string type: object FlakyTestsSearchFilter: description: Search filter settings. properties: include_history: default: false description: |- Whether to include the status change history for each flaky test in the response. When set to true, each test will include a `history` array with chronological status changes. Defaults to false. example: true type: boolean query: default: "*" description: |- Search query following log syntax used to filter flaky tests, same as on Flaky Tests Management UI. The supported search keys are: - `flaky_test_state` - `flaky_test_category` - `@test.name` - `@test.suite` - `@test.module` - `@test.service` - `@git.repository.id_v2` - `@git.branch` - `@test.codeowners` - `env` example: 'flaky_test_state:active @git.repository.id_v2:"github.com/datadog/shopist"' type: string type: object FlakyTestsSearchPageOptions: description: Pagination attributes for listing flaky tests. properties: cursor: description: |- List following results with a cursor provided in the previous request. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string limit: default: 10 description: Maximum number of flaky tests in the response. example: 25 format: int64 maximum: 1000 minimum: 1 type: integer type: object FlakyTestsSearchRequest: description: The request for a flaky tests search. properties: data: $ref: "#/components/schemas/FlakyTestsSearchRequestData" type: object FlakyTestsSearchRequestAttributes: description: Attributes for the flaky tests search request. properties: filter: $ref: "#/components/schemas/FlakyTestsSearchFilter" page: $ref: "#/components/schemas/FlakyTestsSearchPageOptions" sort: $ref: "#/components/schemas/FlakyTestsSearchSort" type: object FlakyTestsSearchRequestData: description: The JSON:API data for flaky tests search request. properties: attributes: $ref: "#/components/schemas/FlakyTestsSearchRequestAttributes" type: $ref: "#/components/schemas/FlakyTestsSearchRequestDataType" type: object FlakyTestsSearchRequestDataType: description: The definition of `FlakyTestsSearchRequestDataType` object. enum: - search_flaky_tests_request type: string x-enum-varnames: - SEARCH_FLAKY_TESTS_REQUEST FlakyTestsSearchResponse: description: Response object with flaky tests matching the search request. properties: data: description: Array of flaky tests matching the request. items: $ref: "#/components/schemas/FlakyTest" type: array meta: $ref: "#/components/schemas/FlakyTestsSearchResponseMeta" type: object FlakyTestsSearchResponseMeta: description: Metadata for the flaky tests search response. properties: pagination: $ref: "#/components/schemas/FlakyTestsPagination" type: object FlakyTestsSearchSort: description: Parameter for sorting flaky test results. The default sort is by ascending Fully Qualified Name (FQN). The FQN is the concatenation of the test module, suite, and name. enum: - fqn - -fqn - first_flaked - -first_flaked - last_flaked - -last_flaked - failure_rate - -failure_rate - pipelines_failed - -pipelines_failed - pipelines_duration_lost - -pipelines_duration_lost example: failure_rate type: string x-enum-varnames: - FQN_ASCENDING - FQN_DESCENDING - FIRST_FLAKED_ASCENDING - FIRST_FLAKED_DESCENDING - LAST_FLAKED_ASCENDING - LAST_FLAKED_DESCENDING - FAILURE_RATE_ASCENDING - FAILURE_RATE_DESCENDING - PIPELINES_FAILED_ASCENDING - PIPELINES_FAILED_DESCENDING - PIPELINES_DURATION_LOST_ASCENDING - PIPELINES_DURATION_LOST_DESCENDING FleetAgentAttributes: description: Attributes of a Datadog Agent in the list view. properties: agent_version: description: The Datadog Agent version. example: "7.50.0" type: string api_key_name: description: The API key name (if available and not redacted). example: "Production API Key" type: string api_key_uuid: description: The API key UUID. example: "a1b2c3d4-e5f6-4321-a123-123456789abc" type: string cloud_provider: description: The cloud provider where the agent is running. example: "aws" type: string cluster_name: description: Kubernetes cluster name (if applicable). type: string datadog_agent_key: description: The unique agent key identifier. example: "my-agent-hostname" type: string enabled_products: description: Datadog products enabled on the agent. items: description: A Datadog product enabled on the agent. type: string type: array envs: description: Environments the agent is reporting from. items: description: An environment name the agent is reporting from. type: string type: array first_seen_at: description: Timestamp when the agent was first seen. format: int64 type: integer hostname: description: The hostname of the agent. example: "my-hostname" type: string ip_addresses: description: IP addresses of the agent. items: description: An IP address of the agent. type: string type: array is_single_step_instrumentation_enabled: description: Whether single-step instrumentation is enabled. type: boolean last_restart_at: description: Timestamp of the last agent restart. format: int64 type: integer os: description: The operating system. example: "linux" type: string otel_collector_version: description: OpenTelemetry collector version (if applicable). type: string otel_collector_versions: description: List of OpenTelemetry collector versions (if applicable). items: description: An OpenTelemetry collector version string. type: string type: array pod_name: description: Kubernetes pod name (if applicable). type: string remote_agent_management: description: Remote agent management status. example: "enabled" type: string remote_config_status: description: Remote configuration status. example: "connected" type: string services: description: Services running on the agent. items: description: A service name running on the agent. type: string type: array tags: description: Tags associated with the agent. items: $ref: "#/components/schemas/FleetAgentAttributesTagsItems" type: array team: description: Team associated with the agent. type: string type: object FleetAgentAttributesTagsItems: description: A key-value pair representing a tag associated with a Datadog Agent. properties: key: description: The tag key. type: string value: description: The tag value. type: string type: object FleetAgentInfo: description: Represents detailed information about a specific Datadog Agent. properties: attributes: $ref: "#/components/schemas/FleetAgentInfoAttributes" id: description: The unique agent key identifier. example: "my-agent-hostname" type: string type: $ref: "#/components/schemas/FleetAgentInfoResourceType" required: - id - type - attributes type: object FleetAgentInfoAttributes: description: Attributes for agent information. properties: agent_infos: $ref: "#/components/schemas/FleetAgentInfoDetails" configuration_files: $ref: "#/components/schemas/FleetConfigurationLayer" detected_integrations: description: List of detected integrations. items: $ref: "#/components/schemas/FleetDetectedIntegration" type: array integrations: $ref: "#/components/schemas/FleetIntegrationsByStatus" type: object FleetAgentInfoDetails: description: Detailed information about a Datadog Agent. properties: agent_version: description: The Datadog Agent version. example: "7.50.0" type: string api_key_name: description: The API key name (if available and not redacted). example: "Production API Key" type: string api_key_uuid: description: The API key UUID. example: "a1b2c3d4-e5f6-4321-a123-123456789abc" type: string cloud_provider: description: The cloud provider where the agent is running. example: "aws" type: string cluster_name: description: Kubernetes cluster name (if applicable). type: string datadog_agent_key: description: The unique agent key identifier. example: "my-agent-hostname" type: string enabled_products: description: Datadog products enabled on the agent. items: description: A Datadog product enabled on the agent. type: string type: array env: description: Environments the agent is reporting from. items: description: An environment name the agent is reporting from. type: string type: array first_seen_at: description: Timestamp when the agent was first seen. format: int64 type: integer hostname: description: The hostname of the agent. example: "my-hostname" type: string hostname_aliases: description: Alternative hostname list for the agent. items: description: An alternative hostname alias for the agent. type: string type: array install_method_installer_version: description: The version of the installer used. example: "1.2.3" type: string install_method_tool: description: The tool used to install the agent. example: "chef" type: string ip_addresses: description: IP addresses of the agent. items: description: An IP address of the agent. type: string type: array is_single_step_instrumentation_enabled: description: Whether single-step instrumentation is enabled. type: boolean last_restart_at: description: Timestamp of the last agent restart. format: int64 type: integer os: description: The operating system. example: "linux" type: string os_version: description: The operating system version. example: "Ubuntu 20.04" type: string otel_collector_version: description: OpenTelemetry collector version (if applicable). type: string otel_collector_versions: description: List of OpenTelemetry collector versions (if applicable). items: description: An OpenTelemetry collector version string. type: string type: array otel_collectors: description: OpenTelemetry collectors associated with the agent (if applicable). items: $ref: "#/components/schemas/FleetOtelCollector" type: array pod_name: description: Kubernetes pod name (if applicable). type: string python_version: description: The Python version used by the agent. example: "3.9.5" type: string region: description: Regions where the agent is running. items: description: A region where the agent is running. type: string type: array remote_agent_management: description: Remote agent management status. example: "enabled" type: string remote_config_status: description: Remote configuration status. example: "connected" type: string services: description: Services running on the agent. items: description: A service name running on the agent. type: string type: array tags: description: Tags associated with the agent. items: description: A tag string assigned to the agent. type: string type: array team: description: Team associated with the agent. type: string type: object FleetAgentInfoResourceType: default: datadog_agent_key description: The type of Agent info resource. enum: - datadog_agent_key example: datadog_agent_key type: string x-enum-varnames: - DATADOG_AGENT_KEY FleetAgentInfoResponse: description: Response containing detailed information about a specific agent. properties: data: $ref: "#/components/schemas/FleetAgentInfo" required: - data type: object FleetAgentVersion: description: Represents an available Datadog Agent version. properties: attributes: $ref: "#/components/schemas/FleetAgentVersionAttributes" id: description: Unique identifier for the Agent version (same as version). example: "7.50.0" type: string type: $ref: "#/components/schemas/FleetAgentVersionResourceType" required: - id - type type: object FleetAgentVersionAttributes: description: Attributes of an available Datadog Agent version. properties: version: description: The Agent version string. example: "7.50.0" type: string type: object FleetAgentVersionResourceType: default: agent_version description: The type of Agent version resource. enum: - agent_version example: agent_version type: string x-enum-varnames: - AGENT_VERSION FleetAgentVersionsResponse: description: Response containing a list of available Agent versions. properties: data: description: Array of available Agent versions. items: $ref: "#/components/schemas/FleetAgentVersion" type: array required: - data type: object FleetAgentsResponse: description: Response containing a paginated list of Datadog Agents. properties: data: $ref: "#/components/schemas/FleetAgentsResponseData" meta: $ref: "#/components/schemas/FleetAgentsResponseMeta" required: - data type: object FleetAgentsResponseData: description: The response data containing status and agents array. properties: attributes: $ref: "#/components/schemas/FleetAgentsResponseDataAttributes" id: description: Status identifier. example: "done" type: string type: description: Resource type. example: "status" type: string required: - id - type - attributes type: object FleetAgentsResponseDataAttributes: description: Attributes of the fleet agents response containing the list of agents. properties: agents: description: Array of agents matching the query criteria. items: $ref: "#/components/schemas/FleetAgentAttributes" type: array type: object FleetAgentsResponseMeta: description: Metadata for the list of agents response. properties: total_filtered_count: description: Total number of agents matching the filter criteria across all pages. example: 150 format: int64 type: integer type: object FleetClusterAttributes: description: Attributes of a Kubernetes cluster in the fleet. properties: agent_versions: description: Datadog Agent versions running in the cluster. items: description: A Datadog Agent version string. type: string type: array api_key_names: description: API key names used by agents in the cluster. items: description: An API key name. type: string type: array api_key_uuids: description: API key UUIDs used by agents in the cluster. items: description: An API key UUID. type: string type: array cloud_providers: description: Cloud providers hosting the cluster. items: description: A cloud provider name. type: string type: array cluster_name: description: The name of the Kubernetes cluster. example: "production-us-east-1" type: string enabled_products: description: Datadog products enabled in the cluster. items: description: A Datadog product name. type: string type: array envs: description: Environments associated with the cluster. items: description: An environment name. type: string type: array first_seen_at: description: Timestamp when the cluster was first seen. format: int64 type: integer install_method_tool: description: The tool used to install agents in the cluster. example: "helm" type: string node_count: description: Total number of nodes in the cluster. example: 25 format: int64 type: integer node_count_by_status: $ref: "#/components/schemas/FleetClusterNodeCountByStatus" operating_systems: description: Operating systems of nodes in the cluster. items: description: An operating system name. type: string type: array otel_collector_distributions: description: OpenTelemetry collector distributions in the cluster. items: description: An OpenTelemetry collector distribution name. type: string type: array otel_collector_versions: description: OpenTelemetry collector versions in the cluster. items: description: An OpenTelemetry collector version string. type: string type: array pod_count_by_state: $ref: "#/components/schemas/FleetClusterPodCountByState" services: description: Services running in the cluster. items: description: A service name. type: string type: array teams: description: Teams associated with the cluster. items: description: A team name. type: string type: array type: object FleetClusterNodeCountByStatus: additionalProperties: format: int64 type: integer description: Node counts grouped by status. type: object FleetClusterPodCountByState: additionalProperties: format: int64 type: integer description: Pod counts grouped by state. type: object FleetClustersResponse: description: Response containing a paginated list of fleet clusters. properties: data: $ref: "#/components/schemas/FleetClustersResponseData" meta: $ref: "#/components/schemas/FleetClustersResponseMeta" required: - data type: object FleetClustersResponseData: description: The response data containing status and clusters array. properties: attributes: $ref: "#/components/schemas/FleetClustersResponseDataAttributes" id: description: Status identifier. example: "done" type: string type: description: Resource type. example: "status" type: string required: - id - type - attributes type: object FleetClustersResponseDataAttributes: description: Attributes of the fleet clusters response containing the list of clusters. properties: clusters: description: Array of clusters matching the query criteria. items: $ref: "#/components/schemas/FleetClusterAttributes" type: array type: object FleetClustersResponseMeta: description: Metadata for the list of clusters response. properties: total_filtered_count: description: Total number of clusters matching the filter criteria across all pages. example: 12 format: int64 type: integer type: object FleetConfigurationFile: description: A configuration file for an integration. properties: file_content: description: The raw content of the configuration file. type: string file_path: description: Path to the configuration file. example: "/conf.d/postgres.d/postgres.yaml" type: string filename: description: Name of the configuration file. example: "postgres.yaml" type: string type: object FleetConfigurationLayer: description: Configuration information organized by layers. properties: compiled_configuration: description: The final compiled configuration. type: string env_configuration: description: Configuration from environment variables. type: string file_configuration: description: Configuration from files. type: string parsed_configuration: description: Parsed configuration output. type: string remote_configuration: description: Remote configuration settings. type: string runtime_configuration: description: Runtime configuration. type: string type: object FleetDeployment: description: A deployment that defines automated configuration changes for a fleet of hosts. properties: attributes: $ref: "#/components/schemas/FleetDeploymentAttributes" id: description: Unique identifier for the deployment. example: "aeadc05e-98a8-11ec-ac2c-da7ad0900001" type: string type: $ref: "#/components/schemas/FleetDeploymentResourceType" required: - id - type - attributes type: object FleetDeploymentAttributes: description: Attributes of a deployment in the response. properties: config_operations: description: Ordered list of configuration file operations to perform on the target hosts. items: $ref: "#/components/schemas/FleetDeploymentOperation" type: array estimated_end_time_unix: description: Estimated completion time of the deployment as a Unix timestamp (seconds since epoch). example: 1699999999 format: int64 type: integer filter_query: description: Query used to filter and select target hosts for the deployment. Uses the Datadog query syntax. example: "env:prod AND service:web" type: string high_level_status: description: |- Current high-level status of the deployment (for example, "pending", "running", "completed", "failed"). example: "pending" type: string hosts: description: |- Paginated list of hosts in this deployment with their individual statuses. Only included when fetching a single deployment by ID. Use the `limit` and `page` query parameters to navigate through pages. Pagination metadata is included in the response `meta.hosts` field. items: $ref: "#/components/schemas/FleetDeploymentHost" type: array packages: description: List of packages to deploy to target hosts. Present only for package upgrade deployments. items: $ref: "#/components/schemas/FleetDeploymentPackage" type: array total_hosts: description: Total number of hosts targeted by this deployment. example: 42 format: int64 type: integer type: object FleetDeploymentConfigureAttributes: description: Attributes for creating a new configuration deployment. properties: config_operations: description: Ordered list of configuration file operations to perform on the target hosts. items: $ref: "#/components/schemas/FleetDeploymentOperation" type: array filter_query: description: Query used to filter and select target hosts for the deployment. Uses the Datadog query syntax. example: "env:prod AND service:web" type: string required: - config_operations type: object FleetDeploymentConfigureCreate: description: Data for creating a new configuration deployment. properties: attributes: $ref: "#/components/schemas/FleetDeploymentConfigureAttributes" type: $ref: "#/components/schemas/FleetDeploymentResourceType" required: - type - attributes type: object FleetDeploymentConfigureCreateRequest: description: Request payload for creating a new configuration deployment. properties: data: $ref: "#/components/schemas/FleetDeploymentConfigureCreate" required: - data type: object FleetDeploymentFileOp: description: |- Type of file operation to perform on the target configuration file. - `merge-patch`: Merges the provided patch data with the existing configuration file. Creates the file if it doesn't exist. - `delete`: Removes the specified configuration file from the target hosts. enum: - "merge-patch" - "delete" example: "merge-patch" type: string x-enum-varnames: - MERGE_PATCH - DELETE FleetDeploymentHost: description: A host that is part of a deployment with its current status. properties: error: description: Error message if the deployment failed on this host. example: "" type: string hostname: description: The hostname of the agent. example: "web-server-01.example.com" type: string status: description: Current deployment status for this specific host. example: "succeeded" type: string versions: description: List of packages and their versions currently installed on this host. items: $ref: "#/components/schemas/FleetDeploymentHostPackage" type: array type: object FleetDeploymentHostPackage: description: |- Package version information for a host, showing the initial version before deployment, the target version to deploy, and the current version on the host. properties: current_version: description: The current version of the package on the host. example: "7.51.0" type: string initial_version: description: The initial version of the package on the host before the deployment started. example: "7.51.0" type: string package_name: description: The name of the package. example: "datadog-agent" type: string target_version: description: The target version that the deployment is attempting to install. example: "7.52.0" type: string type: object FleetDeploymentHostsPage: description: Pagination details for the list of hosts in a deployment. properties: current_page: description: Current page index (zero-based). example: 0 format: int64 type: integer page_size: description: Number of hosts returned per page. example: 50 format: int64 type: integer total_hosts: description: Total number of hosts in this deployment. example: 150 format: int64 type: integer total_pages: description: Total number of pages available. example: 3 format: int64 type: integer type: object FleetDeploymentOperation: description: A single configuration file operation to perform on the target hosts. properties: file_op: $ref: "#/components/schemas/FleetDeploymentFileOp" file_path: description: Absolute path to the target configuration file on the host. example: "/datadog.yaml" type: string patch: additionalProperties: {} description: |- Patch data in JSON format to apply to the configuration file. When using `merge-patch`, this object is merged with the existing configuration, allowing you to add, update, or override specific fields without replacing the entire file. The structure must match the target configuration file format (for example, YAML structure for Datadog Agent config). Not applicable when using the `delete` operation. example: apm_config: enabled: true log_level: "debug" logs_enabled: true type: object required: - file_op - file_path type: object FleetDeploymentPackage: description: A package and its target version for deployment. properties: name: description: The name of the package to deploy. example: "datadog-agent" type: string version: description: The target version of the package to deploy. example: "7.52.0" type: string required: - name - version type: object FleetDeploymentPackageUpgradeAttributes: description: Attributes for creating a new package upgrade deployment. properties: filter_query: description: Query used to filter and select target hosts for the deployment. Uses the Datadog query syntax. example: "env:prod AND service:web" type: string target_packages: description: List of packages and their target versions to deploy to the selected hosts. items: $ref: "#/components/schemas/FleetDeploymentPackage" type: array required: - target_packages type: object FleetDeploymentPackageUpgradeCreate: description: Data for creating a new package upgrade deployment. properties: attributes: $ref: "#/components/schemas/FleetDeploymentPackageUpgradeAttributes" type: $ref: "#/components/schemas/FleetDeploymentResourceType" required: - type - attributes type: object FleetDeploymentPackageUpgradeCreateRequest: description: Request payload for creating a new package upgrade deployment. properties: data: $ref: "#/components/schemas/FleetDeploymentPackageUpgradeCreate" required: - data type: object FleetDeploymentResourceType: default: deployment description: The type of deployment resource. enum: - deployment example: deployment type: string x-enum-varnames: - DEPLOYMENT FleetDeploymentResponse: description: Response containing a single deployment. properties: data: $ref: "#/components/schemas/FleetDeployment" meta: $ref: "#/components/schemas/FleetDeploymentResponseMeta" type: object FleetDeploymentResponseMeta: description: Metadata for a single deployment response, including pagination information for hosts. properties: hosts: $ref: "#/components/schemas/FleetDeploymentHostsPage" type: object FleetDeploymentsPage: description: Pagination details for the list of deployments. properties: total_count: description: Total number of deployments available across all pages. example: 25 format: int64 type: integer type: object FleetDeploymentsResponse: description: Response containing a paginated list of deployments. properties: data: description: Array of deployments matching the query criteria. items: $ref: "#/components/schemas/FleetDeployment" type: array meta: $ref: "#/components/schemas/FleetDeploymentsResponseMeta" required: - data type: object FleetDeploymentsResponseMeta: description: Metadata for the list of deployments, including pagination information. properties: page: $ref: "#/components/schemas/FleetDeploymentsPage" type: object FleetDetectedIntegration: description: An integration detected on the agent but not necessarily configured. properties: escaped_name: description: Escaped integration name. example: "postgresql" type: string prefix: description: Integration prefix identifier. example: "postgres" type: string type: object FleetInstrumentedPodGroupAttributes: description: Attributes of a group of instrumented pods targeted for SSI injection. properties: applied_target: additionalProperties: {} description: The SSI injection target configuration applied to the pod group. type: object applied_target_name: description: The name of the applied SSI injection target. example: "my-injection-target" type: string injected_tags: description: Tags injected into the pods by the Admission Controller. items: description: An injected tag string. type: string type: array kube_ownerref_kind: description: The kind of the Kubernetes owner reference. example: "Deployment" type: string kube_ownerref_name: description: The name of the Kubernetes owner reference (deployment, statefulset, etc.). example: "inventory-service" type: string lib_injection_annotations: description: Library injection annotations on the pod group. items: description: A library injection annotation string. type: string type: array namespace: description: The Kubernetes namespace of the pod group. example: "default" type: string pod_count: description: Total number of pods in the group. example: 3 format: int64 type: integer pod_names: description: Names of the individual pods in the group. items: description: A Kubernetes pod name. type: string type: array tags: additionalProperties: type: string description: Additional tags associated with the pod group. type: object type: object FleetInstrumentedPodsResponse: description: Response containing instrumented pods for a Kubernetes cluster. properties: data: $ref: "#/components/schemas/FleetInstrumentedPodsResponseData" required: - data type: object FleetInstrumentedPodsResponseData: description: The response data containing the cluster name and instrumented pod groups. properties: attributes: $ref: "#/components/schemas/FleetInstrumentedPodsResponseDataAttributes" id: description: The cluster name identifier. example: "production-us-east-1" type: string type: description: Resource type. example: "cluster_name" type: string required: - id - type - attributes type: object FleetInstrumentedPodsResponseDataAttributes: description: Attributes of the instrumented pods response containing the list of pod groups. properties: groups: description: Array of instrumented pod groups in the cluster. items: $ref: "#/components/schemas/FleetInstrumentedPodGroupAttributes" type: array type: object FleetIntegrationDetails: description: Detailed information about a single integration. properties: data_type: description: Type of data collected (metrics, logs). example: "metrics" type: string error_messages: description: Error messages if the integration has issues. items: description: An error message describing an issue with the integration. type: string type: array init_config: description: Initialization configuration (YAML format). type: string instance_config: description: Instance-specific configuration (YAML format). type: string is_custom_check: description: Whether this is a custom integration. type: boolean log_config: description: Log collection configuration (YAML format). type: string name: description: Name of the integration instance. type: string source_index: description: Index in the configuration file. format: int64 type: integer source_path: description: Path to the configuration file. type: string type: description: Integration type. example: "postgres" type: string type: object FleetIntegrationsByStatus: description: Integrations organized by their status. properties: configuration_files: description: Configuration files for integrations. items: $ref: "#/components/schemas/FleetConfigurationFile" type: array datadog_agent_key: description: The unique agent key identifier. type: string error_integrations: description: Integrations with errors. items: $ref: "#/components/schemas/FleetIntegrationDetails" type: array missing_integrations: description: Detected but not configured integrations. items: $ref: "#/components/schemas/FleetDetectedIntegration" type: array warning_integrations: description: Integrations with warnings. items: $ref: "#/components/schemas/FleetIntegrationDetails" type: array working_integrations: description: Integrations that are working correctly. items: $ref: "#/components/schemas/FleetIntegrationDetails" type: array type: object FleetOtelCollector: additionalProperties: {} description: OpenTelemetry collector information. type: object FleetSchedule: description: A schedule that automatically creates deployments based on a recurrence rule. properties: attributes: $ref: "#/components/schemas/FleetScheduleAttributes" id: description: Unique identifier for the schedule. example: "abc-def-ghi-123" type: string type: $ref: "#/components/schemas/FleetScheduleResourceType" required: - id - type - attributes type: object FleetScheduleAttributes: description: Attributes of a schedule in the response. properties: created_at_unix: description: Unix timestamp (seconds since epoch) when the schedule was created. example: 1699999999 format: int64 type: integer created_by: description: User handle of the person who created the schedule. example: "user@example.com" type: string name: description: Human-readable name for the schedule. example: "Weekly Production Agent Updates" type: string query: description: Query used to filter and select target hosts for scheduled deployments. Uses the Datadog query syntax. example: "env:prod AND service:web" type: string rule: $ref: "#/components/schemas/FleetScheduleRecurrenceRule" status: $ref: "#/components/schemas/FleetScheduleStatus" updated_at_unix: description: Unix timestamp (seconds since epoch) when the schedule was last updated. example: 1699999999 format: int64 type: integer updated_by: description: User handle of the person who last updated the schedule. example: "user@example.com" type: string version_to_latest: description: |- Number of major versions behind the latest to target for upgrades. - 0: Always upgrade to the latest version - 1: Upgrade to latest minus 1 major version - 2: Upgrade to latest minus 2 major versions Maximum value is 2. example: 0 format: int64 maximum: 2 minimum: 0 type: integer type: object FleetScheduleCreate: description: Data for creating a new schedule. properties: attributes: $ref: "#/components/schemas/FleetScheduleCreateAttributes" type: $ref: "#/components/schemas/FleetScheduleResourceType" required: - type - attributes type: object FleetScheduleCreateAttributes: description: Attributes for creating a new schedule. properties: name: description: Human-readable name for the schedule. example: "Weekly Production Agent Updates" type: string query: description: Query used to filter and select target hosts for scheduled deployments. Uses the Datadog query syntax. example: "env:prod AND service:web" type: string rule: $ref: "#/components/schemas/FleetScheduleRecurrenceRule" status: $ref: "#/components/schemas/FleetScheduleStatus" version_to_latest: description: |- Number of major versions behind the latest to target for upgrades. - 0: Always upgrade to the latest version (default) - 1: Upgrade to latest minus 1 major version - 2: Upgrade to latest minus 2 major versions Maximum value is 2. example: 0 format: int64 maximum: 2 minimum: 0 type: integer required: - name - query - rule type: object FleetScheduleCreateRequest: description: Request payload for creating a new schedule. properties: data: $ref: "#/components/schemas/FleetScheduleCreate" required: - data type: object FleetSchedulePatch: description: Data for partially updating a schedule. properties: attributes: $ref: "#/components/schemas/FleetSchedulePatchAttributes" type: $ref: "#/components/schemas/FleetScheduleResourceType" required: - type type: object FleetSchedulePatchAttributes: description: Attributes for partially updating a schedule. All fields are optional. properties: name: description: Human-readable name for the schedule. example: "Weekly Production Agent Updates" type: string query: description: Query used to filter and select target hosts for scheduled deployments. Uses the Datadog query syntax. example: "env:prod AND service:web" type: string rule: $ref: "#/components/schemas/FleetScheduleRecurrenceRule" status: $ref: "#/components/schemas/FleetScheduleStatus" version_to_latest: description: |- Number of major versions behind the latest to target for upgrades. - 0: Always upgrade to the latest version - 1: Upgrade to latest minus 1 major version - 2: Upgrade to latest minus 2 major versions Maximum value is 2. example: 0 format: int64 maximum: 2 minimum: 0 type: integer type: object FleetSchedulePatchRequest: description: Request payload for partially updating a schedule. properties: data: $ref: "#/components/schemas/FleetSchedulePatch" required: - data type: object FleetScheduleRecurrenceRule: description: |- Defines the recurrence pattern for the schedule. Specifies when deployments should be automatically triggered based on maintenance windows. properties: days_of_week: description: |- List of days of the week when the schedule should trigger. Valid values are: "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun". example: ["Mon", "Wed", "Fri"] items: description: A day of the week (for example, "Mon", "Tue"). type: string type: array maintenance_window_duration: description: Duration of the maintenance window in minutes. example: 1200 format: int64 type: integer start_maintenance_window: description: |- Start time of the maintenance window in 24-hour clock format (HH:MM). Deployments will be triggered at this time on the specified days. example: "02:00" type: string timezone: description: Timezone for the schedule in IANA Time Zone Database format (e.g., "America/New_York", "UTC"). example: "America/New_York" type: string required: - days_of_week - start_maintenance_window - maintenance_window_duration - timezone type: object FleetScheduleResourceType: default: schedule description: The type of schedule resource. enum: - schedule example: schedule type: string x-enum-varnames: - SCHEDULE FleetScheduleResponse: description: Response containing a single schedule. properties: data: $ref: "#/components/schemas/FleetSchedule" type: object FleetScheduleStatus: description: |- The status of the schedule. - `active`: The schedule is active and will create deployments according to its recurrence rule. - `inactive`: The schedule is inactive and will not create any deployments. enum: - active - inactive example: active type: string x-enum-varnames: - ACTIVE - INACTIVE FleetSchedulesResponse: description: Response containing a list of schedules. properties: data: description: Array of schedules. items: $ref: "#/components/schemas/FleetSchedule" type: array required: - data type: object FleetTracerAttributes: description: Attributes of a fleet tracer representing a service instance reporting telemetry. properties: env: description: The environment the tracer is reporting from. example: "production" type: string hostname: description: The hostname where the tracer is running. example: "my-hostname" type: string language: description: The programming language of the traced application. example: "java" type: string language_version: description: The version of the programming language runtime. example: "17.0.1" type: string remote_config_status: description: The remote configuration status of the tracer. example: "connected" type: string runtime_ids: description: Runtime identifiers for the tracer instances. items: description: A runtime identifier for a tracer instance. type: string type: array service: description: The telemetry-derived service name reported by the tracer. example: "inventory-service" type: string service_hostname: description: The service hostname reported by the tracer. example: "my-service-host" type: string service_version: description: The version of the traced service. example: "2.1.0" type: string tracer_version: description: The version of the Datadog tracer library. example: "1.32.0" type: string type: object FleetTracersResponse: description: Response containing a paginated list of fleet tracers. properties: data: $ref: "#/components/schemas/FleetTracersResponseData" meta: $ref: "#/components/schemas/FleetTracersResponseMeta" required: - data type: object FleetTracersResponseData: description: The response data containing status and tracers array. properties: attributes: $ref: "#/components/schemas/FleetTracersResponseDataAttributes" id: description: Status identifier. example: "done" type: string type: description: Resource type. example: "status" type: string required: - id - type - attributes type: object FleetTracersResponseDataAttributes: description: Attributes of the fleet tracers response containing the list of tracers. properties: tracers: description: Array of tracers matching the query criteria. items: $ref: "#/components/schemas/FleetTracerAttributes" type: array type: object FleetTracersResponseMeta: description: Metadata for the list of tracers response. properties: total_filtered_count: description: Total number of tracers matching the filter criteria across all pages. example: 42 format: int64 type: integer type: object FormTrigger: description: "Trigger a workflow from a Form." properties: formId: description: The form UUID. example: "" type: string type: object FormTriggerWrapper: description: "Schema for a Form-based trigger." properties: formTrigger: $ref: "#/components/schemas/FormTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - formTrigger type: object FormulaLimit: description: |- Message for specifying limits to the number of values returned by a query. This limit is only for scalar queries and has no effect on timeseries queries. properties: count: description: The number of results to which to limit. example: 10 format: int32 maximum: 2147483647 type: integer order: $ref: "#/components/schemas/QuerySortOrder" type: object FrameworkHandleAndVersionResponseData: description: Contains type and attributes for custom frameworks. properties: attributes: $ref: "#/components/schemas/CustomFrameworkDataHandleAndVersion" id: description: The ID of the custom framework. example: handle-version type: string type: $ref: "#/components/schemas/CustomFrameworkType" required: - id - type - attributes type: object FreshserviceAPIKey: description: The definition of the `FreshserviceAPIKey` object. properties: api_key: description: The `FreshserviceAPIKey` `api_key`. example: "" type: string domain: description: The `FreshserviceAPIKey` `domain`. example: "" type: string type: $ref: "#/components/schemas/FreshserviceAPIKeyType" required: - type - domain - api_key type: object FreshserviceAPIKeyType: description: The definition of the `FreshserviceAPIKey` object. enum: - FreshserviceAPIKey example: FreshserviceAPIKey type: string x-enum-varnames: - FRESHSERVICEAPIKEY FreshserviceAPIKeyUpdate: description: The definition of the `FreshserviceAPIKey` object. properties: api_key: description: The `FreshserviceAPIKeyUpdate` `api_key`. type: string domain: description: The `FreshserviceAPIKeyUpdate` `domain`. type: string type: $ref: "#/components/schemas/FreshserviceAPIKeyType" required: - type type: object FreshserviceCredentials: description: The definition of the `FreshserviceCredentials` object. oneOf: - $ref: "#/components/schemas/FreshserviceAPIKey" FreshserviceCredentialsUpdate: description: The definition of the `FreshserviceCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/FreshserviceAPIKeyUpdate" FreshserviceIntegration: description: The definition of the `FreshserviceIntegration` object. properties: credentials: $ref: "#/components/schemas/FreshserviceCredentials" type: $ref: "#/components/schemas/FreshserviceIntegrationType" required: - type - credentials type: object FreshserviceIntegrationType: description: The definition of the `FreshserviceIntegrationType` object. enum: - Freshservice example: Freshservice type: string x-enum-varnames: - FRESHSERVICE FreshserviceIntegrationUpdate: description: The definition of the `FreshserviceIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/FreshserviceCredentialsUpdate" type: $ref: "#/components/schemas/FreshserviceIntegrationType" required: - type type: object FullAPIKey: description: Datadog API key. properties: attributes: $ref: "#/components/schemas/FullAPIKeyAttributes" id: description: ID of the API key. type: string relationships: $ref: "#/components/schemas/APIKeyRelationships" type: $ref: "#/components/schemas/APIKeysType" type: object FullAPIKeyAttributes: description: Attributes of a full API key. properties: category: description: The category of the API key. type: string created_at: description: Creation date of the API key. example: "2020-11-23T10:00:00.000Z" format: date-time readOnly: true type: string date_last_used: description: "Date the API Key was last used" example: "2020-11-27T10:00:00.000Z" format: date-time nullable: true readOnly: true type: string key: description: The API key. readOnly: true type: string last4: description: The last four characters of the API key. example: "abcd" maxLength: 4 minLength: 4 readOnly: true type: string modified_at: description: Date the API key was last modified. example: "2020-11-23T10:00:00.000Z" format: date-time readOnly: true type: string name: description: Name of the API key. example: "API Key for submitting metrics" type: string remote_config_read_enabled: description: The remote config read enabled status. type: boolean type: object FullApplicationKey: description: Datadog application key. properties: attributes: $ref: "#/components/schemas/FullApplicationKeyAttributes" id: description: ID of the application key. type: string relationships: $ref: "#/components/schemas/ApplicationKeyRelationships" type: $ref: "#/components/schemas/ApplicationKeysType" type: object FullApplicationKeyAttributes: description: Attributes of a full application key. properties: created_at: description: Creation date of the application key. example: "2020-11-23T10:00:00.000Z" format: date-time readOnly: true type: string key: description: The application key. readOnly: true type: string last4: description: The last four characters of the application key. example: "abcd" maxLength: 4 minLength: 4 readOnly: true type: string last_used_at: description: Last usage timestamp of the application key. example: "2020-12-20T10:00:00.000Z" format: date-time nullable: true readOnly: true type: string name: description: Name of the application key. example: "Application Key for managing dashboards" type: string scopes: description: Array of scopes to grant the application key. example: ["dashboards_read", "dashboards_write", "dashboards_public_share"] items: description: Name of scope. type: string nullable: true type: array type: object FullCustomFrameworkData: description: Contains type and attributes for custom frameworks. properties: attributes: $ref: "#/components/schemas/FullCustomFrameworkDataAttributes" id: description: The ID of the custom framework. example: handle-version type: string type: $ref: "#/components/schemas/CustomFrameworkType" required: - id - type - attributes type: object FullCustomFrameworkDataAttributes: description: Full Framework Data Attributes. properties: handle: description: Framework Handle example: sec2 type: string icon_url: description: Framework Icon URL example: https://example.com/icon.png type: string name: description: Framework Name example: security-framework type: string requirements: description: Framework Requirements items: $ref: "#/components/schemas/CustomFrameworkRequirement" type: array version: description: Framework Version example: "2" type: string required: - handle - version - name - requirements type: object FullPersonalAccessToken: description: Datadog personal access token, including the token key. properties: attributes: $ref: "#/components/schemas/FullPersonalAccessTokenAttributes" id: description: ID of the personal access token. type: string relationships: $ref: "#/components/schemas/PersonalAccessTokenRelationships" type: $ref: "#/components/schemas/PersonalAccessTokensType" type: object FullPersonalAccessTokenAttributes: description: Attributes of a full personal access token, including the token key. properties: created_at: description: Creation date of the personal access token. example: "2024-01-01T00:00:00+00:00" format: date-time readOnly: true type: string expires_at: description: Expiration date of the personal access token. example: "2025-12-31T23:59:59+00:00" format: date-time nullable: true readOnly: true type: string key: description: The personal access token key. Only returned upon creation. readOnly: true type: string name: description: Name of the personal access token. example: "My Personal Access Token" type: string public_portion: description: The public portion of the personal access token. example: "ddpat_abc123" readOnly: true type: string scopes: description: Array of scopes granted to the personal access token. example: - "dashboards_read" - "dashboards_write" items: description: Name of scope. type: string type: array type: object GCPCredentials: description: The definition of the `GCPCredentials` object. oneOf: - $ref: "#/components/schemas/GCPServiceAccount" GCPCredentialsUpdate: description: The definition of the `GCPCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/GCPServiceAccountUpdate" GCPIntegration: description: The definition of the `GCPIntegration` object. properties: credentials: $ref: "#/components/schemas/GCPCredentials" type: $ref: "#/components/schemas/GCPIntegrationType" required: - type - credentials type: object GCPIntegrationType: description: The definition of the `GCPIntegrationType` object. enum: - GCP example: GCP type: string x-enum-varnames: - GCP GCPIntegrationUpdate: description: The definition of the `GCPIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/GCPCredentialsUpdate" type: $ref: "#/components/schemas/GCPIntegrationType" required: - type type: object GCPMetricNamespaceConfig: description: Configuration for a GCP metric namespace. properties: disabled: default: false description: When disabled, Datadog does not collect metrics that are related to this GCP metric namespace. example: true type: boolean filters: description: |- When enabled, Datadog applies these additional filters to limit metric collection. A metric is collected only if it does not match all exclusion filters and matches at least one allow filter. example: ["snapshot.*", "!*_by_region"] items: description: A metric namespace filter type: string type: array id: description: The id of the GCP metric namespace. example: "pubsub" type: string type: object GCPMonitoredResourceConfig: description: Configuration for a GCP monitored resource. properties: filters: description: |- List of filters to limit the monitored resources that are pulled into Datadog by using tags. Only monitored resources that apply to specified filters are imported into Datadog. example: ["$KEY:$VALUE"] items: description: A monitored resource filter type: string type: array type: $ref: "#/components/schemas/GCPMonitoredResourceConfigType" type: object GCPMonitoredResourceConfigType: description: The GCP monitored resource type. Only a subset of resource types are supported. enum: ["cloud_function", "cloud_run_revision", "gce_instance"] example: "gce_instance" type: string x-enum-varnames: - CLOUD_FUNCTION - CLOUD_RUN_REVISION - GCE_INSTANCE GCPSTSDelegateAccount: description: Datadog principal service account info. properties: attributes: $ref: "#/components/schemas/GCPSTSDelegateAccountAttributes" id: description: The ID of the delegate service account. example: "ddgci-1a19n28hb1a812221893@datadog-gci-sts-us5-prod.iam.gserviceaccount.com" type: string type: $ref: "#/components/schemas/GCPSTSDelegateAccountType" type: object GCPSTSDelegateAccountAttributes: description: Your delegate account attributes. properties: delegate_account_email: description: Your organization's Datadog principal email address. example: "ddgci-1a19n28hb1a812221893@datadog-gci-sts-us5-prod.iam.gserviceaccount.com" type: string type: object GCPSTSDelegateAccountResponse: description: Your delegate service account response data. properties: data: $ref: "#/components/schemas/GCPSTSDelegateAccount" type: object GCPSTSDelegateAccountType: default: gcp_sts_delegate description: The type of account. enum: - gcp_sts_delegate example: gcp_sts_delegate type: string x-enum-varnames: - GCP_STS_DELEGATE GCPSTSServiceAccount: description: Info on your service account. properties: attributes: $ref: "#/components/schemas/GCPSTSServiceAccountAttributes" id: description: Your service account's unique ID. example: "d291291f-12c2-22g4-j290-123456678897" type: string meta: $ref: "#/components/schemas/GCPServiceAccountMeta" type: $ref: "#/components/schemas/GCPServiceAccountType" type: object GCPSTSServiceAccountAttributes: description: Attributes associated with your service account. properties: account_tags: description: Tags to be associated with GCP metrics and service checks from your account. items: description: Account Level Tag type: string type: array automute: description: |- Silence monitors for expected GCE instance shutdowns. type: boolean client_email: description: Your service account email address. example: "datadog-service-account@test-project.iam.gserviceaccount.com" type: string cloud_run_revision_filters: deprecated: true description: |- List of filters to limit the Cloud Run revisions that are pulled into Datadog by using tags. Only Cloud Run revision resources that apply to specified filters are imported into Datadog. **Note:** This field is deprecated. Instead, use `monitored_resource_configs` with `type=cloud_run_revision` example: ["$KEY:$VALUE"] items: description: Cloud Run revision filters type: string type: array host_filters: deprecated: true description: |- List of filters to limit the VM instances that are pulled into Datadog by using tags. Only VM instance resources that apply to specified filters are imported into Datadog. **Note:** This field is deprecated. Instead, use `monitored_resource_configs` with `type=gce_instance` example: ["$KEY:$VALUE"] items: description: VM instance filters type: string type: array is_cspm_enabled: description: |- When enabled, Datadog will activate the Cloud Security Monitoring product for this service account. Note: This requires resource_collection_enabled to be set to true. type: boolean is_global_location_enabled: default: true description: When enabled, Datadog collects metrics where location is explicitly stated as "global" or where location information cannot be deduced from GCP labels. example: true type: boolean is_per_project_quota_enabled: default: false description: |- When enabled, Datadog applies the `X-Goog-User-Project` header, attributing Google Cloud billing and quota usage to the project being monitored rather than the default service account project. example: true type: boolean is_resource_change_collection_enabled: default: false description: |- When enabled, Datadog scans for all resource change data in your Google Cloud environment. example: true type: boolean is_security_command_center_enabled: default: false description: |- When enabled, Datadog will attempt to collect Security Command Center Findings. Note: This requires additional permissions on the service account. example: true type: boolean metric_namespace_configs: description: Configurations for GCP metric namespaces. example: [{"disabled": true, "id": "aiplatform"}, {"filters": ["snapshot.*", "!*_by_region"], "id": "pubsub"}] items: $ref: "#/components/schemas/GCPMetricNamespaceConfig" type: array monitored_resource_configs: description: Configurations for GCP monitored resources. example: [{"filters": ["$KEY:$VALUE"], "type": "gce_instance"}] items: $ref: "#/components/schemas/GCPMonitoredResourceConfig" type: array region_filter_configs: description: Configurations for GCP location filtering, such as region, multi-region, or zone. Only monitored resources that match the specified regions are imported into Datadog. By default, Datadog collects from all locations. example: ["nam4", "europe-north1"] items: description: Region Filter Configs type: string type: array resource_collection_enabled: description: |- When enabled, Datadog scans for all resources in your GCP environment. type: boolean type: object GCPSTSServiceAccountCreateRequest: description: Data on your newly generated service account. properties: data: $ref: "#/components/schemas/GCPSTSServiceAccountData" type: object GCPSTSServiceAccountData: description: Additional metadata on your generated service account. properties: attributes: $ref: "#/components/schemas/GCPSTSServiceAccountAttributes" type: $ref: "#/components/schemas/GCPServiceAccountType" type: object GCPSTSServiceAccountResponse: description: The account creation response. properties: data: $ref: "#/components/schemas/GCPSTSServiceAccount" type: object GCPSTSServiceAccountUpdateRequest: description: Service account info. properties: data: $ref: "#/components/schemas/GCPSTSServiceAccountUpdateRequestData" type: object GCPSTSServiceAccountUpdateRequestData: description: Data on your service account. properties: attributes: $ref: "#/components/schemas/GCPSTSServiceAccountAttributes" id: description: Your service account's unique ID. example: "d291291f-12c2-22g4-j290-123456678897" type: string type: $ref: "#/components/schemas/GCPServiceAccountType" type: object GCPSTSServiceAccountsResponse: description: Object containing all your STS enabled accounts. properties: data: description: Array of GCP STS enabled service accounts. items: $ref: "#/components/schemas/GCPSTSServiceAccount" type: array type: object GCPServiceAccount: description: The definition of the `GCPServiceAccount` object. properties: private_key: description: The `GCPServiceAccount` `private_key`. example: "" type: string service_account_email: description: The `GCPServiceAccount` `service_account_email`. example: "" type: string type: $ref: "#/components/schemas/GCPServiceAccountCredentialType" required: - type - service_account_email - private_key type: object GCPServiceAccountCredentialType: description: The definition of the `GCPServiceAccount` object. enum: - GCPServiceAccount example: GCPServiceAccount type: string x-enum-varnames: - GCPSERVICEACCOUNT GCPServiceAccountMeta: description: Additional information related to your service account. properties: accessible_projects: description: The current list of projects accessible from your service account. items: description: List of GCP projects. type: string type: array type: object GCPServiceAccountType: default: gcp_service_account description: The type of account. enum: - gcp_service_account example: gcp_service_account type: string x-enum-varnames: - GCP_SERVICE_ACCOUNT GCPServiceAccountUpdate: description: The definition of the `GCPServiceAccount` object. properties: private_key: description: The `GCPServiceAccountUpdate` `private_key`. type: string service_account_email: description: The `GCPServiceAccountUpdate` `service_account_email`. type: string type: $ref: "#/components/schemas/GCPServiceAccountCredentialType" required: - type type: object GCPUsageCostConfig: description: Google Cloud Usage Cost config. properties: attributes: $ref: "#/components/schemas/GCPUsageCostConfigAttributes" id: description: The ID of the Google Cloud Usage Cost config. type: string type: $ref: "#/components/schemas/GCPUsageCostConfigType" required: - attributes - type type: object GCPUsageCostConfigAttributes: description: Attributes for a Google Cloud Usage Cost config. properties: account_id: description: The Google Cloud account ID. example: "123456_A123BC_12AB34" type: string bucket_name: description: The Google Cloud bucket name used to store the Usage Cost export. example: "dd-cost-bucket" type: string created_at: description: The timestamp when the Google Cloud Usage Cost config was created. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string dataset: description: The export dataset name used for the Google Cloud Usage Cost Report. example: "billing" type: string error_messages: description: The error messages for the Google Cloud Usage Cost config. items: description: An error message string. type: string nullable: true type: array export_prefix: description: The export prefix used for the Google Cloud Usage Cost Report. example: "datadog_cloud_cost_usage_export" type: string export_project_name: description: The name of the Google Cloud Usage Cost Report. example: "dd-cloud-cost-report" type: string months: deprecated: true description: The number of months the report has been backfilled. format: int32 maximum: 36 type: integer project_id: description: The `project_id` of the Google Cloud Usage Cost report. example: "my-project-123" type: string service_account: description: The unique Google Cloud service account email. example: "dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com" type: string status: description: The status of the Google Cloud Usage Cost config. example: "active" type: string status_updated_at: description: The timestamp when the Google Cloud Usage Cost config status was updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string updated_at: description: The timestamp when the Google Cloud Usage Cost config status was updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string required: - account_id - bucket_name - dataset - export_prefix - export_project_name - service_account - status type: object GCPUsageCostConfigPatchData: description: Google Cloud Usage Cost config patch data. properties: attributes: $ref: "#/components/schemas/GCPUsageCostConfigPatchRequestAttributes" type: $ref: "#/components/schemas/GCPUsageCostConfigPatchRequestType" required: - attributes - type type: object GCPUsageCostConfigPatchRequest: description: Google Cloud Usage Cost config patch request. properties: data: $ref: "#/components/schemas/GCPUsageCostConfigPatchData" required: - data type: object GCPUsageCostConfigPatchRequestAttributes: description: Attributes for Google Cloud Usage Cost config patch request. properties: is_enabled: description: Whether or not the Cloud Cost Management account is enabled. example: true type: boolean required: - is_enabled type: object GCPUsageCostConfigPatchRequestType: default: gcp_uc_config_patch_request description: Type of Google Cloud Usage Cost config patch request. enum: - gcp_uc_config_patch_request example: gcp_uc_config_patch_request type: string x-enum-varnames: - GCP_USAGE_COST_CONFIG_PATCH_REQUEST GCPUsageCostConfigPostData: description: Google Cloud Usage Cost config post data. properties: attributes: $ref: "#/components/schemas/GCPUsageCostConfigPostRequestAttributes" type: $ref: "#/components/schemas/GCPUsageCostConfigPostRequestType" required: - type type: object GCPUsageCostConfigPostRequest: description: Google Cloud Usage Cost config post request. properties: data: $ref: "#/components/schemas/GCPUsageCostConfigPostData" required: - data type: object GCPUsageCostConfigPostRequestAttributes: description: Attributes for Google Cloud Usage Cost config post request. properties: billing_account_id: description: The Google Cloud account ID. example: "123456_A123BC_12AB34" type: string bucket_name: description: The Google Cloud bucket name used to store the Usage Cost export. example: "dd-cost-bucket" type: string export_dataset_name: description: The export dataset name used for the Google Cloud Usage Cost report. example: "billing" type: string export_prefix: description: The export prefix used for the Google Cloud Usage Cost report. example: "datadog_cloud_cost_usage_export" type: string export_project_name: description: The name of the Google Cloud Usage Cost report. example: "dd-cloud-cost-report" type: string service_account: description: The unique Google Cloud service account email. example: "dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com" type: string required: - billing_account_id - bucket_name - export_project_name - export_dataset_name - service_account type: object GCPUsageCostConfigPostRequestType: default: gcp_uc_config_post_request description: Type of Google Cloud Usage Cost config post request. enum: - gcp_uc_config_post_request example: gcp_uc_config_post_request type: string x-enum-varnames: - GCP_USAGE_COST_CONFIG_POST_REQUEST GCPUsageCostConfigResponse: description: Response of Google Cloud Usage Cost config. properties: data: $ref: "#/components/schemas/GCPUsageCostConfig" type: object GCPUsageCostConfigType: default: gcp_uc_config description: Type of Google Cloud Usage Cost config. enum: - gcp_uc_config example: gcp_uc_config type: string x-enum-varnames: - GCP_UC_CONFIG GCPUsageCostConfigsResponse: description: List of Google Cloud Usage Cost configs. properties: data: description: A Google Cloud Usage Cost config. items: $ref: "#/components/schemas/GCPUsageCostConfig" type: array required: - data type: object GcpScanOptions: description: Response object containing GCP scan options for a single project. example: data: attributes: compliance_host: false vuln_containers_os: true vuln_host_os: true id: company-project-id type: gcp_scan_options properties: data: $ref: "#/components/schemas/GcpScanOptionsData" type: object GcpScanOptionsArray: description: Response object containing a list of GCP scan options. example: data: - attributes: compliance_host: false vuln_containers_os: true vuln_host_os: true id: company-project-id type: gcp_scan_options properties: data: description: A list of GCP scan options. items: $ref: "#/components/schemas/GcpScanOptionsData" type: array required: - data type: object GcpScanOptionsData: description: Single GCP scan options entry. properties: attributes: $ref: "#/components/schemas/GcpScanOptionsDataAttributes" id: description: The GCP project ID. example: "" type: string type: $ref: "#/components/schemas/GcpScanOptionsDataType" required: - type - id type: object GcpScanOptionsDataAttributes: description: Attributes for GCP scan options configuration. properties: compliance_host: description: Indicates whether host compliance scanning is enabled. type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. type: boolean type: object GcpScanOptionsDataType: default: gcp_scan_options description: GCP scan options resource type. enum: - gcp_scan_options example: gcp_scan_options type: string x-enum-varnames: - GCP_SCAN_OPTIONS GcpScanOptionsInputUpdate: description: Request object for updating GCP scan options. example: data: id: company-project-id type: gcp_scan_options properties: data: $ref: "#/components/schemas/GcpScanOptionsInputUpdateData" type: object GcpScanOptionsInputUpdateData: description: Data object for updating the scan options of a single GCP project. properties: attributes: $ref: "#/components/schemas/GcpScanOptionsInputUpdateDataAttributes" id: description: The GCP project ID. example: "" type: string type: $ref: "#/components/schemas/GcpScanOptionsInputUpdateDataType" required: - type - id type: object GcpScanOptionsInputUpdateDataAttributes: description: Attributes for updating GCP scan options configuration. properties: compliance_host: description: Indicates whether host compliance scanning is enabled. type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. type: boolean type: object GcpScanOptionsInputUpdateDataType: default: gcp_scan_options description: GCP scan options resource type. enum: - gcp_scan_options example: gcp_scan_options type: string x-enum-varnames: - GCP_SCAN_OPTIONS GcpUcConfigResponse: description: The definition of `GcpUcConfigResponse` object. example: data: attributes: account_id: 123456_A123BC_12AB34 bucket_name: dd-cost-bucket created_at: "2023-01-01T12:00:00.000000" dataset: billing error_messages: [] export_prefix: datadog_cloud_cost_usage_export export_project_name: dd-cloud-cost-report months: 36 project_id: my-project-123 service_account: dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: gcp_uc_config properties: data: $ref: "#/components/schemas/GcpUcConfigResponseData" type: object GcpUcConfigResponseData: description: The definition of `GcpUcConfigResponseData` object. properties: attributes: $ref: "#/components/schemas/GcpUcConfigResponseDataAttributes" id: description: The `GcpUcConfigResponseData` `id`. type: string type: $ref: "#/components/schemas/GcpUcConfigResponseDataType" required: - type type: object GcpUcConfigResponseDataAttributes: description: The definition of `GcpUcConfigResponseDataAttributes` object. properties: account_id: description: The `attributes` `account_id`. type: string bucket_name: description: The `attributes` `bucket_name`. type: string created_at: description: The `attributes` `created_at`. type: string dataset: description: The `attributes` `dataset`. type: string error_messages: description: The `attributes` `error_messages`. items: description: An error message string. type: string nullable: true type: array export_prefix: description: The `attributes` `export_prefix`. type: string export_project_name: description: The `attributes` `export_project_name`. type: string months: description: The `attributes` `months`. format: int64 type: integer project_id: description: The `attributes` `project_id`. type: string service_account: description: The `attributes` `service_account`. type: string status: description: The `attributes` `status`. type: string status_updated_at: description: The `attributes` `status_updated_at`. type: string updated_at: description: The `attributes` `updated_at`. type: string type: object GcpUcConfigResponseDataType: default: gcp_uc_config description: Google Cloud Usage Cost config resource type. enum: - gcp_uc_config example: gcp_uc_config type: string x-enum-varnames: - GCP_UC_CONFIG GeminiAPIKey: description: The definition of the `GeminiAPIKey` object. properties: api_key: description: The `GeminiAPIKey` `api_key`. example: "" type: string type: $ref: "#/components/schemas/GeminiAPIKeyType" required: - type - api_key type: object GeminiAPIKeyType: description: The definition of the `GeminiAPIKey` object. enum: - GeminiAPIKey example: GeminiAPIKey type: string x-enum-varnames: - GEMINIAPIKEY GeminiAPIKeyUpdate: description: The definition of the `GeminiAPIKey` object. properties: api_key: description: The `GeminiAPIKeyUpdate` `api_key`. type: string type: $ref: "#/components/schemas/GeminiAPIKeyType" required: - type type: object GeminiCredentials: description: The definition of the `GeminiCredentials` object. oneOf: - $ref: "#/components/schemas/GeminiAPIKey" GeminiCredentialsUpdate: description: The definition of the `GeminiCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/GeminiAPIKeyUpdate" GeminiIntegration: description: The definition of the `GeminiIntegration` object. properties: credentials: $ref: "#/components/schemas/GeminiCredentials" type: $ref: "#/components/schemas/GeminiIntegrationType" required: - type - credentials type: object GeminiIntegrationType: description: The definition of the `GeminiIntegrationType` object. enum: - Gemini example: Gemini type: string x-enum-varnames: - GEMINI GeminiIntegrationUpdate: description: The definition of the `GeminiIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/GeminiCredentialsUpdate" type: $ref: "#/components/schemas/GeminiIntegrationType" required: - type type: object GetActionConnectionResponse: description: The response for found connection properties: data: $ref: "#/components/schemas/ActionConnectionData" type: object GetAppKeyRegistrationResponse: description: The response object after getting an app key registration. properties: data: $ref: "#/components/schemas/AppKeyRegistrationData" type: object GetAppResponse: description: The full app definition response object. properties: data: $ref: "#/components/schemas/GetAppResponseData" included: description: Data on the version of the app that was published. items: $ref: "#/components/schemas/Deployment" type: array meta: $ref: "#/components/schemas/AppMeta" relationship: $ref: "#/components/schemas/AppRelationship" type: object GetAppResponseData: description: The data object containing the app definition. properties: attributes: $ref: "#/components/schemas/GetAppResponseDataAttributes" id: description: The ID of the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDefinitionType" required: - id - type - attributes type: object GetAppResponseDataAttributes: description: The app definition attributes, such as name, description, and components. properties: components: description: The UI components that make up the app. items: $ref: "#/components/schemas/ComponentGrid" type: array description: description: A human-readable description for the app. type: string favorite: description: Whether the app is marked as a favorite by the current user. type: boolean name: description: The name of the app. type: string queries: description: An array of queries, such as external actions and state variables, that the app uses. items: $ref: "#/components/schemas/Query" type: array rootInstanceName: description: The name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: A list of tags for the app, which can be used to filter apps. example: - "service:webshop-backend" - "team:webshop" items: description: An individual tag for the app. type: string type: array type: object GetCustomFrameworkResponse: description: Response object to get a custom framework. properties: data: $ref: "#/components/schemas/FullCustomFrameworkData" required: - data type: object GetDataDeletionsResponseBody: description: The response from the get data deletion requests endpoint. properties: data: description: The list of data deletion requests that matches the query. items: $ref: "#/components/schemas/DataDeletionResponseItem" type: array meta: $ref: "#/components/schemas/DataDeletionResponseMeta" type: object GetDeviceAttributes: description: The device attributes properties: description: description: A description of the device. example: a device monitored with NDM type: string device_type: description: The type of the device. example: other type: string integration: description: The integration of the device. example: snmp type: string ip_address: description: The IP address of the device. example: 1.2.3.4 type: string location: description: The location of the device. example: paris type: string model: description: The model of the device. example: xx-123 type: string name: description: The name of the device. example: example device type: string os_hostname: description: The operating system hostname of the device. example: 1.0.2 type: string os_name: description: The operating system name of the device. example: example OS type: string os_version: description: The operating system version of the device. example: 1.0.2 type: string ping_status: description: The ping status of the device. example: unmonitored type: string product_name: description: The product name of the device. example: example device type: string serial_number: description: The serial number of the device. example: X12345 type: string status: description: The status of the device. example: ok type: string subnet: description: The subnet of the device. example: 1.2.3.4/24 type: string sys_object_id: description: The device `sys_object_id`. example: 1.3.6.1.4.1.99999 type: string tags: description: A list of tags associated with the device. example: ["device_ip:1.2.3.4", "device_id:example:1.2.3.4"] items: description: A tag string in `key:value` format. type: string type: array vendor: description: The vendor of the device. example: example vendor type: string version: description: The version of the device. example: 1.2.3 type: string type: object GetDeviceData: description: Get device response data. properties: attributes: $ref: "#/components/schemas/GetDeviceAttributes" id: description: The device ID example: example:1.2.3.4 type: string type: description: The type of the resource. The value should always be device. type: string type: object GetDeviceResponse: description: The `GetDevice` operation's response. properties: data: $ref: "#/components/schemas/GetDeviceData" type: object GetFindingResponse: description: The expected response schema when getting a finding. properties: data: $ref: "#/components/schemas/DetailedFinding" required: - data type: object GetInterfacesData: description: The interfaces list data properties: attributes: $ref: "#/components/schemas/InterfaceAttributes" id: description: The interface ID example: example:1.2.3.4:99 type: string type: description: The type of the resource. The value should always be interface. type: string type: object GetInterfacesResponse: description: The `GetInterfaces` operation's response. properties: data: description: Get Interfaces response items: $ref: "#/components/schemas/GetInterfacesData" type: array type: object GetInvestigationResponse: description: Response for a single Bits AI investigation. properties: data: $ref: "#/components/schemas/GetInvestigationResponseData" links: $ref: "#/components/schemas/GetInvestigationResponseLinks" required: - data - links type: object GetInvestigationResponseData: description: Data for the get investigation response. properties: attributes: $ref: "#/components/schemas/GetInvestigationResponseDataAttributes" id: description: The unique identifier of the investigation. example: "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" type: string type: $ref: "#/components/schemas/InvestigationType" required: - id - type - attributes type: object GetInvestigationResponseDataAttributes: description: Attributes of the investigation. properties: conclusions: description: The conclusions drawn from the investigation. items: $ref: "#/components/schemas/InvestigationConclusion" type: array status: description: The current status of the investigation. example: "conclusive" type: string title: description: The title of the investigation. example: "Monitor alert investigation for web-server-01" type: string required: - title - status - conclusions type: object GetInvestigationResponseLinks: description: Links related to the investigation. properties: self: description: The URL to the investigation in the Datadog app. example: "https://app.datadoghq.com/bits-ai/investigations/a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" type: string required: - self type: object GetIoCIndicatorResponse: description: Response for the get indicator of compromise endpoint. properties: data: $ref: "#/components/schemas/GetIoCIndicatorResponseData" type: object GetIoCIndicatorResponseAttributes: description: Attributes of the get indicator response. properties: data: $ref: "#/components/schemas/IoCIndicatorDetailed" type: object GetIoCIndicatorResponseData: description: IoC indicator response data object. properties: attributes: $ref: "#/components/schemas/GetIoCIndicatorResponseAttributes" id: description: Unique identifier for the response. type: string type: description: Response type identifier. type: string type: object GetIssueIncludeQueryParameterItem: description: Relationship object that should be included in the response. enum: - assignee - case - team_owners example: "case" type: string x-enum-varnames: - ASSIGNEE - CASE - TEAM_OWNERS GetMappingResponse: description: Response containing the entity attribute mapping configuration including all available attributes and their properties. example: data: attributes: attributes: - attribute: user_id description: Unique user identifier display_name: User ID groups: - Identity is_custom: false type: string - attribute: user_email description: User email address display_name: Email Address groups: - Identity - Contact is_custom: false type: string - attribute: first_country_code description: The ISO code of the country for the user's first session display_name: First Country Code groups: - Geography is_custom: false type: string - attribute: "@customer_tier" description: Customer subscription tier display_name: Customer Tier groups: - Business is_custom: true type: string id: get_mappings_response type: get_mappings_response properties: data: $ref: "#/components/schemas/GetMappingResponseData" type: object GetMappingResponseData: description: The data object containing the resource type and attributes for the get mapping response. properties: attributes: $ref: "#/components/schemas/GetMappingResponseDataAttributes" id: description: Unique identifier for the get mapping response resource. type: string type: $ref: "#/components/schemas/GetMappingResponseDataType" required: - type type: object GetMappingResponseDataAttributes: description: Attributes of the get mapping response, containing the list of configured entity attributes. properties: attributes: description: The list of entity attributes and their mapping configurations. items: $ref: "#/components/schemas/GetMappingResponseDataAttributesAttributesItems" type: array type: object GetMappingResponseDataAttributesAttributesItems: description: Details of a single entity attribute including its mapping configuration and metadata. properties: attribute: description: The attribute identifier as used in the entity data model. type: string description: description: Human-readable explanation of what the attribute represents. type: string display_name: description: The human-readable label for the attribute shown in the UI. type: string groups: description: List of group labels used to categorize the attribute. items: description: A group label name for categorizing the attribute. type: string type: array is_custom: description: Whether this attribute is a custom user-defined attribute rather than a built-in one. type: boolean type: description: The data type of the attribute (for example, string or number). type: string type: object GetMappingResponseDataType: default: get_mappings_response description: Get mappings response resource type. enum: - get_mappings_response example: get_mappings_response type: string x-enum-varnames: - GET_MAPPINGS_RESPONSE GetMultipleRulesetsRequest: description: The request payload for retrieving rules for multiple rulesets in a single batch call. properties: data: $ref: "#/components/schemas/GetMultipleRulesetsRequestData" type: object GetMultipleRulesetsRequestData: description: The primary data object in the get-multiple-rulesets request, containing request attributes and resource type. properties: attributes: $ref: "#/components/schemas/GetMultipleRulesetsRequestDataAttributes" id: description: An optional identifier for the get-multiple-rulesets request resource. type: string type: $ref: "#/components/schemas/GetMultipleRulesetsRequestDataType" required: - type type: object GetMultipleRulesetsRequestDataAttributes: description: The request attributes for fetching multiple rulesets, specifying which rulesets to retrieve and what data to include. properties: include_testing_rules: description: When true, rules that are available in testing mode are included in the response. type: boolean include_tests: description: When true, test cases associated with each rule are included in the response. type: boolean rulesets: description: The list of ruleset names to retrieve. items: description: The name of a ruleset to include in the batch request. type: string type: array type: object GetMultipleRulesetsRequestDataType: default: get_multiple_rulesets_request description: Get multiple rulesets request resource type. enum: - get_multiple_rulesets_request example: get_multiple_rulesets_request type: string x-enum-varnames: - GET_MULTIPLE_RULESETS_REQUEST GetMultipleRulesetsResponse: description: The response payload for the get-multiple-rulesets endpoint, containing the requested rulesets and their rules. properties: data: $ref: "#/components/schemas/GetMultipleRulesetsResponseData" type: object GetMultipleRulesetsResponseData: description: The primary data object in the get-multiple-rulesets response, containing the response attributes and resource type. properties: attributes: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributes" id: description: The unique identifier of the get-multiple-rulesets response resource. type: string type: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataType" required: - type type: object GetMultipleRulesetsResponseDataAttributes: description: The attributes of the get-multiple-rulesets response, containing the list of requested rulesets. properties: rulesets: description: The list of rulesets returned in response to the batch request. items: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItems" type: array type: object GetMultipleRulesetsResponseDataAttributesRulesetsItems: description: A ruleset returned in the response, containing its metadata and associated rules. properties: data: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItemsData" description: description: A detailed description of the ruleset's purpose and the types of issues it targets. type: string name: description: The unique name of the ruleset. type: string rules: description: The list of static analysis rules included in this ruleset. items: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItems" type: array short_description: description: A brief summary of the ruleset, suitable for display in listings. type: string required: - data type: object GetMultipleRulesetsResponseDataAttributesRulesetsItemsData: description: The resource identifier and type for a ruleset. properties: id: description: The unique identifier of the ruleset resource. type: string type: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItemsDataType" required: - type type: object GetMultipleRulesetsResponseDataAttributesRulesetsItemsDataType: default: rulesets description: Rulesets resource type. enum: - rulesets example: rulesets type: string x-enum-varnames: - RULESETS GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItems: description: A static analysis rule within a ruleset, including its definition, metadata, and associated test cases. properties: arguments: description: The list of configurable arguments accepted by this rule. items: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsArgumentsItems" type: array category: description: The category classifying the type of issue this rule detects (e.g., security, style, performance). type: string checksum: description: A checksum of the rule definition used to detect changes. type: string code: description: The rule implementation code used by the static analysis engine. type: string created_at: description: The date and time when the rule was created. format: date-time type: string created_by: description: The identifier of the user or system that created the rule. type: string cve: description: The CVE identifier associated with the vulnerability this rule detects, if applicable. type: string cwe: description: The CWE identifier associated with the weakness category this rule detects, if applicable. type: string data: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsData" description: description: A detailed explanation of what the rule detects and why it matters. type: string documentation_url: description: A URL pointing to additional documentation for this rule. type: string entity_checked: description: The code entity type (e.g., function, class, variable) that this rule inspects. type: string is_published: description: Indicates whether the rule is publicly published and available to all users. type: boolean is_testing: description: Indicates whether the rule is in testing mode and not yet promoted to production. type: boolean language: description: The programming language this rule applies to. type: string last_updated_at: description: The date and time when the rule was last modified. format: date-time type: string last_updated_by: description: The identifier of the user or system that last updated the rule. type: string name: description: The unique name identifying this rule within its ruleset. type: string regex: description: A regular expression pattern used by the rule for pattern-based detection. type: string severity: description: The severity level of findings produced by this rule (e.g., ERROR, WARNING, NOTICE). type: string short_description: description: A brief summary of what the rule detects, suitable for display in listings. type: string should_use_ai_fix: description: Indicates whether an AI-generated fix suggestion should be offered for findings from this rule. type: boolean tests: description: The list of test cases used to validate the rule's behavior. items: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsTestsItems" type: array tree_sitter_query: description: The Tree-sitter query expression used by the rule to match code patterns in the AST. type: string type: description: The rule type indicating the detection mechanism used (e.g., tree_sitter, regex). type: string required: - data type: object GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsArgumentsItems: description: An argument parameter for a static analysis rule, with a name and description. properties: description: description: A human-readable explanation of the argument's purpose and accepted values. type: string name: description: The name of the rule argument. type: string type: object GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsData: description: The resource identifier and type for a static analysis rule. properties: id: description: The unique identifier of the rule resource. type: string type: $ref: "#/components/schemas/GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsDataType" required: - type type: object GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsDataType: default: rules description: Rules resource type. enum: - rules example: rules type: string x-enum-varnames: - RULES GetMultipleRulesetsResponseDataAttributesRulesetsItemsRulesItemsTestsItems: description: A test case associated with a static analysis rule, containing the source code and expected annotation count. properties: annotation_count: description: The expected number of annotations (findings) the rule should produce when run against the test code. format: int64 maximum: 65535 minimum: 0 type: integer code: description: The source code snippet used as input for the rule test. type: string filename: description: The filename associated with the test code snippet. type: string type: object GetMultipleRulesetsResponseDataType: default: get_multiple_rulesets_response description: Get multiple rulesets response resource type. enum: - get_multiple_rulesets_response example: get_multiple_rulesets_response type: string x-enum-varnames: - GET_MULTIPLE_RULESETS_RESPONSE GetResourceEvaluationFiltersResponse: description: The definition of `GetResourceEvaluationFiltersResponse` object. properties: data: $ref: "#/components/schemas/GetResourceEvaluationFiltersResponseData" required: - data type: object GetResourceEvaluationFiltersResponseData: description: The definition of `GetResourceFilterResponseData` object. properties: attributes: $ref: "#/components/schemas/ResourceFilterAttributes" id: description: The `data` `id`. example: csm_resource_filter type: string type: $ref: "#/components/schemas/ResourceFilterRequestType" type: object GetRuleVersionHistoryData: description: Data for the rule version history. properties: attributes: $ref: "#/components/schemas/RuleVersionHistory" id: description: ID of the rule. type: string type: $ref: "#/components/schemas/GetRuleVersionHistoryDataType" type: object GetRuleVersionHistoryDataType: description: Type of data. enum: - GetRuleVersionHistoryResponse type: string x-enum-varnames: - GETRULEVERSIONHISTORYRESPONSE GetRuleVersionHistoryResponse: description: Response for getting the rule version history. properties: data: $ref: "#/components/schemas/GetRuleVersionHistoryData" type: object GetSBOMResponse: description: The expected response schema when getting an SBOM. properties: data: $ref: "#/components/schemas/SBOM" required: - data type: object GetSuppressionVersionHistoryData: description: Data for the suppression version history. properties: attributes: $ref: "#/components/schemas/SuppressionVersionHistory" id: description: ID of the suppression. type: string type: $ref: "#/components/schemas/GetSuppressionVersionHistoryDataType" type: object GetSuppressionVersionHistoryDataType: description: Type of data. enum: - suppression_version_history type: string x-enum-varnames: - SUPPRESSIONVERSIONHISTORY GetSuppressionVersionHistoryResponse: description: Response for getting the suppression version history. properties: data: $ref: "#/components/schemas/GetSuppressionVersionHistoryData" type: object GetTeamMembershipsSort: description: Specifies the order of returned team memberships enum: - manager_name - -manager_name - name - -name - handle - -handle - email - -email type: string x-enum-varnames: - MANAGER_NAME - _MANAGER_NAME - NAME - _NAME - HANDLE - _HANDLE - EMAIL - _EMAIL GetWorkflowResponse: description: The response object after getting a workflow. properties: data: $ref: "#/components/schemas/WorkflowData" type: object GitCommitSHA: description: "Git Commit SHA." example: 66adc9350f2cc9b250b69abddab733dd55e1a588 pattern: "^[a-fA-F0-9]{40,}$" type: string GitRepositoryID: description: "Git Repository ID" example: "github.com/organization/example-repository" type: string GitRepositoryURL: description: "Git Repository URL" example: "https://github.com/organization/example-repository" type: string GithubWebhookTrigger: description: 'Trigger a workflow from a GitHub webhook. To trigger a workflow from GitHub, you must set a `webhookSecret`. In your GitHub Webhook Settings, set the Payload URL to "base_url"/api/v2/workflows/"workflow_id"/webhook?orgId="org_id", select application/json for the content type, and be highly recommend enabling SSL verification for security. The workflow must be published.' properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object GithubWebhookTriggerWrapper: description: "Schema for a GitHub webhook-based trigger." properties: githubWebhookTrigger: $ref: "#/components/schemas/GithubWebhookTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - githubWebhookTrigger type: object GitlabAPIKey: description: The definition of the `GitlabAPIKey` object. properties: api_token: description: The `GitlabAPIKey` `api_token`. example: "" type: string type: $ref: "#/components/schemas/GitlabAPIKeyType" required: - type - api_token type: object GitlabAPIKeyType: description: The definition of the `GitlabAPIKey` object. enum: - GitlabAPIKey example: GitlabAPIKey type: string x-enum-varnames: - GITLABAPIKEY GitlabAPIKeyUpdate: description: The definition of the `GitlabAPIKey` object. properties: api_token: description: The `GitlabAPIKeyUpdate` `api_token`. type: string type: $ref: "#/components/schemas/GitlabAPIKeyType" required: - type type: object GitlabCredentials: description: The definition of the `GitlabCredentials` object. oneOf: - $ref: "#/components/schemas/GitlabAPIKey" GitlabCredentialsUpdate: description: The definition of the `GitlabCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/GitlabAPIKeyUpdate" GitlabIntegration: description: The definition of the `GitlabIntegration` object. properties: credentials: $ref: "#/components/schemas/GitlabCredentials" type: $ref: "#/components/schemas/GitlabIntegrationType" required: - type - credentials type: object GitlabIntegrationType: description: The definition of the `GitlabIntegrationType` object. enum: - Gitlab example: Gitlab type: string x-enum-varnames: - GITLAB GitlabIntegrationUpdate: description: The definition of the `GitlabIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/GitlabCredentialsUpdate" type: $ref: "#/components/schemas/GitlabIntegrationType" required: - type type: object GlobalIncidentSettingsAttributesRequest: description: Global incident settings attributes properties: analytics_dashboard_id: description: The analytics dashboard ID example: abc-123-def type: string type: object GlobalIncidentSettingsAttributesResponse: description: Global incident settings attributes properties: analytics_dashboard_id: description: The analytics dashboard ID example: abc-123-def type: string created: description: Timestamp when the settings were created example: "2026-01-13T17:15:56.557278191Z" format: date-time type: string modified: description: Timestamp when the settings were last modified example: "2026-01-13T17:15:56.557278191Z" format: date-time type: string required: - created - modified - analytics_dashboard_id type: object GlobalIncidentSettingsDataRequest: description: Data object in the global incident settings request. properties: attributes: $ref: "#/components/schemas/GlobalIncidentSettingsAttributesRequest" type: $ref: "#/components/schemas/GlobalIncidentSettingsType" required: - type type: object GlobalIncidentSettingsDataResponse: description: Data object in the global incident settings response. properties: attributes: $ref: "#/components/schemas/GlobalIncidentSettingsAttributesResponse" id: description: The unique identifier for the global incident settings example: f8b9a915-ed85-48b4-9071-ceba567a3db5 type: string type: $ref: "#/components/schemas/GlobalIncidentSettingsType" required: - id - type - attributes type: object GlobalIncidentSettingsRequest: description: Request payload for updating global incident settings. properties: data: $ref: "#/components/schemas/GlobalIncidentSettingsDataRequest" required: - data type: object GlobalIncidentSettingsResponse: description: Response payload containing global incident settings. properties: data: $ref: "#/components/schemas/GlobalIncidentSettingsDataResponse" required: - data type: object GlobalIncidentSettingsType: description: Global incident settings resource type enum: - incidents_global_settings example: incidents_global_settings type: string x-enum-varnames: - INCIDENTS_GLOBAL_SETTINGS GlobalOrgIdentifier: description: A unique identifier for an organization including its site. properties: org_site: description: The site of the organization. example: "us1" type: string org_uuid: description: The UUID of the organization. example: "c3d4e5f6-a7b8-9012-cdef-012345678901" format: uuid type: string required: - org_uuid - org_site type: object GlobalVariableData: description: Synthetics global variable data. Wrapper around the global variable object. properties: attributes: $ref: "#/components/schemas/SyntheticsGlobalVariable" id: description: Global variable identifier. type: string type: $ref: "#/components/schemas/GlobalVariableType" type: object GlobalVariableJsonPatchRequest: description: JSON Patch request for global variable. properties: data: $ref: "#/components/schemas/GlobalVariableJsonPatchRequestData" required: - data type: object GlobalVariableJsonPatchRequestData: description: Data object for a JSON Patch request on a Synthetic global variable. properties: attributes: $ref: "#/components/schemas/GlobalVariableJsonPatchRequestDataAttributes" type: $ref: "#/components/schemas/GlobalVariableJsonPatchType" type: object GlobalVariableJsonPatchRequestDataAttributes: description: Attributes for a JSON Patch request on a Synthetic global variable. properties: json_patch: description: JSON Patch operations following RFC 6902. items: $ref: "#/components/schemas/JsonPatchOperation" type: array type: object GlobalVariableJsonPatchType: description: Global variable JSON Patch type. enum: - global_variables_json_patch type: string x-enum-varnames: - GLOBAL_VARIABLES_JSON_PATCH GlobalVariableResponse: description: Global variable response. properties: data: $ref: "#/components/schemas/GlobalVariableData" type: object GlobalVariableType: description: Global variable type. enum: - global_variables type: string x-enum-varnames: - GLOBAL_VARIABLES GoogleChatAppNamedSpaceResponse: description: Response with Google Chat space information. properties: data: $ref: "#/components/schemas/GoogleChatAppNamedSpaceResponseData" required: - data type: object GoogleChatAppNamedSpaceResponseAttributes: description: Google Chat space attributes. properties: display_name: description: Google space display name. example: "Fake Space Name" maxLength: 255 type: string organization_binding_id: description: Organization binding ID. example: "2f18a894-adb5-4c53-8248-39fd3f5386a5" maxLength: 255 type: string resource_name: description: Google space resource name. example: "spaces/AAAAAAAAA" maxLength: 255 type: string space_uri: description: Google space URI. example: "https://chat.google.com/room/AAAAAAAAA" maxLength: 255 type: string type: object GoogleChatAppNamedSpaceResponseData: description: Google Chat space data from a response. properties: attributes: $ref: "#/components/schemas/GoogleChatAppNamedSpaceResponseAttributes" id: description: The ID of the Google Chat space. example: "596da4af-0563-4097-90ff-07230c3f9db3" maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/GoogleChatAppNamedSpaceType" type: object GoogleChatAppNamedSpaceType: default: google-chat-app-named-space description: Google Chat space resource type. enum: - google-chat-app-named-space example: google-chat-app-named-space type: string x-enum-varnames: - GOOGLE_CHAT_APP_NAMED_SPACE_TYPE GoogleChatCreateOrganizationHandleRequest: description: Create organization handle request. properties: data: $ref: "#/components/schemas/GoogleChatCreateOrganizationHandleRequestData" type: $ref: "#/components/schemas/GoogleChatOrganizationHandleType" required: - type - data type: object GoogleChatCreateOrganizationHandleRequestAttributes: description: Organization handle attributes for a create request. properties: name: description: Organization handle name. example: "fake-handle-name" maxLength: 255 type: string space_resource_name: description: Google space resource name. example: "spaces/AAAAAAAAA" maxLength: 255 type: string required: - name - space_resource_name type: object GoogleChatCreateOrganizationHandleRequestData: description: Organization handle data for a create request. properties: attributes: $ref: "#/components/schemas/GoogleChatCreateOrganizationHandleRequestAttributes" required: - attributes type: object GoogleChatOrganizationHandleResponse: description: Organization handle for monitor notifications to a Google Chat space within a Google organization. properties: data: $ref: "#/components/schemas/GoogleChatOrganizationHandleResponseData" required: - data type: object GoogleChatOrganizationHandleResponseAttributes: description: Organization handle attributes. properties: name: description: Organization handle name. example: "fake-handle-name" maxLength: 255 type: string space_display_name: description: Google space display name. example: "Fake Space Name" maxLength: 255 type: string space_resource_name: description: Google space resource name. example: "spaces/AAAAAAAAA" maxLength: 255 type: string type: object GoogleChatOrganizationHandleResponseData: description: Organization handle data from a response. properties: attributes: $ref: "#/components/schemas/GoogleChatOrganizationHandleResponseAttributes" id: description: The ID of the organization handle. example: "596da4af-0563-4097-90ff-07230c3f9db3" maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/GoogleChatOrganizationHandleType" type: object GoogleChatOrganizationHandleType: default: google-chat-organization-handle description: Organization handle resource type. enum: - google-chat-organization-handle example: google-chat-organization-handle type: string x-enum-varnames: - GOOGLE_CHAT_ORGANIZATION_HANDLE_TYPE GoogleChatOrganizationHandlesResponse: description: List of organization handles for monitor notifications to Google Chat spaces within a Google organization. properties: data: description: An array of organization handles. example: [{"attributes": {"name": "general-handle", "space_display_name": "General", "space_resource_name": "spaces/AAAAAAAAA"}, "id": "596da4af-0563-4097-90ff-07230c3f9db3", "type": "google-chat-organization-handle"}, {"attributes": {"name": "general-handle-2", "space_display_name": "General2", "space_resource_name": "spaces/BBBBBBBBB"}, "id": "596da4af-0563-4097-90ff-07230c3f9db4", "type": "google-chat-organization-handle"}] items: $ref: "#/components/schemas/GoogleChatOrganizationHandleResponseData" type: array required: - data type: object GoogleChatUpdateOrganizationHandleRequest: description: Update organization handle request. properties: data: $ref: "#/components/schemas/GoogleChatUpdateOrganizationHandleRequestData" type: $ref: "#/components/schemas/GoogleChatOrganizationHandleType" required: - type - data type: object GoogleChatUpdateOrganizationHandleRequestAttributes: description: Organization handle attributes for an update request. properties: name: description: Organization handle name. example: "fake-handle-name" maxLength: 255 type: string space_resource_name: description: Google space resource name. example: "spaces/AAAAAAAAA" maxLength: 255 type: string type: object GoogleChatUpdateOrganizationHandleRequestData: description: Organization handle data for an update request. properties: attributes: $ref: "#/components/schemas/GoogleChatUpdateOrganizationHandleRequestAttributes" required: - attributes type: object GoogleMeetConfigurationReference: description: A reference to a Google Meet Configuration resource. nullable: true properties: data: $ref: "#/components/schemas/GoogleMeetConfigurationReferenceData" required: - data type: object GoogleMeetConfigurationReferenceData: description: The Google Meet configuration relationship data object. nullable: true properties: id: description: The unique identifier of the Google Meet configuration. example: "00000000-0000-0000-0000-000000000000" type: string type: description: The type of the Google Meet configuration. example: "google_meet_configurations" type: string required: - id - type type: object GreyNoiseAPIKey: description: The definition of the `GreyNoiseAPIKey` object. properties: api_key: description: The `GreyNoiseAPIKey` `api_key`. example: "" type: string type: $ref: "#/components/schemas/GreyNoiseAPIKeyType" required: - type - api_key type: object GreyNoiseAPIKeyType: description: The definition of the `GreyNoiseAPIKey` object. enum: - GreyNoiseAPIKey example: GreyNoiseAPIKey type: string x-enum-varnames: - GREYNOISEAPIKEY GreyNoiseAPIKeyUpdate: description: The definition of the `GreyNoiseAPIKey` object. properties: api_key: description: The `GreyNoiseAPIKeyUpdate` `api_key`. type: string type: $ref: "#/components/schemas/GreyNoiseAPIKeyType" required: - type type: object GreyNoiseCredentials: description: The definition of the `GreyNoiseCredentials` object. oneOf: - $ref: "#/components/schemas/GreyNoiseAPIKey" GreyNoiseCredentialsUpdate: description: The definition of the `GreyNoiseCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/GreyNoiseAPIKeyUpdate" GreyNoiseIntegration: description: The definition of the `GreyNoiseIntegration` object. properties: credentials: $ref: "#/components/schemas/GreyNoiseCredentials" type: $ref: "#/components/schemas/GreyNoiseIntegrationType" required: - type - credentials type: object GreyNoiseIntegrationType: description: The definition of the `GreyNoiseIntegrationType` object. enum: - GreyNoise example: GreyNoise type: string x-enum-varnames: - GREYNOISE GreyNoiseIntegrationUpdate: description: The definition of the `GreyNoiseIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/GreyNoiseCredentialsUpdate" type: $ref: "#/components/schemas/GreyNoiseIntegrationType" required: - type type: object GroupScalarColumn: description: A column containing the tag keys and values in a group. properties: name: description: The name of the tag key or group. example: env type: string type: $ref: "#/components/schemas/ScalarColumnTypeGroup" values: description: The array of tag values for each group found for the results of the formulas or queries. example: [["production"], ["staging"]] items: description: An individual tag value for a given group column. items: description: One tag value within a values array. example: production type: string type: array type: array type: object GroupTags: description: List of tags that apply to a single response value. items: description: A single tag that applies to a single response value. example: "env:production" type: string type: array GuardrailMetric: description: Guardrail metric details. properties: metric_id: description: The metric ID to monitor. example: "metric-error-rate" type: string trigger_action: $ref: "#/components/schemas/GuardrailTriggerAction" triggered_by: description: The signal or system that triggered the action. example: "guardrail_monitor" nullable: true type: string required: - metric_id - trigger_action type: object GuardrailMetricRequest: description: Guardrail metric request payload. properties: metric_id: description: The metric ID to monitor. example: "metric-error-rate" type: string trigger_action: $ref: "#/components/schemas/GuardrailTriggerAction" required: - metric_id - trigger_action type: object GuardrailTriggerAction: description: Action to perform when a guardrail threshold is triggered. enum: - PAUSE - ABORT example: "PAUSE" type: string x-enum-varnames: - PAUSE - ABORT HTTPBody: description: The definition of `HTTPBody` object. properties: content: description: Serialized body content example: '{"some-json": "with-value"}' type: string content_type: description: Content type of the body example: application/json type: string type: object HTTPCDGatesBadRequestResponse: description: Bad request. properties: errors: description: Structured errors. items: $ref: "#/components/schemas/HTTPCIAppError" type: array type: object HTTPCDGatesNotFoundResponse: description: Deployment gate not found. properties: errors: description: Structured errors. items: $ref: "#/components/schemas/HTTPCIAppError" type: array type: object HTTPCDRulesNotFoundResponse: description: Deployment rule not found. properties: errors: description: Structured errors. items: $ref: "#/components/schemas/HTTPCIAppError" type: array type: object HTTPCIAppError: description: List of errors. properties: detail: description: Error message. example: "Malformed payload" type: string status: description: Error code. example: "400" type: string title: description: Error title. example: "Bad Request" type: string type: object HTTPCIAppErrors: description: Errors occurred. properties: errors: description: Structured errors. items: $ref: "#/components/schemas/HTTPCIAppError" type: array type: object HTTPCredentials: description: The definition of `HTTPCredentials` object. oneOf: - $ref: "#/components/schemas/HTTPTokenAuth" HTTPCredentialsUpdate: description: The definition of `HTTPCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/HTTPTokenAuthUpdate" HTTPHeader: description: The definition of `HTTPHeader` object. properties: name: description: The `HTTPHeader` `name`. example: MyHttpHeader pattern: ^[A-Za-z][A-Za-z\\d\\-\\_]*$ type: string value: description: The `HTTPHeader` `value`. example: Some header value type: string required: - name - value type: object HTTPHeaderUpdate: description: The definition of `HTTPHeaderUpdate` object. properties: deleted: description: Should the header be deleted. type: boolean name: description: The `HTTPHeaderUpdate` `name`. example: MyHttpHeader pattern: ^[A-Za-z][A-Za-z\\d\\-\\_]*$ type: string value: description: The `HTTPHeaderUpdate` `value`. example: Updated Header Value type: string required: - name type: object HTTPIntegration: description: The definition of `HTTPIntegration` object. properties: base_url: description: Base HTTP url for the integration example: http://datadoghq.com type: string credentials: $ref: "#/components/schemas/HTTPCredentials" type: $ref: "#/components/schemas/HTTPIntegrationType" required: - type - base_url - credentials type: object HTTPIntegrationType: description: The definition of `HTTPIntegrationType` object. enum: - HTTP example: HTTP type: string x-enum-varnames: - HTTP HTTPIntegrationUpdate: description: The definition of `HTTPIntegrationUpdate` object. properties: base_url: description: Base HTTP url for the integration example: http://datadoghq.com type: string credentials: $ref: "#/components/schemas/HTTPCredentialsUpdate" type: $ref: "#/components/schemas/HTTPIntegrationType" required: - type type: object HTTPLog: description: Structured log message. items: $ref: "#/components/schemas/HTTPLogItem" type: array HTTPLogError: description: List of errors. properties: detail: description: Error message. example: "Malformed payload" type: string status: description: Error code. example: "400" type: string title: description: Error title. example: "Bad Request" type: string type: object HTTPLogErrors: description: Invalid query performed. properties: errors: description: Structured errors. items: $ref: "#/components/schemas/HTTPLogError" type: array type: object HTTPLogItem: additionalProperties: description: Additional log attributes. description: Logs that are sent over HTTP. properties: ddsource: description: |- The integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. See [reserved attributes](https://docs.datadoghq.com/logs/log_configuration/attributes_naming_convention/#reserved-attributes). example: nginx type: string ddtags: description: Tags associated with your logs. example: env:staging,version:5.1 type: string hostname: description: The name of the originating host of the log. example: i-012345678 type: string message: description: |- The message [reserved attribute](https://docs.datadoghq.com/logs/log_configuration/attributes_naming_convention/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search. example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World type: string service: description: |- The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. See [reserved attributes](https://docs.datadoghq.com/logs/log_configuration/attributes_naming_convention/#reserved-attributes). example: payment type: string required: - message type: object HTTPToken: description: The definition of `HTTPToken` object. properties: name: description: The `HTTPToken` `name`. example: MyToken pattern: ^[A-Za-z][A-Za-z\\d]*$ type: string type: $ref: "#/components/schemas/TokenType" value: description: The `HTTPToken` `value`. example: Some Token Value type: string required: - name - value - type type: object HTTPTokenAuth: description: The definition of `HTTPTokenAuth` object. properties: body: $ref: "#/components/schemas/HTTPBody" headers: description: The `HTTPTokenAuth` `headers`. items: $ref: "#/components/schemas/HTTPHeader" type: array tokens: description: The `HTTPTokenAuth` `tokens`. items: $ref: "#/components/schemas/HTTPToken" type: array type: $ref: "#/components/schemas/HTTPTokenAuthType" url_parameters: description: The `HTTPTokenAuth` `url_parameters`. items: $ref: "#/components/schemas/UrlParam" type: array required: - type type: object HTTPTokenAuthType: description: The definition of `HTTPTokenAuthType` object. enum: - HTTPTokenAuth example: HTTPTokenAuth type: string x-enum-varnames: - HTTPTOKENAUTH HTTPTokenAuthUpdate: description: The definition of `HTTPTokenAuthUpdate` object. properties: body: $ref: "#/components/schemas/HTTPBody" headers: description: The `HTTPTokenAuthUpdate` `headers`. items: $ref: "#/components/schemas/HTTPHeaderUpdate" type: array tokens: description: The `HTTPTokenAuthUpdate` `tokens`. items: $ref: "#/components/schemas/HTTPTokenUpdate" type: array type: $ref: "#/components/schemas/HTTPTokenAuthType" url_parameters: description: The `HTTPTokenAuthUpdate` `url_parameters`. items: $ref: "#/components/schemas/UrlParamUpdate" type: array required: - type type: object HTTPTokenUpdate: description: The definition of `HTTPTokenUpdate` object. properties: deleted: description: Should the header be deleted. type: boolean name: description: The `HTTPToken` `name`. example: MyToken pattern: ^[A-Za-z][A-Za-z\\d]*$ type: string type: $ref: "#/components/schemas/TokenType" value: description: The `HTTPToken` `value`. example: Some Token Value type: string required: - name - type - value type: object HamrOrgConnectionAttributesRequest: description: Attributes for a HAMR organization connection request. properties: hamr_status: $ref: "#/components/schemas/HamrOrgConnectionStatus" is_primary: description: |- Indicates whether this organization is the primary organization in the HAMR relationship. If true, this is the primary organization. If false, this is the secondary/backup organization. example: true type: boolean modified_by: description: Username or identifier of the user who last modified this HAMR connection. example: "admin@example.com" type: string target_org_datacenter: description: Datacenter location of the target organization (e.g., us1, eu1, us5). example: "us1" type: string target_org_name: description: Name of the target organization in the HAMR relationship. example: "Production Backup Org" type: string target_org_uuid: description: UUID of the target organization in the HAMR relationship. example: "660f9511-f3ac-52e5-b827-557766551111" type: string required: - target_org_uuid - target_org_name - target_org_datacenter - hamr_status - is_primary - modified_by type: object HamrOrgConnectionAttributesResponse: description: Attributes of a HAMR organization connection response. properties: hamr_status: $ref: "#/components/schemas/HamrOrgConnectionStatus" is_primary: description: |- Indicates whether this organization is the primary organization in the HAMR relationship. If true, this is the primary organization. If false, this is the secondary/backup organization. example: true type: boolean modified_at: description: Timestamp of when this HAMR connection was last modified (RFC3339 format). example: "2026-01-13T17:26:48.830968Z" type: string modified_by: description: Username or identifier of the user who last modified this HAMR connection. example: "admin@example.com" type: string target_org_datacenter: description: Datacenter location of the target organization (e.g., us1, eu1, us5). example: "us1" type: string target_org_name: description: Name of the target organization in the HAMR relationship. example: "Production Backup Org" type: string target_org_uuid: description: UUID of the target organization in the HAMR relationship. example: "660f9511-f3ac-52e5-b827-557766551111" type: string required: - target_org_uuid - target_org_name - target_org_datacenter - hamr_status - is_primary - modified_at - modified_by type: object HamrOrgConnectionDataRequest: description: Data object for a HAMR organization connection request. properties: attributes: $ref: "#/components/schemas/HamrOrgConnectionAttributesRequest" id: description: The organization UUID for this HAMR connection. Must match the authenticated organization's UUID. example: "550e8400-e29b-41d4-a716-446655440000" type: string type: $ref: "#/components/schemas/HamrOrgConnectionType" required: - id - type - attributes type: object HamrOrgConnectionDataResponse: description: Data object for a HAMR organization connection response. properties: attributes: $ref: "#/components/schemas/HamrOrgConnectionAttributesResponse" id: description: The organization UUID for this HAMR connection. example: "550e8400-e29b-41d4-a716-446655440000" type: string type: $ref: "#/components/schemas/HamrOrgConnectionType" required: - id - type - attributes type: object HamrOrgConnectionRequest: description: Request payload for creating or updating a HAMR organization connection. properties: data: $ref: "#/components/schemas/HamrOrgConnectionDataRequest" required: - data type: object HamrOrgConnectionResponse: description: Response payload for a HAMR organization connection. properties: data: $ref: "#/components/schemas/HamrOrgConnectionDataResponse" required: - data type: object HamrOrgConnectionStatus: description: |- Status of the HAMR connection: - 0: UNSPECIFIED - Connection status not specified - 1: ONBOARDING - Initial setup of HAMR connection - 2: PASSIVE - Secondary organization in passive standby mode - 3: FAILOVER - Liminal status between PASSIVE and ACTIVE - 4: ACTIVE - Organization is an active failover - 5: RECOVERY - Recovery operation in progress enum: - 0 - 1 - 2 - 3 - 4 - 5 example: 4 type: integer x-enum-varnames: - UNSPECIFIED - ONBOARDING - PASSIVE - FAILOVER - ACTIVE - RECOVERY HamrOrgConnectionType: description: Type of the HAMR organization connection resource. enum: - hamr_org_connections example: hamr_org_connections type: string x-enum-varnames: - HAMR_ORG_CONNECTIONS HistoricalJobDataType: description: Type of payload. enum: - historicalDetectionsJob type: string x-enum-varnames: - HISTORICALDETECTIONSJOB HistoricalJobListMeta: description: Metadata about the list of jobs. properties: totalCount: description: Number of jobs in the list. format: int32 maximum: 2147483647 type: integer type: object HistoricalJobOptions: description: Job options. properties: anomalyDetectionOptions: $ref: "#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions" detectionMethod: $ref: "#/components/schemas/SecurityMonitoringRuleDetectionMethod" evaluationWindow: $ref: "#/components/schemas/SecurityMonitoringRuleEvaluationWindow" impossibleTravelOptions: $ref: "#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions" keepAlive: $ref: "#/components/schemas/SecurityMonitoringRuleKeepAlive" maxSignalDuration: $ref: "#/components/schemas/SecurityMonitoringRuleMaxSignalDuration" newValueOptions: $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptions" sequenceDetectionOptions: $ref: "#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions" thirdPartyRuleOptions: $ref: "#/components/schemas/SecurityMonitoringRuleThirdPartyOptions" type: object HistoricalJobQuery: description: Query for selecting logs analyzed by the historical job. properties: aggregation: $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" dataSource: $ref: "#/components/schemas/SecurityMonitoringStandardDataSource" distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array hasOptionalGroupByFields: default: false description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. example: false type: boolean metrics: description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. items: description: Field. type: string type: array name: description: Name of the query. type: string query: description: Query to run on logs. example: a > 3 type: string type: object HistoricalJobResponse: description: Historical job response. properties: data: $ref: "#/components/schemas/HistoricalJobResponseData" type: object HistoricalJobResponseAttributes: description: Historical job attributes. properties: createdAt: description: Time when the job was created. type: string createdByHandle: description: The handle of the user who created the job. type: string createdByName: description: The name of the user who created the job. type: string createdFromRuleId: description: ID of the rule used to create the job (if it is created from a rule). type: string jobDefinition: $ref: "#/components/schemas/JobDefinition" jobName: description: Job name. type: string jobStatus: description: Job status. type: string modifiedAt: description: Last modification time of the job. type: string signalOutput: description: Whether the job outputs signals. type: boolean type: object HistoricalJobResponseData: description: Historical job response data. properties: attributes: $ref: "#/components/schemas/HistoricalJobResponseAttributes" id: description: ID of the job. type: string type: $ref: "#/components/schemas/HistoricalJobDataType" type: object HourlyUsage: description: Hourly usage for a product family for an org. properties: attributes: $ref: "#/components/schemas/HourlyUsageAttributes" id: description: Unique ID of the response. type: string type: $ref: "#/components/schemas/UsageTimeSeriesType" type: object HourlyUsageAttributes: description: Attributes of hourly usage for a product family for an org for a time period. properties: account_name: description: The account name. type: string account_public_id: description: The account public ID. type: string measurements: description: List of the measured usage values for the product family for the org for the time period. items: $ref: "#/components/schemas/HourlyUsageMeasurement" type: array org_name: description: The organization name. type: string product_family: description: The product for which usage is being reported. type: string public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string timestamp: description: Datetime in ISO-8601 format, UTC. The hour for the usage. format: date-time type: string type: object HourlyUsageMeasurement: description: Usage amount for a given usage type. properties: usage_type: description: Type of usage. type: string value: description: Contains the number measured for the given usage_type during the hour. format: int64 nullable: true type: integer type: object HourlyUsageMetadata: description: The object containing document metadata. properties: pagination: $ref: "#/components/schemas/HourlyUsagePagination" type: object HourlyUsagePagination: description: The metadata for the current pagination. properties: next_record_id: description: The cursor to get the next results (if any). To make the next request, use the same parameters and add `next_record_id`. nullable: true type: string type: object HourlyUsageResponse: description: Hourly usage response. properties: data: description: Response containing hourly usage. items: $ref: "#/components/schemas/HourlyUsage" type: array meta: $ref: "#/components/schemas/HourlyUsageMetadata" type: object HourlyUsageType: description: Usage type that is being measured. enum: - app_sec_host_count - observability_pipelines_bytes_processed - lambda_traced_invocations_count example: observability_pipelines_bytes_processed type: string x-enum-varnames: - APP_SEC_HOST_COUNT - OBSERVABILITY_PIPELINES_BYTES_PROCESSSED - LAMBDA_TRACED_INVOCATIONS_COUNT ID: description: The ID of a notification rule. example: aaa-bbb-ccc type: string IPAllowlistAttributes: description: Attributes of the IP allowlist. properties: enabled: description: Whether the IP allowlist logic is enabled or not. type: boolean entries: description: Array of entries in the IP allowlist. items: $ref: "#/components/schemas/IPAllowlistEntry" type: array type: object IPAllowlistData: description: IP allowlist data. properties: attributes: $ref: "#/components/schemas/IPAllowlistAttributes" id: description: The unique identifier of the org. type: string type: $ref: "#/components/schemas/IPAllowlistType" required: - type type: object IPAllowlistEntry: description: IP allowlist entry object. properties: data: $ref: "#/components/schemas/IPAllowlistEntryData" required: - data type: object IPAllowlistEntryAttributes: description: Attributes of the IP allowlist entry. properties: cidr_block: description: The CIDR block describing the IP range of the entry. type: string created_at: description: Creation time of the entry. format: date-time readOnly: true type: string modified_at: description: Time of last entry modification. format: date-time readOnly: true type: string note: description: A note describing the IP allowlist entry. type: string type: object IPAllowlistEntryData: description: Data of the IP allowlist entry object. properties: attributes: $ref: "#/components/schemas/IPAllowlistEntryAttributes" id: description: The unique identifier of the IP allowlist entry. type: string type: $ref: "#/components/schemas/IPAllowlistEntryType" required: - type type: object IPAllowlistEntryType: default: ip_allowlist_entry description: IP allowlist Entry type. enum: - ip_allowlist_entry example: ip_allowlist_entry type: string x-enum-varnames: - IP_ALLOWLIST_ENTRY IPAllowlistResponse: description: Response containing information about the IP allowlist. properties: data: $ref: "#/components/schemas/IPAllowlistData" type: object IPAllowlistType: default: ip_allowlist description: IP allowlist type. enum: - ip_allowlist example: ip_allowlist type: string x-enum-varnames: - IP_ALLOWLIST IPAllowlistUpdateRequest: description: Update the IP allowlist. properties: data: $ref: "#/components/schemas/IPAllowlistData" required: - data type: object IdPMetadataFormData: description: The form data submitted to upload IdP metadata properties: idp_file: description: The IdP metadata XML file format: binary type: string x-mimetype: application/xml type: object IncidentAttachmentType: default: incident_attachments description: The incident attachment resource type. enum: - incident_attachments example: incident_attachments type: string x-enum-varnames: - INCIDENT_ATTACHMENTS IncidentCreateAttributes: description: The incident's attributes for a create request. properties: customer_impact_scope: description: Required if `customer_impacted:"true"`. A summary of the impact customers experienced during the incident. example: "Example customer impact scope" type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean fields: additionalProperties: $ref: "#/components/schemas/IncidentFieldAttributes" description: A condensed view of the user-defined fields for which to create initial selections. example: {"severity": {"type": "dropdown", "value": "SEV-5"}} type: object incident_type_uuid: description: A unique identifier that represents an incident type. The default incident type will be used if this property is not provided. example: "00000000-0000-0000-0000-000000000000" type: string initial_cells: description: An array of initial timeline cells to be placed at the beginning of the incident timeline. items: $ref: "#/components/schemas/IncidentTimelineCellCreateAttributes" type: array is_test: description: A flag indicating whether the incident is a test incident. example: false type: boolean notification_handles: description: Notification handles that will be notified of the incident at creation. example: [{"display_name": "Jane Doe", "handle": "@user@email.com"}, {"display_name": "Slack Channel", "handle": "@slack-channel"}, {"display_name": "Incident Workflow", "handle": "@workflow-from-incident"}] items: $ref: "#/components/schemas/IncidentNotificationHandle" type: array title: description: The title of the incident, which summarizes what happened. example: "A test incident title" type: string required: - title - customer_impacted type: object IncidentCreateData: description: Incident data for a create request. properties: attributes: $ref: "#/components/schemas/IncidentCreateAttributes" relationships: $ref: "#/components/schemas/IncidentCreateRelationships" type: $ref: "#/components/schemas/IncidentType" required: - type - attributes type: object IncidentCreateRelationships: description: The relationships the incident will have with other resources once created. properties: commander_user: $ref: "#/components/schemas/NullableRelationshipToUser" required: - commander_user type: object IncidentCreateRequest: description: Create request for an incident. properties: data: $ref: "#/components/schemas/IncidentCreateData" required: - data type: object IncidentFieldAttributes: description: Dynamic fields for which selections can be made, with field names as keys. oneOf: - $ref: "#/components/schemas/IncidentFieldAttributesSingleValue" - $ref: "#/components/schemas/IncidentFieldAttributesMultipleValue" IncidentFieldAttributesMultipleValue: description: A field with potentially multiple values selected. properties: type: $ref: "#/components/schemas/IncidentFieldAttributesValueType" value: description: The multiple values selected for this field. example: ["1.0", "1.1"] items: description: A value which has been selected for the parent field. example: "1.1" type: string nullable: true type: array type: object IncidentFieldAttributesSingleValue: description: A field with a single value selected. properties: type: $ref: "#/components/schemas/IncidentFieldAttributesSingleValueType" value: description: The single value selected for this field. example: "SEV-1" nullable: true type: string type: object IncidentFieldAttributesSingleValueType: default: dropdown description: Type of the single value field definitions. enum: - dropdown - textbox example: dropdown type: string x-enum-varnames: - DROPDOWN - TEXTBOX IncidentFieldAttributesValueType: default: multiselect description: Type of the multiple value field definitions. enum: - multiselect - textarray - metrictag - autocomplete example: multiselect type: string x-enum-varnames: - MULTISELECT - TEXTARRAY - METRICTAG - AUTOCOMPLETE IncidentHandleAttributesFields: description: Dynamic fields associated with the handle example: severity: ["SEV-1"] properties: severity: description: Severity levels associated with the handle items: $ref: "#/components/schemas/IncidentHandleAttributesFieldsSeverity" type: array type: object IncidentHandleAttributesFieldsSeverity: description: Severity level associated with an incident handle. example: SEV-1 type: string IncidentHandleAttributesRequest: description: Incident handle attributes for requests properties: fields: $ref: "#/components/schemas/IncidentHandleAttributesFields" name: description: The handle name example: "@incident-sev-1" type: string required: - name type: object IncidentHandleAttributesResponse: description: Incident handle attributes for responses properties: created_at: description: Timestamp when the handle was created example: "2026-01-13T17:15:52.726905Z" format: date-time type: string fields: $ref: "#/components/schemas/IncidentHandleAttributesFields" modified_at: description: Timestamp when the handle was last modified example: "2026-01-13T17:15:52.726905Z" format: date-time type: string name: description: The handle name example: "@incident-sev-1" type: string required: - name - fields - created_at - modified_at type: object IncidentHandleDataRequest: description: Data object representing an incident handle in a create or update request. properties: attributes: $ref: "#/components/schemas/IncidentHandleAttributesRequest" id: description: The ID of the incident handle (required for PUT requests) example: "b2494081-cdf0-4205-b366-4e1dd4fdf0bf" type: string relationships: $ref: "#/components/schemas/IncidentHandleRelationshipsRequest" type: $ref: "#/components/schemas/IncidentHandleType" required: - type - attributes type: object IncidentHandleDataResponse: description: Data object representing an incident handle in a response. properties: attributes: $ref: "#/components/schemas/IncidentHandleAttributesResponse" id: description: The ID of the incident handle example: "12ceee6d-a7c0-4407-bc54-30e54140d7f0" type: string relationships: $ref: "#/components/schemas/IncidentHandleRelationships" type: $ref: "#/components/schemas/IncidentHandleType" required: - id - type - attributes type: object IncidentHandleIncludedItemResponse: description: A single included resource item in an incident handle response, which can be a user or an incident type. oneOf: - $ref: "#/components/schemas/IncidentUserData" - $ref: "#/components/schemas/IncidentTypeObject" IncidentHandleIncludedResponse: description: Included related resources items: $ref: "#/components/schemas/IncidentHandleIncludedItemResponse" type: array IncidentHandleRelationship: description: A single relationship object for an incident handle, wrapping the related resource data. properties: data: $ref: "#/components/schemas/IncidentHandleRelationshipData" required: - data type: object IncidentHandleRelationshipData: description: Relationship data for an incident handle, containing the ID and type of the related resource. properties: id: description: The ID of the related resource example: "f7b538b1-ed7c-4e84-82de-fdf84a539d40" type: string type: description: The type of the related resource example: "incident_types" type: string required: - id - type type: object IncidentHandleRelationships: description: Relationships associated with an incident handle response, including linked users and incident type. nullable: true properties: commander_user: $ref: "#/components/schemas/IncidentHandleRelationship" created_by_user: $ref: "#/components/schemas/IncidentHandleRelationship" incident_type: $ref: "#/components/schemas/IncidentHandleRelationship" last_modified_by_user: $ref: "#/components/schemas/IncidentHandleRelationship" required: - incident_type - created_by_user - last_modified_by_user type: object IncidentHandleRelationshipsRequest: description: Relationships to associate with an incident handle in a create or update request. nullable: true properties: commander_user: $ref: "#/components/schemas/IncidentHandleRelationship" incident_type: $ref: "#/components/schemas/IncidentHandleRelationship" required: - incident_type type: object IncidentHandleRequest: description: Request payload for creating or updating a global incident handle. properties: data: $ref: "#/components/schemas/IncidentHandleDataRequest" required: - data type: object IncidentHandleResponse: description: Response payload for a single incident handle, including the handle data and related resources. properties: data: $ref: "#/components/schemas/IncidentHandleDataResponse" included: $ref: "#/components/schemas/IncidentHandleIncludedResponse" required: - data type: object IncidentHandleType: description: Incident handle resource type enum: - incidents_handles example: incidents_handles type: string x-enum-varnames: - INCIDENTS_HANDLES IncidentHandlesResponse: description: Response payload for a list of global incident handles, including handle data and related resources. properties: data: $ref: "#/components/schemas/IncidentHandlesResponseData" example: - attributes: name: "@incident-sev-1" id: "12ceee6d-a7c0-4407-bc54-30e54140d7f0" type: incident_handles included: $ref: "#/components/schemas/IncidentHandleIncludedResponse" required: - data type: object IncidentHandlesResponseData: description: Array of incident handle data objects returned in a list response. items: $ref: "#/components/schemas/IncidentHandleDataResponse" type: array IncidentImpactAttributes: description: The incident impact's attributes. properties: created: description: Timestamp when the impact was created. example: "2025-08-29T13:17:00Z" format: date-time readOnly: true type: string description: description: Description of the impact. example: "Service was unavailable for external users" type: string end_at: description: Timestamp when the impact ended. example: "2025-08-29T13:17:00Z" format: date-time nullable: true type: string fields: $ref: "#/components/schemas/IncidentImpactFieldsObject" impact_type: description: The type of impact. example: "customer" type: string modified: description: Timestamp when the impact was last modified. example: "2025-08-29T13:17:00Z" format: date-time readOnly: true type: string start_at: description: Timestamp representing when the impact started. example: "2025-08-28T13:17:00Z" format: date-time type: string required: - description - start_at type: object IncidentImpactCreateAttributes: description: The incident impact's attributes for a create request. properties: description: description: Description of the impact. example: "Service was unavailable for external users" type: string end_at: description: Timestamp when the impact ended. example: "2025-08-29T13:17:00Z" format: date-time nullable: true type: string fields: $ref: "#/components/schemas/IncidentImpactFieldsObject" start_at: description: Timestamp when the impact started. example: "2025-08-28T13:17:00Z" format: date-time type: string required: - description - start_at type: object IncidentImpactCreateData: description: Incident impact data for a create request. properties: attributes: $ref: "#/components/schemas/IncidentImpactCreateAttributes" type: $ref: "#/components/schemas/IncidentImpactType" required: - type - attributes type: object IncidentImpactCreateRequest: description: Create request for an incident impact. properties: data: $ref: "#/components/schemas/IncidentImpactCreateData" required: - data type: object IncidentImpactFieldsObject: additionalProperties: {} description: An object mapping impact field names to field values. example: {"customers_impacted": "all", "products_impacted": ["shopping", "marketing"]} nullable: true type: object IncidentImpactRelatedObject: description: A reference to a resource related to an incident impact. enum: - incident - created_by_user - last_modified_by_user type: string x-enum-varnames: - INCIDENT - CREATED_BY_USER - LAST_MODIFIED_BY_USER IncidentImpactRelationships: description: The incident impact's resource relationships. properties: created_by_user: $ref: "#/components/schemas/RelationshipToUser" incident: $ref: "#/components/schemas/RelationshipToIncident" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" type: object IncidentImpactResponse: description: Response with an incident impact. properties: data: $ref: "#/components/schemas/IncidentImpactResponseData" included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentUserData" readOnly: true type: array required: - data type: object IncidentImpactResponseData: description: Incident impact data from a response. properties: attributes: $ref: "#/components/schemas/IncidentImpactAttributes" id: description: The incident impact's ID. example: "00000000-0000-0000-1234-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentImpactRelationships" type: $ref: "#/components/schemas/IncidentImpactType" required: - id - type type: object IncidentImpactType: default: incident_impacts description: Incident impact resource type. enum: - incident_impacts example: incident_impacts type: string x-enum-varnames: - INCIDENT_IMPACTS IncidentImpactsResponse: description: Response with a list of incident impacts. properties: data: description: An array of incident impacts. items: $ref: "#/components/schemas/IncidentImpactResponseData" type: array included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentUserData" readOnly: true type: array required: - data type: object IncidentImpactsType: description: The incident impacts type. enum: - incident_impacts example: incident_impacts type: string x-enum-varnames: - INCIDENT_IMPACTS IncidentImportFieldAttributes: description: Dynamic fields for which selections can be made, with field names as keys. oneOf: - $ref: "#/components/schemas/IncidentImportFieldAttributesSingleValue" - $ref: "#/components/schemas/IncidentImportFieldAttributesMultipleValue" IncidentImportFieldAttributesMultipleValue: additionalProperties: false description: A field with potentially multiple values selected. properties: value: description: The multiple values selected for this field. example: ["1.0", "1.1"] items: description: A value which has been selected for the parent field. example: "1.1" type: string nullable: true type: array type: object IncidentImportFieldAttributesSingleValue: additionalProperties: false description: A field with a single value selected. properties: value: description: The single value selected for this field. example: "SEV-1" nullable: true type: string type: object IncidentImportRelatedObject: description: Object related to an incident that can be included in the response. enum: - last_modified_by_user - created_by_user - commander_user - declared_by_user - incident_type type: string x-enum-varnames: - LAST_MODIFIED_BY_USER - CREATED_BY_USER - COMMANDER_USER - DECLARED_BY_USER - INCIDENT_TYPE IncidentImportRelationships: description: The relationships for an incident import request. properties: commander_user: $ref: "#/components/schemas/NullableRelationshipToUser" declared_by_user: $ref: "#/components/schemas/NullableRelationshipToUser" type: object IncidentImportRequest: description: Import request for an incident. Used to import historical incidents from external systems. properties: data: $ref: "#/components/schemas/IncidentImportRequestData" required: - data type: object IncidentImportRequestAttributes: description: The incident's attributes for an import request. properties: declared: description: Timestamp when the incident was declared. example: "2025-01-01T00:00:00Z" format: date-time type: string detected: description: Timestamp when the incident was detected. example: "2025-01-01T00:00:00Z" format: date-time type: string fields: additionalProperties: $ref: "#/components/schemas/IncidentImportFieldAttributes" description: A condensed view of the user-defined fields for which to create initial selections. example: {"severity": {"value": "SEV-5"}, "state": {"value": "active"}} type: object incident_type_uuid: description: A unique identifier that represents the incident type. If not provided, the default incident type is used. example: "00000000-0000-0000-0000-000000000000" type: string resolved: description: Timestamp when the incident was resolved. Can only be set when the state field is set to 'resolved'. example: "2025-01-01T01:00:00Z" format: date-time type: string title: description: The title of the incident that summarizes what happened. example: "Imported incident from external system" maxLength: 1024 type: string visibility: $ref: "#/components/schemas/IncidentImportVisibility" required: - title type: object IncidentImportRequestData: description: Incident data for an import request. properties: attributes: $ref: "#/components/schemas/IncidentImportRequestAttributes" relationships: $ref: "#/components/schemas/IncidentImportRelationships" type: $ref: "#/components/schemas/IncidentType" required: - type - attributes type: object IncidentImportResponse: description: Response with an incident. properties: data: $ref: "#/components/schemas/IncidentImportResponseData" included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentImportResponseIncludedItem" readOnly: true type: array required: - data type: object IncidentImportResponseAttributes: description: The incident's attributes from an import response. properties: archived: description: Timestamp when the incident was archived. format: date-time nullable: true readOnly: true type: string case_id: description: The incident case ID. format: int64 nullable: true type: integer created: description: Timestamp when the incident was created. example: "2025-01-01T00:00:00Z" format: date-time readOnly: true type: string created_by_uuid: description: UUID of the user who created the incident. nullable: true type: string creation_idempotency_key: description: A unique key used to ensure idempotent incident creation. nullable: true type: string customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: "An example customer impact scope" nullable: true type: string customer_impact_start: description: Timestamp when customers began to be impacted by the incident. format: date-time nullable: true type: string declared: description: Timestamp when the incident was declared. example: "2025-01-01T00:00:00Z" format: date-time nullable: true type: string declared_by_uuid: description: UUID of the user who declared the incident. nullable: true type: string detected: description: Timestamp when the incident was detected. example: "2025-01-01T00:00:00Z" format: date-time nullable: true type: string fields: additionalProperties: $ref: "#/components/schemas/IncidentFieldAttributes" description: A condensed view of the user-defined fields attached to incidents. example: {"severity": {"type": "dropdown", "value": "SEV-5"}} type: object incident_type_uuid: description: A unique identifier that represents an incident type. example: "00000000-0000-0000-0000-000000000000" type: string is_test: description: A flag indicating whether the incident is a test incident. example: false type: boolean last_modified_by_uuid: description: UUID of the user who last modified the incident. nullable: true type: string modified: description: Timestamp when the incident was last modified. format: date-time readOnly: true type: string non_datadog_creator: $ref: "#/components/schemas/IncidentNonDatadogCreator" notification_handles: description: Notification handles that are notified of the incident during update. items: $ref: "#/components/schemas/IncidentNotificationHandle" nullable: true type: array public_id: description: The monotonically increasing integer ID for the incident. example: 1 format: int64 type: integer resolved: description: Timestamp when the incident's state was last changed from active or stable to resolved or completed. format: date-time nullable: true type: string severity: $ref: "#/components/schemas/IncidentSeverity" state: description: The state of the incident. nullable: true type: string title: description: The title of the incident that summarizes what happened. example: "A test incident title" type: string visibility: description: The incident visibility status. nullable: true type: string required: - title type: object IncidentImportResponseData: description: Incident data from an import response. properties: attributes: $ref: "#/components/schemas/IncidentImportResponseAttributes" id: description: The incident's ID. example: "00000000-0000-0000-1234-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentImportResponseRelationships" type: $ref: "#/components/schemas/IncidentType" required: - id - type type: object IncidentImportResponseIncludedItem: description: An object related to an incident that is included in the response. oneOf: - $ref: "#/components/schemas/IncidentUserData" - $ref: "#/components/schemas/IncidentTypeObject" IncidentImportResponseRelationships: description: The incident's relationships from an import response. properties: attachments: $ref: "#/components/schemas/RelationshipToIncidentAttachment" commander_user: $ref: "#/components/schemas/NullableRelationshipToUser" created_by_user: $ref: "#/components/schemas/RelationshipToUser" declared_by_user: $ref: "#/components/schemas/RelationshipToUser" impacts: $ref: "#/components/schemas/RelationshipToIncidentImpacts" incident_type: $ref: "#/components/schemas/RelationshipToIncidentType" integrations: $ref: "#/components/schemas/RelationshipToIncidentIntegrationMetadatas" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" responders: $ref: "#/components/schemas/RelationshipToIncidentResponders" user_defined_fields: $ref: "#/components/schemas/RelationshipToIncidentUserDefinedFields" type: object IncidentImportVisibility: default: organization description: The visibility of the incident. enum: - organization - private example: organization type: string x-enum-varnames: - ORGANIZATION - PRIVATE IncidentIntegrationMetadataAttributes: description: Incident integration metadata's attributes for a create request. properties: created: description: Timestamp when the incident todo was created. format: date-time readOnly: true type: string incident_id: description: UUID of the incident this integration metadata is connected to. example: "00000000-aaaa-0000-0000-000000000000" type: string integration_type: description: |- A number indicating the type of integration this metadata is for. 1 indicates Slack; 7 indicates Microsoft Teams; 8 indicates Jira. example: 1 format: int32 maximum: 100 type: integer metadata: $ref: "#/components/schemas/IncidentIntegrationMetadataMetadata" modified: description: Timestamp when the incident todo was last modified. format: date-time readOnly: true type: string status: description: |- A number indicating the status of this integration metadata. 0 indicates unknown; 1 indicates pending; 2 indicates complete; 3 indicates manually created; 4 indicates manually updated; 5 indicates failed. format: int32 maximum: 5 type: integer required: - integration_type - metadata type: object IncidentIntegrationMetadataCreateData: description: Incident integration metadata data for a create request. properties: attributes: $ref: "#/components/schemas/IncidentIntegrationMetadataAttributes" type: $ref: "#/components/schemas/IncidentIntegrationMetadataType" required: - type - attributes type: object IncidentIntegrationMetadataCreateRequest: description: Create request for an incident integration metadata. properties: data: $ref: "#/components/schemas/IncidentIntegrationMetadataCreateData" required: - data type: object IncidentIntegrationMetadataListResponse: description: Response with a list of incident integration metadata. properties: data: description: An array of incident integration metadata. items: $ref: "#/components/schemas/IncidentIntegrationMetadataResponseData" type: array included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentIntegrationMetadataResponseIncludedItem" readOnly: true type: array meta: $ref: "#/components/schemas/IncidentResponseMeta" required: - data type: object IncidentIntegrationMetadataMetadata: description: Incident integration metadata's metadata attribute. oneOf: - $ref: "#/components/schemas/SlackIntegrationMetadata" - $ref: "#/components/schemas/JiraIntegrationMetadata" - $ref: "#/components/schemas/MSTeamsIntegrationMetadata" IncidentIntegrationMetadataPatchData: description: Incident integration metadata data for a patch request. properties: attributes: $ref: "#/components/schemas/IncidentIntegrationMetadataAttributes" type: $ref: "#/components/schemas/IncidentIntegrationMetadataType" required: - type - attributes type: object IncidentIntegrationMetadataPatchRequest: description: Patch request for an incident integration metadata. properties: data: $ref: "#/components/schemas/IncidentIntegrationMetadataPatchData" required: - data type: object IncidentIntegrationMetadataResponse: description: Response with an incident integration metadata. properties: data: $ref: "#/components/schemas/IncidentIntegrationMetadataResponseData" included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentIntegrationMetadataResponseIncludedItem" readOnly: true type: array required: - data type: object IncidentIntegrationMetadataResponseData: description: Incident integration metadata from a response. properties: attributes: $ref: "#/components/schemas/IncidentIntegrationMetadataAttributes" id: description: The incident integration metadata's ID. example: "00000000-0000-0000-1234-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentIntegrationRelationships" type: $ref: "#/components/schemas/IncidentIntegrationMetadataType" required: - id - type type: object IncidentIntegrationMetadataResponseIncludedItem: description: An object related to an incident integration metadata that is included in the response. oneOf: - $ref: "#/components/schemas/User" IncidentIntegrationMetadataType: default: incident_integrations description: Integration metadata resource type. enum: - incident_integrations example: incident_integrations type: string x-enum-varnames: - INCIDENT_INTEGRATIONS IncidentIntegrationRelationships: description: The incident's integration relationships from a response. properties: created_by_user: $ref: "#/components/schemas/RelationshipToUser" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" type: object IncidentNonDatadogCreator: description: Incident's non Datadog creator. nullable: true properties: image_48_px: description: Non Datadog creator `48px` image. type: string name: description: Non Datadog creator name. type: string type: object IncidentNotificationHandle: description: A notification handle that will be notified at incident creation. properties: display_name: description: The name of the notified handle. example: Jane Doe type: string handle: description: The handle used for the notification. This includes an email address, Slack channel, or workflow. example: "@test.user@test.com" type: string type: object IncidentNotificationRule: description: Response with a notification rule. properties: data: $ref: "#/components/schemas/IncidentNotificationRuleResponseData" included: description: Related objects that are included in the response. items: $ref: "#/components/schemas/IncidentNotificationRuleIncludedItems" type: array required: - data type: object IncidentNotificationRuleArray: description: Response with notification rules. properties: data: description: The `NotificationRuleArray` `data`. items: $ref: "#/components/schemas/IncidentNotificationRuleResponseData" type: array included: description: Related objects that are included in the response. items: $ref: "#/components/schemas/IncidentNotificationRuleIncludedItems" type: array meta: $ref: "#/components/schemas/IncidentNotificationRuleArrayMeta" required: - data type: object IncidentNotificationRuleArrayMeta: description: Response metadata. properties: pagination: $ref: "#/components/schemas/IncidentNotificationRuleArrayMetaPage" type: object IncidentNotificationRuleArrayMetaPage: description: Pagination metadata. properties: next_offset: description: The offset for the next page of results. example: 15 format: int64 type: integer offset: description: The current offset in the results. example: 0 format: int64 type: integer size: description: The number of results returned per page. example: 15 format: int64 type: integer type: object IncidentNotificationRuleAttributes: description: The notification rule's attributes. properties: conditions: $ref: "#/components/schemas/IncidentNotificationRuleConditions" created: description: Timestamp when the notification rule was created. example: "2025-01-15T10:30:00Z" format: date-time readOnly: true type: string enabled: description: Whether the notification rule is enabled. example: true type: boolean handles: $ref: "#/components/schemas/IncidentNotificationRuleHandles" modified: description: Timestamp when the notification rule was last modified. example: "2025-01-15T14:45:00Z" format: date-time readOnly: true type: string renotify_on: $ref: "#/components/schemas/IncidentNotificationRuleRenotifyOn" trigger: description: The trigger event for this notification rule. example: "incident_created_trigger" type: string visibility: $ref: "#/components/schemas/IncidentNotificationRuleAttributesVisibility" required: - conditions - handles - visibility - trigger - enabled - created - modified type: object IncidentNotificationRuleAttributesVisibility: description: The visibility of the notification rule. enum: ["all", "organization", "private"] example: "organization" type: string x-enum-varnames: - ALL - ORGANIZATION - PRIVATE IncidentNotificationRuleConditions: description: The conditions that trigger this notification rule. example: [{"field": "severity", "values": ["SEV-1", "SEV-2"]}] items: $ref: "#/components/schemas/IncidentNotificationRuleConditionsItems" type: array IncidentNotificationRuleConditionsItems: description: A condition that must be met to trigger the notification rule. properties: field: description: The incident field to evaluate example: "severity" type: string values: description: The value(s) to compare against. Multiple values are `ORed` together. example: ["SEV-1", "SEV-2"] items: description: A value to compare against the incident field. type: string type: array required: - field - values type: object IncidentNotificationRuleCreateAttributes: description: The attributes for creating a notification rule. properties: conditions: $ref: "#/components/schemas/IncidentNotificationRuleConditions" enabled: default: false description: Whether the notification rule is enabled. example: true type: boolean handles: $ref: "#/components/schemas/IncidentNotificationRuleHandles" renotify_on: $ref: "#/components/schemas/IncidentNotificationRuleRenotifyOn" trigger: description: The trigger event for this notification rule. example: "incident_created_trigger" type: string visibility: $ref: "#/components/schemas/IncidentNotificationRuleCreateAttributesVisibility" required: - conditions - handles - trigger type: object IncidentNotificationRuleCreateAttributesVisibility: description: The visibility of the notification rule. enum: ["all", "organization", "private"] example: "organization" type: string x-enum-varnames: - ALL - ORGANIZATION - PRIVATE IncidentNotificationRuleCreateData: description: Notification rule data for a create request. properties: attributes: $ref: "#/components/schemas/IncidentNotificationRuleCreateAttributes" relationships: $ref: "#/components/schemas/IncidentNotificationRuleCreateDataRelationships" type: $ref: "#/components/schemas/IncidentNotificationRuleType" required: - type - attributes type: object IncidentNotificationRuleCreateDataRelationships: description: The definition of `NotificationRuleCreateDataRelationships` object. properties: incident_type: $ref: "#/components/schemas/RelationshipToIncidentType" notification_template: $ref: "#/components/schemas/RelationshipToIncidentNotificationTemplate" type: object IncidentNotificationRuleHandles: description: The notification handles (targets) for this rule. example: ["@team-email@company.com", "@slack-channel"] items: description: A notification handle (email, Slack channel, etc.). type: string type: array IncidentNotificationRuleIncludedItems: description: Objects related to a notification rule. oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/IncidentTypeObject" - $ref: "#/components/schemas/IncidentNotificationTemplateObject" IncidentNotificationRuleRelationships: description: The notification rule's resource relationships. properties: created_by_user: $ref: "#/components/schemas/RelationshipToUser" incident_type: $ref: "#/components/schemas/RelationshipToIncidentType" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" notification_template: $ref: "#/components/schemas/RelationshipToIncidentNotificationTemplate" type: object IncidentNotificationRuleRenotifyOn: description: List of incident fields that trigger re-notification when changed. example: ["status", "severity"] items: description: An incident field name. type: string type: array IncidentNotificationRuleResponseData: description: Notification rule data from a response. properties: attributes: $ref: "#/components/schemas/IncidentNotificationRuleAttributes" id: description: The unique identifier of the notification rule. example: "00000000-0000-0000-0000-000000000001" format: uuid type: string relationships: $ref: "#/components/schemas/IncidentNotificationRuleRelationships" type: $ref: "#/components/schemas/IncidentNotificationRuleType" required: - id - type type: object IncidentNotificationRuleType: description: Notification rules resource type. enum: - incident_notification_rules example: incident_notification_rules type: string x-enum-varnames: - INCIDENT_NOTIFICATION_RULES IncidentNotificationRuleUpdateData: description: Notification rule data for an update request. properties: attributes: $ref: "#/components/schemas/IncidentNotificationRuleCreateAttributes" id: description: The unique identifier of the notification rule. example: "00000000-0000-0000-0000-000000000001" format: uuid type: string relationships: $ref: "#/components/schemas/IncidentNotificationRuleCreateDataRelationships" type: $ref: "#/components/schemas/IncidentNotificationRuleType" required: - id - type - attributes type: object IncidentNotificationTemplate: description: Response with a notification template. properties: data: $ref: "#/components/schemas/IncidentNotificationTemplateResponseData" included: description: Related objects that are included in the response. items: $ref: "#/components/schemas/IncidentNotificationTemplateIncludedItems" type: array required: - data type: object IncidentNotificationTemplateArray: description: Response with notification templates. properties: data: description: The `NotificationTemplateArray` `data`. items: $ref: "#/components/schemas/IncidentNotificationTemplateResponseData" type: array included: description: Related objects that are included in the response. items: $ref: "#/components/schemas/IncidentNotificationTemplateIncludedItems" type: array meta: $ref: "#/components/schemas/IncidentNotificationTemplateArrayMeta" required: - data type: object IncidentNotificationTemplateArrayMeta: description: Response metadata. properties: page: $ref: "#/components/schemas/IncidentNotificationTemplateArrayMetaPage" type: object IncidentNotificationTemplateArrayMetaPage: description: Pagination metadata. properties: total_count: description: Total number of notification templates. example: 42 format: int64 type: integer total_filtered_count: description: Total number of notification templates matching the filter. example: 15 format: int64 type: integer type: object IncidentNotificationTemplateAttributes: description: The notification template's attributes. properties: category: description: The category of the notification template. example: "alert" type: string content: description: The content body of the notification template. example: "An incident has been declared.\n\nTitle: {{incident.title}}\nSeverity: {{incident.severity}}\nAffected Services: {{incident.services}}\nStatus: {{incident.state}}\n\nPlease join the incident channel for updates." type: string created: description: Timestamp when the notification template was created. example: "2025-01-15T10:30:00Z" format: date-time readOnly: true type: string modified: description: Timestamp when the notification template was last modified. example: "2025-01-15T14:45:00Z" format: date-time readOnly: true type: string name: description: The name of the notification template. example: "Incident Alert Template" type: string subject: description: The subject line of the notification template. example: "{{incident.severity}} Incident: {{incident.title}}" type: string required: - name - subject - content - category - created - modified type: object IncidentNotificationTemplateCreateAttributes: description: The attributes for creating a notification template. properties: category: description: The category of the notification template. example: "alert" type: string content: description: The content body of the notification template. example: "An incident has been declared.\n\nTitle: {{incident.title}}\nSeverity: {{incident.severity}}\nAffected Services: {{incident.services}}\nStatus: {{incident.state}}\n\nPlease join the incident channel for updates." type: string name: description: The name of the notification template. example: "Incident Alert Template" type: string subject: description: The subject line of the notification template. example: "{{incident.severity}} Incident: {{incident.title}}" type: string required: - name - subject - content - category type: object IncidentNotificationTemplateCreateData: description: Notification template data for a create request. properties: attributes: $ref: "#/components/schemas/IncidentNotificationTemplateCreateAttributes" relationships: $ref: "#/components/schemas/IncidentNotificationTemplateCreateDataRelationships" type: $ref: "#/components/schemas/IncidentNotificationTemplateType" required: - type - attributes type: object IncidentNotificationTemplateCreateDataRelationships: description: The definition of `NotificationTemplateCreateDataRelationships` object. properties: incident_type: $ref: "#/components/schemas/RelationshipToIncidentType" type: object IncidentNotificationTemplateIncludedItems: description: Objects related to a notification template. oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/IncidentTypeObject" IncidentNotificationTemplateObject: description: A notification template object for inclusion in other resources. properties: attributes: $ref: "#/components/schemas/IncidentNotificationTemplateAttributes" id: description: The unique identifier of the notification template. example: "00000000-0000-0000-0000-000000000001" format: uuid type: string relationships: $ref: "#/components/schemas/IncidentNotificationTemplateRelationships" type: $ref: "#/components/schemas/IncidentNotificationTemplateType" required: - id - type type: object IncidentNotificationTemplateRelationships: description: The notification template's resource relationships. properties: created_by_user: $ref: "#/components/schemas/RelationshipToUser" incident_type: $ref: "#/components/schemas/RelationshipToIncidentType" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" type: object IncidentNotificationTemplateResponseData: description: Notification template data from a response. properties: attributes: $ref: "#/components/schemas/IncidentNotificationTemplateAttributes" id: description: The unique identifier of the notification template. example: "00000000-0000-0000-0000-000000000001" format: uuid type: string relationships: $ref: "#/components/schemas/IncidentNotificationTemplateRelationships" type: $ref: "#/components/schemas/IncidentNotificationTemplateType" required: - id - type type: object IncidentNotificationTemplateType: description: Notification templates resource type. enum: - notification_templates example: notification_templates type: string x-enum-varnames: - NOTIFICATION_TEMPLATES IncidentNotificationTemplateUpdateAttributes: description: The attributes to update on a notification template. properties: category: description: The category of the notification template. example: "update" type: string content: description: The content body of the notification template. example: "Incident Status Update:\n\nTitle: {{incident.title}}\nNew Status: {{incident.state}}\nSeverity: {{incident.severity}}\nServices: {{incident.services}}\nCommander: {{incident.commander}}\n\nFor more details, visit the incident page." type: string name: description: The name of the notification template. example: "Incident Status Update Template" type: string subject: description: The subject line of the notification template. example: "Incident Update: {{incident.title}} - {{incident.state}}" type: string type: object IncidentNotificationTemplateUpdateData: description: Notification template data for an update request. properties: attributes: $ref: "#/components/schemas/IncidentNotificationTemplateUpdateAttributes" id: description: The unique identifier of the notification template. example: "00000000-0000-0000-0000-000000000001" format: uuid type: string type: $ref: "#/components/schemas/IncidentNotificationTemplateType" required: - id - type type: object IncidentPostmortemType: default: incident_postmortems description: Incident postmortem resource type. enum: - incident_postmortems example: incident_postmortems type: string x-enum-varnames: - INCIDENT_POSTMORTEMS IncidentRelatedObject: description: Object related to an incident. enum: - users - attachments type: string x-enum-varnames: - USERS - ATTACHMENTS IncidentRelationshipData: description: Incident relationship data properties: id: description: Incident identifier example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/IncidentResourceType" required: - type - id type: object IncidentResourceType: description: Incident resource type enum: - incidents example: incidents type: string x-enum-varnames: - INCIDENTS IncidentRespondersType: description: The incident responders type. enum: - incident_responders example: incident_responders type: string x-enum-varnames: - INCIDENT_RESPONDERS IncidentResponse: description: Response with an incident. properties: data: $ref: "#/components/schemas/IncidentResponseData" included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentResponseIncludedItem" readOnly: true type: array required: - data type: object IncidentResponseAttributes: additionalProperties: {} description: The incident's attributes from a response. properties: archived: description: Timestamp of when the incident was archived. format: date-time nullable: true readOnly: true type: string case_id: description: The incident case id. format: int64 nullable: true type: integer created: description: Timestamp when the incident was created. format: date-time readOnly: true type: string customer_impact_duration: description: |- Length of the incident's customer impact in seconds. Equals the difference between `customer_impact_start` and `customer_impact_end`. format: int64 readOnly: true type: integer customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: "An example customer impact scope" nullable: true type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean declared: description: Timestamp when the incident was declared. format: date-time readOnly: true type: string declared_by: $ref: "#/components/schemas/IncidentNonDatadogCreator" declared_by_uuid: description: UUID of the user who declared the incident. nullable: true type: string detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: "#/components/schemas/IncidentFieldAttributes" description: A condensed view of the user-defined fields attached to incidents. example: {"severity": {"type": "dropdown", "value": "SEV-5"}} type: object incident_type_uuid: description: A unique identifier that represents an incident type. example: "00000000-0000-0000-0000-000000000000" type: string is_test: description: A flag indicating whether the incident is a test incident. example: false type: boolean modified: description: Timestamp when the incident was last modified. format: date-time readOnly: true type: string non_datadog_creator: $ref: "#/components/schemas/IncidentNonDatadogCreator" notification_handles: description: Notification handles that will be notified of the incident during update. example: [{"display_name": "Jane Doe", "handle": "@user@email.com"}, {"display_name": "Slack Channel", "handle": "@slack-channel"}, {"display_name": "Incident Workflow", "handle": "@workflow-from-incident"}] items: $ref: "#/components/schemas/IncidentNotificationHandle" nullable: true type: array public_id: description: The monotonically increasing integer ID for the incident. example: 1 format: int64 type: integer resolved: description: |- Timestamp when the incident's state was last changed from active or stable to resolved or completed. format: date-time nullable: true type: string severity: $ref: "#/components/schemas/IncidentSeverity" state: description: The state incident. nullable: true type: string time_to_detect: description: |- The amount of time in seconds to detect the incident. Equals the difference between `customer_impact_start` and `detected`. format: int64 readOnly: true type: integer time_to_internal_response: description: >- The amount of time in seconds to call incident after detection. Equals the difference of `detected` and `created`. format: int64 readOnly: true type: integer time_to_repair: description: >- The amount of time in seconds to resolve customer impact after detecting the issue. Equals the difference between `customer_impact_end` and `detected`. format: int64 readOnly: true type: integer time_to_resolve: description: >- The amount of time in seconds to resolve the incident after it was created. Equals the difference between `created` and `resolved`. format: int64 readOnly: true type: integer title: description: The title of the incident, which summarizes what happened. example: "A test incident title" type: string visibility: description: The incident visibility status. nullable: true type: string required: - title type: object IncidentResponseData: description: Incident data from a response. properties: attributes: $ref: "#/components/schemas/IncidentResponseAttributes" id: description: The incident's ID. example: "00000000-0000-0000-1234-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentResponseRelationships" type: $ref: "#/components/schemas/IncidentType" required: - id - type type: object IncidentResponseIncludedItem: description: An object related to an incident that is included in the response. oneOf: - $ref: "#/components/schemas/IncidentUserData" - $ref: "#/components/schemas/AttachmentData" IncidentResponseMeta: description: The metadata object containing pagination metadata. properties: pagination: $ref: "#/components/schemas/IncidentResponseMetaPagination" readOnly: true type: object IncidentResponseMetaPagination: description: Pagination properties. properties: next_offset: description: The index of the first element in the next page of results. Equal to page size added to the current offset. example: 1000 format: int64 type: integer offset: description: The index of the first element in the results. example: 10 format: int64 type: integer size: description: Maximum size of pages to return. example: 1000 format: int64 type: integer type: object IncidentResponseRelationships: description: The incident's relationships from a response. properties: attachments: $ref: "#/components/schemas/RelationshipToIncidentAttachment" commander_user: $ref: "#/components/schemas/NullableRelationshipToUser" created_by_user: $ref: "#/components/schemas/RelationshipToUser" declared_by_user: $ref: "#/components/schemas/RelationshipToUser" impacts: $ref: "#/components/schemas/RelationshipToIncidentImpacts" integrations: $ref: "#/components/schemas/RelationshipToIncidentIntegrationMetadatas" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" responders: $ref: "#/components/schemas/RelationshipToIncidentResponders" user_defined_fields: $ref: "#/components/schemas/RelationshipToIncidentUserDefinedFields" type: object IncidentSearchResponse: description: Response with incidents and facets. properties: data: $ref: "#/components/schemas/IncidentSearchResponseData" included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentResponseIncludedItem" readOnly: true type: array meta: $ref: "#/components/schemas/IncidentSearchResponseMeta" required: - data type: object IncidentSearchResponseAttributes: description: Attributes returned by an incident search. properties: facets: $ref: "#/components/schemas/IncidentSearchResponseFacetsData" incidents: description: Incidents returned by the search. items: $ref: "#/components/schemas/IncidentSearchResponseIncidentsData" type: array total: description: Number of incidents returned by the search. example: 10 format: int32 maximum: 2147483647 type: integer required: - facets - incidents - total type: object IncidentSearchResponseData: description: Data returned by an incident search. properties: attributes: $ref: "#/components/schemas/IncidentSearchResponseAttributes" type: $ref: "#/components/schemas/IncidentSearchResultsType" type: object IncidentSearchResponseFacetCount: description: Count of the facet value appearing in search results. example: 5 format: int32 maximum: 2147483647 type: integer IncidentSearchResponseFacetsData: description: Facet data for incidents returned by a search query. properties: commander: description: Facet data for incident commander users. items: $ref: "#/components/schemas/IncidentSearchResponseUserFacetData" type: array created_by: description: Facet data for incident creator users. items: $ref: "#/components/schemas/IncidentSearchResponseUserFacetData" type: array fields: description: Facet data for incident property fields. items: $ref: "#/components/schemas/IncidentSearchResponsePropertyFieldFacetData" type: array impact: description: Facet data for incident impact attributes. items: $ref: "#/components/schemas/IncidentSearchResponseFieldFacetData" type: array last_modified_by: description: Facet data for incident last modified by users. items: $ref: "#/components/schemas/IncidentSearchResponseUserFacetData" type: array postmortem: description: Facet data for incident postmortem existence. items: $ref: "#/components/schemas/IncidentSearchResponseFieldFacetData" type: array responder: description: Facet data for incident responder users. items: $ref: "#/components/schemas/IncidentSearchResponseUserFacetData" type: array severity: description: Facet data for incident severity attributes. items: $ref: "#/components/schemas/IncidentSearchResponseFieldFacetData" type: array state: description: Facet data for incident state attributes. items: $ref: "#/components/schemas/IncidentSearchResponseFieldFacetData" type: array time_to_repair: description: Facet data for incident time to repair metrics. items: $ref: "#/components/schemas/IncidentSearchResponseNumericFacetData" type: array time_to_resolve: description: Facet data for incident time to resolve metrics. items: $ref: "#/components/schemas/IncidentSearchResponseNumericFacetData" type: array type: object IncidentSearchResponseFieldFacetData: description: Facet value and number of occurrences for a property field of an incident. properties: count: $ref: "#/components/schemas/IncidentSearchResponseFacetCount" name: description: The facet value appearing in search results. example: SEV-2 type: string type: object IncidentSearchResponseIncidentsData: description: Incident returned by the search. properties: data: $ref: "#/components/schemas/IncidentResponseData" required: - data type: object IncidentSearchResponseMeta: description: The metadata object containing pagination metadata. properties: pagination: $ref: "#/components/schemas/IncidentResponseMetaPagination" readOnly: true type: object IncidentSearchResponseNumericFacetData: description: Facet data numeric attributes of an incident. properties: aggregates: $ref: "#/components/schemas/IncidentSearchResponseNumericFacetDataAggregates" name: description: Name of the incident property field. example: time_to_repair type: string required: - name - aggregates type: object IncidentSearchResponseNumericFacetDataAggregates: description: Aggregate information for numeric incident data. properties: max: description: Maximum value of the numeric aggregates. example: 1234.0 format: double nullable: true type: number min: description: Minimum value of the numeric aggregates. example: 20.0 format: double nullable: true type: number type: object IncidentSearchResponsePropertyFieldFacetData: description: Facet data for the incident property fields. properties: aggregates: $ref: "#/components/schemas/IncidentSearchResponseNumericFacetDataAggregates" facets: description: Facet data for the property field of an incident. items: $ref: "#/components/schemas/IncidentSearchResponseFieldFacetData" type: array name: description: Name of the incident property field. example: Severity type: string required: - facets - name type: object IncidentSearchResponseUserFacetData: description: Facet data for user attributes of an incident. properties: count: $ref: "#/components/schemas/IncidentSearchResponseFacetCount" email: description: Email of the user. example: datadog.user@example.com type: string handle: description: Handle of the user. example: "@datadog.user@example.com" type: string name: description: Name of the user. example: Datadog User type: string uuid: description: ID of the user. example: 773b045d-ccf8-4808-bd3b-955ef6a8c940 type: string type: object IncidentSearchResultsType: default: incidents_search_results description: Incident search result type. enum: - incidents_search_results example: incidents_search_results type: string x-enum-varnames: - INCIDENTS_SEARCH_RESULTS IncidentSearchSortOrder: description: The ways searched incidents can be sorted. enum: - created - -created type: string x-enum-varnames: - CREATED_ASCENDING - CREATED_DESCENDING IncidentServiceCreateAttributes: description: The incident service's attributes for a create request. properties: name: description: Name of the incident service. example: "an example service name" type: string required: - name type: object IncidentServiceCreateData: description: Incident Service payload for create requests. properties: attributes: $ref: "#/components/schemas/IncidentServiceCreateAttributes" relationships: $ref: "#/components/schemas/IncidentServiceRelationships" type: $ref: "#/components/schemas/IncidentServiceType" required: - type type: object IncidentServiceCreateRequest: description: Create request with an incident service payload. properties: data: $ref: "#/components/schemas/IncidentServiceCreateData" required: - data type: object IncidentServiceIncludedItems: description: An object related to an incident service which is present in the included payload. oneOf: - $ref: "#/components/schemas/User" IncidentServiceRelationships: description: The incident service's relationships. properties: created_by: $ref: "#/components/schemas/RelationshipToUser" last_modified_by: $ref: "#/components/schemas/RelationshipToUser" readOnly: true type: object IncidentServiceResponse: description: Response with an incident service payload. properties: data: $ref: "#/components/schemas/IncidentServiceResponseData" included: description: Included objects from relationships. items: $ref: "#/components/schemas/IncidentServiceIncludedItems" readOnly: true type: array required: - data type: object IncidentServiceResponseAttributes: description: The incident service's attributes from a response. properties: created: description: Timestamp of when the incident service was created. format: date-time readOnly: true type: string modified: description: Timestamp of when the incident service was modified. format: date-time readOnly: true type: string name: description: Name of the incident service. example: "service name" type: string type: object IncidentServiceResponseData: description: Incident Service data from responses. properties: attributes: $ref: "#/components/schemas/IncidentServiceResponseAttributes" id: description: The incident service's ID. example: "00000000-0000-0000-0000-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentServiceRelationships" type: $ref: "#/components/schemas/IncidentServiceType" required: - id - type type: object IncidentServiceType: default: services description: Incident service resource type. enum: - services example: services type: string x-enum-varnames: - SERVICES IncidentServiceUpdateAttributes: description: The incident service's attributes for an update request. properties: name: description: Name of the incident service. example: "an example service name" type: string required: - name type: object IncidentServiceUpdateData: description: Incident Service payload for update requests. properties: attributes: $ref: "#/components/schemas/IncidentServiceUpdateAttributes" id: description: The incident service's ID. example: "00000000-0000-0000-0000-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentServiceRelationships" type: $ref: "#/components/schemas/IncidentServiceType" required: - type type: object IncidentServiceUpdateRequest: description: Update request with an incident service payload. properties: data: $ref: "#/components/schemas/IncidentServiceUpdateData" required: - data type: object IncidentServicesResponse: description: Response with a list of incident service payloads. properties: data: description: An array of incident services. example: [{"id": "00000000-0000-0000-0000-000000000000", "type": "services"}] items: $ref: "#/components/schemas/IncidentServiceResponseData" type: array included: description: Included related resources which the user requested. items: $ref: "#/components/schemas/IncidentServiceIncludedItems" readOnly: true type: array meta: $ref: "#/components/schemas/IncidentResponseMeta" required: - data type: "object" IncidentSeverity: description: The incident severity. enum: - UNKNOWN - SEV-0 - SEV-1 - SEV-2 - SEV-3 - SEV-4 - SEV-5 example: UNKNOWN type: string x-enum-varnames: - UNKNOWN - SEV_0 - SEV_1 - SEV_2 - SEV_3 - SEV_4 - SEV_5 IncidentTimelineCellCreateAttributes: description: The timeline cell's attributes for a create request. oneOf: - $ref: "#/components/schemas/IncidentTimelineCellMarkdownCreateAttributes" IncidentTimelineCellMarkdownContentType: default: markdown description: Type of the Markdown timeline cell. enum: - markdown example: markdown type: string x-enum-varnames: - MARKDOWN IncidentTimelineCellMarkdownCreateAttributes: description: Timeline cell data for Markdown timeline cells for a create request. properties: cell_type: $ref: "#/components/schemas/IncidentTimelineCellMarkdownContentType" content: $ref: "#/components/schemas/IncidentTimelineCellMarkdownCreateAttributesContent" important: default: false description: A flag indicating whether the timeline cell is important and should be highlighted. example: false type: boolean required: - content - cell_type type: object IncidentTimelineCellMarkdownCreateAttributesContent: description: The Markdown timeline cell contents. properties: content: description: The Markdown content of the cell. example: "An example timeline cell message." nullable: false type: string type: object IncidentTodoAnonymousAssignee: description: Anonymous assignee entity. properties: icon: description: URL for assignee's icon. example: https://a.slack-edge.com/80588/img/slackbot_48.png type: string id: description: Anonymous assignee's ID. example: USLACKBOT type: string name: description: Assignee's name. example: Slackbot type: string source: $ref: "#/components/schemas/IncidentTodoAnonymousAssigneeSource" required: - id - icon - name - source type: object IncidentTodoAnonymousAssigneeSource: default: slack description: The source of the anonymous assignee. enum: - slack - microsoft_teams example: slack type: string x-enum-varnames: - SLACK - MICROSOFT_TEAMS IncidentTodoAssignee: description: A todo assignee. example: "@test.user@test.com" oneOf: - $ref: "#/components/schemas/IncidentTodoAssigneeHandle" - $ref: "#/components/schemas/IncidentTodoAnonymousAssignee" IncidentTodoAssigneeArray: description: Array of todo assignees. example: - "@test.user@test.com" items: $ref: "#/components/schemas/IncidentTodoAssignee" type: array IncidentTodoAssigneeHandle: description: Assignee's @-handle. example: "@test.user@test.com" type: string IncidentTodoAttributes: description: Incident todo's attributes. properties: assignees: $ref: "#/components/schemas/IncidentTodoAssigneeArray" completed: description: Timestamp when the todo was completed. example: "2023-03-06T22:00:00.000000+00:00" nullable: true type: string content: description: The follow-up task's content. example: Restore lost data. type: string created: description: Timestamp when the incident todo was created. format: date-time readOnly: true type: string due_date: description: Timestamp when the todo should be completed by. example: "2023-07-10T05:00:00.000000+00:00" nullable: true type: string incident_id: description: UUID of the incident this todo is connected to. example: "00000000-aaaa-0000-0000-000000000000" type: string modified: description: Timestamp when the incident todo was last modified. format: date-time readOnly: true type: string required: - content - assignees type: object IncidentTodoCreateData: description: Incident todo data for a create request. properties: attributes: $ref: "#/components/schemas/IncidentTodoAttributes" type: $ref: "#/components/schemas/IncidentTodoType" required: - type - attributes type: object IncidentTodoCreateRequest: description: Create request for an incident todo. properties: data: $ref: "#/components/schemas/IncidentTodoCreateData" required: - data type: object IncidentTodoListResponse: description: Response with a list of incident todos. properties: data: description: An array of incident todos. items: $ref: "#/components/schemas/IncidentTodoResponseData" type: array included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentTodoResponseIncludedItem" readOnly: true type: array meta: $ref: "#/components/schemas/IncidentResponseMeta" required: - data type: object IncidentTodoPatchData: description: Incident todo data for a patch request. properties: attributes: $ref: "#/components/schemas/IncidentTodoAttributes" type: $ref: "#/components/schemas/IncidentTodoType" required: - type - attributes type: object IncidentTodoPatchRequest: description: Patch request for an incident todo. properties: data: $ref: "#/components/schemas/IncidentTodoPatchData" required: - data type: object IncidentTodoRelationships: description: The incident's relationships from a response. properties: created_by_user: $ref: "#/components/schemas/RelationshipToUser" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" type: object IncidentTodoResponse: description: Response with an incident todo. properties: data: $ref: "#/components/schemas/IncidentTodoResponseData" included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentTodoResponseIncludedItem" readOnly: true type: array required: - data type: object IncidentTodoResponseData: description: Incident todo response data. properties: attributes: $ref: "#/components/schemas/IncidentTodoAttributes" id: description: The incident todo's ID. example: "00000000-0000-0000-1234-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentTodoRelationships" type: $ref: "#/components/schemas/IncidentTodoType" required: - id - type type: object IncidentTodoResponseIncludedItem: description: An object related to an incident todo that is included in the response. oneOf: - $ref: "#/components/schemas/User" IncidentTodoType: default: incident_todos description: Todo resource type. enum: - incident_todos example: incident_todos type: string x-enum-varnames: - INCIDENT_TODOS IncidentTrigger: description: "Trigger a workflow from an Incident. For automatic triggering a handle must be configured and the workflow must be published." properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object IncidentTriggerWrapper: description: "Schema for an Incident-based trigger." properties: incidentTrigger: $ref: "#/components/schemas/IncidentTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - incidentTrigger type: object IncidentType: default: incidents description: Incident resource type. enum: - incidents example: incidents type: string x-enum-varnames: - INCIDENTS IncidentTypeAttributes: description: Incident type's attributes. properties: createdAt: description: Timestamp when the incident type was created. format: date-time readOnly: true type: string createdBy: description: A unique identifier that represents the user that created the incident type. example: "00000000-0000-0000-0000-000000000000" readOnly: true type: string description: description: Text that describes the incident type. example: "Any incidents that harm (or have the potential to) the confidentiality, integrity, or availability of our data." type: string is_default: default: false description: If true, this incident type will be used as the default incident type if a type is not specified during the creation of incident resources. example: false type: boolean lastModifiedBy: description: A unique identifier that represents the user that last modified the incident type. example: "00000000-0000-0000-0000-000000000000" readOnly: true type: string modifiedAt: description: Timestamp when the incident type was last modified. format: date-time readOnly: true type: string name: description: The name of the incident type. example: "Security Incident" type: string prefix: description: The string that will be prepended to the incident title across the Datadog app. example: "IR" readOnly: true type: string required: - name type: object IncidentTypeCreateData: description: Incident type data for a create request. properties: attributes: $ref: "#/components/schemas/IncidentTypeAttributes" type: $ref: "#/components/schemas/IncidentTypeType" required: - type - attributes type: object IncidentTypeCreateRequest: description: Create request for an incident type. properties: data: $ref: "#/components/schemas/IncidentTypeCreateData" required: - data type: object IncidentTypeListResponse: description: Response with a list of incident types. properties: data: description: An array of incident type objects. items: $ref: "#/components/schemas/IncidentTypeObject" type: array required: - data type: object IncidentTypeObject: description: Incident type response data. properties: attributes: $ref: "#/components/schemas/IncidentTypeAttributes" id: description: The incident type's ID. example: "00000000-0000-0000-0000-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentTypeRelationships" type: $ref: "#/components/schemas/IncidentTypeType" required: - id - type type: object IncidentTypePatchData: description: Incident type data for a patch request. properties: attributes: $ref: "#/components/schemas/IncidentTypeUpdateAttributes" id: description: The incident type's ID. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/IncidentTypeType" required: - id - type - attributes type: object IncidentTypePatchRequest: description: Patch request for an incident type. properties: data: $ref: "#/components/schemas/IncidentTypePatchData" required: - data type: object IncidentTypeRelationships: additionalProperties: {} description: The incident type's resource relationships. properties: created_by_user: $ref: "#/components/schemas/RelationshipToUser" google_meet_configuration: $ref: "#/components/schemas/GoogleMeetConfigurationReference" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" microsoft_teams_configuration: $ref: "#/components/schemas/MicrosoftTeamsConfigurationReference" zoom_configuration: $ref: "#/components/schemas/ZoomConfigurationReference" type: object IncidentTypeResponse: description: Incident type response data. properties: data: $ref: "#/components/schemas/IncidentTypeObject" required: - data type: object IncidentTypeType: default: incident_types description: Incident type resource type. enum: - incident_types example: incident_types type: string x-enum-varnames: - INCIDENT_TYPES IncidentTypeUpdateAttributes: description: Incident type's attributes for updates. properties: createdAt: description: Timestamp when the incident type was created. format: date-time readOnly: true type: string createdBy: description: A unique identifier that represents the user that created the incident type. example: "00000000-0000-0000-0000-000000000000" readOnly: true type: string description: description: Text that describes the incident type. example: "Any incidents that harm (or have the potential to) the confidentiality, integrity, or availability of our data. Note: This will notify the security team." type: string is_default: description: When true, this incident type will be used as the default type when an incident type is not specified. example: false type: boolean lastModifiedBy: description: A unique identifier that represents the user that last modified the incident type. example: "00000000-0000-0000-0000-000000000000" readOnly: true type: string modifiedAt: description: Timestamp when the incident type was last modified. format: date-time readOnly: true type: string name: description: The name of the incident type. example: "Security Incident" type: string prefix: description: The string that will be prepended to the incident title across the Datadog app. example: "IR" readOnly: true type: string type: object IncidentUpdateAttributes: description: The incident's attributes for an update request. properties: customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: "Example customer impact scope" type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: "#/components/schemas/IncidentFieldAttributes" description: A condensed view of the user-defined fields for which to update selections. example: {"severity": {"type": "dropdown", "value": "SEV-5"}} type: object notification_handles: description: Notification handles that will be notified of the incident during update. example: [{"display_name": "Jane Doe", "handle": "@user@email.com"}, {"display_name": "Slack Channel", "handle": "@slack-channel"}, {"display_name": "Incident Workflow", "handle": "@workflow-from-incident"}] items: $ref: "#/components/schemas/IncidentNotificationHandle" type: array title: description: The title of the incident, which summarizes what happened. example: "A test incident title" type: string type: object IncidentUpdateData: description: Incident data for an update request. properties: attributes: $ref: "#/components/schemas/IncidentUpdateAttributes" id: description: The incident's ID. example: "00000000-0000-0000-4567-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentUpdateRelationships" type: $ref: "#/components/schemas/IncidentType" required: - id - type type: object IncidentUpdateRelationships: description: The incident's relationships for an update request. properties: commander_user: $ref: "#/components/schemas/NullableRelationshipToUser" integrations: $ref: "#/components/schemas/RelationshipToIncidentIntegrationMetadatas" postmortem: $ref: "#/components/schemas/RelationshipToIncidentPostmortem" type: object IncidentUpdateRequest: description: Update request for an incident. properties: data: $ref: "#/components/schemas/IncidentUpdateData" required: - data type: object IncidentUserAttributes: description: Attributes of user object returned by the API. properties: email: description: Email of the user. type: string handle: description: Handle of the user. type: string icon: description: URL of the user's icon. type: string name: description: Name of the user. nullable: true type: string uuid: description: UUID of the user. type: string type: object IncidentUserData: description: User object returned by the API. properties: attributes: $ref: "#/components/schemas/IncidentUserAttributes" id: description: ID of the user. type: string type: $ref: "#/components/schemas/UsersType" type: object IncidentUserDefinedFieldAttributesCreateRequest: description: Attributes for creating an incident user-defined field. properties: category: $ref: "#/components/schemas/IncidentUserDefinedFieldCategory" collected: $ref: "#/components/schemas/IncidentUserDefinedFieldCollected" default_value: description: The default value for the field. Must be one of the valid values when valid_values is set. example: "critical" nullable: true type: string display_name: description: The human-readable name shown in the UI. Defaults to a formatted version of the name if not provided. example: "Root Cause" type: string name: description: The unique identifier of the field. Must start with a letter or digit and contain only letters, digits, underscores, or periods. example: "root_cause" type: string ordinal: description: A decimal string representing the field's display order in the UI. example: "1.5" nullable: true type: string required: description: When true, users must fill out this field on incidents. example: false type: boolean tag_key: description: For metric tag-type fields only, the metric tag key that powers the autocomplete options. example: "datacenter" nullable: true type: string type: $ref: "#/components/schemas/IncidentUserDefinedFieldFieldType" valid_values: description: The list of allowed values for dropdown and multiselect fields. Limited to 1000 values. items: $ref: "#/components/schemas/IncidentUserDefinedFieldValidValue" type: array required: - name - type type: object IncidentUserDefinedFieldAttributesResponse: description: Attributes of an incident user-defined field. properties: attached_to: description: The resource type this field is attached to. Always "incidents". example: "incidents" readOnly: true type: string category: $ref: "#/components/schemas/IncidentUserDefinedFieldCategory" collected: $ref: "#/components/schemas/IncidentUserDefinedFieldCollected" created: description: Timestamp when the field was created. example: "2026-03-18T08:40:05.185406Z" format: date-time readOnly: true type: string default_value: description: The default value for the field. example: "critical" nullable: true type: string deleted: description: Timestamp when the field was soft-deleted, or null if not deleted. example: format: date-time nullable: true readOnly: true type: string display_name: description: The human-readable name shown in the UI. example: "Root Cause" type: string metadata: $ref: "#/components/schemas/IncidentUserDefinedFieldMetadata" modified: description: Timestamp when the field was last modified. example: "2026-03-18T08:40:05.185406Z" format: date-time nullable: true readOnly: true type: string name: description: The unique identifier of the field. example: "root_cause" type: string ordinal: description: A decimal string representing the field's display order in the UI. example: "1.5" nullable: true type: string prerequisite: description: Reserved for future use. Always null. example: nullable: true readOnly: true type: string required: description: When true, users must fill out this field on incidents. example: false type: boolean reserved: description: When true, this field is reserved for system use and cannot be deleted. example: false readOnly: true type: boolean table_id: description: Reserved for internal use. Always 0. example: 0 format: int64 readOnly: true type: integer tag_key: description: For metric tag-type fields only, the metric tag key that powers the autocomplete options. example: nullable: true type: string type: description: The data type of the field. 1=dropdown, 2=multiselect, 3=textbox, 4=textarray, 5=metrictag, 6=autocomplete, 7=number, 8=datetime. example: 3 format: int32 maximum: 8 minimum: 1 nullable: true type: integer valid_values: description: The list of allowed values for dropdown, multiselect, and autocomplete fields. items: $ref: "#/components/schemas/IncidentUserDefinedFieldValidValue" nullable: true type: array required: - attached_to - category - collected - created - default_value - deleted - display_name - metadata - modified - name - ordinal - prerequisite - required - reserved - table_id - tag_key - type - valid_values type: object IncidentUserDefinedFieldAttributesUpdateRequest: description: Attributes for updating an incident user-defined field. All fields are optional. properties: category: $ref: "#/components/schemas/IncidentUserDefinedFieldCategory" collected: $ref: "#/components/schemas/IncidentUserDefinedFieldCollected" default_value: description: The default value for the field. Must be one of the valid values when valid_values is set. example: "critical" nullable: true type: string display_name: description: The human-readable name shown in the UI. example: "Root Cause" type: string ordinal: description: A decimal string representing the field's display order in the UI. example: "1.5" nullable: true type: string required: description: When true, users must fill out this field on incidents. example: false nullable: true type: boolean valid_values: description: The list of allowed values for dropdown and multiselect fields. Limited to 1000 values. items: $ref: "#/components/schemas/IncidentUserDefinedFieldValidValue" nullable: true type: array type: object IncidentUserDefinedFieldCategory: description: 'The section in which the field appears: "what_happened" or "why_it_happened". When null, the field appears in the Attributes section.' enum: - what_happened - why_it_happened example: what_happened nullable: true type: string x-enum-varnames: - WHAT_HAPPENED - WHY_IT_HAPPENED IncidentUserDefinedFieldCollected: description: The lifecycle stage at which the app prompts users to fill out this field. Cannot be set on required fields. enum: - active - stable - resolved - completed example: active nullable: true type: string x-enum-varnames: - ACTIVE - STABLE - RESOLVED - COMPLETED IncidentUserDefinedFieldCreateData: description: Data for creating an incident user-defined field. properties: attributes: $ref: "#/components/schemas/IncidentUserDefinedFieldAttributesCreateRequest" relationships: $ref: "#/components/schemas/IncidentUserDefinedFieldCreateRelationships" type: $ref: "#/components/schemas/IncidentUserDefinedFieldType" required: - type - attributes - relationships type: object IncidentUserDefinedFieldCreateRelationships: description: Relationships for creating an incident user-defined field. properties: incident_type: $ref: "#/components/schemas/RelationshipToIncidentType" required: - incident_type type: object IncidentUserDefinedFieldCreateRequest: description: Request body for creating an incident user-defined field. properties: data: $ref: "#/components/schemas/IncidentUserDefinedFieldCreateData" required: - data type: object IncidentUserDefinedFieldFieldType: description: The data type of the field. 1=dropdown, 2=multiselect, 3=textbox, 4=textarray, 5=metrictag, 6=autocomplete, 7=number, 8=datetime. enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 example: 3 format: int32 type: integer x-enum-varnames: - DROPDOWN - MULTISELECT - TEXTBOX - TEXTARRAY - METRICTAG - AUTOCOMPLETE - NUMBER - DATETIME IncidentUserDefinedFieldListMeta: description: Pagination metadata for the user-defined field list response. properties: offset: description: The offset of the current page. example: 0 format: int64 type: integer size: description: The total number of items in the current page. example: 5 format: int64 type: integer type: object IncidentUserDefinedFieldListResponse: description: Response containing a list of incident user-defined fields. properties: data: description: An array of user-defined field objects. items: $ref: "#/components/schemas/IncidentUserDefinedFieldResponseData" type: array meta: $ref: "#/components/schemas/IncidentUserDefinedFieldListMeta" required: - data - meta type: object IncidentUserDefinedFieldMetadata: description: Metadata for autocomplete-type user-defined fields, describing how to populate autocomplete options. nullable: true properties: category: description: The category of the autocomplete source. example: "teams_and_services" type: string search_limit_param: description: The query parameter used to limit the number of autocomplete results. example: "page[size]" type: string search_params: additionalProperties: {} description: Additional query parameters to include in the search URL. type: object search_query_param: description: The query parameter used to pass typed input to the search URL. example: "filter" type: string search_result_path: description: The JSON path to the results in the response body. example: "$.data[*].attributes.name" type: string search_url: description: The URL used to populate autocomplete options. example: "/api/v2/incidents/config/services" type: string required: - category - search_url - search_query_param - search_limit_param - search_result_path - search_params type: object IncidentUserDefinedFieldRelationships: description: Relationships of an incident user-defined field. properties: created_by_user: $ref: "#/components/schemas/RelationshipToUser" incident_type: $ref: "#/components/schemas/RelationshipToIncidentType" last_modified_by_user: $ref: "#/components/schemas/RelationshipToUser" required: - created_by_user - last_modified_by_user - incident_type type: object IncidentUserDefinedFieldResponse: description: Response containing a single incident user-defined field. properties: data: $ref: "#/components/schemas/IncidentUserDefinedFieldResponseData" required: - data type: object IncidentUserDefinedFieldResponseData: description: Data object for an incident user-defined field response. properties: attributes: $ref: "#/components/schemas/IncidentUserDefinedFieldAttributesResponse" id: description: The unique identifier of the user-defined field. example: "00000000-0000-0000-0000-000000000000" type: string relationships: $ref: "#/components/schemas/IncidentUserDefinedFieldRelationships" type: $ref: "#/components/schemas/IncidentUserDefinedFieldType" required: - id - type - attributes - relationships type: object IncidentUserDefinedFieldType: description: The incident user defined fields type. enum: - user_defined_field example: user_defined_field type: string x-enum-varnames: - USER_DEFINED_FIELD IncidentUserDefinedFieldUpdateData: description: Data for updating an incident user-defined field. properties: attributes: $ref: "#/components/schemas/IncidentUserDefinedFieldAttributesUpdateRequest" id: description: The unique identifier of the user-defined field to update. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/IncidentUserDefinedFieldType" required: - id - type - attributes type: object IncidentUserDefinedFieldUpdateRequest: description: Request body for updating an incident user-defined field. properties: data: $ref: "#/components/schemas/IncidentUserDefinedFieldUpdateData" required: - data type: object IncidentUserDefinedFieldValidValue: description: A valid value for an incident user-defined field. properties: description: description: A detailed description of the valid value. example: "A critical severity incident." type: string display_name: description: The human-readable display name for this value. example: "Critical" type: string short_description: description: A short description of the valid value. example: "Critical" type: string value: description: The identifier that is stored when this option is selected. example: "critical" type: string required: - display_name - value type: object IncidentsResponse: description: Response with a list of incidents. properties: data: description: An array of incidents. example: [{"attributes": {"created": "2020-04-21T15:34:08.627205+00:00", "creation_idempotency_key": null, "customer_impact_duration": 0, "customer_impact_end": null, "customer_impact_scope": null, "customer_impact_start": null, "customer_impacted": false, "detected": "2020-04-14T00:00:00+00:00", "incident_type_uuid": "00000000-0000-0000-0000-000000000001", "modified": "2020-09-17T14:16:58.696424+00:00", "public_id": 1, "resolved": null, "severity": "SEV-1", "time_to_detect": 0, "time_to_internal_response": 0, "time_to_repair": 0, "time_to_resolve": 0, "title": "Example Incident"}, "id": "00000000-aaaa-0000-0000-000000000000", "relationships": {"attachments": {"data": [{"id": "00000000-9999-0000-0000-000000000000", "type": "incident_attachments"}, {"id": "00000000-1234-0000-0000-000000000000", "type": "incident_attachments"}]}, "commander_user": {"data": {"id": "00000000-0000-0000-cccc-000000000000", "type": "users"}}, "created_by_user": {"data": {"id": "00000000-0000-0000-cccc-000000000000", "type": "users"}}, "integrations": {"data": [{"id": "00000000-0000-0000-4444-000000000000", "type": "incident_integrations"}, {"id": "00000000-0000-0000-5555-000000000000", "type": "incident_integrations"}]}, "last_modified_by_user": {"data": {"id": "00000000-0000-0000-cccc-000000000000", "type": "users"}}}, "type": "incidents"}, {"attributes": {"created": "2020-04-21T15:34:08.627205+00:00", "creation_idempotency_key": null, "customer_impact_duration": 0, "customer_impact_end": null, "customer_impact_scope": null, "customer_impact_start": null, "customer_impacted": false, "detected": "2020-04-14T00:00:00+00:00", "incident_type_uuid": "00000000-0000-0000-0000-000000000002", "modified": "2020-09-17T14:16:58.696424+00:00", "public_id": 2, "resolved": null, "severity": "SEV-5", "time_to_detect": 0, "time_to_internal_response": 0, "time_to_repair": 0, "time_to_resolve": 0, "title": "Example Incident 2"}, "id": "00000000-1111-0000-0000-000000000000", "relationships": {"attachments": { "data": [{"id": "00000000-9999-0000-0000-000000000000", "type": "incident_attachments"}]}, "commander_user": {"data": {"id": "00000000-aaaa-0000-0000-000000000000", "type": "users"}}, "created_by_user": {"data": {"id": "00000000-aaaa-0000-0000-000000000000", "type": "users"}}, "integrations": {"data": [{"id": "00000000-0000-0000-0001-000000000000", "type": "incident_integrations"}, {"id": "00000000-0000-0000-0002-000000000000", "type": "incident_integrations"}]}, "last_modified_by_user": {"data": {"id": "00000000-aaaa-0000-0000-000000000000", "type": "users"}}}, "type": "incidents"}] items: $ref: "#/components/schemas/IncidentResponseData" type: array included: description: Included related resources that the user requested. items: $ref: "#/components/schemas/IncidentResponseIncludedItem" readOnly: true type: array meta: $ref: "#/components/schemas/IncidentResponseMeta" required: - data type: object IncludeType: description: Supported include types. enum: - schema - raw_schema - oncall - incident - relation type: string x-enum-varnames: - SCHEMA - RAW_SCHEMA - ONCALL - INCIDENT - RELATION InputSchema: description: "A list of input parameters for the workflow. These can be used as dynamic runtime values in your workflow." properties: parameters: description: The `InputSchema` `parameters`. items: $ref: "#/components/schemas/InputSchemaParameters" type: array type: object InputSchemaParameters: description: The definition of `InputSchemaParameters` object. properties: allowExtraValues: description: The `InputSchemaParameters` `allowExtraValues`. type: boolean allowedValues: description: The `InputSchemaParameters` `allowedValues`. defaultValue: description: The `InputSchemaParameters` `defaultValue`. description: description: The `InputSchemaParameters` `description`. type: string label: description: The `InputSchemaParameters` `label`. type: string name: description: The `InputSchemaParameters` `name`. example: "" type: string type: $ref: "#/components/schemas/InputSchemaParametersType" required: - name - type type: object InputSchemaParametersType: description: The definition of `InputSchemaParametersType` object. enum: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT example: STRING type: string x-enum-varnames: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT IntakePayloadAccepted: description: The payload accepted for intake. properties: errors: description: A list of errors. items: description: An empty error list. type: string type: array type: object Integration: description: Integration resource object. properties: attributes: $ref: "#/components/schemas/IntegrationAttributes" id: description: The unique identifier of the integration. example: "calico" type: string links: $ref: "#/components/schemas/IntegrationLinks" type: $ref: "#/components/schemas/IntegrationType" required: - type - id - attributes type: object IntegrationAttributes: description: Attributes for an integration. properties: categories: description: List of categories associated with the integration. example: - "Category::Kubernetes" - "Category::Log Collection" items: description: A category associated with the integration. type: string type: array description: description: A description of the integration. example: "Calico is a networking and network security solution for containers." type: string installed: description: Whether the integration is installed. example: true type: boolean title: description: The name of the integration. example: "calico" type: string required: - title - description - categories - installed type: object IntegrationIncident: description: Incident integration settings. properties: auto_escalation_query: description: Query for auto-escalation. type: string default_incident_commander: description: Default incident commander. type: string enabled: description: Whether incident integration is enabled. type: boolean field_mappings: description: List of mappings between incident fields and case fields. items: $ref: "#/components/schemas/IntegrationIncidentFieldMappingsItems" type: array incident_type: description: Incident type. type: string severity_config: $ref: "#/components/schemas/IntegrationIncidentSeverityConfig" type: object IntegrationIncidentFieldMappingsItems: description: Mapping between an incident user-defined field and a case field. properties: case_field: description: The case field to map the incident field value to. type: string incident_user_defined_field_id: description: The identifier of the incident user-defined field to map from. type: string type: object IntegrationIncidentSeverityConfig: description: Severity configuration for mapping incident priorities to case priorities. properties: priority_mapping: additionalProperties: type: string description: Mapping of incident severity values to case priority values. type: object type: object IntegrationJira: description: Jira integration settings. properties: auto_creation: $ref: "#/components/schemas/IntegrationJiraAutoCreation" enabled: description: Whether Jira integration is enabled. type: boolean metadata: $ref: "#/components/schemas/IntegrationJiraMetadata" sync: $ref: "#/components/schemas/IntegrationJiraSync" type: object IntegrationJiraAutoCreation: description: Auto-creation settings for Jira issues from cases. properties: enabled: description: Whether automatic Jira issue creation is enabled. type: boolean type: object IntegrationJiraMetadata: description: Metadata for connecting a case management project to a Jira project. properties: account_id: description: The Jira account identifier. type: string issue_type_id: description: The Jira issue type identifier to use when creating issues. type: string project_id: description: The Jira project identifier to associate with this case project. type: string type: object IntegrationJiraSync: description: Synchronization configuration for Jira integration. properties: enabled: description: Whether Jira field synchronization is enabled. type: boolean properties: $ref: "#/components/schemas/IntegrationJiraSyncProperties" type: object IntegrationJiraSyncDueDate: description: Due date synchronization configuration for Jira integration. properties: jira_field_id: description: The Jira field identifier used to store the due date. type: string sync_type: description: The type of synchronization to apply for the due date field. type: string type: object IntegrationJiraSyncProperties: description: Field synchronization properties for Jira integration. properties: assignee: $ref: "#/components/schemas/SyncProperty" comments: $ref: "#/components/schemas/SyncProperty" custom_fields: additionalProperties: $ref: "#/components/schemas/IntegrationJiraSyncPropertiesCustomFieldsAdditionalProperties" description: Map of custom field identifiers to their sync configurations. type: object description: $ref: "#/components/schemas/SyncProperty" due_date: $ref: "#/components/schemas/IntegrationJiraSyncDueDate" priority: $ref: "#/components/schemas/SyncPropertyWithMapping" status: $ref: "#/components/schemas/SyncPropertyWithMapping" title: $ref: "#/components/schemas/SyncProperty" type: object IntegrationJiraSyncPropertiesCustomFieldsAdditionalProperties: description: Synchronization configuration for a Jira custom field. properties: sync_type: description: The type of synchronization to apply for this custom field. type: string value: $ref: "#/components/schemas/AnyValue" type: object IntegrationLinks: description: Links for the integration resource. properties: self: description: Link to the integration resource. example: "/integrations?integrationId=calico" type: string type: object IntegrationMonitor: description: Monitor integration settings. properties: auto_resolve_enabled: description: Whether auto-resolve is enabled. type: boolean case_type_id: description: Case type ID for monitor integration. type: string enabled: description: Whether monitor integration is enabled. type: boolean handle: description: Monitor handle. type: string type: object IntegrationOnCall: description: On-Call integration settings. properties: auto_assign_on_call: description: Whether to auto-assign on-call. type: boolean enabled: description: Whether On-Call integration is enabled. type: boolean escalation_queries: description: List of escalation queries for routing cases to on-call responders. items: $ref: "#/components/schemas/IntegrationOnCallEscalationQueriesItems" type: array type: object IntegrationOnCallEscalationQueriesItems: description: An On-Call escalation query entry used to route cases to on-call responders. properties: enabled: description: Whether this escalation query is enabled. type: boolean id: description: Unique identifier of the escalation query. type: string query: description: The query used to match cases for escalation. type: string target: $ref: "#/components/schemas/IntegrationOnCallEscalationQueriesItemsTarget" type: object IntegrationOnCallEscalationQueriesItemsTarget: description: The target recipient for an On-Call escalation query. properties: dynamic_team_paging: description: Whether to use dynamic team paging for escalation. type: boolean team_id: description: The identifier of the team to escalate to. type: string user_id: description: The identifier of the user to escalate to. type: string type: object IntegrationServiceNow: description: ServiceNow integration settings. properties: assignment_group: description: Assignment group. type: string auto_creation: $ref: "#/components/schemas/IntegrationServiceNowAutoCreation" enabled: description: Whether ServiceNow integration is enabled. type: boolean instance_name: description: ServiceNow instance name. type: string sync_config: $ref: "#/components/schemas/IntegrationServiceNowSyncConfig" type: object IntegrationServiceNowAutoCreation: description: Auto-creation settings for ServiceNow incidents from cases. properties: enabled: description: Whether automatic ServiceNow incident creation is enabled. type: boolean type: object IntegrationServiceNowSyncConfig: description: Synchronization configuration for ServiceNow integration. properties: enabled: description: Whether ServiceNow synchronization is enabled. type: boolean properties: $ref: "#/components/schemas/IntegrationServiceNowSyncConfig139772721534496" type: object IntegrationServiceNowSyncConfig139772721534496: description: Field-level synchronization properties for ServiceNow integration. properties: comments: $ref: "#/components/schemas/SyncProperty" priority: $ref: "#/components/schemas/IntegrationServiceNowSyncConfigPriority" status: $ref: "#/components/schemas/SyncPropertyWithMapping" type: object IntegrationServiceNowSyncConfigPriority: description: Priority synchronization configuration for ServiceNow integration. properties: impact_mapping: additionalProperties: type: string description: Mapping of case priority values to ServiceNow impact values. type: object sync_type: description: The type of synchronization to apply for priority. type: string urgency_mapping: additionalProperties: type: string description: Mapping of case priority values to ServiceNow urgency values. type: object type: object IntegrationType: default: integration description: Integration resource type. enum: - integration example: integration type: string x-enum-varnames: - INTEGRATION InterfaceAttributes: description: The interface attributes properties: alias: description: The interface alias example: interface_0 type: string description: description: The interface description example: a network interface type: string index: description: The interface index example: 0 format: int64 type: integer ip_addresses: description: The interface IP addresses example: ["1.1.1.1", "1.1.1.2"] items: description: An IP address assigned to the interface. type: string type: array mac_address: description: The interface MAC address example: 00:00:00:00:00:00 type: string name: description: The interface name example: if0 type: string status: $ref: "#/components/schemas/InterfaceAttributesStatus" type: object InterfaceAttributesStatus: description: The interface status enum: - up - down - warning - "off" example: up type: string x-enum-varnames: - UP - DOWN - WARNING - "OFF" InvestigationConclusion: description: A full explanation of the finding, including root cause analysis and supporting evidence. properties: description: description: A full explanation of the finding, including root cause analysis and supporting evidence. example: "The investigation found that a memory leak in payments-service caused CPU usage to spike above 95% starting at 14:32 UTC." type: string summary: description: A summary of the finding, including affected components and timeframe. example: "CPU usage exceeded 95% for over 10 minutes on web-server-01." type: string title: description: The title of the conclusion. example: "High CPU usage detected on web-server-01" type: string required: - title - summary - description type: object InvestigationType: description: The resource type for investigations. enum: - investigation example: investigation type: string x-enum-varnames: - INVESTIGATION IoCExplorerListResponse: description: Response for the list indicators of compromise endpoint. properties: data: $ref: "#/components/schemas/IoCExplorerListResponseData" type: object IoCExplorerListResponseAttributes: description: Attributes of the IoC Explorer list response. properties: data: description: List of indicators of compromise. items: $ref: "#/components/schemas/IoCIndicator" type: array metadata: $ref: "#/components/schemas/IoCExplorerListResponseMetadata" paging: $ref: "#/components/schemas/IoCExplorerListResponsePaging" type: object IoCExplorerListResponseData: description: IoC Explorer list response data object. properties: attributes: $ref: "#/components/schemas/IoCExplorerListResponseAttributes" id: description: Unique identifier for the response. type: string type: description: Response type identifier. type: string type: object IoCExplorerListResponseMetadata: description: Response metadata. properties: count: description: Total number of indicators matching the query. format: int64 type: integer type: object IoCExplorerListResponsePaging: description: Pagination information. properties: offset: description: Current pagination offset. format: int64 type: integer type: object IoCGeoLocation: description: Geographic location information for an IP indicator. properties: city: description: City name. type: string country_code: description: ISO country code. type: string country_name: description: Full country name. type: string type: object IoCIndicator: description: An indicator of compromise with threat intelligence data. properties: as_geo: $ref: "#/components/schemas/IoCGeoLocation" as_type: description: Autonomous system type. type: string benign_sources: description: Threat intelligence sources that flagged this indicator as benign. items: $ref: "#/components/schemas/IoCSource" nullable: true type: array categories: description: Threat categories associated with the indicator. items: type: string type: array first_seen: description: Timestamp when the indicator was first seen. format: date-time type: string id: description: Unique identifier for the indicator. type: string indicator: description: The indicator value (for example, an IP address or domain). type: string indicator_type: description: Type of indicator (for example, IP address or domain). type: string last_seen: description: Timestamp when the indicator was last seen. format: date-time type: string log_matches: description: Number of logs that matched this indicator. format: int64 type: integer m_as_type: $ref: "#/components/schemas/IoCScoreEffect" m_persistence: $ref: "#/components/schemas/IoCScoreEffect" m_signal: $ref: "#/components/schemas/IoCScoreEffect" m_sources: $ref: "#/components/schemas/IoCScoreEffect" malicious_sources: description: Threat intelligence sources that flagged this indicator as malicious. items: $ref: "#/components/schemas/IoCSource" nullable: true type: array max_trust_score: $ref: "#/components/schemas/IoCScoreEffect" score: description: Threat score for the indicator (0-100). format: double type: number signal_matches: description: Number of security signals that matched this indicator. format: int64 type: integer signal_tier: description: Signal tier level. format: int64 type: integer suspicious_sources: description: Threat intelligence sources that flagged this indicator as suspicious. items: $ref: "#/components/schemas/IoCSource" nullable: true type: array tags: description: Tags associated with the indicator. items: type: string type: array type: object IoCIndicatorDetailed: description: An indicator of compromise with extended context from your environment. properties: additional_data: additionalProperties: {} description: Additional domain-specific context from threat intelligence sources. type: object as_cidr_block: description: Autonomous system CIDR block. type: string as_geo: $ref: "#/components/schemas/IoCGeoLocation" as_number: description: Autonomous system number. type: string as_organization: description: Autonomous system organization name. type: string as_type: description: Autonomous system type. type: string benign_sources: description: Threat intelligence sources that flagged this indicator as benign. items: $ref: "#/components/schemas/IoCSource" nullable: true type: array categories: description: Threat categories associated with the indicator. items: type: string type: array critical_assets: description: Critical assets associated with this indicator. items: type: string type: array first_seen: description: Timestamp when the indicator was first seen. format: date-time type: string hosts: description: Hosts associated with this indicator. items: type: string type: array id: description: Unique identifier for the indicator. type: string indicator: description: The indicator value (for example, an IP address or domain). type: string indicator_type: description: Type of indicator (for example, IP address or domain). type: string last_seen: description: Timestamp when the indicator was last seen. format: date-time type: string log_matches: description: Number of logs that matched this indicator. format: int64 type: integer log_sources: description: Log sources where this indicator was observed. items: type: string type: array m_as_type: $ref: "#/components/schemas/IoCScoreEffect" m_persistence: $ref: "#/components/schemas/IoCScoreEffect" m_signal: $ref: "#/components/schemas/IoCScoreEffect" m_sources: $ref: "#/components/schemas/IoCScoreEffect" malicious_sources: description: Threat intelligence sources that flagged this indicator as malicious. items: $ref: "#/components/schemas/IoCSource" nullable: true type: array max_trust_score: $ref: "#/components/schemas/IoCScoreEffect" score: description: Threat score for the indicator (0-100). format: double type: number services: description: Services where this indicator was observed. items: type: string type: array signal_matches: description: Number of security signals that matched this indicator. format: int64 type: integer signal_severity: description: Breakdown of security signals by severity. items: $ref: "#/components/schemas/IoCSignalSeverityCount" type: array signal_tier: description: Signal tier level. format: int64 type: integer suspicious_sources: description: Threat intelligence sources that flagged this indicator as suspicious. items: $ref: "#/components/schemas/IoCSource" nullable: true type: array tags: description: Tags associated with the indicator. items: type: string type: array users: additionalProperties: description: List of user identifiers in this category. items: type: string type: array description: Users associated with this indicator, grouped by category. type: object type: object IoCScoreEffect: description: Effect of a scoring factor on the indicator's threat score. enum: - RAISE_SCORE - LOWER_SCORE - NO_EFFECT type: string x-enum-varnames: - RAISE_SCORE - LOWER_SCORE - NO_EFFECT IoCSignalSeverityCount: description: Count of security signals by severity level. properties: count: description: Number of signals at this severity level. format: int64 type: integer severity: description: Severity level (for example, critical, high, medium, low, info). type: string type: object IoCSource: description: A threat intelligence source that has flagged an indicator. properties: name: description: Name of the threat intelligence source. type: string type: object Issue: description: The issue matching the request. properties: attributes: $ref: "#/components/schemas/IssueAttributes" id: description: Issue identifier. example: "c1726a66-1f64-11ee-b338-da7ad0900002" type: string relationships: $ref: "#/components/schemas/IssueRelationships" type: $ref: "#/components/schemas/IssueType" required: - id - type - attributes type: object IssueAssigneeRelationship: description: Relationship between the issue and assignee. properties: data: $ref: "#/components/schemas/IssueUserReference" required: - data type: object IssueAttributes: description: Object containing the information of an issue. properties: error_message: description: Error message associated with the issue. example: "object of type 'NoneType' has no len()" type: string error_type: description: Type of the error that matches the issue. example: "builtins.TypeError" type: string file_path: description: Path of the file where the issue occurred. example: "/django-email/conduit/apps/core/utils.py" type: string first_seen: description: Timestamp of the first seen error in milliseconds since the Unix epoch. example: 1671612804001 format: int64 type: integer first_seen_version: description: The application version (for example, git commit hash) where the issue was first observed. example: "aaf65cd0" type: string function_name: description: Name of the function where the issue occurred. example: "filter_forbidden_tags" type: string is_crash: description: Error is a crash. example: false type: boolean languages: description: Array of programming languages associated with the issue. example: ["PYTHON", "GO"] items: $ref: "#/components/schemas/IssueLanguage" type: array last_seen: description: Timestamp of the last seen error in milliseconds since the Unix epoch. example: 1671620003100 format: int64 type: integer last_seen_version: description: The application version (for example, git commit hash) where the issue was last observed. example: "b6199f80" type: string platform: $ref: "#/components/schemas/IssuePlatform" regression: $ref: "#/components/schemas/IssueRegression" service: description: Service name. example: "email-api-py" type: string state: $ref: "#/components/schemas/IssueState" type: object IssueCase: description: The case attached to the issue. properties: attributes: $ref: "#/components/schemas/IssueCaseAttributes" id: description: Case identifier. example: "2841440d-e780-4fe2-96cd-6a8c1d194da5" type: string relationships: $ref: "#/components/schemas/IssueCaseRelationships" type: $ref: "#/components/schemas/IssueCaseResourceType" required: - id - type - attributes type: object IssueCaseAttributes: description: Object containing the information of a case. properties: archived_at: description: Timestamp of when the case was archived. example: "2025-01-01T00:00:00Z" format: date-time type: string closed_at: description: Timestamp of when the case was closed. example: "2025-01-01T00:00:00Z" format: date-time type: string created_at: description: Timestamp of when the case was created. example: "2025-01-01T00:00:00Z" format: date-time type: string creation_source: description: Source of the case creation. example: "ERROR_TRACKING" type: string description: description: Description of the case. type: string due_date: description: Due date of the case. example: "2025-01-01" type: string insights: description: Insights of the case. items: $ref: "#/components/schemas/IssueCaseInsight" type: array jira_issue: $ref: "#/components/schemas/IssueCaseJiraIssue" key: description: Key of the case. example: "ET-123" type: string modified_at: description: Timestamp of when the case was last modified. example: "2025-01-01T00:00:00Z" format: date-time type: string priority: $ref: "#/components/schemas/CasePriority" status: $ref: "#/components/schemas/CaseStatus" title: description: Title of the case. example: "Error: HTTP error" type: string type: description: Type of the case. example: "ERROR_TRACKING_ISSUE" type: string type: object IssueCaseInsight: description: Insight of the case. properties: ref: description: Reference of the insight. example: "/error-tracking?issueId=2841440d-e780-4fe2-96cd-6a8c1d194da5" type: string resource_id: description: Insight identifier. example: "2841440d-e780-4fe2-96cd-6a8c1d194da5" type: string type: description: Type of the insight. example: "ERROR_TRACKING" type: string type: object IssueCaseJiraIssue: description: Jira issue of the case. properties: result: $ref: "#/components/schemas/IssueCaseJiraIssueResult" status: description: Creation status of the Jira issue. example: "COMPLETED" type: string type: object IssueCaseJiraIssueResult: description: Contains the identifiers and URL for a successfully created Jira issue. properties: issue_id: description: Jira issue identifier. example: "1904866" type: string issue_key: description: Jira issue key. example: "ET-123" type: string issue_url: description: Jira issue URL. example: "https://your-jira-instance.atlassian.net/browse/ET-123" type: string project_key: description: Jira project key. example: "ET" type: string type: object IssueCaseReference: description: The case the issue is attached to. properties: id: description: Case identifier. example: "2841440d-e780-4fe2-96cd-6a8c1d194da5" type: string type: $ref: "#/components/schemas/IssueCaseResourceType" required: - id - type type: object IssueCaseRelationship: description: Relationship between the issue and case. properties: data: $ref: "#/components/schemas/IssueCaseReference" required: - data type: object IssueCaseRelationships: description: Resources related to a case. properties: assignee: $ref: "#/components/schemas/NullableUserRelationship" created_by: $ref: "#/components/schemas/NullableUserRelationship" modified_by: $ref: "#/components/schemas/NullableUserRelationship" project: $ref: "#/components/schemas/ProjectRelationship" type: object IssueCaseResourceType: description: Type of the object. enum: ["case"] example: "case" type: string x-enum-varnames: - CASE IssueIncluded: description: An array of related resources, returned when the `include` query parameter is used. oneOf: - $ref: "#/components/schemas/IssueCase" - $ref: "#/components/schemas/IssueUser" - $ref: "#/components/schemas/IssueTeam" IssueLanguage: description: Programming language associated with the issue. enum: - BRIGHTSCRIPT - C - C_PLUS_PLUS - C_SHARP - CLOJURE - DOT_NET - ELIXIR - ERLANG - GO - GROOVY - HASKELL - HCL - JAVA - JAVASCRIPT - JVM - KOTLIN - OBJECTIVE_C - PERL - PHP - PYTHON - RUBY - RUST - SCALA - SWIFT - TERRAFORM - TYPESCRIPT - UNKNOWN example: "PYTHON" type: string x-enum-varnames: - BRIGHTSCRIPT - C - C_PLUS_PLUS - C_SHARP - CLOJURE - DOT_NET - ELIXIR - ERLANG - GO - GROOVY - HASKELL - HCL - JAVA - JAVASCRIPT - JVM - KOTLIN - OBJECTIVE_C - PERL - PHP - PYTHON - RUBY - RUST - SCALA - SWIFT - TERRAFORM - TYPESCRIPT - UNKNOWN IssuePlatform: description: Platform associated with the issue. enum: - ANDROID - BACKEND - BROWSER - FLUTTER - IOS - REACT_NATIVE - ROKU - UNKNOWN example: "BACKEND" type: string x-enum-varnames: - ANDROID - BACKEND - BROWSER - FLUTTER - IOS - REACT_NATIVE - ROKU - UNKNOWN IssueReference: description: The issue the search result corresponds to. properties: id: description: Issue identifier. example: "c1726a66-1f64-11ee-b338-da7ad0900002" type: string type: $ref: "#/components/schemas/IssueType" required: - id - type type: object IssueRegression: description: Regression information for an issue that was previously resolved and then reopened. properties: regressed_at: description: Timestamp when the issue was reopened (regressed). example: "2024-01-03T08:00:00Z" format: date-time type: string regressed_at_version: description: Application version where the regression was observed. example: "v2.5.2" type: string resolved_at: description: Timestamp when the issue was resolved before the regression. example: "2024-01-01T10:00:00Z" format: date-time type: string required: - resolved_at - regressed_at type: object IssueRelationships: description: Relationship between the issue and an assignee, case and/or teams. properties: assignee: $ref: "#/components/schemas/IssueAssigneeRelationship" case: $ref: "#/components/schemas/IssueCaseRelationship" team_owners: $ref: "#/components/schemas/IssueTeamOwnersRelationship" type: object IssueResponse: description: Response containing error tracking issue data. properties: data: $ref: "#/components/schemas/Issue" included: description: Array of resources related to the issue. items: $ref: "#/components/schemas/IssueIncluded" type: array type: object IssueState: description: State of the issue enum: - OPEN - ACKNOWLEDGED - RESOLVED - IGNORED - EXCLUDED example: "RESOLVED" type: string x-enum-varnames: - OPEN - ACKNOWLEDGED - RESOLVED - IGNORED - EXCLUDED IssueTeam: description: A team that owns an issue. properties: attributes: $ref: "#/components/schemas/IssueTeamAttributes" id: description: Team identifier. example: "221b0179-6447-4d03-91c3-3ca98bf60e8a" type: string type: $ref: "#/components/schemas/IssueTeamType" required: - id - type - attributes type: object IssueTeamAttributes: description: Object containing the information of a team. properties: handle: description: The team's identifier. example: "team-handle" type: string name: description: The name of the team. example: "Team Name" type: string summary: description: A brief summary of the team, derived from its description. example: "This is a team." type: string type: object IssueTeamOwnersRelationship: description: Relationship between the issue and teams. properties: data: description: Array of teams that are owners of the issue. items: $ref: "#/components/schemas/IssueTeamReference" type: array required: - data type: object IssueTeamReference: description: A team that owns the issue. properties: id: description: Team identifier. example: "221b0179-6447-4d03-91c3-3ca98bf60e8a" type: string type: $ref: "#/components/schemas/IssueTeamType" required: - id - type type: object IssueTeamType: description: Type of the object. enum: ["team"] example: "team" type: string x-enum-varnames: - TEAM IssueType: description: Type of the object. enum: ["issue"] example: "issue" type: string x-enum-varnames: - ISSUE IssueUpdateAssigneeRequest: description: Update issue assignee request payload. properties: data: $ref: "#/components/schemas/IssueUpdateAssigneeRequestData" required: - data type: object IssueUpdateAssigneeRequestData: description: Update issue assignee request. properties: id: description: User identifier. example: "87cb11a0-278c-440a-99fe-701223c80296" type: string type: $ref: "#/components/schemas/IssueUpdateAssigneeRequestDataType" required: - id - type type: object IssueUpdateAssigneeRequestDataType: description: Type of the object. enum: ["assignee"] example: "assignee" type: string x-enum-varnames: - ASSIGNEE IssueUpdateStateRequest: description: Update issue state request payload. properties: data: $ref: "#/components/schemas/IssueUpdateStateRequestData" required: - data type: object IssueUpdateStateRequestData: description: Update issue state request. properties: attributes: $ref: "#/components/schemas/IssueUpdateStateRequestDataAttributes" id: description: Issue identifier. example: "c1726a66-1f64-11ee-b338-da7ad0900002" type: string type: $ref: "#/components/schemas/IssueUpdateStateRequestDataType" required: - id - type - attributes type: object IssueUpdateStateRequestDataAttributes: description: Object describing an issue state update request. properties: state: $ref: "#/components/schemas/IssueState" required: - state type: object IssueUpdateStateRequestDataType: description: Type of the object. enum: ["error_tracking_issue"] example: "error_tracking_issue" type: string x-enum-varnames: - ERROR_TRACKING_ISSUE IssueUser: description: The user to whom the issue is assigned. properties: attributes: $ref: "#/components/schemas/IssueUserAttributes" id: description: User identifier. example: "87cb11a0-278c-440a-99fe-701223c80296" type: string type: $ref: "#/components/schemas/IssueUserType" required: - id - type - attributes type: object IssueUserAttributes: description: Object containing the information of a user. properties: email: description: Email of the user. example: "user@company.com" type: string handle: description: Handle of the user. example: "User Handle" type: string name: description: Name of the user. example: "User Name" type: string type: object IssueUserReference: description: The user the issue is assigned to. properties: id: description: User identifier. example: "87cb11a0-278c-440a-99fe-701223c80296" type: string type: $ref: "#/components/schemas/IssueUserType" required: - id - type type: object IssueUserType: description: Type of the object enum: ["user"] example: "user" type: string x-enum-varnames: - USER IssuesSearchRequest: description: Search issues request payload. properties: data: $ref: "#/components/schemas/IssuesSearchRequestData" required: - data type: object IssuesSearchRequestData: description: Search issues request. properties: attributes: $ref: "#/components/schemas/IssuesSearchRequestDataAttributes" type: $ref: "#/components/schemas/IssuesSearchRequestDataType" required: - type - attributes type: object IssuesSearchRequestDataAttributes: description: Object describing a search issue request. properties: assignee_ids: description: Filter issues by assignee IDs. Multiple values are combined with OR logic. example: - "00000000-0000-0000-0000-000000000001" items: format: uuid type: string maxItems: 50 type: array from: description: Start date (inclusive) of the query in milliseconds since the Unix epoch. example: 1671612804000 format: int64 type: integer order_by: $ref: "#/components/schemas/IssuesSearchRequestDataAttributesOrderBy" persona: $ref: "#/components/schemas/IssuesSearchRequestDataAttributesPersona" query: description: Search query following the event search syntax. example: "service:orders-* AND @language:go" type: string states: description: Filter issues by state. Multiple values are combined with OR logic. example: - "OPEN" - "ACKNOWLEDGED" items: $ref: "#/components/schemas/IssueState" maxItems: 20 type: array team_ids: description: Filter issues by team IDs. Multiple values are combined with OR logic. example: - "00000000-0000-0000-0000-000000000002" items: format: uuid type: string maxItems: 50 type: array to: description: End date (exclusive) of the query in milliseconds since the Unix epoch. example: 1671620004000 format: int64 type: integer track: $ref: "#/components/schemas/IssuesSearchRequestDataAttributesTrack" required: - query - from - to type: object IssuesSearchRequestDataAttributesOrderBy: description: The attribute to sort the search results by. enum: - TOTAL_COUNT - FIRST_SEEN - IMPACTED_SESSIONS - PRIORITY example: "IMPACTED_SESSIONS" type: string x-enum-varnames: - TOTAL_COUNT - FIRST_SEEN - IMPACTED_SESSIONS - PRIORITY IssuesSearchRequestDataAttributesPersona: description: Persona for the search. Either track(s) or persona(s) must be specified. enum: ["ALL", "BROWSER", "MOBILE", "BACKEND"] example: "BACKEND" type: string x-enum-varnames: - ALL - BROWSER - MOBILE - BACKEND IssuesSearchRequestDataAttributesTrack: description: Track of the events to query. Either track(s) or persona(s) must be specified. enum: ["trace", "logs", "rum"] example: "trace" type: string x-enum-varnames: - TRACE - LOGS - RUM IssuesSearchRequestDataType: description: Type of the object. enum: ["search_request"] example: "search_request" type: string x-enum-varnames: - SEARCH_REQUEST IssuesSearchResponse: description: Search issues response payload. properties: data: description: Array of results matching the search query. items: $ref: "#/components/schemas/IssuesSearchResult" type: array included: description: Array of resources related to the search results. items: $ref: "#/components/schemas/IssuesSearchResultIncluded" type: array type: object IssuesSearchResult: description: Result matching the search query. properties: attributes: $ref: "#/components/schemas/IssuesSearchResultAttributes" id: description: Search result identifier (matches the nested issue's identifier). example: "c1726a66-1f64-11ee-b338-da7ad0900002" type: string relationships: $ref: "#/components/schemas/IssuesSearchResultRelationships" type: $ref: "#/components/schemas/IssuesSearchResultType" required: - id - type - attributes type: object IssuesSearchResultAttributes: description: Object containing the information of a search result. properties: impacted_sessions: description: Count of sessions impacted by the issue over the queried time window. example: 12 format: int64 type: integer impacted_users: description: Count of users impacted by the issue over the queried time window. example: 4 format: int64 type: integer total_count: description: Total count of errors that match the issue over the queried time window. example: 82 format: int64 type: integer type: object IssuesSearchResultIncluded: description: An array of related resources, returned when the `include` query parameter is used. oneOf: - $ref: "#/components/schemas/Issue" - $ref: "#/components/schemas/Case" - $ref: "#/components/schemas/IssueUser" - $ref: "#/components/schemas/IssueTeam" IssuesSearchResultIssueRelationship: description: Relationship between the search result and the corresponding issue. properties: data: $ref: "#/components/schemas/IssueReference" required: - data type: object IssuesSearchResultRelationships: description: Relationships between the search result and other resources. properties: issue: $ref: "#/components/schemas/IssuesSearchResultIssueRelationship" type: object IssuesSearchResultType: description: Type of the object. enum: ["error_tracking_search_result"] example: "error_tracking_search_result" type: string x-enum-varnames: - ERROR_TRACKING_SEARCH_RESULT ItemApiPayload: description: A single datastore item with its content and metadata. properties: data: $ref: "#/components/schemas/ItemApiPayloadData" type: object ItemApiPayloadArray: description: A collection of datastore items with pagination and schema metadata. properties: data: description: An array of datastore items with their content and metadata. items: $ref: "#/components/schemas/ItemApiPayloadData" maxItems: 100 type: array meta: $ref: "#/components/schemas/ItemApiPayloadMeta" description: Metadata about the included items, including pagination info and datastore schema. required: - data type: object ItemApiPayloadData: description: Core data and metadata for a single datastore item. properties: attributes: $ref: "#/components/schemas/ItemApiPayloadDataAttributes" id: description: The unique identifier of the datastore. type: string type: $ref: "#/components/schemas/DatastoreItemsDataType" required: - type type: object ItemApiPayloadDataAttributes: description: Metadata and content of a datastore item. properties: created_at: description: Timestamp when the item was first created. format: date-time type: string modified_at: description: Timestamp when the item was last modified. format: date-time type: string org_id: description: The ID of the organization that owns this item. format: int64 type: integer primary_column_name: $ref: "#/components/schemas/DatastoreAttributesPrimaryColumnName" signature: description: A unique signature identifying this item version. type: string store_id: description: The unique identifier of the datastore containing this item. type: string value: $ref: "#/components/schemas/ItemApiPayloadDataAttributesValue" type: object ItemApiPayloadDataAttributesValue: additionalProperties: {} description: The data content (as key-value pairs) of a datastore item. type: object ItemApiPayloadMeta: description: Additional metadata about a collection of datastore items, including pagination and schema information. properties: page: $ref: "#/components/schemas/ItemApiPayloadMetaPage" schema: $ref: "#/components/schemas/ItemApiPayloadMetaSchema" type: object ItemApiPayloadMetaPage: description: Pagination information for a collection of datastore items. properties: hasMore: description: Whether there are additional pages of items beyond the current page. type: boolean totalCount: description: The total number of items in the datastore, ignoring any filters. format: int64 type: integer totalFilteredCount: description: The total number of items that match the current filter criteria. format: int64 type: integer type: object ItemApiPayloadMetaSchema: description: Schema information about the datastore, including its primary key and field definitions. properties: fields: description: An array describing the columns available in this datastore. items: $ref: "#/components/schemas/ItemApiPayloadMetaSchemaField" type: array primary_key: description: The name of the primary key column for this datastore. type: string type: object ItemApiPayloadMetaSchemaField: description: Information about a specific column in the datastore schema. properties: name: description: The name of this column in the datastore. example: "" type: string type: description: The data type of this column. For example, 'string', 'number', or 'boolean'. example: "" type: string required: - name - type type: object JSONAPIErrorItem: description: API error response body properties: detail: description: A human-readable explanation specific to this occurrence of the error. example: Missing required attribute in body type: string meta: additionalProperties: {} description: Non-standard meta-information about the error type: object source: $ref: "#/components/schemas/JSONAPIErrorItemSource" status: description: Status code of the response. example: "400" type: string title: description: Short human-readable summary of the error. example: Bad Request type: string type: object JSONAPIErrorItemSource: description: References to the source of the error. properties: header: description: A string indicating the name of a single request header which caused the error. example: "Authorization" type: string parameter: description: A string indicating which URI query parameter caused the error. example: "limit" type: string pointer: description: A JSON pointer to the value in the request document that caused the error. example: "/data/attributes/title" type: string type: object JSONAPIErrorResponse: description: API error response. properties: errors: description: A list of errors. items: $ref: "#/components/schemas/JSONAPIErrorItem" type: array required: - errors type: object JiraAccountAttributes: description: Attributes of a Jira account properties: consumer_key: description: The consumer key for the Jira account example: "consumer-key-1" type: string instance_url: description: The URL of the Jira instance example: "https://example.atlassian.net" type: string last_webhook_timestamp: description: Timestamp of the last webhook received example: "2024-01-15T10:30:00Z" format: date-time type: string required: - consumer_key - instance_url type: object JiraAccountData: description: Data object for a Jira account properties: attributes: $ref: "#/components/schemas/JiraAccountAttributes" id: description: Unique identifier for the Jira account example: "account-1" type: string type: $ref: "#/components/schemas/JiraAccountType" required: - id - type - attributes type: object JiraAccountRelationship: description: Relationship to a Jira account properties: data: $ref: "#/components/schemas/JiraAccountData" required: - data type: object JiraAccountType: description: Type identifier for Jira account resources enum: - jira-account example: jira-account type: string x-enum-varnames: - JIRA_ACCOUNT JiraAccountsData: description: Array of Jira account data objects items: $ref: "#/components/schemas/JiraAccountData" type: array JiraAccountsMeta: description: Metadata for Jira accounts response properties: public_key: description: Public key for the Jira integration example: "c29tZSBkYXRhIHdpdGggACBhbmQg77u/" type: string type: object JiraAccountsResponse: description: Response containing Jira accounts properties: data: $ref: "#/components/schemas/JiraAccountsData" example: - attributes: consumer_key: "consumer-key-1" instance_url: "https://example.atlassian.net" id: "account-1" type: jira-account meta: $ref: "#/components/schemas/JiraAccountsMeta" required: - data type: object JiraIntegrationMetadata: description: Incident integration metadata for the Jira integration. properties: issues: description: Array of Jira issues in this integration metadata. example: [] items: $ref: "#/components/schemas/JiraIntegrationMetadataIssuesItem" type: array required: - issues type: object JiraIntegrationMetadataIssuesItem: description: Item in the Jira integration metadata issue array. properties: account: description: URL of issue's Jira account. example: https://example.atlassian.net type: string issue_key: description: Jira issue's issue key. example: PROJ-123 type: string issuetype_id: description: Jira issue's issue type. example: "1000" type: string project_key: description: Jira issue's project keys. example: PROJ type: string redirect_url: description: URL redirecting to the Jira issue. example: https://example.atlassian.net/browse/PROJ-123 type: string required: - project_key - account type: object JiraIssue: description: Jira issue attached to case nullable: true properties: result: $ref: "#/components/schemas/JiraIssueResult" status: $ref: "#/components/schemas/Case3rdPartyTicketStatus" readOnly: true type: object JiraIssueCreateAttributes: description: Jira issue creation attributes properties: fields: additionalProperties: {} description: Additional Jira fields example: {} type: object issue_type_id: description: Jira issue type ID example: "10001" type: string jira_account_id: description: Jira account ID example: "1234" type: string project_id: description: Jira project ID example: "5678" type: string required: - jira_account_id - project_id - issue_type_id type: object JiraIssueCreateData: description: Jira issue creation data properties: attributes: $ref: "#/components/schemas/JiraIssueCreateAttributes" type: $ref: "#/components/schemas/JiraIssueResourceType" required: - type - attributes type: object JiraIssueCreateRequest: description: Jira issue creation request properties: data: $ref: "#/components/schemas/JiraIssueCreateData" required: - data type: object JiraIssueLinkAttributes: description: Jira issue link attributes properties: jira_issue_url: description: URL of the Jira issue example: "https://jira.example.com/browse/PROJ-123" type: string required: - jira_issue_url type: object JiraIssueLinkData: description: Jira issue link data properties: attributes: $ref: "#/components/schemas/JiraIssueLinkAttributes" type: $ref: "#/components/schemas/JiraIssueResourceType" required: - type - attributes type: object JiraIssueLinkRequest: description: Jira issue link request properties: data: $ref: "#/components/schemas/JiraIssueLinkData" required: - data type: object JiraIssueResourceType: description: Jira issue resource type enum: - issues example: issues type: string x-enum-varnames: - ISSUES JiraIssueResult: description: Jira issue information properties: issue_id: description: Jira issue ID type: string issue_key: description: Jira issue key type: string issue_url: description: Jira issue URL type: string project_key: description: Jira project key type: string type: object JiraIssueTemplateCreateRequest: description: Request to create a Jira issue template properties: data: $ref: "#/components/schemas/JiraIssueTemplateCreateRequestData" type: object JiraIssueTemplateCreateRequestAttributes: description: Attributes for creating a Jira issue template properties: fields: additionalProperties: {} description: Custom fields for the Jira issue template example: description: payload: "Test" type: "json" type: object issue_type_id: description: The ID of the Jira issue type example: "12730" type: string jira-account: $ref: "#/components/schemas/JiraIssueTemplateCreateRequestAttributesJiraAccount" name: description: The name of the issue template example: "test-template" type: string project_id: description: The ID of the Jira project example: "10772" type: string type: object JiraIssueTemplateCreateRequestAttributesJiraAccount: description: Reference to the Jira account properties: id: description: The ID of the Jira account example: "80f16d40-1fba-486e-b1fc-983e6ca19bec" format: uuid type: string required: - id type: object JiraIssueTemplateCreateRequestData: description: Data object for creating a Jira issue template properties: attributes: $ref: "#/components/schemas/JiraIssueTemplateCreateRequestAttributes" type: $ref: "#/components/schemas/JiraIssueTemplateType" type: object JiraIssueTemplateData: description: Data object for a Jira issue template properties: attributes: $ref: "#/components/schemas/JiraIssueTemplateDataAttributes" id: description: Unique identifier for the Jira issue template example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string relationships: $ref: "#/components/schemas/JiraIssueTemplateDataRelationships" type: $ref: "#/components/schemas/JiraIssueTemplateType" required: - id - type - attributes type: object JiraIssueTemplateDataAttributes: description: Attributes of a Jira issue template properties: fields: additionalProperties: {} description: Custom fields for the Jira issue template example: description: payload: "Test Description" type: "json" type: object issue_type_id: description: The ID of the Jira issue type example: "456" type: string name: description: The name of the issue template example: "Test Template" type: string project_id: description: The ID of the Jira project example: "123" type: string required: - name - project_id - issue_type_id - fields type: object JiraIssueTemplateDataRelationships: description: Relationships of a Jira issue template properties: jira-account: $ref: "#/components/schemas/JiraAccountRelationship" required: - jira-account type: object JiraIssueTemplateResponse: description: Response containing a single Jira issue template properties: data: $ref: "#/components/schemas/JiraIssueTemplateData" included: $ref: "#/components/schemas/JiraAccountsData" required: - data type: object JiraIssueTemplateType: description: Type identifier for Jira issue template resources enum: - jira-issue-template example: jira-issue-template type: string x-enum-varnames: - JIRA_ISSUE_TEMPLATE JiraIssueTemplateUpdateRequest: description: Request to update a Jira issue template properties: data: $ref: "#/components/schemas/JiraIssueTemplateUpdateRequestData" required: - data type: object JiraIssueTemplateUpdateRequestAttributes: description: Attributes for updating a Jira issue template properties: fields: additionalProperties: {} description: Custom fields for the Jira issue template example: description: payload: "Updated Description" type: "json" type: object name: description: The name of the issue template example: "test_template_updated" type: string type: object JiraIssueTemplateUpdateRequestData: description: Data object for updating a Jira issue template properties: attributes: $ref: "#/components/schemas/JiraIssueTemplateUpdateRequestAttributes" type: $ref: "#/components/schemas/JiraIssueTemplateType" required: - type - attributes type: object JiraIssueTemplatesData: description: Array of Jira issue template data objects items: $ref: "#/components/schemas/JiraIssueTemplateData" type: array JiraIssueTemplatesResponse: description: Response containing Jira issue templates properties: data: $ref: "#/components/schemas/JiraIssueTemplatesData" example: - attributes: fields: description: payload: "Test Description" type: "json" issue_type_id: "10001" name: "Bug Report Template" project_id: "PROJECT-1" id: "65b3341b-0680-47f9-a6d4-134db45c603e" type: jira-issue-template included: $ref: "#/components/schemas/JiraAccountsData" required: - data type: object JiraIssuesDataType: default: jira_issues description: Jira issues resource type. enum: - jira_issues example: jira_issues type: string x-enum-varnames: - JIRA_ISSUES JobCreateResponse: description: Run a historical job response. properties: data: $ref: "#/components/schemas/JobCreateResponseData" type: object JobCreateResponseData: description: The definition of `JobCreateResponseData` object. properties: id: description: ID of the created job. type: string type: $ref: "#/components/schemas/HistoricalJobDataType" type: object JobDefinition: description: Definition of a historical job. properties: calculatedFields: description: Calculated fields. items: $ref: "#/components/schemas/CalculatedField" type: array cases: description: Cases used for generating job results. items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" type: array from: description: Starting time of data analyzed by the job. example: 1729843470000 format: int64 type: integer groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array index: description: Index used to load the data. example: cloud_siem type: string message: description: Message for generated results. example: A large number of failed login attempts. type: string name: description: Job name. example: Excessive number of failed attempts. type: string options: $ref: "#/components/schemas/HistoricalJobOptions" queries: description: Queries for selecting logs analyzed by the job. items: $ref: "#/components/schemas/HistoricalJobQuery" type: array referenceTables: description: Reference tables used in the queries. items: $ref: "#/components/schemas/SecurityMonitoringReferenceTable" type: array tags: description: Tags for generated signals. items: description: A tag string in `key:value` format. type: string type: array thirdPartyCases: description: Cases for generating results from third-party detection method. Only available for third-party detection method. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate" type: array to: description: Ending time of data analyzed by the job. example: 1729847070000 format: int64 type: integer type: description: Job type. type: string required: - from - to - index - name - cases - queries - message type: object JobDefinitionFromRule: description: Definition of a historical job based on a security monitoring rule. properties: from: description: Starting time of data analyzed by the job. example: 1729843470000 format: int64 type: integer id: description: ID of the detection rule used to create the job. example: abc-def-ghi type: string index: description: Index used to load the data. example: cloud_siem type: string notifications: description: Notifications sent when the job is completed. example: - "@sns-cloudtrail-results" items: description: A notification recipient handle (for example, `@user` or `@channel`). type: string type: array to: description: Ending time of data analyzed by the job. example: 1729847070000 format: int64 type: integer required: - id - from - to - index type: object JsonPatchOperation: description: A JSON Patch operation as per RFC 6902. properties: op: $ref: "#/components/schemas/JsonPatchOperationOp" path: description: A JSON Pointer path (e.g., "/name", "/value/secure"). example: "/name" type: string value: description: The value to use for the operation (not applicable for "remove" and "test" operations). required: - op - path type: object JsonPatchOperationOp: description: The operation to perform. enum: - add - remove - replace - move - copy - test example: add type: string x-enum-varnames: - ADD - REMOVE - REPLACE - MOVE - COPY - TEST KindAttributes: description: Kind attributes. properties: description: description: Short description of the kind. type: string displayName: description: User friendly name of the kind. type: string name: description: The kind name. example: my-job minLength: 1 type: string type: object KindData: description: Schema that defines the structure of a Kind object in the Software Catalog. properties: attributes: $ref: "#/components/schemas/KindAttributes" id: description: A read-only globally unique identifier for the entity generated by Datadog. User supplied values are ignored. example: 4b163705-23c0-4573-b2fb-f6cea2163fcb minLength: 1 type: string meta: $ref: "#/components/schemas/KindMetadata" type: description: Kind. type: string type: object KindMetadata: description: Kind metadata. properties: createdAt: description: The creation time. type: string modifiedAt: description: The modification time. type: string type: object KindObj: description: Schema for kind. properties: description: description: Short description of the kind. type: string displayName: description: The display name of the kind. Automatically generated if not provided. type: string kind: description: The name of the kind to create or update. This must be in kebab-case format. example: "my-job" type: string required: - kind type: object KindRaw: description: Kind definition in raw JSON or YAML representation. example: |- kind: service displayName: Service description: A service entity in the catalog. type: string KindResponseData: description: List of kind responses. items: $ref: "#/components/schemas/KindData" type: array KindResponseMeta: description: Kind response metadata. properties: count: description: Total kinds count. format: int64 type: integer type: object LLMObsAnnotatedInteractionItem: description: An interaction with its associated annotations. properties: annotations: description: List of annotations for this interaction. items: $ref: "#/components/schemas/LLMObsAnnotationItem" type: array content_id: description: Identifier of the content (trace ID or session ID) for this interaction. example: "trace-abc-123" type: string id: description: Unique identifier of the interaction. example: "interaction-456" type: string type: $ref: "#/components/schemas/LLMObsInteractionType" required: - id - type - content_id - annotations type: object LLMObsAnnotatedInteractionsDataAttributesResponse: description: Attributes containing the list of annotated interactions. properties: annotated_interactions: description: List of interactions with their annotations. items: $ref: "#/components/schemas/LLMObsAnnotatedInteractionItem" type: array required: - annotated_interactions type: object LLMObsAnnotatedInteractionsDataResponse: description: Data object for annotated interactions. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotatedInteractionsDataAttributesResponse" id: description: The queue ID. example: "00000000-0000-0000-0000-000000000001" type: string type: $ref: "#/components/schemas/LLMObsAnnotatedInteractionsType" required: - id - type - attributes type: object LLMObsAnnotatedInteractionsResponse: description: Response containing the annotated interactions for an annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotatedInteractionsDataResponse" required: - data type: object LLMObsAnnotatedInteractionsType: description: Resource type for annotated interactions. enum: - annotated_interactions example: annotated_interactions type: string x-enum-varnames: - ANNOTATED_INTERACTIONS LLMObsAnnotationItem: description: A single annotation on an interaction. properties: created_at: description: Timestamp when the annotation was created. example: "2024-01-15T10:30:00Z" format: date-time type: string created_by: description: Identifier of the user who created the annotation. example: "00000000-0000-0000-0000-000000000002" type: string id: description: Unique identifier of the annotation. example: "annotation-789" type: string interaction_id: description: Identifier of the interaction this annotation belongs to. example: "interaction-456" type: string label_values: additionalProperties: {} description: The label values for this annotation. example: quality: "good" type: object modified_at: description: Timestamp when the annotation was last modified. example: "2024-01-15T10:30:00Z" format: date-time type: string modified_by: description: Identifier of the user who last modified the annotation. example: "00000000-0000-0000-0000-000000000002" type: string required: - id - interaction_id - label_values - created_by - created_at - modified_by - modified_at type: object LLMObsAnnotationQueueDataAttributesRequest: description: Attributes for creating an LLM Observability annotation queue. properties: annotation_schema: $ref: "#/components/schemas/LLMObsAnnotationSchema" description: description: Description of the annotation queue. example: "Queue for annotating customer support traces" type: string name: description: Name of the annotation queue. example: "My annotation queue" type: string project_id: description: Identifier of the project this queue belongs to. example: "00000000-0000-0000-0000-000000000002" type: string required: - name - project_id type: object LLMObsAnnotationQueueDataAttributesResponse: description: Attributes of an LLM Observability annotation queue. properties: annotation_schema: $ref: "#/components/schemas/LLMObsAnnotationSchema" created_at: description: Timestamp when the queue was created. example: "2024-01-15T10:30:00Z" format: date-time type: string created_by: description: Identifier of the user who created the queue. example: "00000000-0000-0000-0000-000000000002" type: string description: description: Description of the annotation queue. example: "Queue for annotating customer support traces" type: string modified_at: description: Timestamp when the queue was last modified. example: "2024-01-15T10:30:00Z" format: date-time type: string modified_by: description: Identifier of the user who last modified the queue. example: "00000000-0000-0000-0000-000000000002" type: string name: description: Name of the annotation queue. example: "My annotation queue" type: string owned_by: description: Identifier of the user who owns the queue. example: "00000000-0000-0000-0000-000000000002" type: string project_id: description: Identifier of the project this queue belongs to. example: "00000000-0000-0000-0000-000000000002" type: string required: - name - project_id - description - created_by - created_at - modified_by - modified_at - owned_by type: object LLMObsAnnotationQueueDataRequest: description: Data object for creating an LLM Observability annotation queue. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotationQueueDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsAnnotationQueueType" required: - type - attributes type: object LLMObsAnnotationQueueDataResponse: description: Data object for an LLM Observability annotation queue. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotationQueueDataAttributesResponse" id: description: Unique identifier of the annotation queue. example: "00000000-0000-0000-0000-000000000001" type: string type: $ref: "#/components/schemas/LLMObsAnnotationQueueType" required: - id - type - attributes type: object LLMObsAnnotationQueueInteractionItem: description: A single interaction to add to an annotation queue. properties: content_id: description: Identifier of the content (trace ID or session ID) for this interaction. example: "trace-abc-123" type: string type: $ref: "#/components/schemas/LLMObsInteractionType" required: - type - content_id type: object LLMObsAnnotationQueueInteractionResponseItem: description: A single interaction result. properties: already_existed: description: Whether this interaction already existed in the queue. example: false type: boolean content_id: description: Identifier of the content (trace ID or session ID) for this interaction. example: "trace-abc-123" type: string id: description: Unique identifier of the interaction. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/LLMObsInteractionType" required: - id - type - content_id - already_existed type: object LLMObsAnnotationQueueInteractionsDataAttributesRequest: description: Attributes for adding interactions to an annotation queue. properties: interactions: description: List of interactions to add to the queue. Must contain at least one item. items: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionItem" minItems: 1 type: array required: - interactions type: object LLMObsAnnotationQueueInteractionsDataAttributesResponse: description: Attributes of the interaction addition response. properties: interactions: description: List of interactions that were processed. items: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionResponseItem" type: array required: - interactions type: object LLMObsAnnotationQueueInteractionsDataRequest: description: Data object for adding interactions to an annotation queue. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsType" required: - type - attributes type: object LLMObsAnnotationQueueInteractionsDataResponse: description: Data object for the interaction addition response. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsDataAttributesResponse" id: description: The queue ID the interactions were added to. example: "00000000-0000-0000-0000-000000000001" type: string type: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsType" required: - id - type - attributes type: object LLMObsAnnotationQueueInteractionsRequest: description: Request to add interactions to an LLM Observability annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsDataRequest" required: - data type: object LLMObsAnnotationQueueInteractionsResponse: description: Response containing the result of adding interactions to an annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsDataResponse" required: - data type: object LLMObsAnnotationQueueInteractionsType: description: Resource type for annotation queue interactions. enum: - interactions example: interactions type: string x-enum-varnames: - INTERACTIONS LLMObsAnnotationQueueLabelSchemaAttributes: description: Attributes of an annotation queue label schema. properties: annotation_schema: $ref: "#/components/schemas/LLMObsAnnotationSchema" required: - annotation_schema type: object LLMObsAnnotationQueueLabelSchemaData: description: Data object for an annotation queue label schema. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotationQueueLabelSchemaAttributes" id: description: Unique identifier of the annotation queue. example: "00000000-0000-0000-0000-000000000001" type: string type: $ref: "#/components/schemas/LLMObsAnnotationQueueType" required: - id - type - attributes type: object LLMObsAnnotationQueueLabelSchemaResponse: description: Response containing the label schema of an annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotationQueueLabelSchemaData" required: - data type: object LLMObsAnnotationQueueLabelSchemaUpdateAttributes: description: Attributes for updating an annotation queue label schema. properties: annotation_schema: $ref: "#/components/schemas/LLMObsAnnotationSchema" required: - annotation_schema type: object LLMObsAnnotationQueueLabelSchemaUpdateData: description: Data object for updating an annotation queue label schema. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotationQueueLabelSchemaUpdateAttributes" type: $ref: "#/components/schemas/LLMObsAnnotationQueueType" required: - type - attributes type: object LLMObsAnnotationQueueLabelSchemaUpdateRequest: description: Request to update the label schema of an annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotationQueueLabelSchemaUpdateData" required: - data type: object LLMObsAnnotationQueueRequest: description: Request to create an LLM Observability annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotationQueueDataRequest" required: - data type: object LLMObsAnnotationQueueResponse: description: Response containing a single LLM Observability annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotationQueueDataResponse" required: - data type: object LLMObsAnnotationQueueType: description: Resource type of an LLM Observability annotation queue. enum: - queues example: queues type: string x-enum-varnames: - QUEUES LLMObsAnnotationQueueUpdateDataAttributesRequest: description: Attributes for updating an LLM Observability annotation queue. All fields are optional. properties: annotation_schema: $ref: "#/components/schemas/LLMObsAnnotationSchema" description: description: Updated description of the annotation queue. example: "Updated description" type: string name: description: Updated name of the annotation queue. example: "Updated queue name" type: string type: object LLMObsAnnotationQueueUpdateDataRequest: description: Data object for updating an LLM Observability annotation queue. properties: attributes: $ref: "#/components/schemas/LLMObsAnnotationQueueUpdateDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsAnnotationQueueType" required: - type - attributes type: object LLMObsAnnotationQueueUpdateRequest: description: Request to update an LLM Observability annotation queue. properties: data: $ref: "#/components/schemas/LLMObsAnnotationQueueUpdateDataRequest" required: - data type: object LLMObsAnnotationQueuesResponse: description: Response containing a list of LLM Observability annotation queues. properties: data: description: List of annotation queues. items: $ref: "#/components/schemas/LLMObsAnnotationQueueDataResponse" type: array required: - data type: object LLMObsAnnotationSchema: description: Schema defining the labels for an annotation queue. properties: label_schemas: description: List of label schema definitions. items: $ref: "#/components/schemas/LLMObsLabelSchema" type: array required: - label_schemas type: object LLMObsCursorMeta: description: Pagination cursor metadata. properties: after: description: Cursor for the next page of results. nullable: true type: string type: object LLMObsCustomEvalConfigAssessmentCriteria: description: Criteria used to assess the pass/fail result of a custom evaluator. properties: max_threshold: description: Maximum numeric threshold for a passing result. example: 1.0 format: double nullable: true type: number min_threshold: description: Minimum numeric threshold for a passing result. example: 0.7 format: double nullable: true type: number pass_values: description: Specific output values considered as a passing result. example: - "pass" - "yes" items: description: A value considered as a passing result. type: string nullable: true type: array pass_when: description: When true, a boolean output of true is treated as passing. example: true nullable: true type: boolean type: object LLMObsCustomEvalConfigAttributes: description: Attributes of a custom LLM Observability evaluator configuration. properties: category: description: Category of the evaluator. example: "Custom" type: string created_at: description: Timestamp when the evaluator configuration was created. example: "2024-01-15T10:30:00Z" format: date-time type: string created_by: $ref: "#/components/schemas/LLMObsCustomEvalConfigUser" eval_name: description: Name of the custom evaluator. example: "my-custom-evaluator" type: string last_updated_by: $ref: "#/components/schemas/LLMObsCustomEvalConfigUser" llm_judge_config: $ref: "#/components/schemas/LLMObsCustomEvalConfigLLMJudgeConfig" llm_provider: $ref: "#/components/schemas/LLMObsCustomEvalConfigLLMProvider" target: $ref: "#/components/schemas/LLMObsCustomEvalConfigTarget" updated_at: description: Timestamp when the evaluator configuration was last updated. example: "2024-01-15T10:30:00Z" format: date-time type: string required: - eval_name - created_at - updated_at type: object LLMObsCustomEvalConfigBedrockOptions: description: AWS Bedrock-specific options for LLM provider configuration. properties: region: description: AWS region for Bedrock. example: "us-east-1" type: string type: object LLMObsCustomEvalConfigData: description: Data object for a custom LLM Observability evaluator configuration. properties: attributes: $ref: "#/components/schemas/LLMObsCustomEvalConfigAttributes" id: description: Unique name identifier of the evaluator configuration. example: "my-custom-evaluator" type: string type: $ref: "#/components/schemas/LLMObsCustomEvalConfigType" required: - id - type - attributes type: object LLMObsCustomEvalConfigEvalScope: description: Scope at which to evaluate spans. enum: - span - trace - session example: "span" type: string x-enum-varnames: - SPAN - TRACE - SESSION LLMObsCustomEvalConfigInferenceParams: description: LLM inference parameters for a custom evaluator. properties: frequency_penalty: description: Frequency penalty to reduce repetition. example: 0.0 format: double type: number max_tokens: description: Maximum number of tokens to generate. example: 1024 format: int64 type: integer presence_penalty: description: Presence penalty to reduce repetition. example: 0.0 format: double type: number temperature: description: Sampling temperature for the LLM. example: 0.7 format: double type: number top_k: description: Top-k sampling parameter. example: 50 format: int64 type: integer top_p: description: Top-p (nucleus) sampling parameter. example: 1.0 format: double type: number type: object LLMObsCustomEvalConfigIntegrationProvider: description: Name of the LLM integration provider. enum: - openai - amazon-bedrock - anthropic - azure-openai - vertex-ai - llm-proxy example: "openai" type: string x-enum-varnames: - OPENAI - AMAZON_BEDROCK - ANTHROPIC - AZURE_OPENAI - VERTEX_AI - LLM_PROXY LLMObsCustomEvalConfigLLMJudgeConfig: description: LLM judge configuration for a custom evaluator. properties: assessment_criteria: $ref: "#/components/schemas/LLMObsCustomEvalConfigAssessmentCriteria" inference_params: $ref: "#/components/schemas/LLMObsCustomEvalConfigInferenceParams" last_used_library_prompt_template_name: description: Name of the last library prompt template used. example: "sentiment-analysis-v1" nullable: true type: string modified_library_prompt_template: description: Whether the library prompt template was modified. example: false nullable: true type: boolean output_schema: additionalProperties: {} description: JSON schema describing the expected output format of the LLM judge. nullable: true type: object parsing_type: $ref: "#/components/schemas/LLMObsCustomEvalConfigParsingType" prompt_template: description: List of messages forming the LLM judge prompt template. items: $ref: "#/components/schemas/LLMObsCustomEvalConfigPromptMessage" type: array required: - inference_params type: object LLMObsCustomEvalConfigLLMProvider: description: LLM provider configuration for a custom evaluator. properties: bedrock: $ref: "#/components/schemas/LLMObsCustomEvalConfigBedrockOptions" integration_account_id: description: Integration account identifier. example: "my-account-id" type: string integration_provider: $ref: "#/components/schemas/LLMObsCustomEvalConfigIntegrationProvider" model_name: description: Name of the LLM model. example: "gpt-4o" type: string vertex_ai: $ref: "#/components/schemas/LLMObsCustomEvalConfigVertexAIOptions" type: object LLMObsCustomEvalConfigParsingType: description: Output parsing type for a custom LLM judge evaluator. enum: - structured_output - json example: "structured_output" type: string x-enum-varnames: - STRUCTURED_OUTPUT - JSON LLMObsCustomEvalConfigPromptContent: description: A content block within a prompt message. properties: type: description: Content block type. example: "text" type: string value: $ref: "#/components/schemas/LLMObsCustomEvalConfigPromptContentValue" required: - type - value type: object LLMObsCustomEvalConfigPromptContentValue: description: Value of a prompt message content block. properties: text: description: Text content of the message block. example: "What is the sentiment of this review?" type: string tool_call: $ref: "#/components/schemas/LLMObsCustomEvalConfigPromptToolCall" tool_call_result: $ref: "#/components/schemas/LLMObsCustomEvalConfigPromptToolResult" type: object LLMObsCustomEvalConfigPromptMessage: description: A message in the prompt template for a custom LLM judge evaluator. properties: content: description: Text content of the message. example: "Rate the quality of the following response:" type: string contents: description: Multi-part content blocks for the message. items: $ref: "#/components/schemas/LLMObsCustomEvalConfigPromptContent" type: array role: description: Role of the message author. example: "user" type: string required: - role type: object LLMObsCustomEvalConfigPromptToolCall: description: A tool call within a prompt message. properties: arguments: description: JSON-encoded arguments for the tool call. example: '{"location": "San Francisco"}' type: string id: description: Unique identifier of the tool call. example: "call_abc123" type: string name: description: Name of the tool being called. example: "get_weather" type: string type: description: Type of the tool call. example: "function" type: string type: object LLMObsCustomEvalConfigPromptToolResult: description: A tool call result within a prompt message. properties: name: description: Name of the tool that produced this result. example: "get_weather" type: string result: description: The result returned by the tool. example: "sunny, 72F" type: string tool_id: description: Identifier of the tool call this result corresponds to. example: "call_abc123" type: string type: description: Type of the tool result. example: "function" type: string type: object LLMObsCustomEvalConfigResponse: description: Response containing a custom LLM Observability evaluator configuration. properties: data: $ref: "#/components/schemas/LLMObsCustomEvalConfigData" required: - data type: object LLMObsCustomEvalConfigTarget: description: Target application configuration for a custom evaluator. properties: application_name: description: Name of the ML application this evaluator targets. example: "my-llm-app" type: string enabled: description: Whether the evaluator is active for the target application. example: true type: boolean eval_scope: $ref: "#/components/schemas/LLMObsCustomEvalConfigEvalScope" nullable: true filter: description: Filter expression to select which spans to evaluate. example: "@service:my-service" nullable: true type: string root_spans_only: description: When true, only root spans are evaluated. example: true nullable: true type: boolean sampling_percentage: description: Percentage of traces to evaluate. Must be greater than 0 and at most 100. example: 50.0 format: double nullable: true type: number required: - application_name - enabled type: object LLMObsCustomEvalConfigType: description: Type of the custom LLM Observability evaluator configuration resource. enum: - evaluator_config example: "evaluator_config" type: string x-enum-varnames: - EVALUATOR_CONFIG LLMObsCustomEvalConfigUpdateAttributes: description: Attributes for creating or updating a custom LLM Observability evaluator configuration. properties: category: description: Category of the evaluator. example: "Custom" type: string eval_name: description: Name of the custom evaluator. If provided, must match the eval_name path parameter. example: "my-custom-evaluator" type: string llm_judge_config: $ref: "#/components/schemas/LLMObsCustomEvalConfigLLMJudgeConfig" llm_provider: $ref: "#/components/schemas/LLMObsCustomEvalConfigLLMProvider" target: $ref: "#/components/schemas/LLMObsCustomEvalConfigTarget" required: - target type: object LLMObsCustomEvalConfigUpdateData: description: Data object for creating or updating a custom LLM Observability evaluator configuration. properties: attributes: $ref: "#/components/schemas/LLMObsCustomEvalConfigUpdateAttributes" id: description: Name of the evaluator. If provided, must match the eval_name path parameter. example: "my-custom-evaluator" type: string type: $ref: "#/components/schemas/LLMObsCustomEvalConfigType" required: - type - attributes type: object LLMObsCustomEvalConfigUpdateRequest: description: Request to create or update a custom LLM Observability evaluator configuration. properties: data: $ref: "#/components/schemas/LLMObsCustomEvalConfigUpdateData" required: - data type: object LLMObsCustomEvalConfigUser: description: A Datadog user associated with a custom evaluator configuration. properties: email: description: Email address of the user. example: "user@example.com" type: string type: object LLMObsCustomEvalConfigVertexAIOptions: description: Google Vertex AI-specific options for LLM provider configuration. properties: location: description: Google Cloud region. example: "us-central1" type: string project: description: Google Cloud project ID. example: "my-gcp-project" type: string type: object LLMObsDatasetDataAttributesRequest: description: Attributes for creating an LLM Observability dataset. properties: description: description: Description of the dataset. type: string metadata: additionalProperties: {} description: Arbitrary metadata associated with the dataset. type: object name: description: Name of the dataset. example: "My LLM Dataset" type: string required: - name type: object LLMObsDatasetDataAttributesResponse: description: Attributes of an LLM Observability dataset. properties: created_at: description: Timestamp when the dataset was created. example: "2024-01-15T10:30:00Z" format: date-time type: string current_version: description: Current version number of the dataset. example: 1 format: int64 type: integer description: description: Description of the dataset. example: "" nullable: true type: string metadata: additionalProperties: {} description: Arbitrary metadata associated with the dataset. nullable: true type: object name: description: Name of the dataset. example: "My LLM Dataset" type: string updated_at: description: Timestamp when the dataset was last updated. example: "2024-01-15T10:30:00Z" format: date-time type: string required: - name - description - metadata - current_version - created_at - updated_at type: object LLMObsDatasetDataRequest: description: Data object for creating an LLM Observability dataset. properties: attributes: $ref: "#/components/schemas/LLMObsDatasetDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsDatasetType" required: - type - attributes type: object LLMObsDatasetDataResponse: description: Data object for an LLM Observability dataset. properties: attributes: $ref: "#/components/schemas/LLMObsDatasetDataAttributesResponse" id: description: Unique identifier of the dataset. example: "9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d" type: string type: $ref: "#/components/schemas/LLMObsDatasetType" required: - id - type - attributes type: object LLMObsDatasetRecordDataResponse: description: A single LLM Observability dataset record. properties: created_at: description: Timestamp when the record was created. example: "2024-01-15T10:30:00Z" format: date-time type: string dataset_id: description: Identifier of the dataset this record belongs to. example: "9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d" type: string expected_output: $ref: "#/components/schemas/AnyValue" id: description: Unique identifier of the record. example: "rec-7c3f5a1b-9e2d-4f8a-b1c6-3d7e9f0a2b4c" type: string input: $ref: "#/components/schemas/AnyValue" metadata: additionalProperties: {} description: Arbitrary metadata associated with the record. nullable: true type: object updated_at: description: Timestamp when the record was last updated. example: "2024-01-15T10:30:00Z" format: date-time type: string required: - id - dataset_id - input - expected_output - metadata - created_at - updated_at type: object LLMObsDatasetRecordItem: description: A single record to append to an LLM Observability dataset. properties: expected_output: $ref: "#/components/schemas/AnyValue" input: $ref: "#/components/schemas/AnyValue" metadata: additionalProperties: {} description: Arbitrary metadata associated with the record. type: object required: - input type: object LLMObsDatasetRecordUpdateItem: description: A record update payload for an LLM Observability dataset. properties: expected_output: $ref: "#/components/schemas/AnyValue" id: description: Unique identifier of the record to update. example: "rec-7c3f5a1b-9e2d-4f8a-b1c6-3d7e9f0a2b4c" type: string input: $ref: "#/components/schemas/AnyValue" metadata: additionalProperties: {} description: Updated metadata associated with the record. type: object required: - id type: object LLMObsDatasetRecordsDataAttributesRequest: description: Attributes for appending records to an LLM Observability dataset. properties: deduplicate: description: Whether to deduplicate records before appending. Defaults to `true`. type: boolean records: description: List of records to append to the dataset. items: $ref: "#/components/schemas/LLMObsDatasetRecordItem" type: array required: - records type: object LLMObsDatasetRecordsDataRequest: description: Data object for appending records to an LLM Observability dataset. properties: attributes: $ref: "#/components/schemas/LLMObsDatasetRecordsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsRecordType" required: - type - attributes type: object LLMObsDatasetRecordsListResponse: description: Response containing a paginated list of LLM Observability dataset records. properties: data: description: List of dataset records. items: $ref: "#/components/schemas/LLMObsDatasetRecordDataResponse" type: array meta: $ref: "#/components/schemas/LLMObsCursorMeta" required: - data type: object LLMObsDatasetRecordsMutationData: description: Response containing records after a create or update operation. properties: records: description: List of affected dataset records. items: $ref: "#/components/schemas/LLMObsDatasetRecordDataResponse" type: array required: - records type: object LLMObsDatasetRecordsMutationResponse: description: Response containing records after a create or update operation. properties: data: description: List of affected dataset records. items: $ref: "#/components/schemas/LLMObsDatasetRecordsMutationData" type: array required: - data type: object LLMObsDatasetRecordsRequest: description: Request to append records to an LLM Observability dataset. properties: data: $ref: "#/components/schemas/LLMObsDatasetRecordsDataRequest" required: - data type: object LLMObsDatasetRecordsUpdateDataAttributesRequest: description: Attributes for updating records in an LLM Observability dataset. properties: records: description: List of records to update. items: $ref: "#/components/schemas/LLMObsDatasetRecordUpdateItem" type: array required: - records type: object LLMObsDatasetRecordsUpdateDataRequest: description: Data object for updating records in an LLM Observability dataset. properties: attributes: $ref: "#/components/schemas/LLMObsDatasetRecordsUpdateDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsRecordType" required: - type - attributes type: object LLMObsDatasetRecordsUpdateRequest: description: Request to update records in an LLM Observability dataset. properties: data: $ref: "#/components/schemas/LLMObsDatasetRecordsUpdateDataRequest" required: - data type: object LLMObsDatasetRequest: description: Request to create an LLM Observability dataset. properties: data: $ref: "#/components/schemas/LLMObsDatasetDataRequest" required: - data type: object LLMObsDatasetResponse: description: Response containing a single LLM Observability dataset. properties: data: $ref: "#/components/schemas/LLMObsDatasetDataResponse" required: - data type: object LLMObsDatasetType: description: Resource type of an LLM Observability dataset. enum: - datasets example: datasets type: string x-enum-varnames: - DATASETS LLMObsDatasetUpdateDataAttributesRequest: description: Attributes for updating an LLM Observability dataset. properties: description: description: Updated description of the dataset. type: string metadata: additionalProperties: {} description: Updated metadata associated with the dataset. type: object name: description: Updated name of the dataset. type: string type: object LLMObsDatasetUpdateDataRequest: description: Data object for updating an LLM Observability dataset. properties: attributes: $ref: "#/components/schemas/LLMObsDatasetUpdateDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsDatasetType" required: - type - attributes type: object LLMObsDatasetUpdateRequest: description: Request to partially update an LLM Observability dataset. properties: data: $ref: "#/components/schemas/LLMObsDatasetUpdateDataRequest" required: - data type: object LLMObsDatasetsResponse: description: Response containing a list of LLM Observability datasets. properties: data: description: List of datasets. items: $ref: "#/components/schemas/LLMObsDatasetDataResponse" type: array meta: $ref: "#/components/schemas/LLMObsCursorMeta" required: - data type: object LLMObsDeleteAnnotationQueueInteractionsDataAttributesRequest: description: Attributes for deleting interactions from an annotation queue. properties: interaction_ids: description: List of interaction IDs to delete. Must contain at least one item. example: - "00000000-0000-0000-0000-000000000000" - "00000000-0000-0000-0000-000000000001" items: description: An interaction ID to delete. type: string minItems: 1 type: array required: - interaction_ids type: object LLMObsDeleteAnnotationQueueInteractionsDataRequest: description: Data object for deleting interactions from an annotation queue. properties: attributes: $ref: "#/components/schemas/LLMObsDeleteAnnotationQueueInteractionsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsType" required: - type - attributes type: object LLMObsDeleteAnnotationQueueInteractionsRequest: description: Request to delete interactions from an LLM Observability annotation queue. properties: data: $ref: "#/components/schemas/LLMObsDeleteAnnotationQueueInteractionsDataRequest" required: - data type: object LLMObsDeleteDatasetRecordsDataAttributesRequest: description: Attributes for deleting records from an LLM Observability dataset. properties: record_ids: description: List of record IDs to delete. example: - "rec-7c3f5a1b-9e2d-4f8a-b1c6-3d7e9f0a2b4c" items: description: A record ID to delete. type: string type: array required: - record_ids type: object LLMObsDeleteDatasetRecordsDataRequest: description: Data object for deleting records from an LLM Observability dataset. properties: attributes: $ref: "#/components/schemas/LLMObsDeleteDatasetRecordsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsRecordType" required: - type - attributes type: object LLMObsDeleteDatasetRecordsRequest: description: Request to delete records from an LLM Observability dataset. properties: data: $ref: "#/components/schemas/LLMObsDeleteDatasetRecordsDataRequest" required: - data type: object LLMObsDeleteDatasetsDataAttributesRequest: description: Attributes for deleting LLM Observability datasets. properties: dataset_ids: description: List of dataset IDs to delete. example: - "9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d" items: description: A dataset ID to delete. type: string type: array required: - dataset_ids type: object LLMObsDeleteDatasetsDataRequest: description: Data object for deleting LLM Observability datasets. properties: attributes: $ref: "#/components/schemas/LLMObsDeleteDatasetsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsDatasetType" required: - type - attributes type: object LLMObsDeleteDatasetsRequest: description: Request to delete one or more LLM Observability datasets. properties: data: $ref: "#/components/schemas/LLMObsDeleteDatasetsDataRequest" required: - data type: object LLMObsDeleteExperimentsDataAttributesRequest: description: Attributes for deleting LLM Observability experiments. properties: experiment_ids: description: List of experiment IDs to delete. example: - "3fd6b5e0-8910-4b1c-a7d0-5b84de329012" items: description: An experiment ID to delete. type: string type: array required: - experiment_ids type: object LLMObsDeleteExperimentsDataRequest: description: Data object for deleting LLM Observability experiments. properties: attributes: $ref: "#/components/schemas/LLMObsDeleteExperimentsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsExperimentType" required: - type - attributes type: object LLMObsDeleteExperimentsRequest: description: Request to delete one or more LLM Observability experiments. properties: data: $ref: "#/components/schemas/LLMObsDeleteExperimentsDataRequest" required: - data type: object LLMObsDeleteProjectsDataAttributesRequest: description: Attributes for deleting LLM Observability projects. properties: project_ids: description: List of project IDs to delete. example: - "a33671aa-24fd-4dcd-9b33-a8ec7dde7751" items: description: A project ID to delete. type: string type: array required: - project_ids type: object LLMObsDeleteProjectsDataRequest: description: Data object for deleting LLM Observability projects. properties: attributes: $ref: "#/components/schemas/LLMObsDeleteProjectsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsProjectType" required: - type - attributes type: object LLMObsDeleteProjectsRequest: description: Request to delete one or more LLM Observability projects. properties: data: $ref: "#/components/schemas/LLMObsDeleteProjectsDataRequest" required: - data type: object LLMObsEventType: description: Resource type for LLM Observability experiment events. enum: - events example: events type: string x-enum-varnames: - EVENTS LLMObsExperimentDataAttributesRequest: description: Attributes for creating an LLM Observability experiment. properties: config: additionalProperties: {} description: Configuration parameters for the experiment. type: object dataset_id: description: Identifier of the dataset used in this experiment. example: "9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d" type: string dataset_version: description: Version of the dataset to use. Defaults to the current version if not specified. format: int64 type: integer description: description: Description of the experiment. type: string ensure_unique: description: Whether to ensure the experiment name is unique. Defaults to `true`. type: boolean metadata: additionalProperties: {} description: Arbitrary metadata associated with the experiment. type: object name: description: Name of the experiment. example: "My Experiment v1" type: string project_id: description: Identifier of the project this experiment belongs to. example: "a33671aa-24fd-4dcd-9b33-a8ec7dde7751" type: string required: - project_id - dataset_id - name type: object LLMObsExperimentDataAttributesResponse: description: Attributes of an LLM Observability experiment. properties: config: additionalProperties: {} description: Configuration parameters for the experiment. nullable: true type: object created_at: description: Timestamp when the experiment was created. example: "2024-01-15T10:30:00Z" format: date-time type: string dataset_id: description: Identifier of the dataset used in this experiment. example: "9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d" type: string description: description: Description of the experiment. example: "" nullable: true type: string metadata: additionalProperties: {} description: Arbitrary metadata associated with the experiment. nullable: true type: object name: description: Name of the experiment. example: "My Experiment v1" type: string project_id: description: Identifier of the project this experiment belongs to. example: "a33671aa-24fd-4dcd-9b33-a8ec7dde7751" type: string updated_at: description: Timestamp when the experiment was last updated. example: "2024-01-15T10:30:00Z" format: date-time type: string required: - project_id - dataset_id - name - description - metadata - config - created_at - updated_at type: object LLMObsExperimentDataRequest: description: Data object for creating an LLM Observability experiment. properties: attributes: $ref: "#/components/schemas/LLMObsExperimentDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsExperimentType" required: - type - attributes type: object LLMObsExperimentDataResponse: description: Data object for an LLM Observability experiment. properties: attributes: $ref: "#/components/schemas/LLMObsExperimentDataAttributesResponse" id: description: Unique identifier of the experiment. example: "3fd6b5e0-8910-4b1c-a7d0-5b84de329012" type: string type: $ref: "#/components/schemas/LLMObsExperimentType" required: - id - type - attributes type: object LLMObsExperimentEventsDataAttributesRequest: description: Attributes for pushing experiment events including spans and metrics. properties: metrics: description: List of metrics to push for the experiment. items: $ref: "#/components/schemas/LLMObsExperimentMetric" type: array spans: description: List of spans to push for the experiment. items: $ref: "#/components/schemas/LLMObsExperimentSpan" type: array type: object LLMObsExperimentEventsDataRequest: description: Data object for pushing experiment events. properties: attributes: $ref: "#/components/schemas/LLMObsExperimentEventsDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsEventType" required: - type - attributes type: object LLMObsExperimentEventsRequest: description: Request to push spans and metrics for an LLM Observability experiment. properties: data: $ref: "#/components/schemas/LLMObsExperimentEventsDataRequest" required: - data type: object LLMObsExperimentMetric: description: A metric associated with an LLM Observability experiment span. properties: assessment: $ref: "#/components/schemas/LLMObsMetricAssessment" boolean_value: description: Boolean value. Used when `metric_type` is `boolean`. type: boolean categorical_value: description: Categorical value. Used when `metric_type` is `categorical`. type: string error: $ref: "#/components/schemas/LLMObsExperimentMetricError" json_value: additionalProperties: {} description: JSON value. Used when `metric_type` is `json`. type: object label: description: Label or name for the metric. example: "faithfulness" type: string metadata: additionalProperties: {} description: Arbitrary metadata associated with the metric. type: object metric_type: $ref: "#/components/schemas/LLMObsMetricScoreType" reasoning: description: Human-readable reasoning for the metric value. type: string score_value: description: Numeric score value. Used when `metric_type` is `score`. format: double type: number span_id: description: The ID of the span this metric measures. example: "span-7a1b2c3d" type: string tags: description: List of tags associated with the metric. items: description: A tag string in `key:value` format. type: string type: array timestamp_ms: description: Timestamp when the metric was recorded, in milliseconds since Unix epoch. example: 1705314600000 format: int64 type: integer required: - span_id - metric_type - timestamp_ms - label type: object LLMObsExperimentMetricError: description: Error details for an experiment metric evaluation. properties: message: description: Error message associated with the metric evaluation. type: string type: object LLMObsExperimentRequest: description: Request to create an LLM Observability experiment. properties: data: $ref: "#/components/schemas/LLMObsExperimentDataRequest" required: - data type: object LLMObsExperimentResponse: description: Response containing a single LLM Observability experiment. properties: data: $ref: "#/components/schemas/LLMObsExperimentDataResponse" required: - data type: object LLMObsExperimentSpan: description: A span associated with an LLM Observability experiment. properties: dataset_id: description: Dataset ID associated with this span. example: "9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d" type: string duration: description: Duration of the span in nanoseconds. example: 1500000000 format: int64 type: integer meta: $ref: "#/components/schemas/LLMObsExperimentSpanMeta" name: description: Name of the span. example: "llm_call" type: string project_id: description: Project ID associated with this span. example: "a33671aa-24fd-4dcd-9b33-a8ec7dde7751" type: string span_id: description: Unique identifier of the span. example: "span-7a1b2c3d" type: string start_ns: description: Start time of the span in nanoseconds since Unix epoch. example: 1705314600000000000 format: int64 type: integer status: $ref: "#/components/schemas/LLMObsExperimentSpanStatus" tags: description: List of tags associated with the span. items: description: A tag string in `key:value` format. type: string type: array trace_id: description: Trace ID for the span. example: "abc123def456" type: string required: - trace_id - span_id - project_id - dataset_id - name - start_ns - duration - status type: object LLMObsExperimentSpanError: description: Error details for an experiment span. properties: message: description: Error message. example: "Model response timed out" type: string stack: description: Stack trace of the error. example: "Traceback (most recent call last):\n File \"main.py\", line 10, in \n response = model.generate(input)\n File \"model.py\", line 45, in generate\n raise TimeoutError(\"Model response timed out\")\nTimeoutError: Model response timed out" type: string type: description: The error type or exception class name. example: "TimeoutError" type: string type: object LLMObsExperimentSpanMeta: description: Metadata associated with an experiment span. properties: error: $ref: "#/components/schemas/LLMObsExperimentSpanError" expected_output: additionalProperties: {} description: Expected output for the span, used for evaluation. type: object input: $ref: "#/components/schemas/AnyValue" output: $ref: "#/components/schemas/AnyValue" type: object LLMObsExperimentSpanStatus: description: Status of the span. enum: - ok - error example: "ok" type: string x-enum-varnames: - OK - ERROR LLMObsExperimentType: description: Resource type of an LLM Observability experiment. enum: - experiments example: experiments type: string x-enum-varnames: - EXPERIMENTS LLMObsExperimentUpdateDataAttributesRequest: description: Attributes for updating an LLM Observability experiment. properties: description: description: Updated description of the experiment. type: string name: description: Updated name of the experiment. type: string type: object LLMObsExperimentUpdateDataRequest: description: Data object for updating an LLM Observability experiment. properties: attributes: $ref: "#/components/schemas/LLMObsExperimentUpdateDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsExperimentType" required: - type - attributes type: object LLMObsExperimentUpdateRequest: description: Request to partially update an LLM Observability experiment. properties: data: $ref: "#/components/schemas/LLMObsExperimentUpdateDataRequest" required: - data type: object LLMObsExperimentsResponse: description: Response containing a list of LLM Observability experiments. properties: data: description: List of experiments. items: $ref: "#/components/schemas/LLMObsExperimentDataResponse" type: array meta: $ref: "#/components/schemas/LLMObsCursorMeta" required: - data type: object LLMObsInteractionType: description: Type of interaction in an annotation queue. enum: - trace - experiment_trace - session example: trace type: string x-enum-varnames: - TRACE - EXPERIMENT_TRACE - SESSION LLMObsLabelSchema: description: Schema definition for a single label in an annotation queue. properties: description: description: Description of the label. example: "Rating of the response quality." type: string has_assessment: description: Whether this label includes an assessment field. example: false type: boolean has_reasoning: description: Whether this label includes a reasoning field. example: false type: boolean id: description: Unique identifier of the label schema. Assigned by the server if not provided. example: "abc-123" type: string is_assessment: description: Whether the boolean label represents an assessment. Requires `has_assessment` to be true. example: false type: boolean is_integer: description: Whether score values must be integers. Applicable to score-type labels. example: false type: boolean is_required: description: Whether this label is required for an annotation. example: true type: boolean max: description: Maximum value for score-type labels. example: 5.0 format: double type: number min: description: Minimum value for score-type labels. example: 0.0 format: double type: number name: description: Name of the label. Must match the pattern `^[a-zA-Z0-9_-]+$` and be unique within the queue. example: "quality" type: string type: $ref: "#/components/schemas/LLMObsLabelSchemaType" values: description: Allowed values for categorical-type labels. Must contain at least one non-empty, unique value. example: - "good" - "bad" - "neutral" items: description: An allowed value for a categorical label. type: string type: array required: - name - type type: object LLMObsLabelSchemaType: description: Type of a label in an annotation queue label schema. enum: - score - categorical - boolean - text example: score type: string x-enum-varnames: - SCORE - CATEGORICAL - BOOLEAN - TEXT LLMObsMetricAssessment: description: Assessment result for an LLM Observability experiment metric. enum: - pass - fail example: pass type: string x-enum-varnames: - PASS - FAIL LLMObsMetricScoreType: description: Type of metric recorded for an LLM Observability experiment. enum: - score - categorical - boolean - json example: score type: string x-enum-varnames: - SCORE - CATEGORICAL - BOOLEAN - JSON LLMObsProjectDataAttributesRequest: description: Attributes for creating an LLM Observability project. properties: description: description: Description of the project. type: string name: description: Name of the project. example: "My LLM Project" type: string required: - name type: object LLMObsProjectDataAttributesResponse: description: Attributes of an LLM Observability project. properties: created_at: description: Timestamp when the project was created. example: "2024-01-15T10:30:00Z" format: date-time type: string description: description: Description of the project. example: "" nullable: true type: string name: description: Name of the project. example: "My LLM Project" type: string updated_at: description: Timestamp when the project was last updated. example: "2024-01-15T10:30:00Z" format: date-time type: string required: - name - description - created_at - updated_at type: object LLMObsProjectDataRequest: description: Data object for creating an LLM Observability project. properties: attributes: $ref: "#/components/schemas/LLMObsProjectDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsProjectType" required: - type - attributes type: object LLMObsProjectDataResponse: description: Data object for an LLM Observability project. properties: attributes: $ref: "#/components/schemas/LLMObsProjectDataAttributesResponse" id: description: Unique identifier of the project. example: "a33671aa-24fd-4dcd-9b33-a8ec7dde7751" type: string type: $ref: "#/components/schemas/LLMObsProjectType" required: - id - type - attributes type: object LLMObsProjectRequest: description: Request to create an LLM Observability project. properties: data: $ref: "#/components/schemas/LLMObsProjectDataRequest" required: - data type: object LLMObsProjectResponse: description: Response containing a single LLM Observability project. properties: data: $ref: "#/components/schemas/LLMObsProjectDataResponse" required: - data type: object LLMObsProjectType: description: Resource type of an LLM Observability project. enum: - projects example: projects type: string x-enum-varnames: - PROJECTS LLMObsProjectUpdateDataAttributesRequest: description: Attributes for updating an LLM Observability project. properties: description: description: Updated description of the project. type: string name: description: Updated name of the project. type: string type: object LLMObsProjectUpdateDataRequest: description: Data object for updating an LLM Observability project. properties: attributes: $ref: "#/components/schemas/LLMObsProjectUpdateDataAttributesRequest" type: $ref: "#/components/schemas/LLMObsProjectType" required: - type - attributes type: object LLMObsProjectUpdateRequest: description: Request to partially update an LLM Observability project. properties: data: $ref: "#/components/schemas/LLMObsProjectUpdateDataRequest" required: - data type: object LLMObsProjectsResponse: description: Response containing a list of LLM Observability projects. properties: data: description: List of projects. items: $ref: "#/components/schemas/LLMObsProjectDataResponse" type: array meta: $ref: "#/components/schemas/LLMObsCursorMeta" required: - data type: object LLMObsRecordType: description: Resource type of LLM Observability dataset records. enum: - records example: records type: string x-enum-varnames: - RECORDS Language: description: Programming language enum: - PYTHON - JAVASCRIPT - TYPESCRIPT - JAVA - GO - YAML - RUBY - CSHARP - PHP - KOTLIN - SWIFT example: PYTHON type: string x-enum-varnames: - PYTHON - JAVASCRIPT - TYPESCRIPT - JAVA - GO - YAML - RUBY - CSHARP - PHP - KOTLIN - SWIFT LaunchDarklyAPIKey: description: The definition of the `LaunchDarklyAPIKey` object. properties: api_token: description: The `LaunchDarklyAPIKey` `api_token`. example: "" type: string type: $ref: "#/components/schemas/LaunchDarklyAPIKeyType" required: - type - api_token type: object LaunchDarklyAPIKeyType: description: The definition of the `LaunchDarklyAPIKey` object. enum: - LaunchDarklyAPIKey example: LaunchDarklyAPIKey type: string x-enum-varnames: - LAUNCHDARKLYAPIKEY LaunchDarklyAPIKeyUpdate: description: The definition of the `LaunchDarklyAPIKey` object. properties: api_token: description: The `LaunchDarklyAPIKeyUpdate` `api_token`. type: string type: $ref: "#/components/schemas/LaunchDarklyAPIKeyType" required: - type type: object LaunchDarklyCredentials: description: The definition of the `LaunchDarklyCredentials` object. oneOf: - $ref: "#/components/schemas/LaunchDarklyAPIKey" LaunchDarklyCredentialsUpdate: description: The definition of the `LaunchDarklyCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/LaunchDarklyAPIKeyUpdate" LaunchDarklyIntegration: description: The definition of the `LaunchDarklyIntegration` object. properties: credentials: $ref: "#/components/schemas/LaunchDarklyCredentials" type: $ref: "#/components/schemas/LaunchDarklyIntegrationType" required: - type - credentials type: object LaunchDarklyIntegrationType: description: The definition of the `LaunchDarklyIntegrationType` object. enum: - LaunchDarkly example: LaunchDarkly type: string x-enum-varnames: - LAUNCHDARKLY LaunchDarklyIntegrationUpdate: description: The definition of the `LaunchDarklyIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/LaunchDarklyCredentialsUpdate" type: $ref: "#/components/schemas/LaunchDarklyIntegrationType" required: - type type: object Layer: description: Encapsulates a layer resource, holding attributes like rotation details, plus relationships to the members covering that layer. properties: attributes: $ref: "#/components/schemas/LayerAttributes" id: description: A unique identifier for this layer. type: string relationships: $ref: "#/components/schemas/LayerRelationships" type: $ref: "#/components/schemas/LayerType" required: - type type: object LayerAttributes: description: Describes key properties of a Layer, including rotation details, name, start/end times, and any restrictions. properties: effective_date: description: When the layer becomes active (ISO 8601). format: date-time type: string end_date: description: When the layer ceases to be active (ISO 8601). format: date-time type: string interval: $ref: "#/components/schemas/LayerAttributesInterval" name: description: The name of this layer. example: Weekend Layer type: string restrictions: description: An optional list of time restrictions for when this layer is in effect. items: $ref: "#/components/schemas/TimeRestriction" type: array rotation_start: description: The date/time when the rotation starts (ISO 8601). format: date-time type: string time_zone: description: The time zone for this layer. example: "America/New_York" type: string type: object LayerAttributesInterval: description: Defines how often the rotation repeats, using a combination of days and optional seconds. Should be at least 1 hour. properties: days: description: The number of days in each rotation cycle. example: 1 format: int32 maximum: 400 type: integer seconds: description: Any additional seconds for the rotation cycle (up to 30 days). example: 300 format: int64 maximum: 2592000 type: integer type: object LayerRelationships: description: Holds references to objects related to the Layer entity, such as its members. properties: members: $ref: "#/components/schemas/LayerRelationshipsMembers" type: object LayerRelationshipsMembers: description: Holds an array of references to the members of a Layer, each containing member IDs. properties: data: description: The list of members who belong to this layer. items: $ref: "#/components/schemas/LayerRelationshipsMembersDataItems" type: array type: object LayerRelationshipsMembersDataItems: description: |- Represents a single member object in a layer's `members` array, referencing a unique Datadog user ID. properties: id: description: The unique user ID of the layer member. example: "00000000-0000-0000-0000-000000000002" type: string type: $ref: "#/components/schemas/LayerRelationshipsMembersDataItemsType" required: - type - id type: object LayerRelationshipsMembersDataItemsType: default: members description: |- Members resource type. enum: - members example: members type: string x-enum-varnames: - MEMBERS LayerType: default: layers description: |- Layers resource type. enum: - layers example: layers type: string x-enum-varnames: - LAYERS LeakedKey: description: The definition of LeakedKey object. properties: attributes: $ref: "#/components/schemas/LeakedKeyAttributes" id: description: The LeakedKey id. example: "id" type: string type: $ref: "#/components/schemas/LeakedKeyType" required: - attributes - id - type type: object LeakedKeyAttributes: description: The definition of LeakedKeyAttributes object. properties: date: description: The LeakedKeyAttributes date. example: "2017-07-21T17:32:28Z" format: date-time type: string leak_source: description: The LeakedKeyAttributes leak_source. type: string required: - date type: object LeakedKeyType: default: leaked_keys description: The definition of LeakedKeyType object. enum: - leaked_keys example: leaked_keys type: string x-enum-varnames: - LEAKED_KEYS Library: description: Vulnerability library. properties: additional_names: description: Related library or package names (such as child packages or affected binary paths). items: description: A related library or package name affected by the vulnerability. example: linux-tools-common type: string type: array name: description: Vulnerability library name. example: linux-aws-5.15 type: string version: description: Vulnerability library version. example: 5.15.0 type: string required: - name type: object Links: description: The JSON:API links related to pagination. properties: first: description: First page link. example: "https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=1&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" type: string last: description: Last page link. example: "https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=15&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" type: string next: description: Next page link. example: "https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=16&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" type: string previous: description: Previous page link. example: "https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=14&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" type: string self: description: Request link. example: https://api.datadoghq.com/api/v2/security/vulnerabilities?filter%5Btool%5D=Infra type: string required: - self - first - last type: object ListAPIsResponse: description: Response for `ListAPIs`. properties: data: description: List of API items. items: $ref: "#/components/schemas/ListAPIsResponseData" type: array meta: $ref: "#/components/schemas/ListAPIsResponseMeta" type: object ListAPIsResponseData: description: Data envelope for `ListAPIsResponse`. properties: attributes: $ref: "#/components/schemas/ListAPIsResponseDataAttributes" id: $ref: "#/components/schemas/ApiID" type: object ListAPIsResponseDataAttributes: description: Attributes for `ListAPIsResponseData`. properties: name: description: API name. example: "Payments API" type: string type: object ListAPIsResponseMeta: description: Metadata for `ListAPIsResponse`. properties: pagination: $ref: "#/components/schemas/ListAPIsResponseMetaPagination" type: object ListAPIsResponseMetaPagination: description: Pagination metadata information for `ListAPIsResponse`. properties: limit: description: Number of items in the current page. example: 20 format: int64 type: integer offset: description: Offset for pagination. example: 0 format: int64 type: integer total_count: description: Total number of items. example: 35 format: int64 type: integer type: object ListAllocationsResponse: description: Response containing a list of targeting rules (allocations). properties: data: description: List of targeting rules (allocations). items: $ref: "#/components/schemas/AllocationDataResponse" description: Allocation item. type: array required: - data type: object ListAppKeyRegistrationsResponse: description: A paginated list of app key registrations. properties: data: description: An array of app key registrations. items: $ref: "#/components/schemas/AppKeyRegistrationData" type: array meta: $ref: "#/components/schemas/ListAppKeyRegistrationsResponseMeta" type: object ListAppKeyRegistrationsResponseMeta: description: The definition of `ListAppKeyRegistrationsResponseMeta` object. properties: total: description: The total number of app key registrations. example: 1 format: int64 type: integer total_filtered: description: The total number of app key registrations that match the specified filters. example: 1 format: int64 type: integer type: object ListApplicationKeysResponse: description: Response for a list of application keys. properties: data: description: Array of application keys. items: $ref: "#/components/schemas/PartialApplicationKey" type: array included: description: Array of objects related to the application key. items: $ref: "#/components/schemas/ApplicationKeyResponseIncludedItem" type: array meta: $ref: "#/components/schemas/ApplicationKeyResponseMeta" type: object ListAppsResponse: description: A paginated list of apps matching the specified filters and sorting. properties: data: description: An array of app definitions. items: $ref: "#/components/schemas/ListAppsResponseDataItems" type: array included: description: Data on the version of the app that was published. items: $ref: "#/components/schemas/Deployment" type: array meta: $ref: "#/components/schemas/ListAppsResponseMeta" type: object ListAppsResponseDataItems: description: An app definition object. This contains only basic information about the app such as ID, name, and tags. properties: attributes: $ref: "#/components/schemas/ListAppsResponseDataItemsAttributes" id: description: The ID of the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string meta: $ref: "#/components/schemas/AppMeta" relationships: $ref: "#/components/schemas/ListAppsResponseDataItemsRelationships" type: $ref: "#/components/schemas/AppDefinitionType" required: - id - type - attributes type: object ListAppsResponseDataItemsAttributes: description: Basic information about the app such as name, description, and tags. properties: description: description: A human-readable description for the app. type: string favorite: description: Whether the app is marked as a favorite by the current user. type: boolean name: description: The name of the app. type: string selfService: description: Whether the app is enabled for use in the Datadog self-service hub. type: boolean tags: description: A list of tags for the app, which can be used to filter apps. example: - "service:webshop-backend" - "team:webshop" items: description: An individual tag for the app. type: string type: array type: object ListAppsResponseDataItemsRelationships: description: The app's publication information. properties: deployment: $ref: "#/components/schemas/DeploymentRelationship" type: object ListAppsResponseMeta: description: Pagination metadata. properties: page: $ref: "#/components/schemas/ListAppsResponseMetaPage" type: object ListAppsResponseMetaPage: description: Information on the total number of apps, to be used for pagination. properties: totalCount: description: The total number of apps under the Datadog organization, disregarding any filters applied. format: int64 type: integer totalFilteredCount: description: The total number of apps that match the specified filters. format: int64 type: integer type: object ListAssetsSBOMsResponse: description: The expected response schema when listing assets SBOMs. properties: data: description: List of assets SBOMs. items: $ref: "#/components/schemas/SBOM" type: array links: $ref: "#/components/schemas/Links" meta: $ref: "#/components/schemas/Metadata" required: - data type: object ListCampaignsResponse: description: Response containing a list of campaigns. properties: data: $ref: "#/components/schemas/ListCampaignsResponseData" meta: $ref: "#/components/schemas/PaginatedResponseMeta" required: - data - meta type: object ListCampaignsResponseData: description: Array of campaigns. items: $ref: "#/components/schemas/CampaignResponseData" type: array ListConnectionsResponse: description: Response containing the list of all data source connections configured for an entity. example: data: attributes: connections: - created_at: "0001-01-01T00:00:00Z" created_by: 00000000-0000-0000-0000-000000000000 fields: - description: Customer subscription tier display_name: Customer Tier groups: - Business - Subscription id: customer_tier source_name: subscription_tier type: string - description: Channel through which user signed up display_name: Signup Source groups: - Marketing - Attribution id: signup_source source_name: acquisition_channel type: string id: user-profiles-connection join: attribute: user_email type: email type: ref_table updated_at: "0001-01-01T00:00:00Z" updated_by: 00000000-0000-0000-0000-000000000000 id: list_connections_response type: list_connections_response properties: data: $ref: "#/components/schemas/ListConnectionsResponseData" type: object ListConnectionsResponseData: description: The data object containing the resource type and attributes for the list connections response. properties: attributes: $ref: "#/components/schemas/ListConnectionsResponseDataAttributes" id: description: Unique identifier for the list connections response resource. type: string type: $ref: "#/components/schemas/ListConnectionsResponseDataType" required: - type type: object ListConnectionsResponseDataAttributes: description: Attributes of the list connections response, containing the collection of data source connections. properties: connections: description: The list of data source connections configured for the entity. items: $ref: "#/components/schemas/ListConnectionsResponseDataAttributesConnectionsItems" type: array type: object ListConnectionsResponseDataAttributesConnectionsItems: description: Details of a single data source connection, including its fields, join configuration, and audit metadata. properties: created_at: description: Timestamp indicating when the connection was created. format: date-time type: string created_by: description: Identifier of the user who created the connection. type: string fields: description: List of custom attribute fields imported from the data source. items: $ref: "#/components/schemas/CreateConnectionRequestDataAttributesFieldsItems" type: array id: description: Unique identifier of the connection. type: string join: $ref: "#/components/schemas/ListConnectionsResponseDataAttributesConnectionsItemsJoin" metadata: additionalProperties: type: string description: Additional key-value metadata associated with the connection. type: object type: description: The type of data source connection (for example, ref_table). type: string updated_at: description: Timestamp indicating when the connection was last updated. format: date-time type: string updated_by: description: Identifier of the user who last updated the connection. type: string type: object ListConnectionsResponseDataAttributesConnectionsItemsJoin: description: The join configuration describing how the data source is linked to the entity. properties: attribute: description: The entity attribute used as the join key to link records from the data source. type: string type: description: The type of join key used (for example, email or user_id). type: string type: object ListConnectionsResponseDataType: default: list_connections_response description: List connections response resource type. enum: - list_connections_response example: list_connections_response type: string x-enum-varnames: - LIST_CONNECTIONS_RESPONSE ListDeploymentRuleResponseData: description: Data for a list of deployment rules. properties: attributes: $ref: "#/components/schemas/ListDeploymentRulesResponseDataAttributes" id: description: Unique identifier of the deployment rule. example: "1111-2222-3333-4444-555566667777" type: string type: $ref: "#/components/schemas/ListDeploymentRulesDataType" required: - type - attributes - id type: object ListDeploymentRulesDataType: description: List deployment rule resource type. enum: - list_deployment_rules example: list_deployment_rules type: string x-enum-varnames: - LIST_DEPLOYMENT_RULES ListDeploymentRulesResponseDataAttributes: description: Attributes of the response for listing deployment rules. properties: rules: description: The list of deployment rules. items: $ref: "#/components/schemas/DeploymentRuleResponseDataAttributes" type: array type: object ListDevicesResponse: description: List devices response. properties: data: description: The list devices response data. items: $ref: "#/components/schemas/DevicesListData" type: array meta: $ref: "#/components/schemas/ListDevicesResponseMetadata" type: object ListDevicesResponseMetadata: description: Object describing meta attributes of response. properties: page: $ref: "#/components/schemas/ListDevicesResponseMetadataPage" type: object ListDevicesResponseMetadataPage: description: Pagination object. properties: total_filtered_count: description: Total count of devices matched by the filter. example: 1 format: int64 type: integer type: object ListDowntimesResponse: description: Response for retrieving all downtimes. properties: data: description: An array of downtimes. items: $ref: "#/components/schemas/DowntimeResponseData" type: array included: description: Array of objects related to the downtimes. items: $ref: "#/components/schemas/DowntimeResponseIncludedItem" type: array meta: $ref: "#/components/schemas/DowntimeMeta" type: object ListEntityCatalogResponse: description: List entity response. properties: data: $ref: "#/components/schemas/EntityResponseData" included: $ref: "#/components/schemas/ListEntityCatalogResponseIncluded" links: $ref: "#/components/schemas/ListEntityCatalogResponseLinks" meta: $ref: "#/components/schemas/EntityResponseMeta" type: object ListEntityCatalogResponseIncluded: description: List entity response included. items: $ref: "#/components/schemas/ListEntityCatalogResponseIncludedItem" type: array ListEntityCatalogResponseIncludedItem: description: List entity response included item. oneOf: - $ref: "#/components/schemas/EntityResponseIncludedSchema" - $ref: "#/components/schemas/EntityResponseIncludedRawSchema" - $ref: "#/components/schemas/EntityResponseIncludedRelatedEntity" - $ref: "#/components/schemas/EntityResponseIncludedOncall" - $ref: "#/components/schemas/EntityResponseIncludedIncident" ListEntityCatalogResponseLinks: description: List entity response links. properties: next: description: Next link. type: string previous: description: Previous link. type: string self: description: Current link. type: string type: object ListEnvironmentsResponse: description: Response containing a list of environments. properties: data: description: List of environments. items: $ref: "#/components/schemas/Environment" type: array meta: $ref: "#/components/schemas/EnvironmentsPaginationMeta" required: - data type: object ListFeatureFlagsResponse: description: Response containing a list of feature flags. properties: data: description: List of feature flags. items: $ref: "#/components/schemas/FeatureFlagListItem" type: array meta: $ref: "#/components/schemas/FeatureFlagsPaginationMeta" required: - data type: object ListFindingsData: description: Array of findings. items: $ref: "#/components/schemas/Finding" type: array ListFindingsMeta: additionalProperties: false description: Metadata for pagination. properties: page: $ref: "#/components/schemas/ListFindingsPage" snapshot_timestamp: description: The point in time corresponding to the listed findings. example: 1678721573794 format: int64 minimum: 1 type: integer type: object ListFindingsPage: additionalProperties: false description: Pagination and findings count information. properties: cursor: description: The cursor used to paginate requests. example: "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=" type: string total_filtered_count: description: The total count of findings after the filter has been applied. example: 213 format: int64 type: integer type: object ListFindingsResponse: description: The expected response schema when listing findings. properties: data: $ref: "#/components/schemas/ListFindingsData" example: - attributes: evaluation: fail resource: "arn:aws:s3:::my-bucket" resource_type: aws_s3_bucket status: high id: "abc-123-xyz" type: finding meta: $ref: "#/components/schemas/ListFindingsMeta" required: - data - meta type: object ListHistoricalJobsResponse: description: List of historical jobs. properties: data: description: Array containing the list of historical jobs. items: $ref: "#/components/schemas/HistoricalJobResponseData" type: array meta: $ref: "#/components/schemas/HistoricalJobListMeta" type: object ListIntegrationsResponse: description: Response containing information about multiple integrations. properties: data: description: Array of integration objects. items: $ref: "#/components/schemas/Integration" type: array required: - data type: object ListInterfaceTagsResponse: description: Response for listing interface tags. properties: data: $ref: "#/components/schemas/ListInterfaceTagsResponseData" type: object ListInterfaceTagsResponseData: description: Response data for listing interface tags. properties: attributes: $ref: "#/components/schemas/ListTagsResponseDataAttributes" id: description: The interface ID example: example:1.2.3.4:1 type: string type: description: The type of the resource. The value should always be tags. type: string type: object ListInvestigationsResponse: description: Response for listing investigations. properties: data: description: List of investigations. items: $ref: "#/components/schemas/ListInvestigationsResponseData" type: array links: $ref: "#/components/schemas/ListInvestigationsResponseLinks" meta: $ref: "#/components/schemas/ListInvestigationsResponseMeta" required: - data - meta - links type: object ListInvestigationsResponseData: description: Data for an investigation list item. properties: attributes: $ref: "#/components/schemas/ListInvestigationsResponseDataAttributes" id: description: The unique identifier of the investigation. example: "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" type: string type: $ref: "#/components/schemas/InvestigationType" required: - id - type - attributes type: object ListInvestigationsResponseDataAttributes: description: Attributes of an investigation list item. properties: status: description: The current status of the investigation. example: "conclusive" type: string title: description: The title of the investigation. example: "Monitor alert investigation for web-server-01" type: string required: - status - title type: object ListInvestigationsResponseLinks: description: Pagination links for the list investigations response. properties: first: description: Link to the first page. example: "https://api.datadoghq.com/api/v2/bits-ai/investigations?page[offset]=0&page[limit]=10" type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. example: "https://api.datadoghq.com/api/v2/bits-ai/investigations?page[offset]=10&page[limit]=10" type: string prev: description: Link to the previous page. nullable: true type: string self: description: Link to the current page. example: "https://api.datadoghq.com/api/v2/bits-ai/investigations?page[offset]=0&page[limit]=10" type: string required: - first - next - self type: object ListInvestigationsResponseMeta: description: Metadata for the list investigations response. properties: page: $ref: "#/components/schemas/ListInvestigationsResponseMetaPage" required: - page type: object ListInvestigationsResponseMetaPage: description: Pagination metadata. properties: limit: description: Maximum number of results per page. example: 10 format: int64 type: integer offset: description: Offset of the current page. example: 0 format: int64 type: integer total: description: Total number of investigations. example: 50 format: int64 type: integer required: - total - limit - offset type: object ListKindCatalogResponse: description: List kind response. properties: data: $ref: "#/components/schemas/KindResponseData" meta: $ref: "#/components/schemas/KindResponseMeta" type: object ListNotificationChannelsResponse: description: Response type for listing notification channels for a user properties: data: description: Array of notification channel data objects. items: $ref: "#/components/schemas/NotificationChannelData" type: array type: object ListOnCallNotificationRulesResponse: description: Response type for listing notification rules for a user properties: data: description: Array of notification rule data objects. items: $ref: "#/components/schemas/OnCallNotificationRuleData" type: array included: items: $ref: "#/components/schemas/OnCallNotificationRulesIncluded" type: array type: object ListPersonalAccessTokensResponse: description: Response for a list of personal access tokens. properties: data: description: Array of personal access tokens. items: $ref: "#/components/schemas/PersonalAccessToken" type: array meta: $ref: "#/components/schemas/PersonalAccessTokenResponseMeta" type: object ListPipelinesResponse: description: Represents the response payload containing a list of pipelines and associated metadata. properties: data: description: The `schema` `data`. items: $ref: "#/components/schemas/ObservabilityPipelineData" type: array meta: $ref: "#/components/schemas/ListPipelinesResponseMeta" required: - data type: object ListPipelinesResponseMeta: description: Metadata about the response. properties: totalCount: description: The total number of pipelines. example: 42 format: int64 type: integer type: object ListPowerpacksResponse: description: Response object which includes all powerpack configurations. properties: data: description: List of powerpack definitions. items: $ref: "#/components/schemas/PowerpackData" type: array included: description: Array of objects related to the users. items: $ref: "#/components/schemas/User" type: array links: $ref: "#/components/schemas/PowerpackResponseLinks" meta: $ref: "#/components/schemas/PowerpacksResponseMeta" type: object ListRelationCatalogResponse: description: List entity relation response. properties: data: $ref: "#/components/schemas/RelationResponseData" included: $ref: "#/components/schemas/ListRelationCatalogResponseIncluded" links: $ref: "#/components/schemas/ListRelationCatalogResponseLinks" meta: $ref: "#/components/schemas/RelationResponseMeta" type: object ListRelationCatalogResponseIncluded: description: List relation response included entities. items: $ref: "#/components/schemas/EntityData" type: array ListRelationCatalogResponseLinks: description: List relation response links. properties: next: description: Next link. example: "/api/v2/catalog/relation?filter[from_ref]=service:service-catalog&include=entity&page[limit]=2&page[offset]=2" type: string previous: description: Previous link. type: string self: description: Current link. example: "/api/v2/catalog/relation?filter[from_ref]=service:service-catalog&include=entity&page[limit]=2&page[offset]=0" type: string type: object ListRulesResponse: description: Scorecard rules response. properties: data: $ref: "#/components/schemas/ListRulesResponseData" links: $ref: "#/components/schemas/ListRulesResponseLinks" type: object ListRulesResponseData: description: Array of rule details. items: $ref: "#/components/schemas/ListRulesResponseDataItem" type: array ListRulesResponseDataItem: description: Rule details. properties: attributes: $ref: "#/components/schemas/RuleAttributes" id: $ref: "#/components/schemas/RuleId" relationships: $ref: "#/components/schemas/RelationshipToRule" type: $ref: "#/components/schemas/RuleType" type: object ListRulesResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of rules. example: "/api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2" type: string type: object ListScorecardsResponse: description: Response containing a list of scorecards. properties: data: $ref: "#/components/schemas/ListScorecardsResponseData" required: - data type: object ListScorecardsResponseData: description: Array of scorecards. items: $ref: "#/components/schemas/ScorecardListResponseData" type: array ListSecurityFindingsResponse: description: The expected response schema when listing security findings. properties: data: description: Array of security findings matching the search query. items: $ref: "#/components/schemas/SecurityFindingsData" type: array links: $ref: "#/components/schemas/SecurityFindingsLinks" meta: $ref: "#/components/schemas/SecurityFindingsMeta" type: object ListTagsResponse: description: List tags response. properties: data: $ref: "#/components/schemas/ListTagsResponseData" type: object ListTagsResponseData: description: The list tags response data. properties: attributes: $ref: "#/components/schemas/ListTagsResponseDataAttributes" id: description: The device ID example: example:1.2.3.4 type: string type: description: The type of the resource. The value should always be tags. type: string type: object ListTagsResponseDataAttributes: description: The definition of ListTagsResponseDataAttributes object. properties: tags: description: The list of tags example: ["tag:test", "tag:testbis"] items: description: A tag string in `key:value` format. type: string type: array type: object ListTeamsInclude: description: Included related resources optionally requested. enum: - team_links - user_team_permissions type: string x-enum-varnames: - TEAM_LINKS - USER_TEAM_PERMISSIONS ListTeamsSort: description: Specifies the order of the returned teams enum: - name - -name - user_count - -user_count type: string x-enum-varnames: - NAME - _NAME - USER_COUNT - _USER_COUNT ListVulnerabilitiesResponse: description: The expected response schema when listing vulnerabilities. properties: data: description: List of vulnerabilities. items: $ref: "#/components/schemas/Vulnerability" type: array links: $ref: "#/components/schemas/Links" meta: $ref: "#/components/schemas/Metadata" required: - data type: object ListVulnerableAssetsResponse: description: The expected response schema when listing vulnerable assets. properties: data: description: List of vulnerable assets. items: $ref: "#/components/schemas/Asset" type: array links: $ref: "#/components/schemas/Links" meta: $ref: "#/components/schemas/Metadata" required: - data type: object Log: description: Object description of a log after being processed and stored by Datadog. properties: attributes: $ref: "#/components/schemas/LogAttributes" id: description: Unique ID of the Log. example: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" type: string type: $ref: "#/components/schemas/LogType" type: object LogAttributes: description: JSON object containing all log attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from your log. example: {"customAttribute": 123, "duration": 2345} type: object host: description: |- Name of the machine from where the logs are being sent. example: "i-0123" type: string message: description: |- The message [reserved attribute](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search. example: "Host connected to remote" type: string service: description: |- The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. example: "agent" type: string status: description: |- Status of the message associated with your log. example: "INFO" type: string tags: description: Array of tags associated with your log. example: ["team:A"] items: description: Tag associated with your log. type: string type: array timestamp: description: Timestamp of your log. example: "2019-01-02T09:42:36.320Z" format: date-time type: string type: object LogType: default: log description: Type of the event. enum: - log example: "log" type: string x-enum-varnames: - LOG LogsAggregateBucket: description: A bucket values properties: by: additionalProperties: description: The values for each group by description: The key, value pairs for each group by example: {"@state": "success", "@version": "abc"} type: object computes: additionalProperties: $ref: "#/components/schemas/LogsAggregateBucketValue" description: A map of the metric name -> value for regular compute or list of values for a timeseries type: object type: object LogsAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value oneOf: - $ref: "#/components/schemas/LogsAggregateBucketValueSingleString" - $ref: "#/components/schemas/LogsAggregateBucketValueSingleNumber" - $ref: "#/components/schemas/LogsAggregateBucketValueTimeseries" LogsAggregateBucketValueSingleNumber: description: A single number value format: double type: number LogsAggregateBucketValueSingleString: description: A single string value type: string LogsAggregateBucketValueTimeseries: description: A timeseries array items: $ref: "#/components/schemas/LogsAggregateBucketValueTimeseriesPoint" type: array x-generate-alias-as-model: true LogsAggregateBucketValueTimeseriesPoint: description: A timeseries point properties: time: description: The time value for this point example: "2020-06-08T11:55:00Z" type: string value: description: The value for this point example: 19 format: double type: number type: object LogsAggregateRequest: description: The object sent with the request to retrieve a list of logs from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: "#/components/schemas/LogsCompute" type: array filter: $ref: "#/components/schemas/LogsQueryFilter" group_by: description: The rules for the group by items: $ref: "#/components/schemas/LogsGroupBy" type: array options: $ref: "#/components/schemas/LogsQueryOptions" page: $ref: "#/components/schemas/LogsAggregateRequestPage" type: object LogsAggregateRequestPage: description: Paging settings properties: cursor: description: |- The returned paging point to use to get the next results. Note: at most 1000 results can be paged. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object LogsAggregateResponse: description: The response object for the logs aggregate API endpoint properties: data: $ref: "#/components/schemas/LogsAggregateResponseData" meta: $ref: "#/components/schemas/LogsResponseMetadata" type: object LogsAggregateResponseData: description: The query results properties: buckets: description: The list of matching buckets, one item per bucket items: $ref: "#/components/schemas/LogsAggregateBucket" type: array type: object LogsAggregateResponseStatus: description: The status of the response enum: ["done", "timeout"] example: "done" type: string x-enum-varnames: ["DONE", "TIMEOUT"] LogsAggregateSort: description: A sort rule example: {"aggregation": "count", "order": "asc"} properties: aggregation: $ref: "#/components/schemas/LogsAggregationFunction" metric: description: The metric to sort by (only used for `type=measure`) example: "@duration" type: string order: $ref: "#/components/schemas/LogsSortOrder" type: $ref: "#/components/schemas/LogsAggregateSortType" type: object LogsAggregateSortType: default: "alphabetical" description: The type of sorting algorithm enum: ["alphabetical", "measure"] type: string x-enum-varnames: ["ALPHABETICAL", "MEASURE"] LogsAggregationFunction: description: An aggregation function enum: ["count", "cardinality", "pc75", "pc90", "pc95", "pc98", "pc99", "sum", "min", "max", "avg", "median"] example: "pc90" type: string x-enum-varnames: ["COUNT", "CARDINALITY", "PERCENTILE_75", "PERCENTILE_90", "PERCENTILE_95", "PERCENTILE_98", "PERCENTILE_99", "SUM", "MIN", "MAX", "AVG", "MEDIAN"] LogsArchive: description: The logs archive. properties: data: $ref: "#/components/schemas/LogsArchiveDefinition" type: object LogsArchiveAttributes: description: The attributes associated with the archive. properties: compression_method: $ref: "#/components/schemas/LogsArchiveAttributesCompressionMethod" destination: $ref: "#/components/schemas/LogsArchiveDestination" include_tags: default: false description: |- To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive. example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_max_scan_size_in_gb: description: Maximum scan size for rehydration from this archive. example: 100 format: int64 nullable: true type: integer rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: ["team:intake", "team:app"] items: description: A given tag in the `:` format. type: string type: array state: $ref: "#/components/schemas/LogsArchiveState" required: - name - query - destination type: object LogsArchiveAttributesCompressionMethod: default: GZIP description: The type of compression for the archive. enum: - GZIP - ZSTD example: GZIP type: string x-enum-varnames: - GZIP - ZSTD LogsArchiveCreateRequest: description: The logs archive. properties: data: $ref: "#/components/schemas/LogsArchiveCreateRequestDefinition" type: object LogsArchiveCreateRequestAttributes: description: The attributes associated with the archive. properties: compression_method: $ref: "#/components/schemas/LogsArchiveAttributesCompressionMethod" destination: $ref: "#/components/schemas/LogsArchiveCreateRequestDestination" include_tags: default: false description: |- To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive. example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_max_scan_size_in_gb: description: Maximum scan size for rehydration from this archive. example: 100 format: int64 nullable: true type: integer rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: ["team:intake", "team:app"] items: description: A given tag in the `:` format. type: string type: array required: - name - query - destination type: object LogsArchiveCreateRequestDefinition: description: The definition of an archive. properties: attributes: $ref: "#/components/schemas/LogsArchiveCreateRequestAttributes" type: default: archives description: The type of the resource. The value should always be archives. example: archives type: string required: - type type: object LogsArchiveCreateRequestDestination: description: An archive's destination. oneOf: - $ref: "#/components/schemas/LogsArchiveDestinationAzure" - $ref: "#/components/schemas/LogsArchiveDestinationGCS" - $ref: "#/components/schemas/LogsArchiveDestinationS3" LogsArchiveDefinition: description: The definition of an archive. properties: attributes: $ref: "#/components/schemas/LogsArchiveAttributes" id: description: The archive ID. example: a2zcMylnM4OCHpYusxIi3g readOnly: true type: string type: default: archives description: The type of the resource. The value should always be archives. example: archives readOnly: true type: string required: - type type: object LogsArchiveDestination: description: An archive's destination. nullable: true oneOf: - $ref: "#/components/schemas/LogsArchiveDestinationAzure" - $ref: "#/components/schemas/LogsArchiveDestinationGCS" - $ref: "#/components/schemas/LogsArchiveDestinationS3" type: object LogsArchiveDestinationAzure: description: The Azure archive destination. properties: container: description: The container where the archive will be stored. example: container-name type: string integration: $ref: "#/components/schemas/LogsArchiveIntegrationAzure" path: description: The archive path. type: string region: description: The region where the archive will be stored. type: string storage_account: description: The associated storage account. example: account-name type: string type: $ref: "#/components/schemas/LogsArchiveDestinationAzureType" required: - storage_account - container - integration - type type: object LogsArchiveDestinationAzureType: default: azure description: Type of the Azure archive destination. enum: - azure example: azure type: string x-enum-varnames: - AZURE LogsArchiveDestinationGCS: description: The GCS archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string integration: $ref: "#/components/schemas/LogsArchiveIntegrationGCS" path: description: The archive path. type: string type: $ref: "#/components/schemas/LogsArchiveDestinationGCSType" required: - bucket - integration - type type: object LogsArchiveDestinationGCSType: default: gcs description: Type of the GCS archive destination. enum: - gcs example: gcs type: string x-enum-varnames: - GCS LogsArchiveDestinationS3: description: The S3 archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string encryption: $ref: "#/components/schemas/LogsArchiveEncryptionS3" integration: $ref: "#/components/schemas/LogsArchiveIntegrationS3" path: description: The archive path. type: string storage_class: $ref: "#/components/schemas/LogsArchiveStorageClassS3Type" type: $ref: "#/components/schemas/LogsArchiveDestinationS3Type" required: - bucket - integration - type type: object LogsArchiveDestinationS3Type: default: s3 description: Type of the S3 archive destination. enum: - s3 example: s3 type: string x-enum-varnames: - S3 LogsArchiveEncryptionS3: description: The S3 encryption settings. properties: key: description: An Amazon Resource Name (ARN) used to identify an AWS KMS key. example: arn:aws:kms:us-east-1:012345678901:key/DatadogIntegrationRoleKms type: string type: $ref: "#/components/schemas/LogsArchiveEncryptionS3Type" required: - type type: object LogsArchiveEncryptionS3Type: description: Type of S3 encryption for a destination. enum: - NO_OVERRIDE - SSE_S3 - SSE_KMS example: SSE_S3 type: string x-enum-varnames: - NO_OVERRIDE - SSE_S3 - SSE_KMS LogsArchiveIntegrationAzure: description: The Azure archive's integration destination. properties: client_id: description: A client ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string tenant_id: description: A tenant ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string required: - tenant_id - client_id type: object LogsArchiveIntegrationGCS: description: The GCS archive's integration destination. properties: client_email: description: A client email. example: youremail@example.com type: string project_id: description: A project ID. example: project-id type: string required: - client_email type: object LogsArchiveIntegrationS3: description: The S3 Archive's integration destination. properties: account_id: description: The account ID for the integration. example: "123456789012" type: string role_name: description: The path of the integration. example: role-name type: string required: - role_name - account_id type: object LogsArchiveOrder: description: A ordered list of archive IDs. properties: data: $ref: "#/components/schemas/LogsArchiveOrderDefinition" type: object LogsArchiveOrderAttributes: description: The attributes associated with the archive order. properties: archive_ids: description: |- An ordered array of `` strings, the order of archive IDs in the array define the overall archives order for Datadog. example: ["a2zcMylnM4OCHpYusxIi1g", "a2zcMylnM4OCHpYusxIi2g", "a2zcMylnM4OCHpYusxIi3g"] items: description: A given archive ID. type: string type: array required: - archive_ids type: object LogsArchiveOrderDefinition: description: The definition of an archive order. properties: attributes: $ref: "#/components/schemas/LogsArchiveOrderAttributes" type: $ref: "#/components/schemas/LogsArchiveOrderDefinitionType" required: - type - attributes type: object LogsArchiveOrderDefinitionType: default: archive_order description: Type of the archive order definition. enum: - archive_order example: archive_order type: string x-enum-varnames: - ARCHIVE_ORDER LogsArchiveState: description: The state of the archive. enum: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY example: WORKING type: string x-enum-varnames: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY LogsArchiveStorageClassS3Type: default: STANDARD description: The storage class where the archive will be stored. enum: - STANDARD - STANDARD_IA - ONEZONE_IA - INTELLIGENT_TIERING - GLACIER_IR example: STANDARD type: string x-enum-varnames: - STANDARD - STANDARD_IA - ONEZONE_IA - INTELLIGENT_TIERING - GLACIER_IR LogsArchives: description: The available archives. properties: data: description: A list of archives. items: $ref: "#/components/schemas/LogsArchiveDefinition" type: array type: object LogsCompute: description: A compute rule to compute metrics or timeseries properties: aggregation: $ref: "#/components/schemas/LogsAggregationFunction" interval: description: |- The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points example: "5m" type: string metric: description: The metric to use example: "@duration" type: string type: $ref: "#/components/schemas/LogsComputeType" required: - aggregation type: object LogsComputeType: default: "total" description: The type of compute enum: ["timeseries", "total"] type: string x-enum-varnames: ["TIMESERIES", "TOTAL"] LogsGroupBy: description: A group by rule properties: facet: description: The name of the facet to use (required) example: "host" type: string histogram: $ref: "#/components/schemas/LogsGroupByHistogram" limit: default: 10 description: |- The maximum buckets to return for this group by. Note: at most 10000 buckets are allowed. If grouping by multiple facets, the product of limits must not exceed 10000. format: int64 type: integer missing: $ref: "#/components/schemas/LogsGroupByMissing" sort: $ref: "#/components/schemas/LogsAggregateSort" total: $ref: "#/components/schemas/LogsGroupByTotal" required: - facet type: object LogsGroupByHistogram: description: |- Used to perform a histogram computation (only for measure facets). Note: at most 100 buckets are allowed, the number of buckets is (max - min)/interval. properties: interval: description: The bin size of the histogram buckets example: 10 format: double type: number max: description: |- The maximum value for the measure used in the histogram (values greater than this one are filtered out) example: 100 format: double type: number min: description: |- The minimum value for the measure used in the histogram (values smaller than this one are filtered out) example: 50 format: double type: number required: - interval - min - max type: object LogsGroupByMissing: description: The value to use for logs that don't have the facet used to group by oneOf: - $ref: "#/components/schemas/LogsGroupByMissingString" - $ref: "#/components/schemas/LogsGroupByMissingNumber" LogsGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number LogsGroupByMissingString: description: The missing value to use if there is string valued facet. type: string LogsGroupByTotal: default: false description: |- A resulting object to put the given computes in over all the matching records. oneOf: - $ref: "#/components/schemas/LogsGroupByTotalBoolean" - $ref: "#/components/schemas/LogsGroupByTotalString" - $ref: "#/components/schemas/LogsGroupByTotalNumber" LogsGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total" type: boolean LogsGroupByTotalNumber: description: A number to use as the key value for the total bucket format: double type: number LogsGroupByTotalString: description: A string to use as the key value for the total bucket type: string LogsListRequest: description: The request for a logs list. properties: filter: $ref: "#/components/schemas/LogsQueryFilter" options: $ref: "#/components/schemas/LogsQueryOptions" page: $ref: "#/components/schemas/LogsListRequestPage" sort: $ref: "#/components/schemas/LogsSort" type: object LogsListRequestPage: description: Paging attributes for listing logs. properties: cursor: description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string limit: default: 10 description: Maximum number of logs in the response. example: 25 format: int32 maximum: 1000 type: integer type: object LogsListResponse: description: Response object with all logs matching the request and pagination information. properties: data: description: Array of logs matching the request. items: $ref: "#/components/schemas/Log" type: array links: $ref: "#/components/schemas/LogsListResponseLinks" meta: $ref: "#/components/schemas/LogsResponseMetadata" type: object LogsListResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of results. Note that the request can also be made using the POST endpoint. example: "https://app.datadoghq.com/api/v2/logs/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object LogsMetricCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: "#/components/schemas/LogsMetricComputeAggregationType" include_percentiles: $ref: "#/components/schemas/LogsMetricComputeIncludePercentiles" path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: "@duration" type: string required: - aggregation_type type: object LogsMetricComputeAggregationType: description: The type of aggregation to use. enum: ["count", "distribution"] example: "distribution" type: string x-enum-varnames: ["COUNT", "DISTRIBUTION"] LogsMetricComputeIncludePercentiles: description: |- Toggle to include or exclude percentile aggregations for distribution metrics. Only present when the `aggregation_type` is `distribution`. example: true type: boolean LogsMetricCreateAttributes: description: The object describing the Datadog log-based metric to create. properties: compute: $ref: "#/components/schemas/LogsMetricCompute" filter: $ref: "#/components/schemas/LogsMetricFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/LogsMetricGroupBy" type: array required: - compute type: object LogsMetricCreateData: description: The new log-based metric properties. properties: attributes: $ref: "#/components/schemas/LogsMetricCreateAttributes" id: $ref: "#/components/schemas/LogsMetricID" type: $ref: "#/components/schemas/LogsMetricType" required: - id - type - attributes type: object LogsMetricCreateRequest: description: The new log-based metric body. properties: data: $ref: "#/components/schemas/LogsMetricCreateData" required: - data type: object LogsMetricFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: default: "*" description: The search query - following the log search syntax. example: "service:web* AND @http.status_code:[200 TO 299]" type: string type: object LogsMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: "@http.status_code" type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: "status_code" type: string required: - path type: object LogsMetricID: description: The name of the log-based metric. example: "logs.page.load.count" type: string LogsMetricResponse: description: The log-based metric object. properties: data: $ref: "#/components/schemas/LogsMetricResponseData" type: object LogsMetricResponseAttributes: description: The object describing a Datadog log-based metric. properties: compute: $ref: "#/components/schemas/LogsMetricResponseCompute" filter: $ref: "#/components/schemas/LogsMetricResponseFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/LogsMetricResponseGroupBy" type: array type: object LogsMetricResponseCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: "#/components/schemas/LogsMetricResponseComputeAggregationType" include_percentiles: $ref: "#/components/schemas/LogsMetricComputeIncludePercentiles" path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: "@duration" type: string type: object LogsMetricResponseComputeAggregationType: description: The type of aggregation to use. enum: ["count", "distribution"] example: "distribution" type: string x-enum-varnames: ["COUNT", "DISTRIBUTION"] LogsMetricResponseData: description: The log-based metric properties. properties: attributes: $ref: "#/components/schemas/LogsMetricResponseAttributes" id: $ref: "#/components/schemas/LogsMetricID" type: $ref: "#/components/schemas/LogsMetricType" type: object LogsMetricResponseFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: description: The search query - following the log search syntax. example: "service:web* AND @http.status_code:[200 TO 299]" type: string type: object LogsMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: "@http.status_code" type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: "status_code" type: string type: object LogsMetricType: default: logs_metrics description: The type of the resource. The value should always be logs_metrics. enum: - logs_metrics example: logs_metrics type: string x-enum-varnames: ["LOGS_METRICS"] LogsMetricUpdateAttributes: description: The log-based metric properties that will be updated. properties: compute: $ref: "#/components/schemas/LogsMetricUpdateCompute" filter: $ref: "#/components/schemas/LogsMetricFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/LogsMetricGroupBy" type: array type: object LogsMetricUpdateCompute: description: The compute rule to compute the log-based metric. properties: include_percentiles: $ref: "#/components/schemas/LogsMetricComputeIncludePercentiles" type: object LogsMetricUpdateData: description: The new log-based metric properties. properties: attributes: $ref: "#/components/schemas/LogsMetricUpdateAttributes" type: $ref: "#/components/schemas/LogsMetricType" required: - type - attributes type: object LogsMetricUpdateRequest: description: The new log-based metric body. properties: data: $ref: "#/components/schemas/LogsMetricUpdateData" required: - data type: object LogsMetricsResponse: description: All the available log-based metric objects. properties: data: description: A list of log-based metric objects. items: $ref: "#/components/schemas/LogsMetricResponseData" type: array type: object LogsQueryFilter: description: The search and filter query settings properties: from: default: "now-15m" description: The minimum time for the requested logs, supports date math and regular timestamps (milliseconds). example: "now-15m" type: string indexes: default: ["*"] description: For customers with multiple indexes, the indexes to search. Defaults to ['*'] which means all indexes. example: ["main", "web"] items: description: The name of a log index. type: string type: array query: default: "*" description: The search query - following the log search syntax. example: "service:web* AND @http.status_code:[200 TO 299]" type: string storage_tier: $ref: "#/components/schemas/LogsStorageTier" to: default: "now" description: The maximum time for the requested logs, supports date math and regular timestamps (milliseconds). example: "now" type: string type: object LogsQueryOptions: deprecated: true description: |- Global query options that are used during the query. Note: These fields are currently deprecated and do not affect the query results. properties: timeOffset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: "UTC" description: |- The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: "GMT" type: string type: object LogsResponseMetadata: description: The metadata associated with a request properties: elapsed: description: The time elapsed in milliseconds example: 132 format: int64 type: integer page: $ref: "#/components/schemas/LogsResponseMetadataPage" request_id: description: The identifier of the request example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: $ref: "#/components/schemas/LogsAggregateResponseStatus" warnings: description: |- A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response. items: $ref: "#/components/schemas/LogsWarning" type: array type: object LogsResponseMetadataPage: description: Paging attributes. properties: after: description: |- The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object LogsRestrictionQueriesType: default: logs_restriction_queries description: Restriction query resource type. enum: - logs_restriction_queries example: logs_restriction_queries type: string x-enum-varnames: - LOGS_RESTRICTION_QUERIES LogsSort: description: Sort parameters when querying logs. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING LogsSortOrder: description: The order to use, ascending or descending enum: - "asc" - "desc" example: "asc" type: string x-enum-varnames: - "ASCENDING" - "DESCENDING" LogsStorageTier: default: "indexes" description: Specifies storage type as indexes, online-archives or flex enum: ["indexes", "online-archives", "flex"] example: "indexes" type: string x-enum-varnames: ["INDEXES", "ONLINE_ARCHIVES", "FLEX"] LogsWarning: description: A warning message indicating something that went wrong with the query properties: code: description: A unique code for this type of warning example: "unknown_index" type: string detail: description: A detailed explanation of this specific warning example: "indexes: foo, bar" type: string title: description: A short human-readable summary of the warning example: "One or several indexes are missing or invalid, results hold data from the other indexes" type: string type: object MSTeamsIntegrationMetadata: description: Incident integration metadata for the Microsoft Teams integration. properties: teams: description: Array of Microsoft Teams in this integration metadata. example: [] items: $ref: "#/components/schemas/MSTeamsIntegrationMetadataTeamsItem" type: array required: - teams type: object MSTeamsIntegrationMetadataTeamsItem: description: Item in the Microsoft Teams integration metadata teams array. properties: ms_channel_id: description: Microsoft Teams channel ID. example: 19:abc00abcdef00a0abcdef0abcdef0a@thread.tacv2 type: string ms_channel_name: description: Microsoft Teams channel name. example: incident-0001-example type: string ms_tenant_id: description: Microsoft Teams tenant ID. example: 00000000-abcd-0005-0000-000000000000 type: string redirect_url: description: URL redirecting to the Microsoft Teams channel. example: https://teams.microsoft.com/l/channel/19%3Aabc00abcdef00a0abcdef0abcdef0a%40thread.tacv2/conversations?groupId=12345678-abcd-dcba-abcd-1234567890ab&tenantId=00000000-abcd-0005-0000-000000000000 type: string required: - ms_tenant_id - ms_channel_id - ms_channel_name - redirect_url type: object Maintenance: description: Response object for a single maintenance. properties: data: $ref: "#/components/schemas/MaintenanceData" included: description: The included related resources of a maintenance. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/DegradationIncluded" type: array type: object MaintenanceArray: description: Response object for a list of maintenances. properties: data: description: A list of maintenance data objects. items: $ref: "#/components/schemas/MaintenanceData" type: array included: description: The included related resources of a maintenance. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/DegradationIncluded" type: array meta: $ref: "#/components/schemas/PaginationMeta" required: - data type: object MaintenanceData: description: The data object for a maintenance. properties: attributes: $ref: "#/components/schemas/MaintenanceDataAttributes" id: description: The ID of the maintenance. format: uuid type: string relationships: $ref: "#/components/schemas/MaintenanceDataRelationships" type: $ref: "#/components/schemas/PatchMaintenanceRequestDataType" required: - type type: object MaintenanceDataAttributes: description: The attributes of a maintenance. properties: completed_date: description: Timestamp of when the maintenance was completed. format: date-time type: string completed_description: description: The description shown when the maintenance is completed. type: string components_affected: description: Components affected by the maintenance. items: $ref: "#/components/schemas/MaintenanceDataAttributesComponentsAffectedItems" type: array in_progress_description: description: The description shown while the maintenance is in progress. type: string modified_at: description: Timestamp of when the maintenance was last modified. format: date-time type: string published_date: description: Timestamp of when the maintenance was published. format: date-time type: string scheduled_description: description: The description shown when the maintenance is scheduled. type: string start_date: description: Timestamp of when the maintenance is scheduled to start. format: date-time type: string status: $ref: "#/components/schemas/MaintenanceDataAttributesStatus" description: The status of the maintenance. title: description: Title of the maintenance. type: string updates: description: Past updates made to the maintenance. items: $ref: "#/components/schemas/MaintenanceDataAttributesUpdatesItems" type: array type: object MaintenanceDataAttributesComponentsAffectedItems: description: A component affected by a maintenance. properties: id: description: The ID of the component. Must be a component of type `component`. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/PatchMaintenanceRequestDataAttributesComponentsAffectedItemsStatus" required: - id - status type: object MaintenanceDataAttributesStatus: description: The status of the maintenance. enum: - scheduled - in_progress - completed type: string x-enum-varnames: - SCHEDULED - IN_PROGRESS - COMPLETED MaintenanceDataAttributesUpdatesItems: description: An update made to a maintenance. properties: components_affected: description: The components affected at the time of the update. items: $ref: "#/components/schemas/MaintenanceDataAttributesUpdatesItemsComponentsAffectedItems" type: array created_at: description: Timestamp of when the update was created. format: date-time readOnly: true type: string description: description: Description of the update. type: string id: description: Identifier of the update. format: uuid readOnly: true type: string manual_transition: description: Whether the update was applied manually by a user (true) or automatically by the system (false). readOnly: true type: boolean modified_at: description: Timestamp of when the update was last modified. format: date-time readOnly: true type: string started_at: description: Timestamp of when the update started. format: date-time type: string status: description: The status of the update. type: string type: object MaintenanceDataAttributesUpdatesItemsComponentsAffectedItems: description: A component affected at the time of a maintenance update. properties: id: description: Identifier of the component affected at the time of the update. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component affected at the time of the update. readOnly: true type: string status: $ref: "#/components/schemas/PatchMaintenanceRequestDataAttributesComponentsAffectedItemsStatus" description: The status of the component affected at the time of the update. required: - id - status type: object MaintenanceDataRelationships: description: The relationships of a maintenance. properties: created_by_user: $ref: "#/components/schemas/MaintenanceDataRelationshipsCreatedByUser" description: The Datadog user who created the maintenance. last_modified_by_user: $ref: "#/components/schemas/MaintenanceDataRelationshipsLastModifiedByUser" description: The Datadog user who last modified the maintenance. status_page: $ref: "#/components/schemas/MaintenanceDataRelationshipsStatusPage" description: The status page the maintenance belongs to. type: object MaintenanceDataRelationshipsCreatedByUser: description: The Datadog user who created the maintenance. properties: data: $ref: "#/components/schemas/MaintenanceDataRelationshipsCreatedByUserData" required: - data type: object MaintenanceDataRelationshipsCreatedByUserData: description: The data object identifying the Datadog user who created the maintenance. properties: id: description: The ID of the Datadog user who created the maintenance. example: "" format: uuid type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object MaintenanceDataRelationshipsLastModifiedByUser: description: The Datadog user who last modified the maintenance. properties: data: $ref: "#/components/schemas/MaintenanceDataRelationshipsLastModifiedByUserData" required: - data type: object MaintenanceDataRelationshipsLastModifiedByUserData: description: The data object identifying the Datadog user who last modified the maintenance. properties: id: description: The ID of the Datadog user who last modified the maintenance. example: "" format: uuid type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object MaintenanceDataRelationshipsStatusPage: description: The status page the maintenance belongs to. properties: data: $ref: "#/components/schemas/MaintenanceDataRelationshipsStatusPageData" required: - data type: object MaintenanceDataRelationshipsStatusPageData: description: The data object identifying the status page associated with a maintenance. properties: id: description: The ID of the status page. example: "" format: uuid type: string type: $ref: "#/components/schemas/StatusPageDataType" required: - type - id type: object ManagedOrgsData: description: The managed organizations resource. properties: id: description: The UUID of the current organization. example: "4dee724d-00cc-11ea-a77b-570c9d03c6c5" format: uuid type: string relationships: $ref: "#/components/schemas/ManagedOrgsRelationships" type: $ref: "#/components/schemas/ManagedOrgsType" required: - id - type - relationships type: object ManagedOrgsRelationshipToOrg: description: Relationship to the current organization. properties: data: $ref: "#/components/schemas/OrgRelationshipData" required: - data type: object ManagedOrgsRelationshipToOrgs: description: Relationship to the managed organizations. properties: data: description: List of managed organization references. items: $ref: "#/components/schemas/OrgRelationshipData" type: array required: - data type: object ManagedOrgsRelationships: description: Relationships of the managed organizations resource. properties: current_org: $ref: "#/components/schemas/ManagedOrgsRelationshipToOrg" managed_orgs: $ref: "#/components/schemas/ManagedOrgsRelationshipToOrgs" required: - current_org - managed_orgs type: object ManagedOrgsResponse: description: Response containing the current organization and its managed organizations. properties: data: $ref: "#/components/schemas/ManagedOrgsData" included: description: Included organization resources. items: $ref: "#/components/schemas/OrgData" type: array required: - data - included type: object ManagedOrgsType: description: The resource type for managed organizations. enum: [managed_orgs] example: "managed_orgs" type: string x-enum-varnames: - MANAGED_ORGS MemberTeam: description: A member team properties: id: description: The member team's identifier example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string type: $ref: "#/components/schemas/MemberTeamType" required: - id - type type: object MemberTeamType: default: member_teams description: Member team type enum: - member_teams example: member_teams type: string x-enum-varnames: - MEMBER_TEAMS Metadata: description: The metadata related to this request. properties: count: description: Number of entities included in the response. example: 150 format: int64 type: integer token: description: The token that identifies the request. example: "b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" type: string total: description: Total number of entities across all pages. example: 152431 format: int64 type: integer required: - count - total - token type: object Metric: description: Object for a single metric tag configuration. example: id: metric.foo.bar type: metrics properties: id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricType" type: object MetricActiveConfigurationType: default: actively_queried_configurations description: The metric actively queried configuration resource type. enum: - actively_queried_configurations example: actively_queried_configurations type: string x-enum-varnames: - ACTIVELY_QUERIED_CONFIGURATIONS MetricAllTags: description: Object for a single metric's indexed and ingested tags. properties: attributes: $ref: "#/components/schemas/MetricAllTagsAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricType" type: object MetricAllTagsAttributes: description: Object containing the definition of a metric's indexed and ingested tags. properties: ingested_tags: description: List of ingested tags that are not indexed. example: ["env:prod", "service:web", "version:1.0"] items: description: Ingested tags for the metric. type: string type: array tags: description: List of indexed tags. example: ["sport:golf", "sport:football", "animal:dog"] items: description: Indexed tags for the metric. type: string type: array type: object MetricAllTagsResponse: description: Response object that includes a single metric's indexed and ingested tags. properties: data: $ref: "#/components/schemas/MetricAllTags" readOnly: true type: object MetricAssetAttributes: description: Assets related to the object, including title, url, and tags. properties: tags: description: List of tag keys used in the asset. example: ["env", "service", "host", "datacenter"] items: description: Tag key used in assets. type: string type: array title: description: Title of the asset. type: string url: description: URL path of the asset. type: string type: object MetricAssetDashboardRelationship: description: An object of type `dashboard` that can be referenced in the `included` data. properties: id: $ref: "#/components/schemas/MetricDashboardID" type: $ref: "#/components/schemas/MetricDashboardType" type: object MetricAssetDashboardRelationships: description: An object containing the list of dashboards that can be referenced in the `included` data. properties: data: description: A list of dashboards that can be referenced in the `included` data. items: $ref: "#/components/schemas/MetricAssetDashboardRelationship" type: array type: object MetricAssetMonitorRelationship: description: An object of type `monitor` that can be referenced in the `included` data. properties: id: $ref: "#/components/schemas/MetricMonitorID" type: $ref: "#/components/schemas/MetricMonitorType" type: object MetricAssetMonitorRelationships: description: A object containing the list of monitors that can be referenced in the `included` data. properties: data: description: A list of monitors that can be referenced in the `included` data. items: $ref: "#/components/schemas/MetricAssetMonitorRelationship" type: array type: object MetricAssetNotebookRelationship: description: An object of type `notebook` that can be referenced in the `included` data. properties: id: $ref: "#/components/schemas/MetricNotebookID" type: $ref: "#/components/schemas/MetricNotebookType" type: object MetricAssetNotebookRelationships: description: An object containing the list of notebooks that can be referenced in the `included` data. properties: data: description: A list of notebooks that can be referenced in the `included` data. items: $ref: "#/components/schemas/MetricAssetNotebookRelationship" type: array type: object MetricAssetResponseData: description: Metric assets response data. properties: id: $ref: "#/components/schemas/MetricName" relationships: $ref: "#/components/schemas/MetricAssetResponseRelationships" type: $ref: "#/components/schemas/MetricType" required: - id - type type: object MetricAssetResponseIncluded: description: List of included assets with full set of attributes. oneOf: - $ref: "#/components/schemas/MetricDashboardAsset" - $ref: "#/components/schemas/MetricMonitorAsset" - $ref: "#/components/schemas/MetricNotebookAsset" - $ref: "#/components/schemas/MetricSLOAsset" MetricAssetResponseRelationships: description: Relationships to assets related to the metric. properties: dashboards: $ref: "#/components/schemas/MetricAssetDashboardRelationships" monitors: $ref: "#/components/schemas/MetricAssetMonitorRelationships" notebooks: $ref: "#/components/schemas/MetricAssetNotebookRelationships" slos: $ref: "#/components/schemas/MetricAssetSLORelationships" type: object MetricAssetSLORelationship: description: An object of type `slos` that can be referenced in the `included` data. properties: id: $ref: "#/components/schemas/MetricSLOID" type: $ref: "#/components/schemas/MetricSLOType" type: object MetricAssetSLORelationships: description: An object containing a list of SLOs that can be referenced in the `included` data. properties: data: description: A list of SLOs that can be referenced in the `included` data. items: $ref: "#/components/schemas/MetricAssetSLORelationship" type: array type: object MetricAssetsResponse: description: Response object that includes related dashboards, monitors, notebooks, and SLOs. properties: data: $ref: "#/components/schemas/MetricAssetResponseData" included: description: Array of objects related to the metric assets. items: $ref: "#/components/schemas/MetricAssetResponseIncluded" type: array type: object MetricBulkConfigureTagsType: default: metric_bulk_configure_tags description: The metric bulk configure tags resource. enum: - metric_bulk_configure_tags example: metric_bulk_configure_tags type: string x-enum-varnames: - BULK_MANAGE_TAGS MetricBulkTagConfigCreate: description: Request object to bulk configure tags for metrics matching the given prefix. properties: attributes: $ref: "#/components/schemas/MetricBulkTagConfigCreateAttributes" id: $ref: "#/components/schemas/MetricBulkTagConfigNamePrefix" type: $ref: "#/components/schemas/MetricBulkConfigureTagsType" required: - id - type type: object MetricBulkTagConfigCreateAttributes: description: Optional parameters for bulk creating metric tag configurations. properties: emails: $ref: "#/components/schemas/MetricBulkTagConfigEmailList" exclude_tags_mode: description: |- When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false. type: boolean include_actively_queried_tags_window: description: |- When provided, all tags that have been actively queried are configured (and, therefore, remain queryable) for each metric that matches the given prefix. Minimum value is 1 second, and maximum value is 7,776,000 seconds (90 days). format: double maximum: 7776000 minimum: 1 type: number override_existing_configurations: description: |- When set to true, the configuration overrides any existing configurations for the given metric with the new set of tags in this configuration request. If false, old configurations are kept and are merged with the set of tags in this configuration request. Defaults to true. type: boolean tags: $ref: "#/components/schemas/MetricBulkTagConfigTagNameList" type: object MetricBulkTagConfigCreateRequest: description: Wrapper object for a single bulk tag configuration request. properties: data: $ref: "#/components/schemas/MetricBulkTagConfigCreate" required: - data type: object MetricBulkTagConfigDelete: description: Request object to bulk delete all tag configurations for metrics matching the given prefix. properties: attributes: $ref: "#/components/schemas/MetricBulkTagConfigDeleteAttributes" id: $ref: "#/components/schemas/MetricBulkTagConfigNamePrefix" type: $ref: "#/components/schemas/MetricBulkConfigureTagsType" required: - id - type type: object MetricBulkTagConfigDeleteAttributes: description: Optional parameters for bulk deleting metric tag configurations. properties: emails: $ref: "#/components/schemas/MetricBulkTagConfigEmailList" type: object MetricBulkTagConfigDeleteRequest: description: Wrapper object for a single bulk tag deletion request. properties: data: $ref: "#/components/schemas/MetricBulkTagConfigDelete" required: - data type: object MetricBulkTagConfigEmailList: description: A list of account emails to notify when the configuration is applied. example: ["sue@example.com", "bob@example.com"] items: description: An email address. type: string type: array MetricBulkTagConfigNamePrefix: description: A text prefix to match against metric names. example: "kafka.lag" type: string MetricBulkTagConfigResponse: description: Wrapper for a single bulk tag configuration status response. properties: data: $ref: "#/components/schemas/MetricBulkTagConfigStatus" type: object MetricBulkTagConfigStatus: description: |- The status of a request to bulk configure metric tags. It contains the fields from the original request for reference. properties: attributes: $ref: "#/components/schemas/MetricBulkTagConfigStatusAttributes" id: $ref: "#/components/schemas/MetricBulkTagConfigNamePrefix" type: $ref: "#/components/schemas/MetricBulkConfigureTagsType" required: - id - type type: object MetricBulkTagConfigStatusAttributes: description: Optional attributes for the status of a bulk tag configuration request. properties: emails: $ref: "#/components/schemas/MetricBulkTagConfigEmailList" exclude_tags_mode: description: |- When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. type: boolean status: description: The status of the request. example: "Accepted" type: string tags: $ref: "#/components/schemas/MetricBulkTagConfigTagNameList" type: object MetricBulkTagConfigTagNameList: description: A list of tag names to apply to the configuration. example: ["host", "pod_name", "is_shadow"] items: description: A metric tag name. maxLength: 200 pattern: ^[A-Za-z][A-Za-z0-9\.\-\_:\/]*$ type: string type: array MetricContentEncoding: default: deflate description: HTTP header used to compress the media-type. enum: - deflate - zstd1 - gzip example: deflate type: string x-enum-varnames: - DEFLATE - ZSTD1 - GZIP MetricCustomAggregation: description: |- A time and space aggregation combination for use in query. example: space: sum time: sum properties: space: $ref: "#/components/schemas/MetricCustomSpaceAggregation" time: $ref: "#/components/schemas/MetricCustomTimeAggregation" required: - time - space type: object MetricCustomAggregations: description: |- Deprecated. You no longer need to configure specific time and space aggregations for Metrics Without Limits. example: - space: sum time: sum - space: sum time: count items: $ref: "#/components/schemas/MetricCustomAggregation" type: array MetricCustomSpaceAggregation: description: A space aggregation for use in query. enum: - avg - max - min - sum example: sum type: string x-enum-varnames: - AVG - MAX - MIN - SUM MetricCustomTimeAggregation: description: A time aggregation for use in query. enum: - avg - count - max - min - sum example: sum type: string x-enum-varnames: - AVG - COUNT - MAX - MIN - SUM MetricDashboardAsset: description: A dashboard object with title and popularity. properties: attributes: $ref: "#/components/schemas/MetricDashboardAttributes" id: $ref: "#/components/schemas/MetricDashboardID" type: $ref: "#/components/schemas/MetricDashboardType" required: - id - type type: object MetricDashboardAttributes: description: Attributes related to the dashboard, including title, popularity, and url. properties: popularity: description: Value from 0 to 5 that ranks popularity of the dashboard. format: double maximum: 5 minimum: 0 type: number tags: description: List of tag keys used in the asset. example: ["env", "service", "host", "datacenter"] items: description: Tag key used in assets. type: string type: array title: description: Title of the asset. type: string url: description: URL path of the asset. type: string type: object MetricDashboardID: description: The related dashboard's ID. example: "xxx-yyy-zzz" type: string MetricDashboardType: description: Dashboard resource type. enum: - dashboards example: "dashboards" type: string x-enum-varnames: - DASHBOARDS MetricDistinctVolume: description: Object for a single metric's distinct volume. properties: attributes: $ref: "#/components/schemas/MetricDistinctVolumeAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricDistinctVolumeType" type: object MetricDistinctVolumeAttributes: description: Object containing the definition of a metric's distinct volume. properties: distinct_volume: description: Distinct volume for the given metric. example: 10 format: int64 type: integer type: object MetricDistinctVolumeType: default: distinct_metric_volumes description: The metric distinct volume type. enum: - distinct_metric_volumes example: distinct_metric_volumes type: string x-enum-varnames: - DISTINCT_METRIC_VOLUMES MetricEstimate: description: Object for a metric cardinality estimate. properties: attributes: $ref: "#/components/schemas/MetricEstimateAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricEstimateResourceType" type: object MetricEstimateAttributes: description: Object containing the definition of a metric estimate attribute. properties: estimate_type: $ref: "#/components/schemas/MetricEstimateType" estimated_at: description: Timestamp when the cardinality estimate was requested. example: "2022-04-27T09:48:37.463835Z" format: date-time type: string estimated_output_series: description: Estimated cardinality of the metric based on the queried configuration. example: 50 format: int64 type: integer type: object MetricEstimateResourceType: default: metric_cardinality_estimate description: The metric estimate resource type. enum: - metric_cardinality_estimate example: metric_cardinality_estimate type: string x-enum-varnames: - METRIC_CARDINALITY_ESTIMATE MetricEstimateResponse: description: Response object that includes metric cardinality estimates. properties: data: $ref: "#/components/schemas/MetricEstimate" type: object MetricEstimateType: default: count_or_gauge description: |- Estimate type based on the queried configuration. By default, `count_or_gauge` is returned. `distribution` is returned for distribution metrics without percentiles enabled. Lastly, `percentile` is returned if `filter[pct]=true` is queried with a distribution metric. enum: - count_or_gauge - distribution - percentile example: distribution type: string x-enum-varnames: - COUNT_OR_GAUGE - DISTRIBUTION - PERCENTILE MetricIngestedIndexedVolume: description: Object for a single metric's ingested and indexed volume. properties: attributes: $ref: "#/components/schemas/MetricIngestedIndexedVolumeAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricIngestedIndexedVolumeType" type: object MetricIngestedIndexedVolumeAttributes: description: Object containing the definition of a metric's ingested and indexed volume. properties: indexed_volume: description: Indexed volume for the given metric. example: 10 format: int64 type: integer ingested_volume: description: Ingested volume for the given metric. example: 20 format: int64 type: integer type: object MetricIngestedIndexedVolumeType: default: metric_volumes description: The metric ingested and indexed volume type. enum: - metric_volumes example: metric_volumes type: string x-enum-varnames: - METRIC_VOLUMES MetricIntakeType: description: The type of metric. The available types are `0` (unspecified), `1` (count), `2` (rate), and `3` (gauge). enum: - 0 - 1 - 2 - 3 format: int32 type: integer x-enum-varnames: - UNSPECIFIED - COUNT - RATE - GAUGE MetricMetaPage: description: Paging attributes. Only present if pagination query parameters were provided. properties: cursor: description: The cursor used to get the current results, if any. nullable: true type: string limit: description: Number of results returned format: int32 maximum: 20000 minimum: 0 type: integer next_cursor: description: The cursor used to get the next results, if any. nullable: true type: string type: $ref: "#/components/schemas/MetricMetaPageType" type: object MetricMetaPageType: default: cursor_limit description: Type of metric pagination. enum: - cursor_limit example: cursor_limit type: string x-enum-varnames: - CURSOR_LIMIT MetricMetadata: description: Metadata for the metric. properties: origin: $ref: "#/components/schemas/MetricOrigin" type: object MetricMonitorAsset: description: A monitor object with title. properties: attributes: $ref: "#/components/schemas/MetricAssetAttributes" id: $ref: "#/components/schemas/MetricMonitorID" type: $ref: "#/components/schemas/MetricMonitorType" required: - id - type type: object MetricMonitorID: description: The related monitor's ID. example: "1775073" type: string MetricMonitorType: description: Monitor resource type. enum: - monitors example: "monitors" type: string x-enum-varnames: - MONITORS MetricName: description: The metric name for this resource. example: test.metric.latency type: string MetricNotebookAsset: description: A notebook object with title. properties: attributes: $ref: "#/components/schemas/MetricAssetAttributes" id: $ref: "#/components/schemas/MetricNotebookID" type: $ref: "#/components/schemas/MetricNotebookType" required: - id - type type: object MetricNotebookID: description: The related notebook's ID. example: "12345" type: string MetricNotebookType: description: Notebook resource type. enum: - notebooks example: "notebooks" type: string x-enum-varnames: - NOTEBOOKS MetricOrigin: description: Metric origin information. properties: metric_type: default: 0 description: The origin metric type code format: int32 maximum: 1000 type: integer product: default: 0 description: The origin product code format: int32 maximum: 1000 type: integer service: default: 0 description: The origin service code format: int32 maximum: 1000 type: integer type: object MetricPaginationMeta: description: Response metadata object. properties: pagination: $ref: "#/components/schemas/MetricMetaPage" type: object MetricPayload: description: The metrics' payload. properties: series: description: A list of timeseries to submit to Datadog. example: - metric: "system.load.1" points: - {timestamp: 1475317847, value: 0.7} resources: - {name: "dummyhost", type: "host"} items: $ref: "#/components/schemas/MetricSeries" type: array required: - series type: object MetricPoint: description: A point object is of the form `{POSIX_timestamp, numeric_value}`. example: {timestamp: 1575317847, value: 0.5} properties: timestamp: description: |- The timestamp should be in seconds and current. Current is defined as not more than 10 minutes in the future or more than 1 hour in the past. format: int64 type: integer value: description: The numeric value format should be a 64bit float gauge-type value. format: double type: number type: object MetricResource: description: Metric resource. example: {name: "dummyhost", type: "host"} properties: name: description: The name of the resource. type: string type: description: The type of the resource. type: string type: object MetricSLOAsset: description: A SLO object with title. properties: attributes: $ref: "#/components/schemas/MetricAssetAttributes" id: $ref: "#/components/schemas/MetricSLOID" type: $ref: "#/components/schemas/MetricSLOType" required: - id - type type: object MetricSLOID: description: The SLO ID. example: "9ffef113b389520db54391d67d652dfb" type: string MetricSLOType: description: SLO resource type. enum: - slos example: "slos" type: string x-enum-varnames: - SLOS MetricSeries: description: |- A metric to submit to Datadog. See [Datadog metrics](https://docs.datadoghq.com/developers/metrics/#custom-metrics-properties). properties: interval: description: If the type of the metric is rate or count, define the corresponding interval in seconds. example: 20 format: int64 type: integer metadata: $ref: "#/components/schemas/MetricMetadata" metric: description: The name of the timeseries. example: system.load.1 type: string points: description: Points relating to a metric. All points must be objects with timestamp and a scalar value (cannot be a string). Timestamps should be in POSIX time in seconds, and cannot be more than ten minutes in the future or more than one hour in the past. example: - {timestamp: 1575317847, value: 0.5} items: $ref: "#/components/schemas/MetricPoint" type: array resources: description: A list of resources to associate with this metric. items: $ref: "#/components/schemas/MetricResource" type: array source_type_name: description: The source type name. example: "datadog" type: string tags: description: A list of tags associated with the metric. example: ["environment:test"] items: description: Individual tags. type: string type: array type: $ref: "#/components/schemas/MetricIntakeType" unit: description: The unit of point value. example: "second" type: string required: - metric - points type: object MetricSuggestedAggregations: description: |- List of aggregation combinations that have been actively queried. example: - space: sum time: sum - space: sum time: count items: $ref: "#/components/schemas/MetricCustomAggregation" type: array MetricSuggestedTagsAndAggregations: description: Object for a single metric's actively queried tags and aggregations. properties: attributes: $ref: "#/components/schemas/MetricSuggestedTagsAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricActiveConfigurationType" type: object MetricSuggestedTagsAndAggregationsResponse: description: Response object that includes a single metric's actively queried tags and aggregations. properties: data: $ref: "#/components/schemas/MetricSuggestedTagsAndAggregations" readOnly: true type: object MetricSuggestedTagsAttributes: description: Object containing the definition of a metric's actively queried tags and aggregations. properties: active_aggregations: $ref: "#/components/schemas/MetricSuggestedAggregations" active_tags: description: List of tag keys that have been actively queried. example: ["app", "datacenter"] items: description: Actively queried tag keys. type: string type: array type: object MetricTagCardinalitiesData: description: A list of tag cardinalities associated with the given metric. items: $ref: "#/components/schemas/MetricTagCardinality" type: array MetricTagCardinalitiesMeta: description: Response metadata object. properties: metric_name: description: |- The name of metric for which the tag cardinalities are returned. This matches the metric name provided in the request. type: string type: object MetricTagCardinalitiesResponse: description: |- Response object that includes an array of objects representing the cardinality details of a metric's tags. properties: data: $ref: "#/components/schemas/MetricTagCardinalitiesData" meta: $ref: "#/components/schemas/MetricTagCardinalitiesMeta" readOnly: true type: object MetricTagCardinality: description: Object containing metadata and attributes related to a specific tag key associated with the metric. example: attributes: cardinality_delta: 25 id: http.request.latency type: tag_cardinality properties: attributes: $ref: "#/components/schemas/MetricTagCardinalityAttributes" id: description: The name of the tag key. type: string type: default: tag_cardinality description: This describes the endpoint action. type: string type: object MetricTagCardinalityAttributes: description: An object containing properties related to the tag key properties: cardinality_delta: description: This describes the recent change in the tag keys cardinality format: int64 type: integer type: object MetricTagConfiguration: description: Object for a single metric tag configuration. example: attributes: aggregations: [{"space": "avg", "time": "avg"}] created_at: "2020-03-25T09:48:37.463835Z" metric_type: gauge modified_at: "2020-04-25T09:48:37.463835Z" tags: ["app", "datacenter"] id: http.request.latency type: manage_tags properties: attributes: $ref: "#/components/schemas/MetricTagConfigurationAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricTagConfigurationType" type: object MetricTagConfigurationAttributes: description: Object containing the definition of a metric tag configuration attributes. properties: aggregations: $ref: "#/components/schemas/MetricCustomAggregations" created_at: description: Timestamp when the tag configuration was created. example: "2020-03-25T09:48:37.463835Z" format: date-time type: string exclude_tags_mode: description: |- When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false. Requires `tags` property. type: boolean include_percentiles: description: |- Toggle to include or exclude percentile aggregations for distribution metrics. Only present when the `metric_type` is `distribution`. example: true type: boolean metric_type: $ref: "#/components/schemas/MetricTagConfigurationMetricTypes" modified_at: description: Timestamp when the tag configuration was last modified. example: "2020-03-25T09:48:37.463835Z" format: date-time type: string tags: description: List of tag keys on which to group. example: ["app", "datacenter"] items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationCreateAttributes: description: Object containing the definition of a metric tag configuration to be created. properties: aggregations: $ref: "#/components/schemas/MetricCustomAggregations" exclude_tags_mode: description: |- When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false. Requires `tags` property. type: boolean include_percentiles: description: |- Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`. example: true type: boolean metric_type: $ref: "#/components/schemas/MetricTagConfigurationMetricTypes" tags: default: [] description: A list of tag keys that will be queryable for your metric. example: ["app", "datacenter"] items: description: Tag keys to group by. type: string type: array required: - tags - metric_type type: object MetricTagConfigurationCreateData: description: Object for a single metric to be configure tags on. example: attributes: include_percentiles: false metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags properties: attributes: $ref: "#/components/schemas/MetricTagConfigurationCreateAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricTagConfigurationType" required: - id - type type: object MetricTagConfigurationCreateRequest: description: Request object that includes the metric that you would like to configure tags for. properties: data: $ref: "#/components/schemas/MetricTagConfigurationCreateData" required: - data type: object MetricTagConfigurationMetricTypeCategory: default: distribution description: The metric's type category. enum: - non_distribution - distribution example: distribution type: string x-enum-varnames: - NON_DISTRIBUTION - DISTRIBUTION MetricTagConfigurationMetricTypes: default: gauge description: The metric's type. enum: - gauge - count - rate - distribution example: count type: string x-enum-varnames: - GAUGE - COUNT - RATE - DISTRIBUTION MetricTagConfigurationResponse: description: Response object which includes a single metric's tag configuration. properties: data: $ref: "#/components/schemas/MetricTagConfiguration" readOnly: true type: object MetricTagConfigurationType: default: manage_tags description: The metric tag configuration resource type. enum: - manage_tags example: manage_tags type: string x-enum-varnames: - MANAGE_TAGS MetricTagConfigurationUpdateAttributes: description: Object containing the definition of a metric tag configuration to be updated. properties: aggregations: $ref: "#/components/schemas/MetricCustomAggregations" exclude_tags_mode: description: |- When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false. Requires `tags` property. type: boolean include_percentiles: description: |- Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`. example: true type: boolean tags: default: [] description: A list of tag keys that will be queryable for your metric. example: ["app", "datacenter"] items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationUpdateData: description: Object for a single tag configuration to be edited. example: attributes: group_by: - app - datacenter include_percentiles: false id: http.endpoint.request type: manage_tags properties: attributes: $ref: "#/components/schemas/MetricTagConfigurationUpdateAttributes" id: $ref: "#/components/schemas/MetricName" type: $ref: "#/components/schemas/MetricTagConfigurationType" required: - id - type type: object MetricTagConfigurationUpdateRequest: description: Request object that includes the metric that you would like to edit the tag configuration on. properties: data: $ref: "#/components/schemas/MetricTagConfigurationUpdateData" required: - data type: object MetricType: default: metrics description: The metric resource type. enum: - metrics example: metrics type: string x-enum-varnames: - METRICS MetricVolumes: description: Possible response objects for a metric's volume. oneOf: - $ref: "#/components/schemas/MetricDistinctVolume" - $ref: "#/components/schemas/MetricIngestedIndexedVolume" MetricVolumesResponse: description: Response object which includes a single metric's volume. properties: data: $ref: "#/components/schemas/MetricVolumes" readOnly: true type: object MetricsAggregator: default: "avg" description: The type of aggregation that can be performed on metrics-based queries. enum: - avg - min - max - sum - last - percentile - mean - l2norm - area example: "avg" type: string x-enum-varnames: - AVG - MIN - MAX - SUM - LAST - PERCENTILE - MEAN - L2NORM - AREA MetricsAndMetricTagConfigurations: description: Object for a metrics and metric tag configurations. oneOf: - $ref: "#/components/schemas/Metric" - $ref: "#/components/schemas/MetricTagConfiguration" MetricsAndMetricTagConfigurationsResponse: description: Response object that includes metrics and metric tag configurations. properties: data: description: Array of metrics and metric tag configurations. items: $ref: "#/components/schemas/MetricsAndMetricTagConfigurations" type: array links: $ref: "#/components/schemas/MetricsListResponseLinks" meta: $ref: "#/components/schemas/MetricPaginationMeta" readOnly: true type: object MetricsDataSource: default: metrics description: A data source that is powered by the Metrics platform. enum: - metrics - cloud_cost example: metrics type: string x-enum-varnames: - METRICS - CLOUD_COST MetricsListResponseLinks: description: Pagination links. Only present if pagination query parameters were provided. properties: first: description: Link to the first page. type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to previous page. nullable: true type: string self: description: Link to current page. type: string type: object MetricsScalarQuery: description: A query against Datadog custom metrics or Cloud Cost data sources. properties: aggregator: $ref: "#/components/schemas/MetricsAggregator" cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/MetricsDataSource" name: description: The variable name for use in formulas. type: string query: description: A classic metrics query string. example: avg:system.cpu.user{*} by {env} type: string required: - data_source - query - aggregator type: object MetricsTimeseriesQuery: description: A query against Datadog custom metrics or Cloud Cost data sources. properties: cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/MetricsDataSource" name: description: The variable name for use in formulas. type: string query: description: A classic metrics query string. example: avg:system.cpu.user{*} by {env} type: string required: - data_source - query type: object MicrosoftSentinelDestination: description: |- The `microsoft_sentinel` destination forwards logs to Microsoft Sentinel. **Supported pipeline types:** logs properties: buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" client_id: description: Azure AD client ID used for authentication. example: "a1b2c3d4-5678-90ab-cdef-1234567890ab" type: string client_secret_key: description: Name of the environment variable or secret that holds the Azure AD client secret. example: AZURE_CLIENT_SECRET type: string dce_uri_key: description: Name of the environment variable or secret that holds the Data Collection Endpoint (DCE) URI. example: DCE_URI type: string dcr_immutable_id: description: The immutable ID of the Data Collection Rule (DCR). example: "dcr-uuid-1234" type: string id: description: The unique identifier for this component. example: "sentinel-destination" type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array table: description: The name of the Log Analytics table where logs are sent. example: "CustomLogsTable" type: string tenant_id: description: Azure AD tenant ID. example: "abcdef12-3456-7890-abcd-ef1234567890" type: string type: $ref: "#/components/schemas/MicrosoftSentinelDestinationType" required: - id - type - inputs - client_id - tenant_id - dcr_immutable_id - table type: object x-pipeline-types: [logs] MicrosoftSentinelDestinationType: default: microsoft_sentinel description: The destination type. The value should always be `microsoft_sentinel`. enum: - microsoft_sentinel example: microsoft_sentinel type: string x-enum-varnames: - MICROSOFT_SENTINEL MicrosoftTeamsChannelInfoResponseAttributes: description: Channel attributes. properties: is_primary: description: Indicates if this is the primary channel. example: true maxLength: 255 type: boolean team_id: description: Team id. example: "00000000-0000-0000-0000-000000000000" maxLength: 255 type: string tenant_id: description: Tenant id. example: "00000000-0000-0000-0000-000000000001" maxLength: 255 type: string type: object MicrosoftTeamsChannelInfoResponseData: description: Channel data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsChannelInfoResponseAttributes" id: description: The ID of the channel. example: "19:b41k24b14bn1nwffkernfkwrnfneubgkr@thread.tacv2" maxLength: 255 minLength: 1 type: string type: $ref: "#/components/schemas/MicrosoftTeamsChannelInfoType" type: object MicrosoftTeamsChannelInfoType: default: ms-teams-channel-info description: Channel info resource type. enum: - ms-teams-channel-info example: ms-teams-channel-info type: string x-enum-varnames: - MS_TEAMS_CHANNEL_INFO MicrosoftTeamsConfigurationReference: description: A reference to a Microsoft Teams Configuration resource. nullable: true properties: data: $ref: "#/components/schemas/MicrosoftTeamsConfigurationReferenceData" required: - data type: object MicrosoftTeamsConfigurationReferenceData: description: The Microsoft Teams configuration relationship data object. nullable: true properties: id: description: The unique identifier of the Microsoft Teams configuration. example: "00000000-0000-0000-0000-000000000000" type: string type: description: The type of the Microsoft Teams configuration. example: "microsoft_teams_configurations" type: string required: - id - type type: object MicrosoftTeamsCreateTenantBasedHandleRequest: description: Create tenant-based handle request. properties: data: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleRequestData" required: - data type: object MicrosoftTeamsCreateWorkflowsWebhookHandleRequest: description: Create Workflows webhook handle request. properties: data: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleRequestData" required: - data type: object MicrosoftTeamsGetChannelByNameResponse: description: Response with channel, team, and tenant ID information. properties: data: $ref: "#/components/schemas/MicrosoftTeamsChannelInfoResponseData" type: object MicrosoftTeamsTenantBasedHandleAttributes: description: Tenant-based handle attributes. properties: channel_id: description: Channel id. example: "fake-channel-id" maxLength: 255 type: string name: description: Tenant-based handle name. example: "fake-handle-name" maxLength: 255 type: string team_id: description: Team id. example: "00000000-0000-0000-0000-000000000000" maxLength: 255 type: string tenant_id: description: Tenant id. example: "00000000-0000-0000-0000-000000000001" maxLength: 255 type: string type: object MicrosoftTeamsTenantBasedHandleInfoResponseAttributes: description: Tenant-based handle attributes. properties: channel_id: description: Channel id. example: "fake-channel-id" maxLength: 255 type: string channel_name: description: Channel name. example: "fake-channel-name" maxLength: 255 type: string name: description: Tenant-based handle name. example: "fake-handle-name" maxLength: 255 type: string team_id: description: Team id. example: "00000000-0000-0000-0000-000000000000" maxLength: 255 type: string team_name: description: Team name. example: "fake-team-name" maxLength: 255 type: string tenant_id: description: Tenant id. example: "00000000-0000-0000-0000-000000000001" maxLength: 255 type: string tenant_name: description: Tenant name. example: "fake-tenant-name" maxLength: 255 type: string type: object MicrosoftTeamsTenantBasedHandleInfoResponseData: description: Tenant-based handle data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleInfoResponseAttributes" id: description: The ID of the tenant-based handle. example: "596da4af-0563-4097-90ff-07230c3f9db3" maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleInfoType" type: object MicrosoftTeamsTenantBasedHandleInfoType: default: ms-teams-tenant-based-handle-info description: Tenant-based handle resource type. enum: - ms-teams-tenant-based-handle-info example: ms-teams-tenant-based-handle-info type: string x-enum-varnames: - MS_TEAMS_TENANT_BASED_HANDLE_INFO MicrosoftTeamsTenantBasedHandleRequestAttributes: description: Tenant-based handle attributes. properties: channel_id: description: Channel id. example: "fake-channel-id" maxLength: 255 type: string name: description: Tenant-based handle name. example: "fake-handle-name" maxLength: 255 type: string team_id: description: Team id. example: "00000000-0000-0000-0000-000000000000" maxLength: 255 type: string tenant_id: description: Tenant id. example: "00000000-0000-0000-0000-000000000001" maxLength: 255 type: string required: - name - channel_id - team_id - tenant_id type: object MicrosoftTeamsTenantBasedHandleRequestData: description: Tenant-based handle data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleRequestAttributes" type: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleType" required: - type - attributes type: object MicrosoftTeamsTenantBasedHandleResponse: description: Response of a tenant-based handle. properties: data: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleResponseData" required: - data type: object MicrosoftTeamsTenantBasedHandleResponseData: description: Tenant-based handle data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleAttributes" id: description: The ID of the tenant-based handle. example: "596da4af-0563-4097-90ff-07230c3f9db3" maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleType" type: object MicrosoftTeamsTenantBasedHandleType: default: tenant-based-handle description: Specifies the tenant-based handle resource type. enum: - tenant-based-handle example: tenant-based-handle type: string x-enum-varnames: - TENANT_BASED_HANDLE MicrosoftTeamsTenantBasedHandlesResponse: description: Response with a list of tenant-based handles. properties: data: description: An array of tenant-based handles. example: [{"attributes": {"channelId": "19:b41k24b14bn1nwffkernfkwrnfneubgkr@thread.tacv2", "channelName": "General", "name": "general-handle", "teamId": "00000000-0000-0000-0000-000000000000", "teamName": "Example Team", "tenantId": "00000000-0000-0000-0000-000000000001", "tenantName": "Company, Inc."}, "id": "596da4af-0563-4097-90ff-07230c3f9db3", "type": "ms-teams-tenant-based-handle-info"}, {"attributes": {"channelId": "19:b41k24b14bn1nwffkernfkwrnfneubgk1@thread.tacv2", "channelName": "General2", "name": "general-handle-2", "teamId": "00000000-0000-0000-0000-000000000002", "teamName": "Example Team 2", "tenantId": "00000000-0000-0000-0000-000000000003", "tenantName": "Company, Inc."}, "id": "596da4af-0563-4097-90ff-07230c3f9db4", "type": "ms-teams-tenant-based-handle-info"}] items: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleInfoResponseData" type: array required: - data type: object MicrosoftTeamsUpdateTenantBasedHandleRequest: description: Update tenant-based handle request. properties: data: $ref: "#/components/schemas/MicrosoftTeamsUpdateTenantBasedHandleRequestData" required: - data type: object MicrosoftTeamsUpdateTenantBasedHandleRequestData: description: Tenant-based handle data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleAttributes" type: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleType" required: - type - attributes type: object MicrosoftTeamsUpdateWorkflowsWebhookHandleRequest: description: Update Workflows webhook handle request. properties: data: $ref: "#/components/schemas/MicrosoftTeamsUpdateWorkflowsWebhookHandleRequestData" required: - data type: object MicrosoftTeamsUpdateWorkflowsWebhookHandleRequestData: description: Workflows Webhook handle data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleAttributes" type: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleType" required: - type - attributes type: object MicrosoftTeamsWorkflowsWebhookHandleAttributes: description: Workflows Webhook handle attributes. properties: name: description: Workflows Webhook handle name. example: "fake-handle-name" maxLength: 255 type: string url: description: Workflows Webhook URL. example: "https://fake.url.com" maxLength: 255 type: string type: object MicrosoftTeamsWorkflowsWebhookHandleRequestAttributes: description: Workflows Webhook handle attributes. properties: name: description: Workflows Webhook handle name. example: "fake-handle-name" maxLength: 255 type: string url: description: Workflows Webhook URL. example: "https://fake.url.com" maxLength: 255 type: string required: - name - url type: object MicrosoftTeamsWorkflowsWebhookHandleRequestData: description: Workflows Webhook handle data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleRequestAttributes" type: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleType" required: - type - attributes type: object MicrosoftTeamsWorkflowsWebhookHandleResponse: description: Response of a Workflows webhook handle. properties: data: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponseData" required: - data type: object MicrosoftTeamsWorkflowsWebhookHandleResponseData: description: Workflows Webhook handle data from a response. properties: attributes: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookResponseAttributes" id: description: The ID of the Workflows webhook handle. example: "596da4af-0563-4097-90ff-07230c3f9db3" maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleType" type: object MicrosoftTeamsWorkflowsWebhookHandleType: default: workflows-webhook-handle description: Specifies the Workflows webhook handle resource type. enum: - workflows-webhook-handle example: workflows-webhook-handle type: string x-enum-varnames: - WORKFLOWS_WEBHOOK_HANDLE MicrosoftTeamsWorkflowsWebhookHandlesResponse: description: Response with a list of Workflows webhook handles. properties: data: description: An array of Workflows webhook handles. example: [{"attributes": {"name": "general-handle"}, "id": "596da4af-0563-4097-90ff-07230c3f9db3", "type": "workflows-webhook-handle"}, {"attributes": {"name": "general-handle-2"}, "id": "596da4af-0563-4097-90ff-07230c3f9db4", "type": "workflows-webhook-handle"}] items: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponseData" type: array required: - data type: object MicrosoftTeamsWorkflowsWebhookResponseAttributes: description: Workflows Webhook handle attributes. properties: name: description: Workflows Webhook handle name. example: "fake-handle-name" maxLength: 255 type: string type: object MonitorAlertTriggerAttributes: description: Attributes for a monitor alert trigger. properties: event_id: description: The event ID associated with the monitor alert. example: "1234567890123456789" type: string event_ts: description: The timestamp of the event in Unix milliseconds. example: 1700000000000 format: int64 type: integer monitor_id: description: The monitor ID that triggered the alert. example: 12345678 format: int64 type: integer required: - monitor_id - event_id - event_ts type: object MonitorConfigPolicyAttributeCreateRequest: description: Policy and policy type for a monitor configuration policy. properties: policy: $ref: "#/components/schemas/MonitorConfigPolicyPolicyCreateRequest" policy_type: $ref: "#/components/schemas/MonitorConfigPolicyType" required: - policy_type - policy type: object MonitorConfigPolicyAttributeEditRequest: description: Policy and policy type for a monitor configuration policy. properties: policy: $ref: "#/components/schemas/MonitorConfigPolicyPolicy" policy_type: $ref: "#/components/schemas/MonitorConfigPolicyType" required: - policy_type - policy type: object MonitorConfigPolicyAttributeResponse: description: Policy and policy type for a monitor configuration policy. properties: policy: $ref: "#/components/schemas/MonitorConfigPolicyPolicy" policy_type: $ref: "#/components/schemas/MonitorConfigPolicyType" type: object MonitorConfigPolicyCreateData: description: A monitor configuration policy data. properties: attributes: $ref: "#/components/schemas/MonitorConfigPolicyAttributeCreateRequest" type: $ref: "#/components/schemas/MonitorConfigPolicyResourceType" required: - type - attributes type: object MonitorConfigPolicyCreateRequest: description: Request for creating a monitor configuration policy. properties: data: $ref: "#/components/schemas/MonitorConfigPolicyCreateData" required: - data type: object MonitorConfigPolicyEditData: description: A monitor configuration policy data. properties: attributes: $ref: "#/components/schemas/MonitorConfigPolicyAttributeEditRequest" id: description: ID of this monitor configuration policy. example: "00000000-0000-1234-0000-000000000000" type: string type: $ref: "#/components/schemas/MonitorConfigPolicyResourceType" required: - id - type - attributes type: object MonitorConfigPolicyEditRequest: description: Request for editing a monitor configuration policy. properties: data: $ref: "#/components/schemas/MonitorConfigPolicyEditData" required: - data type: object MonitorConfigPolicyListResponse: description: Response for retrieving all monitor configuration policies. properties: data: description: An array of monitor configuration policies. items: $ref: "#/components/schemas/MonitorConfigPolicyResponseData" type: array type: object MonitorConfigPolicyPolicy: description: Configuration for the policy. oneOf: - $ref: "#/components/schemas/MonitorConfigPolicyTagPolicy" MonitorConfigPolicyPolicyCreateRequest: description: Configuration for the policy. oneOf: - $ref: "#/components/schemas/MonitorConfigPolicyTagPolicyCreateRequest" MonitorConfigPolicyResourceType: default: monitor-config-policy description: Monitor configuration policy resource type. enum: - monitor-config-policy example: "monitor-config-policy" type: string x-enum-varnames: - MONITOR_CONFIG_POLICY MonitorConfigPolicyResponse: description: Response for retrieving a monitor configuration policy. properties: data: $ref: "#/components/schemas/MonitorConfigPolicyResponseData" type: object MonitorConfigPolicyResponseData: description: A monitor configuration policy data. properties: attributes: $ref: "#/components/schemas/MonitorConfigPolicyAttributeResponse" id: description: ID of this monitor configuration policy. example: "00000000-0000-1234-0000-000000000000" type: string type: $ref: "#/components/schemas/MonitorConfigPolicyResourceType" type: object MonitorConfigPolicyTagPolicy: description: Tag attributes of a monitor configuration policy. properties: tag_key: description: The key of the tag. example: datacenter maxLength: 255 type: string tag_key_required: description: If a tag key is required for monitor creation. example: true type: boolean valid_tag_values: description: Valid values for the tag. example: ["prod", "staging"] items: description: A valid tag value for the monitor configuration policy. maxLength: 255 type: string type: array type: object MonitorConfigPolicyTagPolicyCreateRequest: description: Tag attributes of a monitor configuration policy. properties: tag_key: description: The key of the tag. example: datacenter maxLength: 255 type: string tag_key_required: description: If a tag key is required for monitor creation. example: true type: boolean valid_tag_values: description: Valid values for the tag. example: ["prod", "staging"] items: description: A valid tag value for the monitor configuration policy. maxLength: 255 type: string type: array required: - tag_key - tag_key_required - valid_tag_values type: object MonitorConfigPolicyType: default: tag description: The monitor configuration policy type. enum: - tag example: "tag" type: string x-enum-varnames: - TAG MonitorDowntimeMatchResourceType: default: downtime_match description: Monitor Downtime Match resource type. enum: - downtime_match example: "downtime_match" type: string x-enum-varnames: - DOWNTIME_MATCH MonitorDowntimeMatchResponse: description: Response for retrieving all downtime matches for a monitor. properties: data: description: An array of downtime matches. items: $ref: "#/components/schemas/MonitorDowntimeMatchResponseData" type: array meta: $ref: "#/components/schemas/DowntimeMeta" type: object MonitorDowntimeMatchResponseAttributes: description: Downtime match details. properties: end: description: The end of the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string groups: description: An array of groups associated with the downtime. example: ["service:postgres", "team:frontend"] items: description: An array of groups. example: "service:postgres" type: string type: array scope: $ref: "#/components/schemas/DowntimeScope" start: description: The start of the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time type: string type: object MonitorDowntimeMatchResponseData: description: A downtime match. properties: attributes: $ref: "#/components/schemas/MonitorDowntimeMatchResponseAttributes" id: description: The downtime ID. example: "00000000-0000-1234-0000-000000000000" nullable: true type: string type: $ref: "#/components/schemas/MonitorDowntimeMatchResourceType" type: object MonitorNotificationRuleAttributes: additionalProperties: false description: Attributes of the monitor notification rule. properties: conditional_recipients: $ref: "#/components/schemas/MonitorNotificationRuleConditionalRecipients" filter: $ref: "#/components/schemas/MonitorNotificationRuleFilter" name: $ref: "#/components/schemas/MonitorNotificationRuleName" recipients: $ref: "#/components/schemas/MonitorNotificationRuleRecipients" required: [name] type: object MonitorNotificationRuleCondition: description: |- A conditional recipient rule composed of a `scope` (the matching condition) and `recipients` (who to notify when it matches). properties: recipients: $ref: "#/components/schemas/MonitorNotificationRuleRecipients" description: A list of recipients to notify. Uses the same format as the monitor `message` field. Must not start with an '@'. scope: $ref: "#/components/schemas/MonitorNotificationRuleConditionScope" required: [scope, recipients] type: object MonitorNotificationRuleConditionScope: description: |- Defines the condition under which the recipients are notified. Supported formats: - Monitor status condition using `transition_type:`, for example `transition_type:is_alert`. - A single tag key:value pair, for example `env:prod`. example: transition_type:is_alert maxLength: 3000 minLength: 1 type: string MonitorNotificationRuleConditionalRecipients: description: |- Use conditional recipients to define different recipients for different situations. Cannot be used with `recipients`. properties: conditions: description: Conditions of the notification rule. items: $ref: "#/components/schemas/MonitorNotificationRuleCondition" maxItems: 10 minItems: 1 type: array fallback_recipients: $ref: "#/components/schemas/MonitorNotificationRuleRecipients" description: If none of the `conditions` applied, `fallback_recipients` will get notified. required: [conditions] type: object MonitorNotificationRuleCreateRequest: description: Request for creating a monitor notification rule. properties: data: $ref: "#/components/schemas/MonitorNotificationRuleCreateRequestData" required: [data] type: object MonitorNotificationRuleCreateRequestData: description: Object to create a monitor notification rule. properties: attributes: $ref: "#/components/schemas/MonitorNotificationRuleAttributes" type: $ref: "#/components/schemas/MonitorNotificationRuleResourceType" required: [attributes] type: object MonitorNotificationRuleData: description: Monitor notification rule data. properties: attributes: $ref: "#/components/schemas/MonitorNotificationRuleResponseAttributes" id: $ref: "#/components/schemas/MonitorNotificationRuleId" relationships: $ref: "#/components/schemas/MonitorNotificationRuleRelationships" type: $ref: "#/components/schemas/MonitorNotificationRuleResourceType" type: object MonitorNotificationRuleFilter: description: Specifies the matching criteria for monitor notifications. oneOf: - $ref: "#/components/schemas/MonitorNotificationRuleFilterTags" - $ref: "#/components/schemas/MonitorNotificationRuleFilterScope" MonitorNotificationRuleFilterScope: additionalProperties: false description: Filters monitor notifications using a scope expression over key:value pairs with boolean logic (AND, OR, NOT). properties: scope: description: |- A scope expression composed by key:value pairs (e.g. `service:foo`) with boolean operators (AND, OR, NOT) and parentheses for grouping. example: service:(foo OR bar) AND team:test NOT environment:staging maxLength: 3000 minLength: 1 type: string required: [scope] type: object MonitorNotificationRuleFilterTags: additionalProperties: false description: Filters monitor notifications by a list of tag key:value pairs. properties: tags: description: |- A list of tag key:value pairs (e.g. `team:product`). All tags must match (AND semantics). example: [team:product, host:abc] items: description: A tag key:value pair to match against monitor notifications. maxLength: 255 type: string maxItems: 20 minItems: 1 type: array uniqueItems: true required: [tags] type: object MonitorNotificationRuleId: description: The ID of the monitor notification rule. example: 00000000-0000-1234-0000-000000000000 type: string MonitorNotificationRuleListResponse: description: Response for retrieving all monitor notification rules. properties: data: description: A list of monitor notification rules. items: $ref: "#/components/schemas/MonitorNotificationRuleData" type: array included: description: Array of objects related to the monitor notification rules. items: $ref: "#/components/schemas/MonitorNotificationRuleResponseIncludedItem" type: array type: object MonitorNotificationRuleName: description: The name of the monitor notification rule. example: A notification rule name maxLength: 1000 minLength: 1 type: string MonitorNotificationRuleRecipients: description: |- A list of recipients to notify. Uses the same format as the monitor `message` field. Must not start with an '@'. Cannot be used with `conditional_recipients`. example: [slack-test-channel, jira-test] items: description: individual recipient. maxLength: 255 type: string maxItems: 20 minItems: 1 type: array uniqueItems: true MonitorNotificationRuleRelationships: description: All relationships associated with monitor notification rule. properties: created_by: $ref: "#/components/schemas/MonitorNotificationRuleRelationshipsCreatedBy" type: object MonitorNotificationRuleRelationshipsCreatedBy: description: The user who created the monitor notification rule. properties: data: $ref: "#/components/schemas/MonitorNotificationRuleRelationshipsCreatedByData" type: object MonitorNotificationRuleRelationshipsCreatedByData: description: Data for the user who created the monitor notification rule. nullable: true properties: id: description: User ID of the monitor notification rule creator. example: "00000000-0000-1234-0000-000000000000" type: string type: $ref: "#/components/schemas/UsersType" type: object MonitorNotificationRuleResourceType: default: monitor-notification-rule description: Monitor notification rule resource type. enum: [monitor-notification-rule] example: monitor-notification-rule type: string x-enum-varnames: [MONITOR_NOTIFICATION_RULE] MonitorNotificationRuleResponse: description: A monitor notification rule. properties: data: $ref: "#/components/schemas/MonitorNotificationRuleData" included: description: Array of objects related to the monitor notification rule that the user requested. items: $ref: "#/components/schemas/MonitorNotificationRuleResponseIncludedItem" type: array type: object MonitorNotificationRuleResponseAttributes: additionalProperties: {} description: Attributes of the monitor notification rule. properties: conditional_recipients: $ref: "#/components/schemas/MonitorNotificationRuleConditionalRecipients" created: description: Creation time of the monitor notification rule. example: 2020-01-02 03:04:00+00:00 format: date-time type: string filter: $ref: "#/components/schemas/MonitorNotificationRuleFilter" modified: description: Time the monitor notification rule was last modified. example: 2020-01-02 03:04:00+00:00 format: date-time type: string name: $ref: "#/components/schemas/MonitorNotificationRuleName" recipients: $ref: "#/components/schemas/MonitorNotificationRuleRecipients" type: object MonitorNotificationRuleResponseIncludedItem: description: An object related to a monitor notification rule. oneOf: - $ref: "#/components/schemas/User" MonitorNotificationRuleUpdateRequest: description: Request for updating a monitor notification rule. properties: data: $ref: "#/components/schemas/MonitorNotificationRuleUpdateRequestData" required: [data] type: object MonitorNotificationRuleUpdateRequestData: description: Object to update a monitor notification rule. properties: attributes: $ref: "#/components/schemas/MonitorNotificationRuleAttributes" id: $ref: "#/components/schemas/MonitorNotificationRuleId" type: $ref: "#/components/schemas/MonitorNotificationRuleResourceType" required: [id, attributes] type: object MonitorTrigger: description: "Trigger a workflow from a Monitor. For automatic triggering a handle must be configured and the workflow must be published." properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object MonitorTriggerWrapper: description: "Schema for a Monitor-based trigger." properties: monitorTrigger: $ref: "#/components/schemas/MonitorTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - monitorTrigger type: object MonitorType: description: |- Attributes from the monitor that triggered the event. nullable: true properties: created_at: description: The POSIX timestamp of the monitor's creation in nanoseconds. example: 1646318692000 format: int64 type: integer group_status: description: Monitor group status used when there is no `result_groups`. format: int32 maximum: 2147483647 type: integer groups: description: Groups to which the monitor belongs. items: description: A group. type: string type: array id: description: The monitor ID. format: int64 type: integer message: description: The monitor message. type: string modified: description: The monitor's last-modified timestamp. format: int64 type: integer name: description: The monitor name. type: string query: description: The query that triggers the alert. type: string tags: description: A list of tags attached to the monitor. example: ["environment:test"] items: description: A tag. type: string type: array templated_name: description: The templated name of the monitor before resolving any template variables. type: string type: description: The monitor type. type: string type: object MonitorUserTemplate: additionalProperties: {} description: A monitor user template object. properties: created: $ref: "#/components/schemas/MonitorUserTemplateCreated" description: $ref: "#/components/schemas/MonitorUserTemplateDescription" modified: $ref: "#/components/schemas/MonitorUserTemplateModified" monitor_definition: additionalProperties: {} description: A valid monitor definition in the same format as the [V1 Monitor API](https://docs.datadoghq.com/api/latest/monitors/#create-a-monitor). example: {"message": "You may need to add web hosts if this is consistently high.", "name": "Bytes received on host0", "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100", "type": "query alert"} type: object tags: $ref: "#/components/schemas/MonitorUserTemplateTags" template_variables: $ref: "#/components/schemas/MonitorUserTemplateTemplateVariables" title: $ref: "#/components/schemas/MonitorUserTemplateTitle" version: $ref: "#/components/schemas/MonitorUserTemplateVersion" versions: description: All versions of the monitor user template. items: $ref: "#/components/schemas/SimpleMonitorUserTemplate" type: array type: object MonitorUserTemplateCreateData: description: Monitor user template data. properties: attributes: $ref: "#/components/schemas/MonitorUserTemplateRequestAttributes" type: $ref: "#/components/schemas/MonitorUserTemplateResourceType" required: - type - attributes type: object MonitorUserTemplateCreateRequest: description: Request for creating a monitor user template. properties: data: $ref: "#/components/schemas/MonitorUserTemplateCreateData" required: - data type: object MonitorUserTemplateCreateResponse: description: Response for creating a monitor user template. properties: data: $ref: "#/components/schemas/MonitorUserTemplateResponseData" type: object MonitorUserTemplateCreated: description: The created timestamp of the template. example: "2024-01-02T03:04:23.274966+00:00" format: date-time readOnly: true type: string MonitorUserTemplateDescription: description: A brief description of the monitor user template. example: "This is a template for monitoring user activity." nullable: true type: string MonitorUserTemplateId: description: The unique identifier. example: "00000000-0000-1234-0000-000000000000" type: string MonitorUserTemplateListResponse: description: Response for retrieving all monitor user templates. properties: data: description: An array of monitor user templates. items: $ref: "#/components/schemas/MonitorUserTemplateResponseData" type: array type: object MonitorUserTemplateModified: description: The last modified timestamp. When the template version was created. example: "2024-02-02T03:04:23.274966+00:00" format: date-time readOnly: true type: string MonitorUserTemplateRequestAttributes: additionalProperties: false description: Attributes for a monitor user template. properties: description: $ref: "#/components/schemas/MonitorUserTemplateDescription" monitor_definition: additionalProperties: {} description: A valid monitor definition in the same format as the [V1 Monitor API](https://docs.datadoghq.com/api/latest/monitors/#create-a-monitor). example: {"message": "You may need to add web hosts if this is consistently high.", "name": "Bytes received on host0", "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100", "type": "query alert"} type: object tags: $ref: "#/components/schemas/MonitorUserTemplateTags" template_variables: $ref: "#/components/schemas/MonitorUserTemplateTemplateVariables" title: $ref: "#/components/schemas/MonitorUserTemplateTitle" required: - title - monitor_definition - tags type: object MonitorUserTemplateResourceType: default: monitor-user-template description: Monitor user template resource type. enum: - monitor-user-template example: "monitor-user-template" type: string x-enum-varnames: - MONITOR_USER_TEMPLATE MonitorUserTemplateResponse: description: Response for retrieving a monitor user template. properties: data: $ref: "#/components/schemas/MonitorUserTemplateResponseDataWithVersions" type: object MonitorUserTemplateResponseAttributes: additionalProperties: {} description: Attributes for a monitor user template. properties: created: $ref: "#/components/schemas/MonitorUserTemplateCreated" description: $ref: "#/components/schemas/MonitorUserTemplateDescription" modified: $ref: "#/components/schemas/MonitorUserTemplateModified" monitor_definition: additionalProperties: {} description: A valid monitor definition in the same format as the [V1 Monitor API](https://docs.datadoghq.com/api/latest/monitors/#create-a-monitor). example: {"message": "You may need to add web hosts if this is consistently high.", "name": "Bytes received on host0", "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100", "type": "query alert"} type: object tags: $ref: "#/components/schemas/MonitorUserTemplateTags" template_variables: $ref: "#/components/schemas/MonitorUserTemplateTemplateVariables" title: $ref: "#/components/schemas/MonitorUserTemplateTitle" version: $ref: "#/components/schemas/MonitorUserTemplateVersion" type: object MonitorUserTemplateResponseData: description: Monitor user template list response data. properties: attributes: $ref: "#/components/schemas/MonitorUserTemplateResponseAttributes" id: $ref: "#/components/schemas/MonitorUserTemplateId" type: $ref: "#/components/schemas/MonitorUserTemplateResourceType" type: object MonitorUserTemplateResponseDataWithVersions: description: Monitor user template data. properties: attributes: $ref: "#/components/schemas/MonitorUserTemplate" id: $ref: "#/components/schemas/MonitorUserTemplateId" type: $ref: "#/components/schemas/MonitorUserTemplateResourceType" type: object MonitorUserTemplateTags: description: The definition of `MonitorUserTemplateTags` object. example: ["product:Our Custom App", "integration:Azure"] items: description: |- Tags associated with the monitor user template. Must be key value. Only 'product' and 'integration' keys are allowed. The value is the name of the category to display the template under. Integrations can be filtered out in the UI. (Review note: This modeling of 'categories' is subject to change.) example: "us-east1" minLength: 1 type: string uniqueItems: true type: array MonitorUserTemplateTemplateVariables: description: The definition of `MonitorUserTemplateTemplateVariables` object. items: $ref: "#/components/schemas/MonitorUserTemplateTemplateVariablesItems" type: array MonitorUserTemplateTemplateVariablesItems: additionalProperties: false description: List of objects representing template variables on the monitor which can have selectable values. properties: available_values: description: Available values for the variable. example: ["value1", "value2"] items: description: An available value for the template variable. minLength: 1 type: string uniqueItems: true type: array defaults: description: Default values of the template variable. example: ["defaultValue"] items: description: A default value for the template variable. minLength: 0 type: string uniqueItems: true type: array name: description: The name of the template variable. example: "regionName" type: string tag_key: description: |- The tag key associated with the variable. This works the same as dashboard template variables. example: "datacenter" type: string required: - name type: object MonitorUserTemplateTitle: description: The title of the monitor user template. example: "Postgres CPU Monitor" type: string MonitorUserTemplateUpdateData: description: Monitor user template data. properties: attributes: $ref: "#/components/schemas/MonitorUserTemplateRequestAttributes" id: $ref: "#/components/schemas/MonitorUserTemplateId" type: $ref: "#/components/schemas/MonitorUserTemplateResourceType" required: - id - type - attributes type: object MonitorUserTemplateUpdateRequest: description: Request for creating a new monitor user template version. properties: data: $ref: "#/components/schemas/MonitorUserTemplateUpdateData" required: - data type: object MonitorUserTemplateVersion: description: The version of the monitor user template. example: 0 format: int64 nullable: true readOnly: true type: integer MonthlyCostAttributionAttributes: description: Cost Attribution by Tag for a given organization. properties: month: description: "Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]`." format: date-time type: string org_name: description: The name of the organization. type: string public_id: description: The organization public ID. type: string tag_config_source: description: The source of the cost attribution tag configuration and the selected tags in the format `::://////`. type: string tags: $ref: "#/components/schemas/CostAttributionTagNames" updated_at: description: Shows the most recent hour in the current months for all organizations for which all costs were calculated. type: string values: description: |- Fields in Cost Attribution by tag(s). Example: `infra_host_on_demand_cost`, `infra_host_committed_cost`, `infra_host_total_cost`, `infra_host_percentage_in_org`, `infra_host_percentage_in_account`. type: object type: object MonthlyCostAttributionBody: description: Cost data. properties: attributes: $ref: "#/components/schemas/MonthlyCostAttributionAttributes" id: description: Unique ID of the response. type: string type: $ref: "#/components/schemas/CostAttributionType" type: object MonthlyCostAttributionMeta: description: The object containing document metadata. properties: aggregates: $ref: "#/components/schemas/CostAttributionAggregates" pagination: $ref: "#/components/schemas/MonthlyCostAttributionPagination" type: object MonthlyCostAttributionPagination: description: The metadata for the current pagination. properties: next_record_id: description: The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `next_record_id`. nullable: true type: string type: object MonthlyCostAttributionResponse: description: Response containing the monthly cost attribution by tag(s). properties: data: description: Response containing cost attribution. items: $ref: "#/components/schemas/MonthlyCostAttributionBody" type: array meta: $ref: "#/components/schemas/MonthlyCostAttributionMeta" type: object MuteDataType: default: mute description: Mute resource type. enum: - mute example: mute type: string x-enum-varnames: - MUTE MuteFindingsMuteAttributes: description: Mute properties to apply to the findings. properties: description: description: Additional information about the reason why the findings are muted or unmuted. This field has a limit of 280 characters. example: "To be resolved later." type: string expire_at: description: >- The expiration date of the mute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the findings remain muted indefinitely. example: 1778721573794 format: int64 type: integer is_muted: description: Whether the findings should be muted or unmuted. example: true type: boolean reason: $ref: "#/components/schemas/MuteFindingsReason" description: The reason why the findings are muted or unmuted. required: - is_muted - reason type: object MuteFindingsReason: description: The reason why the findings are muted or unmuted. enum: - PENDING_FIX - FALSE_POSITIVE - OTHER - NO_FIX - DUPLICATE - RISK_ACCEPTED - NO_PENDING_FIX - HUMAN_ERROR - NO_LONGER_ACCEPTED_RISK example: PENDING_FIX type: string x-enum-varnames: - PENDING_FIX - FALSE_POSITIVE - OTHER - NO_FIX - DUPLICATE - RISK_ACCEPTED - NO_PENDING_FIX - HUMAN_ERROR - NO_LONGER_ACCEPTED_RISK MuteFindingsRequest: description: Request to mute or unmute security findings. properties: data: $ref: "#/components/schemas/MuteFindingsRequestData" required: - data type: object MuteFindingsRequestData: description: Data of the mute request. properties: attributes: $ref: "#/components/schemas/MuteFindingsRequestDataAttributes" id: description: Unique identifier of the mute request. example: "00000000-0000-0000-0000-000000000001" type: string relationships: $ref: "#/components/schemas/MuteFindingsRequestDataRelationships" type: $ref: "#/components/schemas/MuteDataType" required: - attributes - relationships - type type: object MuteFindingsRequestDataAttributes: description: Attributes of the mute request. properties: mute: $ref: "#/components/schemas/MuteFindingsMuteAttributes" required: - mute type: object MuteFindingsRequestDataRelationships: description: Relationships of the mute request. properties: findings: $ref: "#/components/schemas/Findings" description: Security findings to mute or unmute. required: - findings type: object MuteFindingsResponse: description: Response for the mute or unmute request. properties: data: $ref: "#/components/schemas/MuteFindingsResponseData" type: object MuteFindingsResponseData: description: Data of the mute response. properties: id: description: Unique identifier of the mute request. example: "00000000-0000-0000-0000-000000000001" type: string type: $ref: "#/components/schemas/MuteDataType" required: - type - id type: object NotebookCreateData: description: Notebook creation data properties: type: $ref: "#/components/schemas/NotebookResourceType" required: - type type: object NotebookCreateRequest: description: Notebook creation request properties: data: $ref: "#/components/schemas/NotebookCreateData" required: - data type: object NotebookResourceType: description: Notebook resource type enum: - notebook example: notebook type: string x-enum-varnames: - NOTEBOOK NotebookTriggerWrapper: description: "Schema for a Notebook-based trigger." properties: notebookTrigger: description: "Trigger a workflow from a Notebook." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - notebookTrigger type: object NotificationChannel: description: A top-level wrapper for a user notification channel example: data: attributes: config: address: "foo@bar.com" formats: ["html"] type: "email" id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: notification_channels properties: data: $ref: "#/components/schemas/NotificationChannelData" type: object NotificationChannelAttributes: description: Attributes for an on-call notification channel. properties: active: description: Whether the notification channel is currently active. type: boolean config: $ref: "#/components/schemas/NotificationChannelConfig" description: Notification channel configuration type: object NotificationChannelConfig: description: "Defines the configuration for an On-Call notification channel" oneOf: - $ref: "#/components/schemas/NotificationChannelPhoneConfig" - $ref: "#/components/schemas/NotificationChannelEmailConfig" - $ref: "#/components/schemas/NotificationChannelPushConfig" NotificationChannelData: description: Data for an on-call notification channel properties: attributes: $ref: "#/components/schemas/NotificationChannelAttributes" id: description: Unique identifier for the channel type: string type: $ref: "#/components/schemas/NotificationChannelType" required: - type type: object NotificationChannelEmailConfig: description: "Email notification channel configuration" properties: address: description: "The e-mail address to be notified" example: "" type: string formats: description: Preferred content formats for notifications. example: - html items: $ref: "#/components/schemas/NotificationChannelEmailFormatType" type: array type: $ref: "#/components/schemas/NotificationChannelEmailConfigType" required: - type - address - formats type: object NotificationChannelEmailConfigType: default: email description: "Indicates that the notification channel is an e-mail address" enum: - email example: email type: string x-enum-varnames: - EMAIL NotificationChannelEmailFormatType: default: html description: Specifies the format of the e-mail that is sent for On-Call notifications enum: - html - text example: html type: string x-enum-varnames: - HTML - TEXT NotificationChannelPhoneConfig: description: "Phone notification channel configuration" properties: formatted_number: description: "The formatted international version of Number (e.g. +33 7 1 23 45 67)." example: "" type: string number: description: "The E-164 formatted phone number (e.g. +3371234567)" example: "" type: string region: description: "The ISO 3166-1 alpha-2 two-letter country code." example: "" type: string sms_subscribed_at: description: "If present, the date the user subscribed this number to SMS messages" format: date-time nullable: true type: string type: $ref: "#/components/schemas/NotificationChannelPhoneConfigType" verified: description: "Indicates whether this phone has been verified by the user in Datadog On-Call" example: false type: boolean required: - type - number - formatted_number - region - verified type: object NotificationChannelPhoneConfigType: default: phone description: "Indicates that the notification channel is a phone" enum: - phone example: phone type: string x-enum-varnames: - PHONE NotificationChannelPushConfig: description: "Push notification channel configuration" properties: application_name: description: "The name of the application used to receive push notifications" example: "" type: string device_name: description: "The name of the mobile device being used" example: "" type: string type: $ref: "#/components/schemas/NotificationChannelPushConfigType" required: - type - device_name - application_name type: object NotificationChannelPushConfigType: default: push description: "Indicates that the notification channel is a mobile device for push notifications" enum: - push example: push type: string x-enum-varnames: - PUSH NotificationChannelType: default: notification_channels description: "Indicates that the resource is of type 'notification_channels'." enum: - notification_channels example: notification_channels type: string x-enum-varnames: - NOTIFICATION_CHANNELS NotificationRule: description: |- Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required. properties: attributes: $ref: "#/components/schemas/NotificationRuleAttributes" id: $ref: "#/components/schemas/ID" type: $ref: "#/components/schemas/NotificationRulesType" required: - attributes - id - type type: object NotificationRuleAttributes: description: Attributes of the notification rule. properties: created_at: $ref: "#/components/schemas/Date" created_by: $ref: "#/components/schemas/RuleUser" enabled: $ref: "#/components/schemas/Enabled" modified_at: $ref: "#/components/schemas/Date" modified_by: $ref: "#/components/schemas/RuleUser" name: $ref: "#/components/schemas/RuleName" selectors: $ref: "#/components/schemas/Selectors" targets: $ref: "#/components/schemas/Targets" time_aggregation: $ref: "#/components/schemas/TimeAggregation" version: $ref: "#/components/schemas/Version" required: - created_at - created_by - enabled - modified_at - modified_by - name - selectors - targets - version type: object NotificationRuleQuery: description: The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes. example: (source:production_service OR env:prod) type: string NotificationRuleResponse: description: Response object which includes a notification rule. properties: data: $ref: "#/components/schemas/NotificationRule" type: object NotificationRulesType: description: The rule type associated to notification rules. enum: - notification_rules example: notification_rules type: string x-enum-varnames: - NOTIFICATION_RULES NotionAPIKey: description: The definition of the `NotionAPIKey` object. properties: api_token: description: The `NotionAPIKey` `api_token`. example: "" type: string type: $ref: "#/components/schemas/NotionAPIKeyType" required: - type - api_token type: object NotionAPIKeyType: description: The definition of the `NotionAPIKey` object. enum: - NotionAPIKey example: NotionAPIKey type: string x-enum-varnames: - NOTIONAPIKEY NotionAPIKeyUpdate: description: The definition of the `NotionAPIKey` object. properties: api_token: description: The `NotionAPIKeyUpdate` `api_token`. type: string type: $ref: "#/components/schemas/NotionAPIKeyType" required: - type type: object NotionCredentials: description: The definition of the `NotionCredentials` object. oneOf: - $ref: "#/components/schemas/NotionAPIKey" NotionCredentialsUpdate: description: The definition of the `NotionCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/NotionAPIKeyUpdate" NotionIntegration: description: The definition of the `NotionIntegration` object. properties: credentials: $ref: "#/components/schemas/NotionCredentials" type: $ref: "#/components/schemas/NotionIntegrationType" required: - type - credentials type: object NotionIntegrationType: description: The definition of the `NotionIntegrationType` object. enum: - Notion example: Notion type: string x-enum-varnames: - NOTION NotionIntegrationUpdate: description: The definition of the `NotionIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/NotionCredentialsUpdate" type: $ref: "#/components/schemas/NotionIntegrationType" required: - type type: object NullableRelationshipToUser: description: Relationship to user. nullable: true properties: data: $ref: "#/components/schemas/NullableRelationshipToUserData" required: - data type: object NullableRelationshipToUserData: description: Relationship to user object. nullable: true properties: id: description: A unique identifier that represents the user. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/UsersType" required: - id - type type: object NullableUserRelationship: description: Relationship to user. nullable: true properties: data: $ref: "#/components/schemas/NullableUserRelationshipData" required: - data type: object NullableUserRelationshipData: description: Relationship to user object. nullable: true properties: id: description: A unique identifier that represents the user. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/UserResourceType" required: - id - type type: object OCIConfig: description: OCI config. properties: attributes: $ref: "#/components/schemas/OCIConfigAttributes" id: description: The ID of the OCI config. example: "1" type: string type: $ref: "#/components/schemas/OCIConfigType" required: - attributes - id - type type: object OCIConfigAttributes: description: Attributes for an OCI config. properties: account_id: description: The OCID of the OCI tenancy. example: "ocid1.tenancy.oc1..example" type: string created_at: description: The timestamp when the OCI config was created. example: "2026-01-01T12:00:00Z" type: string error_messages: description: The error messages for the OCI config. items: description: An error message string. type: string nullable: true type: array status: description: The status of the OCI config. example: "active" type: string status_updated_at: description: The timestamp when the OCI config status was last updated. example: "2026-01-01T12:00:00Z" type: string updated_at: description: The timestamp when the OCI config was last updated. example: "2026-01-01T12:00:00Z" type: string required: - account_id - created_at - status - status_updated_at - updated_at type: object OCIConfigType: default: oci_config description: Type of OCI config. enum: - oci_config example: oci_config type: string x-enum-varnames: - OCI_CONFIG OCIConfigsResponse: description: List of OCI configs. example: data: - attributes: account_id: "ocid1.tenancy.oc1..example" created_at: "2026-01-01T12:00:00Z" error_messages: [] status: active status_updated_at: "2026-01-01T12:00:00Z" updated_at: "2026-01-01T12:00:00Z" id: "1" type: oci_config properties: data: description: An OCI config. items: $ref: "#/components/schemas/OCIConfig" type: array required: - data type: object ObservabilityPipeline: description: Top-level schema representing a pipeline. properties: data: $ref: "#/components/schemas/ObservabilityPipelineData" required: - data type: object ObservabilityPipelineAddEnvVarsProcessor: description: |- The `add_env_vars` processor adds environment variable values to log events. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used to reference this processor in the pipeline. example: add-env-vars-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string type: $ref: "#/components/schemas/ObservabilityPipelineAddEnvVarsProcessorType" variables: description: A list of environment variable mappings to apply to log fields. items: $ref: "#/components/schemas/ObservabilityPipelineAddEnvVarsProcessorVariable" type: array required: - id - type - include - variables - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineAddEnvVarsProcessorType: default: add_env_vars description: The processor type. The value should always be `add_env_vars`. enum: - add_env_vars example: add_env_vars type: string x-enum-varnames: - ADD_ENV_VARS ObservabilityPipelineAddEnvVarsProcessorVariable: description: Defines a mapping between an environment variable and a log field. properties: field: description: The target field in the log event. example: log.environment.region type: string name: description: The name of the environment variable to read. example: AWS_REGION type: string required: - field - name type: object ObservabilityPipelineAddFieldsProcessor: description: |- The `add_fields` processor adds static key-value fields to logs. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean fields: description: A list of static fields (key-value pairs) that is added to each log event processed by this component. items: $ref: "#/components/schemas/ObservabilityPipelineFieldValue" type: array id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "add-fields-processor" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string type: $ref: "#/components/schemas/ObservabilityPipelineAddFieldsProcessorType" required: - id - type - include - fields - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineAddFieldsProcessorType: default: add_fields description: The processor type. The value should always be `add_fields`. enum: - add_fields example: add_fields type: string x-enum-varnames: - ADD_FIELDS ObservabilityPipelineAddHostnameProcessor: description: |- The `add_hostname` processor adds the hostname to log events. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: add-hostname-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string type: $ref: "#/components/schemas/ObservabilityPipelineAddHostnameProcessorType" required: - id - type - include - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineAddHostnameProcessorType: default: add_hostname description: The processor type. The value should always be `add_hostname`. enum: - add_hostname example: add_hostname type: string x-enum-varnames: - ADD_HOSTNAME ObservabilityPipelineAmazonDataFirehoseSource: description: |- The `amazon_data_firehose` source ingests logs from AWS Data Firehose. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the Firehose delivery stream address. example: FIREHOSE_ADDRESS type: string auth: $ref: "#/components/schemas/ObservabilityPipelineAwsAuth" id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: amazon-firehose-source type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineAmazonDataFirehoseSourceType" required: - id - type type: object x-pipeline-types: [logs] ObservabilityPipelineAmazonDataFirehoseSourceType: default: amazon_data_firehose description: The source type. The value should always be `amazon_data_firehose`. enum: [amazon_data_firehose] example: amazon_data_firehose type: string x-enum-varnames: [AMAZON_DATA_FIREHOSE] ObservabilityPipelineAmazonOpenSearchDestination: description: |- The `amazon_opensearch` destination writes logs to Amazon OpenSearch. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationAuth" buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" bulk_index: description: The index to write logs to. example: logs-index type: string id: description: The unique identifier for this component. example: elasticsearch-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array type: $ref: "#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationType" required: - id - type - inputs - auth type: object x-pipeline-types: [logs] ObservabilityPipelineAmazonOpenSearchDestinationAuth: description: |- Authentication settings for the Amazon OpenSearch destination. The `strategy` field determines whether basic or AWS-based authentication is used. properties: assume_role: description: The ARN of the role to assume (used with `aws` strategy). type: string aws_region: description: AWS region type: string external_id: description: External ID for the assumed role (used with `aws` strategy). type: string session_name: description: Session name for the assumed role (used with `aws` strategy). type: string strategy: $ref: "#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationAuthStrategy" required: - strategy type: object ObservabilityPipelineAmazonOpenSearchDestinationAuthStrategy: description: The authentication strategy to use. enum: [basic, aws] example: aws type: string x-enum-varnames: - BASIC - AWS ObservabilityPipelineAmazonOpenSearchDestinationType: default: amazon_opensearch description: The destination type. The value should always be `amazon_opensearch`. enum: - amazon_opensearch example: amazon_opensearch type: string x-enum-varnames: - AMAZON_OPENSEARCH ObservabilityPipelineAmazonS3Destination: description: |- The `amazon_s3` destination sends your logs in Datadog-rehydratable format to an Amazon S3 bucket for archiving. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineAwsAuth" bucket: description: S3 bucket name. example: "error-logs" type: string buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" id: description: Unique identifier for the destination component. example: amazon-s3-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["datadog-agent-source"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array key_prefix: description: Optional prefix for object keys. type: string region: description: AWS region of the S3 bucket. example: "us-east-1" type: string storage_class: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3DestinationStorageClass" tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3DestinationType" required: - id - type - inputs - bucket - region - storage_class type: object x-pipeline-types: [logs] ObservabilityPipelineAmazonS3DestinationStorageClass: description: S3 storage class. enum: - STANDARD - REDUCED_REDUNDANCY - INTELLIGENT_TIERING - STANDARD_IA - EXPRESS_ONEZONE - ONEZONE_IA - GLACIER - GLACIER_IR - DEEP_ARCHIVE example: STANDARD type: string x-enum-varnames: - STANDARD - REDUCED_REDUNDANCY - INTELLIGENT_TIERING - STANDARD_IA - EXPRESS_ONEZONE - ONEZONE_IA - GLACIER - GLACIER_IR - DEEP_ARCHIVE ObservabilityPipelineAmazonS3DestinationType: default: amazon_s3 description: The destination type. Always `amazon_s3`. enum: - amazon_s3 example: amazon_s3 type: string x-enum-varnames: - AMAZON_S3 ObservabilityPipelineAmazonS3GenericBatchSettings: description: Event batching settings properties: batch_size: description: Maximum batch size in bytes. example: 100000000 format: int64 type: integer timeout_secs: description: Maximum number of seconds to wait before flushing the batch. example: 900 format: int64 type: integer type: object ObservabilityPipelineAmazonS3GenericCompression: description: Compression algorithm applied to encoded logs. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericCompressionZstd" - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericCompressionGzip" - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericCompressionSnappy" ObservabilityPipelineAmazonS3GenericCompressionGzip: description: Gzip compression. properties: algorithm: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericCompressionGzipType" level: description: Gzip compression level. example: 6 format: int64 type: integer required: - algorithm - level type: object ObservabilityPipelineAmazonS3GenericCompressionGzipType: default: gzip description: The compression type. Always `gzip`. enum: - gzip example: gzip type: string x-enum-varnames: - GZIP ObservabilityPipelineAmazonS3GenericCompressionSnappy: description: Snappy compression. properties: algorithm: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericCompressionSnappyType" required: - algorithm type: object ObservabilityPipelineAmazonS3GenericCompressionSnappyType: default: snappy description: The compression type. Always `snappy`. enum: - snappy example: snappy type: string x-enum-varnames: - SNAPPY ObservabilityPipelineAmazonS3GenericCompressionZstd: description: Zstd compression. properties: algorithm: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericCompressionZstdType" level: description: Zstd compression level. example: 3 format: int64 type: integer required: - algorithm - level type: object ObservabilityPipelineAmazonS3GenericCompressionZstdType: default: zstd description: The compression type. Always `zstd`. enum: - zstd example: zstd type: string x-enum-varnames: - ZSTD ObservabilityPipelineAmazonS3GenericDestination: description: |- The `amazon_s3_generic` destination sends your logs to an Amazon S3 bucket. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineAwsAuth" batch_settings: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericBatchSettings" bucket: description: S3 bucket name. example: "my-bucket" type: string compression: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericCompression" encoding: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericEncoding" id: description: Unique identifier for the destination component. example: generic-s3-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: A component ID referenced as an input source. type: string type: array key_prefix: description: Optional prefix for object keys. type: string region: description: AWS region of the S3 bucket. example: "us-east-1" type: string storage_class: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3DestinationStorageClass" type: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericDestinationType" required: - id - type - inputs - bucket - region - storage_class - encoding - compression type: object x-pipeline-types: [logs] ObservabilityPipelineAmazonS3GenericDestinationType: default: amazon_s3_generic description: The destination type. Always `amazon_s3_generic`. enum: - amazon_s3_generic example: amazon_s3_generic type: string x-enum-varnames: - GENERIC_ARCHIVES_S3 ObservabilityPipelineAmazonS3GenericEncoding: description: Encoding format for the destination. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericEncodingJson" - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericEncodingParquet" ObservabilityPipelineAmazonS3GenericEncodingJson: description: JSON encoding. properties: type: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericEncodingJsonType" required: - type type: object ObservabilityPipelineAmazonS3GenericEncodingJsonType: default: json description: The encoding type. Always `json`. enum: - json example: json type: string x-enum-varnames: - JSON ObservabilityPipelineAmazonS3GenericEncodingParquet: description: Parquet encoding. properties: type: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericEncodingParquetType" required: - type type: object ObservabilityPipelineAmazonS3GenericEncodingParquetType: default: parquet description: The encoding type. Always `parquet`. enum: - parquet example: parquet type: string x-enum-varnames: - PARQUET ObservabilityPipelineAmazonS3Source: description: |- The `amazon_s3` source ingests logs from an Amazon S3 bucket. It supports AWS authentication, TLS encryption, and configurable compression. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineAwsAuth" compression: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3SourceCompression" id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: aws-s3-source type: string region: description: AWS region where the S3 bucket resides. example: us-east-1 type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineAmazonS3SourceType" url_key: description: Name of the environment variable or secret that holds the S3 bucket URL. example: S3_BUCKET_URL type: string required: - id - type - region type: object x-pipeline-types: [logs] ObservabilityPipelineAmazonS3SourceCompression: description: Compression format for objects retrieved from the S3 bucket. Use `auto` to detect compression from the object's Content-Encoding header or file extension. enum: - auto - none - gzip - zstd example: gzip type: string x-enum-varnames: - AUTO - NONE - GZIP - ZSTD ObservabilityPipelineAmazonS3SourceType: default: amazon_s3 description: The source type. Always `amazon_s3`. enum: - amazon_s3 example: amazon_s3 type: string x-enum-varnames: - AMAZON_S3 ObservabilityPipelineAmazonSecurityLakeDestination: description: |- The `amazon_security_lake` destination sends your logs to Amazon Security Lake. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineAwsAuth" bucket: description: Name of the Amazon S3 bucket in Security Lake (3-63 characters). example: "security-lake-bucket" type: string buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" custom_source_name: description: Custom source name for the logs in Security Lake. example: "my-custom-source" type: string id: description: Unique identifier for the destination component. example: amazon-security-lake-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array region: description: AWS region of the S3 bucket. example: "us-east-1" type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineAmazonSecurityLakeDestinationType" required: - id - type - inputs - bucket - region - custom_source_name type: object x-pipeline-types: [logs] ObservabilityPipelineAmazonSecurityLakeDestinationType: default: amazon_security_lake description: The destination type. Always `amazon_security_lake`. enum: - amazon_security_lake example: amazon_security_lake type: string x-enum-varnames: - AMAZON_SECURITY_LAKE ObservabilityPipelineAwsAuth: description: |- AWS authentication credentials used for accessing AWS services such as S3. If omitted, the system’s default credentials are used (for example, the IAM role and environment variables). properties: assume_role: description: The Amazon Resource Name (ARN) of the role to assume. type: string external_id: description: A unique identifier for cross-account role assumption. type: string session_name: description: A session identifier used for logging and tracing the assumed role session. type: string type: object ObservabilityPipelineBufferOptions: description: Configuration for buffer settings on destination components. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineDiskBufferOptions" - $ref: "#/components/schemas/ObservabilityPipelineMemoryBufferOptions" - $ref: "#/components/schemas/ObservabilityPipelineMemoryBufferSizeOptions" ObservabilityPipelineBufferOptionsDiskType: default: disk description: The type of the buffer that will be configured, a disk buffer. enum: - disk type: string x-enum-varnames: - DISK ObservabilityPipelineBufferOptionsMemoryType: default: memory description: The type of the buffer that will be configured, a memory buffer. enum: - memory type: string x-enum-varnames: - MEMORY ObservabilityPipelineBufferOptionsWhenFull: default: block description: Behavior when the buffer is full (block and stop accepting new events, or drop new events) enum: - block - drop_newest type: string x-enum-varnames: - BLOCK - DROP_NEWEST ObservabilityPipelineCloudPremDestination: description: |- The `cloud_prem` destination sends logs to Datadog CloudPrem. **Supported pipeline types:** logs properties: endpoint_url_key: description: Name of the environment variable or secret that holds the CloudPrem endpoint URL. example: CLOUDPREM_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: cloud-prem-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array type: $ref: "#/components/schemas/ObservabilityPipelineCloudPremDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs] ObservabilityPipelineCloudPremDestinationType: default: cloud_prem description: The destination type. The value should always be `cloud_prem`. enum: - cloud_prem example: cloud_prem type: string x-enum-varnames: - CLOUD_PREM ObservabilityPipelineComponentDisplayName: description: The display name for a component. example: "my component" type: string ObservabilityPipelineConfig: description: Specifies the pipeline's configuration, including its sources, processors, and destinations. properties: destinations: description: A list of destination components where processed logs are sent. example: [{"id": "datadog-logs-destination", "inputs": ["my-processor-group"], "type": "datadog_logs"}] items: $ref: "#/components/schemas/ObservabilityPipelineConfigDestinationItem" type: array pipeline_type: $ref: "#/components/schemas/ObservabilityPipelineConfigPipelineType" processor_groups: description: A list of processor groups that transform or enrich log data. example: [{"enabled": true, "id": "my-processor-group", "include": "service:my-service", "inputs": ["datadog-agent-source"], "processors": [{"enabled": true, "id": "filter-processor", "include": "status:error", "type": "filter"}, {"enabled": true, "field": "message", "id": "json-processor", "include": "*", "type": "parse_json"}]}] items: $ref: "#/components/schemas/ObservabilityPipelineConfigProcessorGroup" type: array processors: deprecated: true description: |- A list of processor groups that transform or enrich log data. **Deprecated:** This field is deprecated, you should now use the processor_groups field. example: [] items: $ref: "#/components/schemas/ObservabilityPipelineConfigProcessorGroup" type: array sources: description: A list of configured data sources for the pipeline. example: [{"id": "datadog-agent-source", "type": "datadog_agent"}] items: $ref: "#/components/schemas/ObservabilityPipelineConfigSourceItem" type: array use_legacy_search_syntax: description: |- Set to `true` to continue using the legacy search syntax while migrating filter queries. After migrating all queries to the new syntax, set to `false`. The legacy syntax is deprecated and will eventually be removed. Requires Observability Pipelines Worker 2.11 or later. Only applies to `logs` pipelines. This field is ignored for `metrics` pipelines. See [Upgrade Your Filter Queries to the New Search Syntax](https://docs.datadoghq.com/observability_pipelines/guide/upgrade_your_filter_queries_to_the_new_search_syntax/) for more information. type: boolean required: - sources - destinations type: object ObservabilityPipelineConfigDestinationItem: description: "A destination for the pipeline." oneOf: - $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestination" - $ref: "#/components/schemas/ObservabilityPipelineHttpClientDestination" - $ref: "#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestination" - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3Destination" - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3GenericDestination" - $ref: "#/components/schemas/ObservabilityPipelineAmazonSecurityLakeDestination" - $ref: "#/components/schemas/AzureStorageDestination" - $ref: "#/components/schemas/ObservabilityPipelineCloudPremDestination" - $ref: "#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestination" - $ref: "#/components/schemas/ObservabilityPipelineDatadogLogsDestination" - $ref: "#/components/schemas/ObservabilityPipelineGoogleChronicleDestination" - $ref: "#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestination" - $ref: "#/components/schemas/ObservabilityPipelineGooglePubSubDestination" - $ref: "#/components/schemas/ObservabilityPipelineKafkaDestination" - $ref: "#/components/schemas/MicrosoftSentinelDestination" - $ref: "#/components/schemas/ObservabilityPipelineNewRelicDestination" - $ref: "#/components/schemas/ObservabilityPipelineOpenSearchDestination" - $ref: "#/components/schemas/ObservabilityPipelineRsyslogDestination" - $ref: "#/components/schemas/ObservabilityPipelineSentinelOneDestination" - $ref: "#/components/schemas/ObservabilityPipelineSocketDestination" - $ref: "#/components/schemas/ObservabilityPipelineSplunkHecDestination" - $ref: "#/components/schemas/ObservabilityPipelineSumoLogicDestination" - $ref: "#/components/schemas/ObservabilityPipelineSyslogNgDestination" - $ref: "#/components/schemas/ObservabilityPipelineDatabricksZerobusDestination" - $ref: "#/components/schemas/ObservabilityPipelineDatadogMetricsDestination" ObservabilityPipelineConfigPipelineType: default: logs description: The type of data being ingested. Defaults to `logs` if not specified. enum: [logs, metrics] example: logs type: string x-enum-varnames: - LOGS - METRICS ObservabilityPipelineConfigProcessorGroup: description: "A group of processors." example: {"enabled": true, "id": "my-processor-group", "include": "service:my-service", "inputs": ["datadog-agent-source"], "processors": [{"enabled": true, "fields": [{"name": "env", "value": "prod"}], "id": "add-fields-processor", "include": "*", "type": "add_fields"}, {"enabled": true, "id": "filter-processor", "include": "status:error", "type": "filter"}]} properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Whether this processor group is enabled. example: true type: boolean id: description: The unique identifier for the processor group. example: "grouped-processors" type: string include: description: Conditional expression for when this processor group should execute. example: "service:my-service" type: string inputs: description: A list of IDs for components whose output is used as the input for this processor group. example: ["datadog-agent-source"] items: description: The ID of a component whose output is used as input. type: string type: array processors: description: Processors applied sequentially within this group. Events flow through each processor in order. example: [{"enabled": true, "fields": [{"name": "env", "value": "prod"}], "id": "add-fields-processor", "include": "*", "type": "add_fields"}, {"enabled": true, "id": "filter-processor", "include": "status:error", "type": "filter"}] items: $ref: "#/components/schemas/ObservabilityPipelineConfigProcessorItem" type: array required: - id - include - inputs - processors - enabled type: object ObservabilityPipelineConfigProcessorItem: description: "A processor for the pipeline." oneOf: - $ref: "#/components/schemas/ObservabilityPipelineFilterProcessor" - $ref: "#/components/schemas/ObservabilityPipelineAddEnvVarsProcessor" - $ref: "#/components/schemas/ObservabilityPipelineAddFieldsProcessor" - $ref: "#/components/schemas/ObservabilityPipelineAddHostnameProcessor" - $ref: "#/components/schemas/ObservabilityPipelineCustomProcessor" - $ref: "#/components/schemas/ObservabilityPipelineDatadogTagsProcessor" - $ref: "#/components/schemas/ObservabilityPipelineDedupeProcessor" - $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableProcessor" - $ref: "#/components/schemas/ObservabilityPipelineGenerateMetricsProcessor" - $ref: "#/components/schemas/ObservabilityPipelineOcsfMapperProcessor" - $ref: "#/components/schemas/ObservabilityPipelineParseGrokProcessor" - $ref: "#/components/schemas/ObservabilityPipelineParseJSONProcessor" - $ref: "#/components/schemas/ObservabilityPipelineParseXMLProcessor" - $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessor" - $ref: "#/components/schemas/ObservabilityPipelineReduceProcessor" - $ref: "#/components/schemas/ObservabilityPipelineRemoveFieldsProcessor" - $ref: "#/components/schemas/ObservabilityPipelineRenameFieldsProcessor" - $ref: "#/components/schemas/ObservabilityPipelineSampleProcessor" - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessor" - $ref: "#/components/schemas/ObservabilityPipelineSplitArrayProcessor" - $ref: "#/components/schemas/ObservabilityPipelineThrottleProcessor" - $ref: "#/components/schemas/ObservabilityPipelineMetricTagsProcessor" ObservabilityPipelineConfigSourceItem: description: "A data source for the pipeline." oneOf: - $ref: "#/components/schemas/ObservabilityPipelineDatadogAgentSource" - $ref: "#/components/schemas/ObservabilityPipelineAmazonDataFirehoseSource" - $ref: "#/components/schemas/ObservabilityPipelineAmazonS3Source" - $ref: "#/components/schemas/ObservabilityPipelineFluentBitSource" - $ref: "#/components/schemas/ObservabilityPipelineFluentdSource" - $ref: "#/components/schemas/ObservabilityPipelineGooglePubSubSource" - $ref: "#/components/schemas/ObservabilityPipelineHttpClientSource" - $ref: "#/components/schemas/ObservabilityPipelineHttpServerSource" - $ref: "#/components/schemas/ObservabilityPipelineKafkaSource" - $ref: "#/components/schemas/ObservabilityPipelineLogstashSource" - $ref: "#/components/schemas/ObservabilityPipelineRsyslogSource" - $ref: "#/components/schemas/ObservabilityPipelineSocketSource" - $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSource" - $ref: "#/components/schemas/ObservabilityPipelineSplunkTcpSource" - $ref: "#/components/schemas/ObservabilityPipelineSumoLogicSource" - $ref: "#/components/schemas/ObservabilityPipelineSyslogNgSource" - $ref: "#/components/schemas/ObservabilityPipelineOpentelemetrySource" ObservabilityPipelineCrowdStrikeNextGenSiemDestination: description: |- The `crowdstrike_next_gen_siem` destination forwards logs to CrowdStrike Next Gen SIEM. **Supported pipeline types:** logs properties: buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" compression: $ref: "#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestinationCompression" encoding: $ref: "#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestinationEncoding" endpoint_url_key: description: Name of the environment variable or secret that holds the CrowdStrike endpoint URL. example: CROWDSTRIKE_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: crowdstrike-ngsiem-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array tls: $ref: "#/components/schemas/ObservabilityPipelineTls" token_key: description: Name of the environment variable or secret that holds the CrowdStrike API token. example: CROWDSTRIKE_TOKEN type: string type: $ref: "#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestinationType" required: - id - type - inputs - encoding type: object x-pipeline-types: [logs] ObservabilityPipelineCrowdStrikeNextGenSiemDestinationCompression: description: Compression configuration for log events. properties: algorithm: $ref: "#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestinationCompressionAlgorithm" level: description: Compression level. example: 6 format: int64 type: integer required: - algorithm type: object ObservabilityPipelineCrowdStrikeNextGenSiemDestinationCompressionAlgorithm: description: Compression algorithm for log events. enum: - gzip - zlib example: gzip type: string x-enum-varnames: - GZIP - ZLIB ObservabilityPipelineCrowdStrikeNextGenSiemDestinationEncoding: description: Encoding format for log events. enum: - json - raw_message example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineCrowdStrikeNextGenSiemDestinationType: default: crowdstrike_next_gen_siem description: The destination type. The value should always be `crowdstrike_next_gen_siem`. enum: - crowdstrike_next_gen_siem example: crowdstrike_next_gen_siem type: string x-enum-varnames: - CROWDSTRIKE_NEXT_GEN_SIEM ObservabilityPipelineCustomProcessor: description: |- The `custom_processor` processor transforms events using [Vector Remap Language (VRL)](https://vector.dev/docs/reference/vrl/) scripts with advanced filtering capabilities. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this processor. example: remap-vrl-processor type: string include: default: "*" description: A Datadog search query used to determine which logs this processor targets. This field should always be set to `*` for the custom_processor processor. example: "*" type: string remaps: description: Array of VRL remap rules. items: $ref: "#/components/schemas/ObservabilityPipelineCustomProcessorRemap" minItems: 1 type: array type: $ref: "#/components/schemas/ObservabilityPipelineCustomProcessorType" required: - id - type - include - remaps - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineCustomProcessorRemap: description: Defines a single VRL remap rule with its own filtering and transformation logic. properties: drop_on_error: description: Whether to drop events that caused errors during processing. example: false type: boolean enabled: description: Whether this remap rule is enabled. example: true type: boolean include: description: A Datadog search query used to filter events for this specific remap rule. example: "service:web" type: string name: description: A descriptive name for this remap rule. example: "Parse JSON from message field" type: string source: description: The VRL script source code that defines the processing logic. example: ". = parse_json!(.message)" type: string required: - include - name - source - drop_on_error type: object ObservabilityPipelineCustomProcessorType: default: custom_processor description: The processor type. The value should always be `custom_processor`. enum: - custom_processor example: custom_processor type: string x-enum-varnames: - CUSTOM_PROCESSOR ObservabilityPipelineData: description: Contains the pipeline’s ID, type, and configuration attributes. properties: attributes: $ref: "#/components/schemas/ObservabilityPipelineDataAttributes" id: description: Unique identifier for the pipeline. example: 3fa85f64-5717-4562-b3fc-2c963f66afa6 type: string type: default: pipelines description: The resource type identifier. For pipeline resources, this should always be set to `pipelines`. example: pipelines type: string required: - id - type - attributes type: object ObservabilityPipelineDataAttributes: description: Defines the pipeline’s name and its components (sources, processors, and destinations). properties: config: $ref: "#/components/schemas/ObservabilityPipelineConfig" name: description: Name of the pipeline. example: Main Observability Pipeline type: string required: - name - config type: object ObservabilityPipelineDatabricksZerobusDestination: description: |- The `databricks_zerobus` destination sends logs to Databricks using the Zerobus ingestion API, streaming data directly into your Databricks Lakehouse. **Supported pipeline types:** Logs, rehydration properties: auth: $ref: "#/components/schemas/ObservabilityPipelineDatabricksZerobusDestinationAuth" buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" id: description: The unique identifier for this component. example: databricks-zerobus-destination type: string ingestion_endpoint: description: Your Databricks Zerobus ingestion endpoint. This is the endpoint used to stream data directly into your Databricks Lakehouse. example: https://my-workspace-id.zerobus.us-east-1.cloud.databricks.com type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array table_name: description: The fully qualified name of your target Databricks table. Make sure this table already exists in your Databricks workspace before deploying. example: catalog.schema.table type: string type: $ref: "#/components/schemas/ObservabilityPipelineDatabricksZerobusDestinationType" unity_catalog_endpoint: description: Your Databricks workspace URL. This is used to communicate with the Unity Catalog API. example: https://my-workspace.cloud.databricks.com type: string required: - id - type - inputs - ingestion_endpoint - table_name - unity_catalog_endpoint - auth type: object x-pipeline-types: [logs, rehydration] ObservabilityPipelineDatabricksZerobusDestinationAuth: description: OAuth credentials for authenticating with the Databricks Zerobus ingestion API. properties: client_id: description: Your service principal application ID (UUID). example: 9a8b7c6d-1234-5678-abcd-ef0123456789 type: string client_secret_key: description: Name of the environment variable or secret that holds the OAuth client secret used to authenticate with the Databricks ingestion endpoint. example: DD_OP_DESTINATION_DATABRICKS_ZEROBUS_OAUTH_CLIENT_SECRET type: string required: - client_id type: object ObservabilityPipelineDatabricksZerobusDestinationType: default: databricks_zerobus description: The destination type. The value must be `databricks_zerobus`. enum: - databricks_zerobus example: databricks_zerobus type: string x-enum-varnames: - DATABRICKS_ZEROBUS ObservabilityPipelineDatadogAgentSource: description: |- The `datadog_agent` source collects logs/metrics from the Datadog Agent. **Supported pipeline types:** logs, metrics properties: address_key: description: Name of the environment variable or secret that holds the listen address for the Datadog Agent source. example: DATADOG_AGENT_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "datadog-agent-source" type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineDatadogAgentSourceType" required: - id - type type: object x-pipeline-types: [logs, metrics] ObservabilityPipelineDatadogAgentSourceType: default: datadog_agent description: The source type. The value should always be `datadog_agent`. enum: - datadog_agent example: datadog_agent type: string x-enum-varnames: - DATADOG_AGENT ObservabilityPipelineDatadogLogsDestination: description: |- The `datadog_logs` destination forwards logs to Datadog Log Management. **Supported pipeline types:** logs properties: buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" id: description: The unique identifier for this component. example: "datadog-logs-destination" type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array routes: description: A list of routing rules that forward matching logs to Datadog using dedicated API keys. example: [{"api_key_key": "API_KEY_IDENTIFIER", "include": "service:api", "route_id": "datadog-logs-route-us1", "site": "us1"}] items: $ref: "#/components/schemas/ObservabilityPipelineDatadogLogsDestinationRoute" maxItems: 100 type: array type: $ref: "#/components/schemas/ObservabilityPipelineDatadogLogsDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs] ObservabilityPipelineDatadogLogsDestinationRoute: description: Defines how the `datadog_logs` destination routes matching logs to a Datadog site using a specific API key. properties: api_key_key: description: Name of the environment variable or secret that stores the Datadog API key used by this route. example: API_KEY_IDENTIFIER type: string include: description: A Datadog search query that determines which logs are forwarded using this route. example: service:api type: string route_id: description: Unique identifier for this route within the destination. example: datadog-logs-route-us type: string site: description: Datadog site where matching logs are sent (for example, `us1`). example: us1 type: string type: object ObservabilityPipelineDatadogLogsDestinationType: default: datadog_logs description: The destination type. The value should always be `datadog_logs`. enum: - datadog_logs example: datadog_logs type: string x-enum-varnames: - DATADOG_LOGS ObservabilityPipelineDatadogMetricsDestination: description: |- The `datadog_metrics` destination forwards metrics to Datadog. **Supported pipeline types:** metrics properties: id: description: The unique identifier for this component. example: datadog-metrics-destination type: string inputs: description: A list of component IDs whose output is used as the input for this component. example: ["metric-tags-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array type: $ref: "#/components/schemas/ObservabilityPipelineDatadogMetricsDestinationType" required: - id - type - inputs type: object x-pipeline-types: [metrics] ObservabilityPipelineDatadogMetricsDestinationType: default: datadog_metrics description: The destination type. The value should always be `datadog_metrics`. enum: - datadog_metrics example: datadog_metrics type: string x-enum-varnames: - DATADOG_METRICS ObservabilityPipelineDatadogTagsProcessor: description: |- The `datadog_tags` processor includes or excludes specific Datadog tags in your logs. **Supported pipeline types:** logs properties: action: $ref: "#/components/schemas/ObservabilityPipelineDatadogTagsProcessorAction" display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "datadog-tags-processor" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string keys: description: A list of tag keys. example: ["env", "service", "version"] items: description: A Datadog tag key to include or exclude. type: string type: array mode: $ref: "#/components/schemas/ObservabilityPipelineDatadogTagsProcessorMode" type: $ref: "#/components/schemas/ObservabilityPipelineDatadogTagsProcessorType" required: - id - type - include - mode - action - keys - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineDatadogTagsProcessorAction: description: The action to take on tags with matching keys. enum: - include - exclude example: include type: string x-enum-varnames: - INCLUDE - EXCLUDE ObservabilityPipelineDatadogTagsProcessorMode: description: The processing mode. enum: - filter example: filter type: string x-enum-varnames: - FILTER ObservabilityPipelineDatadogTagsProcessorType: default: datadog_tags description: The processor type. The value should always be `datadog_tags`. enum: - datadog_tags example: datadog_tags type: string x-enum-varnames: - DATADOG_TAGS ObservabilityPipelineDecoding: description: The decoding format used to interpret incoming logs. enum: - bytes - gelf - json - syslog example: json type: string x-enum-varnames: - DECODE_BYTES - DECODE_GELF - DECODE_JSON - DECODE_SYSLOG ObservabilityPipelineDedupeProcessor: description: |- The `dedupe` processor removes duplicate fields in log events. **Supported pipeline types:** logs properties: cache: $ref: "#/components/schemas/ObservabilityPipelineDedupeProcessorCache" display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean fields: description: A list of log field paths to check for duplicates. example: ["log.message", "log.error"] items: description: A log field path to evaluate for duplicate values. type: string type: array id: description: The unique identifier for this processor. example: dedupe-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string mode: $ref: "#/components/schemas/ObservabilityPipelineDedupeProcessorMode" type: $ref: "#/components/schemas/ObservabilityPipelineDedupeProcessorType" required: - id - type - include - fields - mode - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineDedupeProcessorCache: description: Configuration for the cache used to detect duplicates. properties: num_events: description: The number of events to cache for duplicate detection. example: 5000 format: int64 maximum: 1000000000 minimum: 1 type: integer required: - num_events type: object ObservabilityPipelineDedupeProcessorMode: description: The deduplication mode to apply to the fields. enum: - match - ignore example: match type: string x-enum-varnames: - MATCH - IGNORE ObservabilityPipelineDedupeProcessorType: default: dedupe description: The processor type. The value should always be `dedupe`. enum: - dedupe example: dedupe type: string x-enum-varnames: - DEDUPE ObservabilityPipelineDiskBufferOptions: description: Options for configuring a disk buffer. properties: max_size: description: Maximum size of the disk buffer. example: 4096 format: int64 type: integer type: $ref: "#/components/schemas/ObservabilityPipelineBufferOptionsDiskType" when_full: $ref: "#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull" required: - max_size type: object ObservabilityPipelineElasticsearchDestination: description: |- The `elasticsearch` destination writes logs or metrics to an Elasticsearch cluster. **Supported pipeline types:** logs, metrics properties: api_version: $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestinationApiVersion" auth: $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestinationAuth" buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" bulk_index: description: The name of the index to write events to in Elasticsearch. example: logs-index type: string compression: $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestinationCompression" data_stream: $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestinationDataStream" endpoint_url_key: description: Name of the environment variable or secret that holds the Elasticsearch endpoint URL. example: ELASTICSEARCH_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: "elasticsearch-destination" type: string id_key: description: The name of the field used as the document ID in Elasticsearch. example: id type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array pipeline: description: The name of an Elasticsearch ingest pipeline to apply to events before indexing. example: my-pipeline type: string request_retry_partial: description: When `true`, retries failed partial bulk requests when some events in a batch fail while others succeed. type: boolean tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs, metrics] ObservabilityPipelineElasticsearchDestinationApiVersion: description: The Elasticsearch API version to use. Set to `auto` to auto-detect. enum: [auto, v6, v7, v8] example: auto type: string x-enum-varnames: - AUTO - V6 - V7 - V8 ObservabilityPipelineElasticsearchDestinationAuth: description: |- Authentication settings for the Elasticsearch destination. When `strategy` is `basic`, use `username_key` and `password_key` to reference credentials stored in environment variables or secrets. properties: password_key: description: Name of the environment variable or secret that holds the Elasticsearch password (used when `strategy` is `basic`). example: ELASTICSEARCH_PASSWORD type: string strategy: $ref: "#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationAuthStrategy" username_key: description: Name of the environment variable or secret that holds the Elasticsearch username (used when `strategy` is `basic`). example: ELASTICSEARCH_USERNAME type: string required: - strategy type: object ObservabilityPipelineElasticsearchDestinationCompression: description: Compression configuration for the Elasticsearch destination. properties: algorithm: $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestinationCompressionAlgorithm" level: description: The compression level. Only applicable for `gzip`, `zlib`, and `zstd` algorithms. example: 6 format: int64 type: integer required: - algorithm type: object ObservabilityPipelineElasticsearchDestinationCompressionAlgorithm: description: The compression algorithm applied when sending data to Elasticsearch. enum: [none, gzip, zlib, zstd, snappy] example: gzip type: string x-enum-varnames: - NONE - GZIP - ZLIB - ZSTD - SNAPPY ObservabilityPipelineElasticsearchDestinationDataStream: description: Configuration options for writing to Elasticsearch Data Streams instead of a fixed index. properties: auto_routing: description: When `true`, automatically routes events to the appropriate data stream based on the event content. type: boolean dataset: description: The data stream dataset. This groups events by their source or application. type: string dtype: description: The data stream type. This determines how events are categorized within the data stream. type: string namespace: description: The data stream namespace. This separates events into different environments or domains. type: string sync_fields: description: When `true`, synchronizes data stream fields with the Elasticsearch index mapping. type: boolean type: object ObservabilityPipelineElasticsearchDestinationType: default: elasticsearch description: The destination type. The value should always be `elasticsearch`. enum: - elasticsearch example: elasticsearch type: string x-enum-varnames: - ELASTICSEARCH ObservabilityPipelineEnrichmentTableFieldEventLookup: description: Looks up a value from a field path in the log event. properties: event: description: The path to the field in the log event to use as the lookup key. example: log.user.id type: string required: - event type: object ObservabilityPipelineEnrichmentTableFieldSecretLookup: description: Looks up a value stored as a pipeline secret. properties: secret: description: The name of the secret containing the lookup key value. example: MY_LOOKUP_SECRET type: string required: - secret type: object ObservabilityPipelineEnrichmentTableFieldStringPath: description: A plain field path in the log event, used as the lookup key. example: log.user.id type: string ObservabilityPipelineEnrichmentTableFieldVrlLookup: description: Evaluates a VRL expression to produce the lookup key. properties: vrl: description: A VRL expression that returns the value to use as the lookup key. example: .log.user.id type: string required: - vrl type: object ObservabilityPipelineEnrichmentTableFile: description: Defines a static enrichment table loaded from a CSV file. properties: encoding: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFileEncoding" key: description: Key fields used to look up enrichment values. items: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFileKeyItems" type: array path: description: Path to the CSV file. example: /etc/enrichment/lookup.csv type: string schema: description: Schema defining column names and their types. items: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFileSchemaItems" type: array required: - encoding - key - path - schema type: object ObservabilityPipelineEnrichmentTableFileEncoding: description: File encoding format. properties: delimiter: description: The `encoding` `delimiter`. example: "," type: string includes_headers: description: The `encoding` `includes_headers`. example: true type: boolean type: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFileEncodingType" required: - type - delimiter - includes_headers type: object ObservabilityPipelineEnrichmentTableFileEncodingType: description: Specifies the encoding format (e.g., CSV) used for enrichment tables. enum: [csv] example: csv type: string x-enum-varnames: - CSV ObservabilityPipelineEnrichmentTableFileKeyItemField: description: |- Specifies the source of the key value used for enrichment table lookups. Can be a plain field path string or an object specifying `event`, `vrl`, or `secret`. example: log.user.id oneOf: - $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFieldStringPath" - $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFieldEventLookup" - $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFieldVrlLookup" - $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFieldSecretLookup" ObservabilityPipelineEnrichmentTableFileKeyItems: description: Defines how to map log fields to enrichment table columns during lookups. properties: column: description: The `items` `column`. example: user_id type: string comparison: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFileKeyItemsComparison" field: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFileKeyItemField" required: - column - comparison - field type: object ObservabilityPipelineEnrichmentTableFileKeyItemsComparison: description: Defines how to compare key fields for enrichment table lookups. enum: [equals] example: equals type: string x-enum-varnames: - EQUALS ObservabilityPipelineEnrichmentTableFileSchemaItems: description: Describes a single column and its type in an enrichment table schema. properties: column: description: The `items` `column`. example: region type: string type: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFileSchemaItemsType" required: - column - type type: object ObservabilityPipelineEnrichmentTableFileSchemaItemsType: description: Declares allowed data types for enrichment table columns. enum: [string, boolean, integer, float, date, timestamp] example: string type: string x-enum-varnames: - STRING - BOOLEAN - INTEGER - FLOAT - DATE - TIMESTAMP ObservabilityPipelineEnrichmentTableGeoIp: description: Uses a GeoIP database to enrich logs based on an IP field. properties: key_field: description: Path to the IP field in the log. example: log.source.ip type: string locale: description: Locale used to resolve geographical names. example: en type: string path: description: Path to the GeoIP database file. example: /etc/geoip/GeoLite2-City.mmdb type: string required: - key_field - locale - path type: object ObservabilityPipelineEnrichmentTableProcessor: description: |- The `enrichment_table` processor enriches logs using a static CSV file, GeoIP database, or reference table. Exactly one of `file`, `geoip`, or `reference_table` must be configured. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean file: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableFile" geoip: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableGeoIp" id: description: The unique identifier for this processor. example: enrichment-table-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: source:my-source type: string reference_table: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableReferenceTable" target: description: Path where enrichment results should be stored in the log. example: enriched.geoip type: string type: $ref: "#/components/schemas/ObservabilityPipelineEnrichmentTableProcessorType" required: - id - type - include - target - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineEnrichmentTableProcessorType: default: enrichment_table description: The processor type. The value should always be `enrichment_table`. enum: - enrichment_table example: enrichment_table type: string x-enum-varnames: - ENRICHMENT_TABLE ObservabilityPipelineEnrichmentTableReferenceTable: description: Uses a Datadog reference table to enrich logs. properties: app_key_key: description: Name of the environment variable or secret that holds the Datadog application key used to access the reference table. example: DD_APP_KEY type: string columns: description: List of column names to include from the reference table. If not provided, all columns are included. items: description: The name of a column to include from the reference table. type: string type: array key_field: description: Path to the field in the log event to match against the reference table. example: log.user.id type: string table_id: description: The unique identifier of the reference table. example: 550e8400-e29b-41d4-a716-446655440000 type: string required: - key_field - table_id type: object ObservabilityPipelineFieldValue: description: Represents a static key-value pair used in various processors. properties: name: description: The field name. example: "field_name" type: string value: description: The field value. example: "field_value" type: string required: - name - value type: object ObservabilityPipelineFilterProcessor: description: |- The `filter` processor allows conditional processing of logs/metrics based on a Datadog search query. Logs/metrics that match the `include` query are passed through; others are discarded. **Supported pipeline types:** logs, metrics properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "filter-processor" type: string include: description: A Datadog search query used to determine which logs/metrics should pass through the filter. Logs/metrics that match this query continue to downstream components; others are dropped. example: "service:my-service" type: string type: $ref: "#/components/schemas/ObservabilityPipelineFilterProcessorType" required: - id - type - include - enabled type: object x-pipeline-types: [logs, metrics] ObservabilityPipelineFilterProcessorType: default: filter description: The processor type. The value should always be `filter`. enum: - filter example: filter type: string x-enum-varnames: - FILTER ObservabilityPipelineFluentBitSource: description: |- The `fluent_bit` source ingests logs from Fluent Bit. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the Fluent Bit receiver. example: FLUENT_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "fluent-source" type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineFluentBitSourceType" required: - id - type type: object x-pipeline-types: [logs] ObservabilityPipelineFluentBitSourceType: default: fluent_bit description: The source type. The value should always be `fluent_bit`. enum: - fluent_bit example: fluent_bit type: string x-enum-varnames: - FLUENT_BIT ObservabilityPipelineFluentdSource: description: |- The `fluentd` source ingests logs from a Fluentd-compatible service. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the Fluent receiver. example: FLUENT_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "fluent-source" type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineFluentdSourceType" required: - id - type type: object x-pipeline-types: [logs] ObservabilityPipelineFluentdSourceType: default: fluentd description: The source type. The value should always be `fluentd. enum: - fluentd example: fluentd type: string x-enum-varnames: - FLUENTD ObservabilityPipelineGcpAuth: description: |- Google Cloud credentials used to authenticate with Google Cloud Storage. properties: credentials_file: description: Path to the Google Cloud service account key file. example: /var/secrets/gcp-credentials.json type: string required: - credentials_file type: object ObservabilityPipelineGenerateMetricsProcessor: description: |- The `generate_datadog_metrics` processor creates custom metrics from logs and sends them to Datadog. Metrics can be counters, gauges, or distributions and optionally grouped by log fields. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline. example: generate-metrics-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string metrics: description: Configuration for generating individual metrics. items: $ref: "#/components/schemas/ObservabilityPipelineGeneratedMetric" type: array type: $ref: "#/components/schemas/ObservabilityPipelineGenerateMetricsProcessorType" required: - id - type - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineGenerateMetricsProcessorType: default: generate_datadog_metrics description: The processor type. Always `generate_datadog_metrics`. enum: - generate_datadog_metrics example: generate_datadog_metrics type: string x-enum-varnames: - GENERATE_DATADOG_METRICS ObservabilityPipelineGeneratedMetric: description: |- Defines a log-based custom metric, including its name, type, filter, value computation strategy, and optional grouping fields. properties: group_by: description: Optional fields used to group the metric series. example: ["service", "env"] items: description: A log field name used to group the metric series. type: string type: array include: description: Datadog filter query to match logs for metric generation. example: service:billing type: string metric_type: $ref: "#/components/schemas/ObservabilityPipelineGeneratedMetricMetricType" name: description: Name of the custom metric to be created. example: logs.processed type: string value: $ref: "#/components/schemas/ObservabilityPipelineMetricValue" required: - name - include - metric_type - value type: object ObservabilityPipelineGeneratedMetricIncrementByField: description: Strategy that increments a generated metric based on the value of a log field. properties: field: description: Name of the log field containing the numeric value to increment the metric by. example: "errors" type: string strategy: $ref: "#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByFieldStrategy" required: - strategy - field type: object ObservabilityPipelineGeneratedMetricIncrementByFieldStrategy: description: Uses a numeric field in the log event as the metric increment. enum: - increment_by_field example: increment_by_field type: string x-enum-varnames: - INCREMENT_BY_FIELD ObservabilityPipelineGeneratedMetricIncrementByOne: description: Strategy that increments a generated metric by one for each matching event. properties: strategy: $ref: "#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByOneStrategy" required: - strategy type: object ObservabilityPipelineGeneratedMetricIncrementByOneStrategy: description: Increments the metric by 1 for each matching event. enum: - increment_by_one example: increment_by_one type: string x-enum-varnames: - INCREMENT_BY_ONE ObservabilityPipelineGeneratedMetricMetricType: description: Type of metric to create. enum: - count - gauge - distribution example: count type: string x-enum-varnames: - COUNT - GAUGE - DISTRIBUTION ObservabilityPipelineGoogleChronicleDestination: description: |- The `google_chronicle` destination sends logs to Google Chronicle. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineGcpAuth" buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" customer_id: description: The Google Chronicle customer ID. example: abcdefg123456789 type: string encoding: $ref: "#/components/schemas/ObservabilityPipelineGoogleChronicleDestinationEncoding" endpoint_url_key: description: Name of the environment variable or secret that holds the Google Chronicle endpoint URL. example: CHRONICLE_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: google-chronicle-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["parse-json-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array log_type: description: The log type metadata associated with the Chronicle destination. example: nginx_logs type: string type: $ref: "#/components/schemas/ObservabilityPipelineGoogleChronicleDestinationType" required: - id - type - inputs - customer_id type: object x-pipeline-types: [logs] ObservabilityPipelineGoogleChronicleDestinationEncoding: description: The encoding format for the logs sent to Chronicle. enum: - json - raw_message example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineGoogleChronicleDestinationType: default: google_chronicle description: The destination type. The value should always be `google_chronicle`. enum: - google_chronicle example: google_chronicle type: string x-enum-varnames: - GOOGLE_CHRONICLE ObservabilityPipelineGoogleCloudStorageDestination: description: |- The `google_cloud_storage` destination stores logs in a Google Cloud Storage (GCS) bucket. It requires a bucket name, Google Cloud authentication, and metadata fields. **Supported pipeline types:** logs properties: acl: $ref: "#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestinationAcl" auth: $ref: "#/components/schemas/ObservabilityPipelineGcpAuth" bucket: description: Name of the GCS bucket. example: "error-logs" type: string buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" id: description: Unique identifier for the destination component. example: gcs-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["datadog-agent-source"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array key_prefix: description: Optional prefix for object keys within the GCS bucket. type: string metadata: description: Custom metadata to attach to each object uploaded to the GCS bucket. items: $ref: "#/components/schemas/ObservabilityPipelineMetadataEntry" type: array storage_class: $ref: "#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestinationStorageClass" type: $ref: "#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestinationType" required: - id - type - inputs - bucket - storage_class type: object x-pipeline-types: [logs] ObservabilityPipelineGoogleCloudStorageDestinationAcl: description: Access control list setting for objects written to the bucket. enum: - private - project-private - public-read - authenticated-read - bucket-owner-read - bucket-owner-full-control example: private type: string x-enum-varnames: - PRIVATE - PROJECTNOT_PRIVATE - PUBLICNOT_READ - AUTHENTICATEDNOT_READ - BUCKETNOT_OWNERNOT_READ - BUCKETNOT_OWNERNOT_FULLNOT_CONTROL ObservabilityPipelineGoogleCloudStorageDestinationStorageClass: description: Storage class used for objects stored in GCS. enum: - STANDARD - NEARLINE - COLDLINE - ARCHIVE example: STANDARD type: string x-enum-varnames: - STANDARD - NEARLINE - COLDLINE - ARCHIVE ObservabilityPipelineGoogleCloudStorageDestinationType: default: google_cloud_storage description: The destination type. Always `google_cloud_storage`. enum: - google_cloud_storage example: google_cloud_storage type: string x-enum-varnames: - GOOGLE_CLOUD_STORAGE ObservabilityPipelineGooglePubSubDestination: description: |- The `google_pubsub` destination publishes logs to a Google Cloud Pub/Sub topic. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineGcpAuth" buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" encoding: $ref: "#/components/schemas/ObservabilityPipelineGooglePubSubDestinationEncoding" endpoint_url_key: description: Name of the environment variable or secret that holds the Google Cloud Pub/Sub endpoint URL. example: GCP_PUBSUB_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: google-pubsub-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array project: description: The Google Cloud project ID that owns the Pub/Sub topic. example: my-gcp-project type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" topic: description: The Pub/Sub topic name to publish logs to. example: logs-subscription type: string type: $ref: "#/components/schemas/ObservabilityPipelineGooglePubSubDestinationType" required: - id - type - inputs - encoding - project - topic type: object x-pipeline-types: [logs] ObservabilityPipelineGooglePubSubDestinationEncoding: description: Encoding format for log events. enum: - json - raw_message example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineGooglePubSubDestinationType: default: google_pubsub description: The destination type. The value should always be `google_pubsub`. enum: - google_pubsub example: google_pubsub type: string x-enum-varnames: - GOOGLE_PUBSUB ObservabilityPipelineGooglePubSubSource: description: |- The `google_pubsub` source ingests logs from a Google Cloud Pub/Sub subscription. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineGcpAuth" decoding: $ref: "#/components/schemas/ObservabilityPipelineDecoding" id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: google-pubsub-source type: string project: description: The Google Cloud project ID that owns the Pub/Sub subscription. example: my-gcp-project type: string subscription: description: The Pub/Sub subscription name from which messages are consumed. example: logs-subscription type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineGooglePubSubSourceType" required: - id - type - decoding - project - subscription type: object x-pipeline-types: [logs] ObservabilityPipelineGooglePubSubSourceType: default: google_pubsub description: The source type. The value should always be `google_pubsub`. enum: [google_pubsub] example: google_pubsub type: string x-enum-varnames: [GOOGLE_PUBSUB] ObservabilityPipelineHttpClientDestination: description: |- The `http_client` destination sends data to an HTTP endpoint. **Supported pipeline types:** logs, metrics properties: auth_strategy: $ref: "#/components/schemas/ObservabilityPipelineHttpClientDestinationAuthStrategy" compression: $ref: "#/components/schemas/ObservabilityPipelineHttpClientDestinationCompression" custom_key: description: Name of the environment variable or secret that holds a custom header value (used with custom auth strategies). example: HTTP_AUTH_CUSTOM_HEADER type: string encoding: $ref: "#/components/schemas/ObservabilityPipelineHttpClientDestinationEncoding" id: description: The unique identifier for this component. example: http-client-destination type: string inputs: description: A list of component IDs whose output is used as the input for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array password_key: description: Name of the environment variable or secret that holds the password (used when `auth_strategy` is `basic`). example: HTTP_AUTH_PASSWORD type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" token_key: description: Name of the environment variable or secret that holds the bearer token (used when `auth_strategy` is `bearer`). example: HTTP_AUTH_TOKEN type: string type: $ref: "#/components/schemas/ObservabilityPipelineHttpClientDestinationType" uri_key: description: Name of the environment variable or secret that holds the HTTP endpoint URI. example: HTTP_DESTINATION_URI type: string username_key: description: Name of the environment variable or secret that holds the username (used when `auth_strategy` is `basic`). example: HTTP_AUTH_USERNAME type: string required: - id - type - inputs - encoding type: object x-pipeline-types: [logs, metrics] ObservabilityPipelineHttpClientDestinationAuthStrategy: description: HTTP authentication strategy. enum: [none, basic, bearer] example: basic type: string x-enum-varnames: - NONE - BASIC - BEARER ObservabilityPipelineHttpClientDestinationCompression: description: Compression configuration for HTTP requests. properties: algorithm: $ref: "#/components/schemas/ObservabilityPipelineHttpClientDestinationCompressionAlgorithm" required: - algorithm type: object ObservabilityPipelineHttpClientDestinationCompressionAlgorithm: description: Compression algorithm. enum: [gzip] example: gzip type: string x-enum-varnames: - GZIP ObservabilityPipelineHttpClientDestinationEncoding: description: Encoding format for log events. enum: [json] example: json type: string x-enum-varnames: - JSON ObservabilityPipelineHttpClientDestinationType: default: http_client description: The destination type. The value should always be `http_client`. enum: [http_client] example: http_client type: string x-enum-varnames: - HTTP_CLIENT ObservabilityPipelineHttpClientSource: description: |- The `http_client` source scrapes logs from HTTP endpoints at regular intervals. **Supported pipeline types:** logs properties: auth_strategy: $ref: "#/components/schemas/ObservabilityPipelineHttpClientSourceAuthStrategy" custom_key: description: Name of the environment variable or secret that holds a custom header value (used with custom auth strategies). example: HTTP_AUTH_CUSTOM_HEADER type: string decoding: $ref: "#/components/schemas/ObservabilityPipelineDecoding" endpoint_url_key: description: Name of the environment variable or secret that holds the HTTP endpoint URL to scrape. example: HTTP_ENDPOINT_URL type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: http-client-source type: string password_key: description: Name of the environment variable or secret that holds the password (used when `auth_strategy` is `basic`). example: HTTP_AUTH_PASSWORD type: string scrape_interval_secs: description: The interval (in seconds) between HTTP scrape requests. example: 60 format: int64 type: integer scrape_timeout_secs: description: The timeout (in seconds) for each scrape request. example: 10 format: int64 type: integer tls: $ref: "#/components/schemas/ObservabilityPipelineTls" token_key: description: Name of the environment variable or secret that holds the bearer token (used when `auth_strategy` is `bearer`). example: HTTP_AUTH_TOKEN type: string type: $ref: "#/components/schemas/ObservabilityPipelineHttpClientSourceType" username_key: description: Name of the environment variable or secret that holds the username (used when `auth_strategy` is `basic`). example: HTTP_AUTH_USERNAME type: string required: - id - type - decoding type: object x-pipeline-types: [logs] ObservabilityPipelineHttpClientSourceAuthStrategy: description: Optional authentication strategy for HTTP requests. enum: [none, basic, bearer, custom] example: basic type: string x-enum-varnames: - NONE - BASIC - BEARER - CUSTOM ObservabilityPipelineHttpClientSourceType: default: http_client description: The source type. The value should always be `http_client`. enum: [http_client] example: http_client type: string x-enum-varnames: [HTTP_CLIENT] ObservabilityPipelineHttpServerSource: description: |- The `http_server` source collects logs over HTTP POST from external services. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the HTTP server. example: HTTP_SERVER_ADDRESS type: string auth_strategy: $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceAuthStrategy" custom_key: description: Name of the environment variable or secret that holds a custom header value (used with custom auth strategies). example: HTTP_AUTH_CUSTOM_HEADER type: string decoding: $ref: "#/components/schemas/ObservabilityPipelineDecoding" id: description: Unique ID for the HTTP server source. example: "http-server-source" type: string password_key: description: Name of the environment variable or secret that holds the password (used when `auth_strategy` is `plain`). example: HTTP_AUTH_PASSWORD type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceType" username_key: description: Name of the environment variable or secret that holds the username (used when `auth_strategy` is `plain`). example: HTTP_AUTH_USERNAME type: string required: - id - type - auth_strategy - decoding type: object x-pipeline-types: [logs] ObservabilityPipelineHttpServerSourceAuthStrategy: description: HTTP authentication method. enum: - none - plain example: plain type: string x-enum-varnames: - NONE - PLAIN ObservabilityPipelineHttpServerSourceType: default: http_server description: The source type. The value should always be `http_server`. enum: [http_server] example: http_server type: string x-enum-varnames: - HTTP_SERVER ObservabilityPipelineKafkaDestination: description: |- The `kafka` destination sends logs to Apache Kafka topics. **Supported pipeline types:** logs properties: bootstrap_servers_key: description: Name of the environment variable or secret that holds the Kafka bootstrap servers list. example: KAFKA_BOOTSTRAP_SERVERS type: string compression: $ref: "#/components/schemas/ObservabilityPipelineKafkaDestinationCompression" encoding: $ref: "#/components/schemas/ObservabilityPipelineKafkaDestinationEncoding" headers_key: description: The field name to use for Kafka message headers. example: headers type: string id: description: The unique identifier for this component. example: kafka-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array key_field: description: The field name to use as the Kafka message key. example: message_id type: string librdkafka_options: description: Optional list of advanced Kafka producer configuration options, defined as key-value pairs. items: $ref: "#/components/schemas/ObservabilityPipelineKafkaLibrdkafkaOption" type: array message_timeout_ms: description: Maximum time in milliseconds to wait for message delivery confirmation. example: 300000 format: int64 minimum: 1 type: integer rate_limit_duration_secs: description: Duration in seconds for the rate limit window. example: 1 format: int64 minimum: 1 type: integer rate_limit_num: description: Maximum number of messages allowed per rate limit duration. example: 1000 format: int64 minimum: 1 type: integer sasl: $ref: "#/components/schemas/ObservabilityPipelineKafkaSasl" socket_timeout_ms: description: Socket timeout in milliseconds for network requests. example: 60000 format: int64 maximum: 300000 minimum: 10 type: integer tls: $ref: "#/components/schemas/ObservabilityPipelineTls" topic: description: The Kafka topic name to publish logs to. example: logs-topic type: string type: $ref: "#/components/schemas/ObservabilityPipelineKafkaDestinationType" required: - id - type - inputs - topic - encoding type: object x-pipeline-types: [logs] ObservabilityPipelineKafkaDestinationCompression: description: Compression codec for Kafka messages. enum: - none - gzip - snappy - lz4 - zstd example: gzip type: string x-enum-varnames: - NONE - GZIP - SNAPPY - LZ4 - ZSTD ObservabilityPipelineKafkaDestinationEncoding: description: Encoding format for log events. enum: - json - raw_message example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineKafkaDestinationType: default: kafka description: The destination type. The value should always be `kafka`. enum: - kafka example: kafka type: string x-enum-varnames: - KAFKA ObservabilityPipelineKafkaLibrdkafkaOption: description: Represents a key-value pair used to configure low-level `librdkafka` client options for Kafka source and destination, such as timeouts, buffer sizes, and security settings. properties: name: description: The name of the `librdkafka` configuration option to set. example: "fetch.message.max.bytes" type: string value: description: The value assigned to the specified `librdkafka` configuration option. example: "1048576" type: string required: - name - value type: object ObservabilityPipelineKafkaSasl: description: Specifies the SASL mechanism for authenticating with a Kafka cluster. properties: mechanism: $ref: "#/components/schemas/ObservabilityPipelineKafkaSaslMechanism" password_key: description: Name of the environment variable or secret that holds the SASL password. example: KAFKA_SASL_PASSWORD type: string username_key: description: Name of the environment variable or secret that holds the SASL username. example: KAFKA_SASL_USERNAME type: string type: object ObservabilityPipelineKafkaSaslMechanism: description: SASL mechanism used for Kafka authentication. enum: - PLAIN - SCRAM-SHA-256 - SCRAM-SHA-512 type: string x-enum-varnames: - PLAIN - SCRAMNOT_SHANOT_256 - SCRAMNOT_SHANOT_512 ObservabilityPipelineKafkaSource: description: |- The `kafka` source ingests data from Apache Kafka topics. **Supported pipeline types:** logs properties: bootstrap_servers_key: description: Name of the environment variable or secret that holds the Kafka bootstrap servers list. example: KAFKA_BOOTSTRAP_SERVERS type: string group_id: description: Consumer group ID used by the Kafka client. example: "consumer-group-0" type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "kafka-source" type: string librdkafka_options: description: Optional list of advanced Kafka client configuration options, defined as key-value pairs. items: $ref: "#/components/schemas/ObservabilityPipelineKafkaLibrdkafkaOption" type: array sasl: $ref: "#/components/schemas/ObservabilityPipelineKafkaSasl" tls: $ref: "#/components/schemas/ObservabilityPipelineTls" topics: description: A list of Kafka topic names to subscribe to. The source ingests messages from each topic specified. example: ["topic1", "topic2"] items: description: A Kafka topic name to subscribe to. type: string type: array type: $ref: "#/components/schemas/ObservabilityPipelineKafkaSourceType" required: - id - type - group_id - topics type: object x-pipeline-types: [logs] ObservabilityPipelineKafkaSourceType: default: kafka description: The source type. The value should always be `kafka`. enum: - kafka example: kafka type: string x-enum-varnames: - KAFKA ObservabilityPipelineLogstashSource: description: |- The `logstash` source ingests logs from a Logstash forwarder. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the Logstash receiver. example: LOGSTASH_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: logstash-source type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineLogstashSourceType" required: - id - type type: object x-pipeline-types: [logs] ObservabilityPipelineLogstashSourceType: default: logstash description: The source type. The value should always be `logstash`. enum: - logstash example: logstash type: string x-enum-varnames: - LOGSTASH ObservabilityPipelineMemoryBufferOptions: description: Options for configuring a memory buffer by byte size. properties: max_size: description: Maximum size of the memory buffer. example: 4096 format: int64 type: integer type: $ref: "#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType" when_full: $ref: "#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull" required: - max_size type: object ObservabilityPipelineMemoryBufferSizeOptions: description: Options for configuring a memory buffer by queue length. properties: max_events: description: Maximum events for the memory buffer. example: 500 format: int64 type: integer type: $ref: "#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType" when_full: $ref: "#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull" required: - max_events type: object ObservabilityPipelineMetadataEntry: description: A custom metadata entry. properties: name: description: The metadata key. example: environment type: string value: description: The metadata value. example: production type: string required: - name - value type: object ObservabilityPipelineMetricTagsProcessor: description: |- The `metric_tags` processor filters metrics based on their tags using Datadog tag key patterns. **Supported pipeline types:** metrics properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: metric-tags-processor type: string include: description: A Datadog search query that determines which metrics the processor targets. example: "*" type: string rules: description: A list of rules for filtering metric tags. items: $ref: "#/components/schemas/ObservabilityPipelineMetricTagsProcessorRule" maxItems: 100 minItems: 1 type: array type: $ref: "#/components/schemas/ObservabilityPipelineMetricTagsProcessorType" required: - id - type - include - rules - enabled type: object x-pipeline-types: [metrics] ObservabilityPipelineMetricTagsProcessorRule: description: Defines a rule for filtering metric tags based on key patterns. properties: action: $ref: "#/components/schemas/ObservabilityPipelineMetricTagsProcessorRuleAction" include: description: A Datadog search query used to determine which metrics this rule targets. example: "*" type: string keys: description: A list of tag keys to include or exclude. example: ["env", "service", "version"] items: description: A metric tag key to include or exclude based on the action. type: string type: array mode: $ref: "#/components/schemas/ObservabilityPipelineMetricTagsProcessorRuleMode" required: - include - mode - action - keys type: object ObservabilityPipelineMetricTagsProcessorRuleAction: description: The action to take on tags with matching keys. enum: [include, exclude] example: include type: string x-enum-varnames: - INCLUDE - EXCLUDE ObservabilityPipelineMetricTagsProcessorRuleMode: description: The processing mode for tag filtering. enum: [filter] example: filter type: string x-enum-varnames: - FILTER ObservabilityPipelineMetricTagsProcessorType: default: metric_tags description: The processor type. The value should always be `metric_tags`. enum: [metric_tags] example: metric_tags type: string x-enum-varnames: - METRIC_TAGS ObservabilityPipelineMetricValue: description: Specifies how the value of the generated metric is computed. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByOne" - $ref: "#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByField" ObservabilityPipelineNewRelicDestination: description: |- The `new_relic` destination sends logs to the New Relic platform. **Supported pipeline types:** logs properties: account_id_key: description: Name of the environment variable or secret that holds the New Relic account ID. example: NEW_RELIC_ACCOUNT_ID type: string buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" id: description: The unique identifier for this component. example: new-relic-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["parse-json-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array license_key_key: description: Name of the environment variable or secret that holds the New Relic license key. example: NEW_RELIC_LICENSE_KEY type: string region: $ref: "#/components/schemas/ObservabilityPipelineNewRelicDestinationRegion" type: $ref: "#/components/schemas/ObservabilityPipelineNewRelicDestinationType" required: - id - type - inputs - region type: object x-pipeline-types: [logs] ObservabilityPipelineNewRelicDestinationRegion: description: The New Relic region. enum: - us - eu example: us type: string x-enum-varnames: - US - EU ObservabilityPipelineNewRelicDestinationType: default: new_relic description: The destination type. The value should always be `new_relic`. enum: - new_relic example: new_relic type: string x-enum-varnames: - NEW_RELIC ObservabilityPipelineOcsfMapperProcessor: description: |- The `ocsf_mapper` processor transforms logs into the OCSF schema using a predefined mapping configuration. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline. example: ocsf-mapper-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string keep_unmatched: description: Whether to keep an event that does not match any of the mapping filters. example: false type: boolean mappings: description: A list of mapping rules to convert events to the OCSF format. items: $ref: "#/components/schemas/ObservabilityPipelineOcsfMapperProcessorMapping" type: array type: $ref: "#/components/schemas/ObservabilityPipelineOcsfMapperProcessorType" required: - id - type - include - mappings - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineOcsfMapperProcessorMapping: description: Defines how specific events are transformed to OCSF using a mapping configuration. properties: include: description: A Datadog search query used to select the logs that this mapping should apply to. example: service:my-service type: string mapping: $ref: "#/components/schemas/ObservabilityPipelineOcsfMapperProcessorMappingMapping" required: - include - mapping type: object ObservabilityPipelineOcsfMapperProcessorMappingMapping: description: Defines a single mapping rule for transforming logs into the OCSF schema. example: CloudTrail Account Change oneOf: - $ref: "#/components/schemas/ObservabilityPipelineOcsfMappingLibrary" - $ref: "#/components/schemas/ObservabilityPipelineOcsfMappingCustom" ObservabilityPipelineOcsfMapperProcessorType: default: ocsf_mapper description: The processor type. The value should always be `ocsf_mapper`. enum: - ocsf_mapper example: ocsf_mapper type: string x-enum-varnames: - OCSF_MAPPER ObservabilityPipelineOcsfMappingCustom: description: Custom OCSF mapping configuration for transforming logs. properties: mapping: description: A list of field mapping rules for transforming log fields to OCSF schema fields. items: $ref: "#/components/schemas/ObservabilityPipelineOcsfMappingCustomFieldMapping" type: array metadata: $ref: "#/components/schemas/ObservabilityPipelineOcsfMappingCustomMetadata" version: description: The version of the custom mapping configuration. example: 1 format: int64 type: integer required: - mapping - metadata - version type: object ObservabilityPipelineOcsfMappingCustomFieldMapping: description: Defines a single field mapping rule for transforming a source field to an OCSF destination field. properties: default: description: The default value to use if the source field is missing or empty. example: "" dest: description: The destination OCSF field path. example: device.type type: string lookup: $ref: "#/components/schemas/ObservabilityPipelineOcsfMappingCustomLookup" source: description: The source field path from the log event. example: host.type sources: description: Multiple source field paths for combined mapping. example: - field1 - field2 value: description: A static value to use for the destination field. example: static_value required: - dest type: object ObservabilityPipelineOcsfMappingCustomLookup: description: Lookup table configuration for mapping source values to destination values. properties: default: description: The default value to use if no lookup match is found. example: unknown table: description: A list of lookup table entries for value transformation. items: $ref: "#/components/schemas/ObservabilityPipelineOcsfMappingCustomLookupTableEntry" type: array type: object ObservabilityPipelineOcsfMappingCustomLookupTableEntry: description: A single entry in a lookup table for value transformation. properties: contains: description: The substring to match in the source value. example: Desktop type: string equals: description: The exact value to match in the source. example: desktop equals_source: description: The source field to match against. example: device_type type: string matches: description: A regex pattern to match in the source value. example: "^Desktop.*" type: string not_matches: description: A regex pattern that must not match the source value. example: "^Mobile.*" type: string value: description: The value to use when a match is found. example: desktop type: object ObservabilityPipelineOcsfMappingCustomMetadata: description: Metadata for the custom OCSF mapping. properties: class: description: The OCSF event class name. example: Device Inventory Info type: string profiles: description: A list of OCSF profiles to apply. example: - container items: description: The name of an OCSF profile to apply to the event. type: string type: array version: description: The OCSF schema version. example: "1.3.0" type: string required: - class - version type: object ObservabilityPipelineOcsfMappingLibrary: description: Predefined library mappings for common log formats. enum: - CloudTrail Account Change - GCP Cloud Audit CreateBucket - GCP Cloud Audit CreateSink - GCP Cloud Audit SetIamPolicy - GCP Cloud Audit UpdateSink - Github Audit Log API Activity - Google Workspace Admin Audit addPrivilege - Microsoft 365 Defender Incident - Microsoft 365 Defender UserLoggedIn - Okta System Log Authentication - Palo Alto Networks Firewall Traffic example: CloudTrail Account Change type: string x-enum-varnames: - CLOUDTRAIL_ACCOUNT_CHANGE - GCP_CLOUD_AUDIT_CREATEBUCKET - GCP_CLOUD_AUDIT_CREATESINK - GCP_CLOUD_AUDIT_SETIAMPOLICY - GCP_CLOUD_AUDIT_UPDATESINK - GITHUB_AUDIT_LOG_API_ACTIVITY - GOOGLE_WORKSPACE_ADMIN_AUDIT_ADDPRIVILEGE - MICROSOFT_365_DEFENDER_INCIDENT - MICROSOFT_365_DEFENDER_USERLOGGEDIN - OKTA_SYSTEM_LOG_AUTHENTICATION - PALO_ALTO_NETWORKS_FIREWALL_TRAFFIC ObservabilityPipelineOpenSearchDestination: description: |- The `opensearch` destination writes logs to an OpenSearch cluster. **Supported pipeline types:** logs properties: auth: $ref: "#/components/schemas/ObservabilityPipelineElasticsearchDestinationAuth" buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" bulk_index: description: The index to write logs to. example: logs-index type: string data_stream: $ref: "#/components/schemas/ObservabilityPipelineOpenSearchDestinationDataStream" endpoint_url_key: description: Name of the environment variable or secret that holds the OpenSearch endpoint URL. example: OPENSEARCH_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: "opensearch-destination" type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array type: $ref: "#/components/schemas/ObservabilityPipelineOpenSearchDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs] ObservabilityPipelineOpenSearchDestinationDataStream: description: Configuration options for writing to OpenSearch Data Streams instead of a fixed index. properties: dataset: description: The data stream dataset for your logs. This groups logs by their source or application. type: string dtype: description: The data stream type for your logs. This determines how logs are categorized within the data stream. type: string namespace: description: The data stream namespace for your logs. This separates logs into different environments or domains. type: string type: object ObservabilityPipelineOpenSearchDestinationType: default: opensearch description: The destination type. The value should always be `opensearch`. enum: - opensearch example: opensearch type: string x-enum-varnames: - OPENSEARCH ObservabilityPipelineOpentelemetrySource: description: |- The `opentelemetry` source receives telemetry data using the OpenTelemetry Protocol (OTLP) over gRPC and HTTP. **Supported pipeline types:** logs, metrics properties: grpc_address_key: description: Environment variable name containing the gRPC server address for receiving OTLP data. Must be a valid environment variable name (alphanumeric characters and underscores only). example: OTEL_GRPC_ADDRESS type: string http_address_key: description: Environment variable name containing the HTTP server address for receiving OTLP data. Must be a valid environment variable name (alphanumeric characters and underscores only). example: OTEL_HTTP_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: opentelemetry-source type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineOpentelemetrySourceType" required: - id - type type: object x-pipeline-types: [logs, metrics] ObservabilityPipelineOpentelemetrySourceType: default: opentelemetry description: The source type. The value should always be `opentelemetry`. enum: [opentelemetry] example: opentelemetry type: string x-enum-varnames: - OPENTELEMETRY ObservabilityPipelineParseGrokProcessor: description: |- The `parse_grok` processor extracts structured fields from unstructured log messages using Grok patterns. **Supported pipeline types:** logs properties: disable_library_rules: default: false description: If set to `true`, disables the default Grok rules provided by Datadog. example: true type: boolean display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: A unique identifier for this processor. example: "parse-grok-processor" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string rules: description: The list of Grok parsing rules. If multiple matching rules are provided, they are evaluated in order. The first successful match is applied. items: $ref: "#/components/schemas/ObservabilityPipelineParseGrokProcessorRule" type: array type: $ref: "#/components/schemas/ObservabilityPipelineParseGrokProcessorType" required: - id - type - include - rules - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineParseGrokProcessorRule: description: |- A Grok parsing rule used in the `parse_grok` processor. Each rule defines how to extract structured fields from a specific log field using Grok patterns. properties: match_rules: description: |- A list of Grok parsing rules that define how to extract fields from the source field. Each rule must contain a name and a valid Grok pattern. example: - name: "MyParsingRule" rule: '%{word:user} connected on %{date("MM/dd/yyyy"):date}' items: $ref: "#/components/schemas/ObservabilityPipelineParseGrokProcessorRuleMatchRule" type: array source: description: The value of the source field in log events to be processed by the Grok rules. example: "message" type: string support_rules: description: |- A list of Grok helper rules that can be referenced by the parsing rules. example: - name: "user" rule: "%{word:user.name}" items: $ref: "#/components/schemas/ObservabilityPipelineParseGrokProcessorRuleSupportRule" type: array required: - source - match_rules type: object ObservabilityPipelineParseGrokProcessorRuleMatchRule: description: |- Defines a Grok parsing rule, which extracts structured fields from log content using named Grok patterns. Each rule must have a unique name and a valid Datadog Grok pattern that will be applied to the source field. properties: name: description: The name of the rule. example: "MyParsingRule" type: string rule: description: The definition of the Grok rule. example: '%{word:user} connected on %{date("MM/dd/yyyy"):date}' type: string required: - name - rule type: object ObservabilityPipelineParseGrokProcessorRuleSupportRule: description: The Grok helper rule referenced in the parsing rules. properties: name: description: The name of the Grok helper rule. example: "user" type: string rule: description: The definition of the Grok helper rule. example: " %{word:user.name}" type: string required: - name - rule type: object ObservabilityPipelineParseGrokProcessorType: default: parse_grok description: The processor type. The value should always be `parse_grok`. enum: [parse_grok] example: parse_grok type: string x-enum-varnames: - PARSE_GROK ObservabilityPipelineParseJSONProcessor: description: |- The `parse_json` processor extracts JSON from a specified field and flattens it into the event. This is useful when logs contain embedded JSON as a string. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean field: description: The name of the log field that contains a JSON string. example: "message" type: string id: description: A unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: "parse-json-processor" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string type: $ref: "#/components/schemas/ObservabilityPipelineParseJSONProcessorType" required: - id - type - include - field - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineParseJSONProcessorType: default: parse_json description: The processor type. The value should always be `parse_json`. enum: - parse_json example: parse_json type: string x-enum-varnames: - PARSE_JSON ObservabilityPipelineParseXMLProcessor: description: |- The `parse_xml` processor parses XML from a specified field and extracts it into the event. **Supported pipeline types:** logs properties: always_use_text_key: description: Whether to always use a text key for element content. type: boolean attr_prefix: description: The prefix to use for XML attributes in the parsed output. type: string display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean field: description: The name of the log field that contains an XML string. example: "message" type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: parse-xml-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string include_attr: description: Whether to include XML attributes in the parsed output. type: boolean parse_bool: description: Whether to parse boolean values from strings. type: boolean parse_null: description: Whether to parse null values. type: boolean parse_number: description: Whether to parse numeric values from strings. type: boolean text_key: description: The key name to use for text content within XML elements. Must be at least 1 character if specified. minLength: 1 type: string type: $ref: "#/components/schemas/ObservabilityPipelineParseXMLProcessorType" required: - id - type - include - field - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineParseXMLProcessorType: default: parse_xml description: The processor type. The value should always be `parse_xml`. enum: - parse_xml example: parse_xml type: string x-enum-varnames: - PARSE_XML ObservabilityPipelineQuotaProcessor: description: |- The `quota` processor measures logging traffic for logs that match a specified filter. When the configured daily quota is met, the processor can drop or alert. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" drop_events: description: |- If set to `true`, logs that match the quota filter and are sent after the quota is exceeded are dropped. Logs that do not match the filter continue through the pipeline. **Note**: You can set either `drop_events` or `overflow_action`, but not both. example: false type: boolean enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "quota-processor" type: string ignore_when_missing_partitions: description: If `true`, the processor skips quota checks when partition fields are missing from the logs. type: boolean include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string limit: $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessorLimit" name: description: Name of the quota. example: MyQuota type: string overflow_action: $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessorOverflowAction" overrides: description: A list of alternate quota rules that apply to specific sets of events, identified by matching field values. Each override can define a custom limit. items: $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessorOverride" type: array partition_fields: description: A list of fields used to segment log traffic for quota enforcement. Quotas are tracked independently by unique combinations of these field values. items: description: The name of a log field used to partition quota enforcement. type: string type: array too_many_buckets_action: $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessorOverflowAction" type: $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessorType" required: - id - type - include - name - limit - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineQuotaProcessorLimit: description: The maximum amount of data or number of events allowed before the quota is enforced. Can be specified in bytes or events. properties: enforce: $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessorLimitEnforceType" limit: description: The limit for quota enforcement. example: 1000 format: int64 type: integer required: - enforce - limit type: object ObservabilityPipelineQuotaProcessorLimitEnforceType: description: Unit for quota enforcement in bytes for data size or events for count. enum: - bytes - events example: bytes type: string x-enum-varnames: - BYTES - EVENTS ObservabilityPipelineQuotaProcessorOverflowAction: description: |- The action to take when the quota or bucket limit is exceeded. Options: - `drop`: Drop the event. - `no_action`: Let the event pass through. - `overflow_routing`: Route to an overflow destination. enum: - drop - no_action - overflow_routing example: drop type: string x-enum-varnames: - DROP - NO_ACTION - OVERFLOW_ROUTING ObservabilityPipelineQuotaProcessorOverride: description: Defines a custom quota limit that applies to specific log events based on matching field values. properties: fields: description: A list of field matchers used to apply a specific override. If an event matches all listed key-value pairs, the corresponding override limit is enforced. items: $ref: "#/components/schemas/ObservabilityPipelineFieldValue" type: array limit: $ref: "#/components/schemas/ObservabilityPipelineQuotaProcessorLimit" required: - fields - limit type: object ObservabilityPipelineQuotaProcessorType: default: quota description: The processor type. The value should always be `quota`. enum: - quota example: quota type: string x-enum-varnames: - QUOTA ObservabilityPipelineReduceProcessor: description: |- The `reduce` processor aggregates and merges logs based on matching keys and merge strategies. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean group_by: description: A list of fields used to group log events for merging. example: ["log.user.id", "log.device.id"] items: description: A log field path used to group events for aggregation. type: string type: array id: description: The unique identifier for this processor. example: reduce-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: env:prod type: string merge_strategies: description: List of merge strategies defining how values from grouped events should be combined. items: $ref: "#/components/schemas/ObservabilityPipelineReduceProcessorMergeStrategy" type: array type: $ref: "#/components/schemas/ObservabilityPipelineReduceProcessorType" required: - id - type - include - group_by - merge_strategies - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineReduceProcessorMergeStrategy: description: Defines how a specific field should be merged across grouped events. properties: path: description: The field path in the log event. example: log.user.roles type: string strategy: $ref: "#/components/schemas/ObservabilityPipelineReduceProcessorMergeStrategyStrategy" required: - path - strategy type: object ObservabilityPipelineReduceProcessorMergeStrategyStrategy: description: The merge strategy to apply. enum: - discard - retain - sum - max - min - array - concat - concat_newline - concat_raw - shortest_array - longest_array - flat_unique example: flat_unique type: string x-enum-varnames: - DISCARD - RETAIN - SUM - MAX - MIN - ARRAY - CONCAT - CONCAT_NEWLINE - CONCAT_RAW - SHORTEST_ARRAY - LONGEST_ARRAY - FLAT_UNIQUE ObservabilityPipelineReduceProcessorType: default: reduce description: The processor type. The value should always be `reduce`. enum: - reduce example: reduce type: string x-enum-varnames: - REDUCE ObservabilityPipelineRemoveFieldsProcessor: description: |- The `remove_fields` processor deletes specified fields from logs. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean fields: description: A list of field names to be removed from each log event. example: ["field1", "field2"] items: description: The name of a field to remove from the log event. type: string type: array id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "remove-fields-processor" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string type: $ref: "#/components/schemas/ObservabilityPipelineRemoveFieldsProcessorType" required: - id - type - include - fields - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineRemoveFieldsProcessorType: default: remove_fields description: The processor type. The value should always be `remove_fields`. enum: - remove_fields example: remove_fields type: string x-enum-varnames: - REMOVE_FIELDS ObservabilityPipelineRenameFieldsProcessor: description: |- The `rename_fields` processor changes field names. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean fields: description: A list of rename rules specifying which fields to rename in the event, what to rename them to, and whether to preserve the original fields. items: $ref: "#/components/schemas/ObservabilityPipelineRenameFieldsProcessorField" type: array id: description: A unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: "rename-fields-processor" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string type: $ref: "#/components/schemas/ObservabilityPipelineRenameFieldsProcessorType" required: - id - type - include - fields - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineRenameFieldsProcessorField: description: Defines how to rename a field in log events. properties: destination: description: The field name to assign the renamed value to. example: "destination_field" type: string preserve_source: description: Indicates whether the original field, that is received from the source, should be kept (`true`) or removed (`false`) after renaming. example: false type: boolean source: description: The original field name in the log event that should be renamed. example: "source_field" type: string required: - source - destination - preserve_source type: object ObservabilityPipelineRenameFieldsProcessorType: default: rename_fields description: The processor type. The value should always be `rename_fields`. enum: - rename_fields example: rename_fields type: string x-enum-varnames: - RENAME_FIELDS ObservabilityPipelineRsyslogDestination: description: |- The `rsyslog` destination forwards logs to an external `rsyslog` server over TCP or UDP using the syslog protocol. **Supported pipeline types:** logs properties: buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" endpoint_url_key: description: Name of the environment variable or secret that holds the syslog server endpoint URL. example: SYSLOG_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: "rsyslog-destination" type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array keepalive: description: Optional socket keepalive duration in milliseconds. example: 60000 format: int64 minimum: 0 type: integer tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineRsyslogDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs] ObservabilityPipelineRsyslogDestinationType: default: rsyslog description: The destination type. The value should always be `rsyslog`. enum: [rsyslog] example: rsyslog type: string x-enum-varnames: - RSYSLOG ObservabilityPipelineRsyslogSource: description: |- The `rsyslog` source listens for logs over TCP or UDP from an `rsyslog` server using the syslog protocol. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the syslog receiver. example: SYSLOG_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "rsyslog-source" type: string mode: $ref: "#/components/schemas/ObservabilityPipelineSyslogSourceMode" tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineRsyslogSourceType" required: - id - type - mode type: object x-pipeline-types: [logs] ObservabilityPipelineRsyslogSourceType: default: rsyslog description: The source type. The value should always be `rsyslog`. enum: [rsyslog] example: rsyslog type: string x-enum-varnames: - RSYSLOG ObservabilityPipelineSampleProcessor: description: |- The `sample` processor allows probabilistic sampling of logs at a fixed rate. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean group_by: description: Optional list of fields to group events by. Each group is sampled independently. example: ["service", "host"] items: description: A log field name used to group events for independent sampling. type: string minItems: 1 type: array id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "sample-processor" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "service:my-service" type: string percentage: description: The percentage of logs to sample. example: 10.0 format: double type: number type: $ref: "#/components/schemas/ObservabilityPipelineSampleProcessorType" required: - id - type - include - percentage - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineSampleProcessorType: default: sample description: The processor type. The value should always be `sample`. enum: [sample] example: sample type: string x-enum-varnames: - SAMPLE ObservabilityPipelineSensitiveDataScannerProcessor: description: |- The `sensitive_data_scanner` processor detects and optionally redacts sensitive data in log events. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "sensitive-scanner" type: string include: description: A Datadog search query used to determine which logs this processor targets. example: "source:prod" type: string rules: description: A list of rules for identifying and acting on sensitive data patterns. items: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorRule" type: array type: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorType" required: - id - type - include - rules - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineSensitiveDataScannerProcessorAction: description: Defines what action to take when sensitive data is matched. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionRedact" - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionHash" - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedact" ObservabilityPipelineSensitiveDataScannerProcessorActionHash: description: Configuration for hashing matched sensitive values. properties: action: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionHashAction" options: description: |- Optional settings for the hash action. When omitted or empty, matched sensitive data is replaced with a deterministic hashed value that preserves structure for analytics while protecting the original content. Reserved for future hash configuration (for example, algorithm or salt). type: object required: [action] type: object ObservabilityPipelineSensitiveDataScannerProcessorActionHashAction: description: Action type that replaces the matched sensitive data with a hashed representation, preserving structure while securing content. enum: [hash] example: hash type: string x-enum-varnames: - HASH ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedact: description: Configuration for partially redacting matched sensitive data. properties: action: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactAction" options: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptions" required: [action, options] type: object ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactAction: description: Action type that redacts part of the sensitive data while preserving a configurable number of characters, typically used for masking purposes (e.g., show last 4 digits of a credit card). enum: [partial_redact] example: partial_redact type: string x-enum-varnames: - PARTIAL_REDACT ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptions: description: Controls how partial redaction is applied, including character count and direction. properties: characters: description: Number of characters to leave visible from the start or end of the matched value; the rest are redacted. example: 4 format: int64 type: integer direction: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptionsDirection" required: [characters, direction] type: object ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptionsDirection: description: Indicates whether to redact characters from the first or last part of the matched value. enum: [first, last] example: last type: string x-enum-varnames: - FIRST - LAST ObservabilityPipelineSensitiveDataScannerProcessorActionRedact: description: Configuration for completely redacting matched sensitive data. properties: action: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionRedactAction" options: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionRedactOptions" required: [action, options] type: object ObservabilityPipelineSensitiveDataScannerProcessorActionRedactAction: description: Action type that completely replaces the matched sensitive data with a fixed replacement string to remove all visibility. enum: [redact] example: redact type: string x-enum-varnames: - REDACT ObservabilityPipelineSensitiveDataScannerProcessorActionRedactOptions: description: Configuration for fully redacting sensitive data. properties: replace: description: The string used to replace matched sensitive data (for example, "***" or "[REDACTED]"). example: "***" type: string required: [replace] type: object ObservabilityPipelineSensitiveDataScannerProcessorCustomPattern: description: Defines a custom regex-based pattern for identifying sensitive data in logs. properties: options: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternOptions" type: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternType" required: [type, options] type: object ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternOptions: description: Options for defining a custom regex pattern. properties: description: description: Human-readable description providing context about a sensitive data scanner rule example: Custom regex for internal API keys type: string rule: description: A regular expression used to detect sensitive values. Must be a valid regex. example: "\\b\\d{16}\\b" type: string required: [rule] type: object ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternType: description: Indicates a custom regular expression is used for matching. enum: [custom] example: custom type: string x-enum-varnames: - CUSTOM ObservabilityPipelineSensitiveDataScannerProcessorKeywordOptions: description: Configuration for keywords used to reinforce sensitive data pattern detection. properties: keywords: description: A list of keywords to match near the sensitive pattern. example: ["ssn", "card", "account"] items: description: A keyword string that reinforces detection when found near the sensitive pattern. type: string type: array proximity: description: Maximum number of tokens between a keyword and a sensitive value match. example: 5 format: int64 type: integer required: [keywords, proximity] type: object ObservabilityPipelineSensitiveDataScannerProcessorLibraryPattern: description: Specifies a pattern from Datadog’s sensitive data detection library to match known sensitive data types. properties: options: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternOptions" type: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternType" required: [type, options] type: object ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternOptions: description: Options for selecting a predefined library pattern and enabling keyword support. properties: description: description: Human-readable description providing context about a sensitive data scanner rule example: Credit card pattern type: string id: description: Identifier for a predefined pattern from the sensitive data scanner pattern library. example: credit_card type: string use_recommended_keywords: description: Whether to augment the pattern with recommended keywords (optional). type: boolean required: [id] type: object ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternType: description: Indicates that a predefined library pattern is used. enum: [library] example: library type: string x-enum-varnames: - LIBRARY ObservabilityPipelineSensitiveDataScannerProcessorPattern: description: Pattern detection configuration for identifying sensitive data using either a custom regex or a library reference. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorCustomPattern" - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorLibraryPattern" ObservabilityPipelineSensitiveDataScannerProcessorRule: description: Defines a rule for detecting sensitive data, including matching pattern, scope, and the action to take. properties: keyword_options: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorKeywordOptions" name: description: A name identifying the rule. example: "Redact Credit Card Numbers" type: string on_match: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorAction" pattern: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorPattern" scope: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScope" tags: description: Tags assigned to this rule for filtering and classification. example: ["pii", "ccn"] items: description: A tag string used to classify and filter this sensitive data rule. type: string type: array required: - name - pattern - scope - on_match type: object ObservabilityPipelineSensitiveDataScannerProcessorScope: description: Determines which parts of the log the pattern-matching rule should be applied to. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeInclude" - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeExclude" - $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeAll" ObservabilityPipelineSensitiveDataScannerProcessorScopeAll: description: Applies scanning across all available fields. properties: target: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeAllTarget" required: [target] type: object ObservabilityPipelineSensitiveDataScannerProcessorScopeAllTarget: description: Applies the rule to all fields. enum: [all] example: all type: string x-enum-varnames: - ALL ObservabilityPipelineSensitiveDataScannerProcessorScopeExclude: description: Excludes specific fields from sensitive data scanning. properties: options: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions" target: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeExcludeTarget" required: [target, options] type: object ObservabilityPipelineSensitiveDataScannerProcessorScopeExcludeTarget: description: Excludes specific fields from processing. enum: [exclude] example: exclude type: string x-enum-varnames: - EXCLUDE ObservabilityPipelineSensitiveDataScannerProcessorScopeInclude: description: Includes only specific fields for sensitive data scanning. properties: options: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions" target: $ref: "#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeIncludeTarget" required: [target, options] type: object ObservabilityPipelineSensitiveDataScannerProcessorScopeIncludeTarget: description: Applies the rule only to included fields. enum: [include] example: include type: string x-enum-varnames: - INCLUDE ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions: description: Fields to which the scope rule applies. properties: fields: description: List of log attribute names (field paths) to which the scope applies. Only these fields are included in or excluded from pattern matching. example: - "" items: description: A log field path to include or exclude from sensitive data scanning. type: string type: array required: [fields] type: object ObservabilityPipelineSensitiveDataScannerProcessorType: default: sensitive_data_scanner description: The processor type. The value should always be `sensitive_data_scanner`. enum: [sensitive_data_scanner] example: sensitive_data_scanner type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER ObservabilityPipelineSentinelOneDestination: description: |- The `sentinel_one` destination sends logs to SentinelOne. **Supported pipeline types:** logs properties: buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" id: description: The unique identifier for this component. example: sentinelone-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array region: $ref: "#/components/schemas/ObservabilityPipelineSentinelOneDestinationRegion" token_key: description: Name of the environment variable or secret that holds the SentinelOne API token. example: SENTINELONE_TOKEN type: string type: $ref: "#/components/schemas/ObservabilityPipelineSentinelOneDestinationType" required: - id - type - inputs - region type: object x-pipeline-types: [logs] ObservabilityPipelineSentinelOneDestinationRegion: description: The SentinelOne region to send logs to. enum: - us - eu - ca - data_set_us example: us type: string x-enum-varnames: - US - EU - CA - DATA_SET_US ObservabilityPipelineSentinelOneDestinationType: default: sentinel_one description: The destination type. The value should always be `sentinel_one`. enum: - sentinel_one example: sentinel_one type: string x-enum-varnames: - SENTINEL_ONE ObservabilityPipelineSocketDestination: description: |- The `socket` destination sends logs over TCP or UDP to a remote server. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the socket address (host:port). example: SOCKET_ADDRESS type: string buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" encoding: $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationEncoding" framing: $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationFraming" id: description: The unique identifier for this component. example: socket-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array mode: $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationMode" tls: $ref: "#/components/schemas/ObservabilityPipelineTls" description: TLS configuration. Relevant only when `mode` is `tcp`. type: $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationType" required: - id - type - inputs - encoding - framing - mode type: object x-pipeline-types: [logs] ObservabilityPipelineSocketDestinationEncoding: description: Encoding format for log events. enum: [json, raw_message] example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineSocketDestinationFraming: description: Framing method configuration. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationFramingNewlineDelimited" - $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationFramingBytes" - $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationFramingCharacterDelimited" ObservabilityPipelineSocketDestinationFramingBytes: description: Event data is not delimited at all. properties: method: $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationFramingBytesMethod" required: [method] type: object ObservabilityPipelineSocketDestinationFramingBytesMethod: description: The definition of `ObservabilityPipelineSocketDestinationFramingBytesMethod` object. enum: [bytes] example: bytes type: string x-enum-varnames: - BYTES ObservabilityPipelineSocketDestinationFramingCharacterDelimited: description: Each log event is separated using the specified delimiter character. properties: delimiter: description: A single ASCII character used as a delimiter. example: "|" maxLength: 1 minLength: 1 type: string method: $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationFramingCharacterDelimitedMethod" required: [method, delimiter] type: object ObservabilityPipelineSocketDestinationFramingCharacterDelimitedMethod: description: The definition of `ObservabilityPipelineSocketDestinationFramingCharacterDelimitedMethod` object. enum: [character_delimited] example: character_delimited type: string x-enum-varnames: - CHARACTER_DELIMITED ObservabilityPipelineSocketDestinationFramingNewlineDelimited: description: Each log event is delimited by a newline character. properties: method: $ref: "#/components/schemas/ObservabilityPipelineSocketDestinationFramingNewlineDelimitedMethod" required: [method] type: object ObservabilityPipelineSocketDestinationFramingNewlineDelimitedMethod: description: The definition of `ObservabilityPipelineSocketDestinationFramingNewlineDelimitedMethod` object. enum: [newline_delimited] example: newline_delimited type: string x-enum-varnames: - NEWLINE_DELIMITED ObservabilityPipelineSocketDestinationMode: description: Protocol used to send logs. enum: [tcp, udp] example: tcp type: string x-enum-varnames: - TCP - UDP ObservabilityPipelineSocketDestinationType: default: socket description: The destination type. The value should always be `socket`. enum: [socket] example: socket type: string x-enum-varnames: - SOCKET ObservabilityPipelineSocketSource: description: |- The `socket` source ingests logs over TCP or UDP. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the socket. example: SOCKET_ADDRESS type: string framing: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFraming" id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: socket-source type: string mode: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceMode" tls: $ref: "#/components/schemas/ObservabilityPipelineTls" description: TLS configuration. Relevant only when `mode` is `tcp`. type: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceType" required: - id - type - mode - framing type: object x-pipeline-types: [logs] ObservabilityPipelineSocketSourceFraming: description: Framing method configuration for the socket source. oneOf: - $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingNewlineDelimited" - $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingBytes" - $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingCharacterDelimited" - $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingOctetCounting" - $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingChunkedGelf" ObservabilityPipelineSocketSourceFramingBytes: description: Byte frames are passed through as-is according to the underlying I/O boundaries (for example, split between messages or stream segments). properties: method: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingBytesMethod" required: [method] type: object ObservabilityPipelineSocketSourceFramingBytesMethod: description: Byte frames are passed through as-is according to the underlying I/O boundaries (for example, split between messages or stream segments). enum: [bytes] example: bytes type: string x-enum-varnames: - BYTES ObservabilityPipelineSocketSourceFramingCharacterDelimited: description: Byte frames which are delimited by a chosen character. properties: delimiter: description: A single ASCII character used to delimit events. example: "|" maxLength: 1 minLength: 1 type: string method: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingCharacterDelimitedMethod" required: [method, delimiter] type: object ObservabilityPipelineSocketSourceFramingCharacterDelimitedMethod: description: Byte frames which are delimited by a chosen character. enum: [character_delimited] example: character_delimited type: string x-enum-varnames: - CHARACTER_DELIMITED ObservabilityPipelineSocketSourceFramingChunkedGelf: description: Byte frames which are chunked GELF messages. properties: method: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingChunkedGelfMethod" required: [method] type: object ObservabilityPipelineSocketSourceFramingChunkedGelfMethod: description: Byte frames which are chunked GELF messages. enum: [chunked_gelf] example: chunked_gelf type: string x-enum-varnames: - CHUNKED_GELF ObservabilityPipelineSocketSourceFramingNewlineDelimited: description: Byte frames which are delimited by a newline character. properties: method: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingNewlineDelimitedMethod" required: [method] type: object ObservabilityPipelineSocketSourceFramingNewlineDelimitedMethod: description: Byte frames which are delimited by a newline character. enum: [newline_delimited] example: newline_delimited type: string x-enum-varnames: - NEWLINE_DELIMITED ObservabilityPipelineSocketSourceFramingOctetCounting: description: Byte frames according to the octet counting format as per RFC6587. properties: method: $ref: "#/components/schemas/ObservabilityPipelineSocketSourceFramingOctetCountingMethod" required: [method] type: object ObservabilityPipelineSocketSourceFramingOctetCountingMethod: description: Byte frames according to the octet counting format as per RFC6587. enum: [octet_counting] example: octet_counting type: string x-enum-varnames: - OCTET_COUNTING ObservabilityPipelineSocketSourceMode: description: Protocol used to receive logs. enum: [tcp, udp] example: tcp type: string x-enum-varnames: - TCP - UDP ObservabilityPipelineSocketSourceType: default: socket description: The source type. The value should always be `socket`. enum: [socket] example: socket type: string x-enum-varnames: - SOCKET ObservabilityPipelineSpec: description: Input schema representing an observability pipeline configuration. Used in create and validate requests. properties: data: $ref: "#/components/schemas/ObservabilityPipelineSpecData" required: - data type: object ObservabilityPipelineSpecData: description: Contains the the pipeline configuration. properties: attributes: $ref: "#/components/schemas/ObservabilityPipelineDataAttributes" type: default: pipelines description: The resource type identifier. For pipeline resources, this should always be set to `pipelines`. example: pipelines type: string required: - type - attributes type: object ObservabilityPipelineSplitArrayProcessor: description: |- The `split_array` processor splits array fields into separate events based on configured rules. **Supported pipeline types:** logs properties: arrays: description: A list of array split configurations. items: $ref: "#/components/schemas/ObservabilityPipelineSplitArrayProcessorArrayConfig" maxItems: 15 minItems: 1 type: array display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: split-array-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. For split_array, this should typically be `*`. example: "*" type: string type: $ref: "#/components/schemas/ObservabilityPipelineSplitArrayProcessorType" required: - id - type - include - arrays - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineSplitArrayProcessorArrayConfig: description: Configuration for a single array split operation. properties: field: description: The path to the array field to split. example: "tags" type: string include: description: A Datadog search query used to determine which logs this array split operation targets. example: "*" type: string required: - include - field type: object ObservabilityPipelineSplitArrayProcessorType: default: split_array description: The processor type. The value should always be `split_array`. enum: - split_array example: split_array type: string x-enum-varnames: - SPLIT_ARRAY ObservabilityPipelineSplunkHecDestination: description: |- The `splunk_hec` destination forwards logs to Splunk using the HTTP Event Collector (HEC). **Supported pipeline types:** logs properties: auto_extract_timestamp: description: |- If `true`, Splunk tries to extract timestamps from incoming log events. If `false`, Splunk assigns the time the event was received. example: true type: boolean buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" encoding: $ref: "#/components/schemas/ObservabilityPipelineSplunkHecDestinationEncoding" endpoint_url_key: description: Name of the environment variable or secret that holds the Splunk HEC endpoint URL. example: SPLUNK_HEC_ENDPOINT_URL type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: splunk-hec-destination type: string index: description: Optional name of the Splunk index where logs are written. example: "main" type: string indexed_fields: description: List of log field names to send as indexed fields to Splunk HEC. Available only when `encoding` is `json`. example: ["service", "host"] items: description: A log field name to index in Splunk. type: string type: array inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array sourcetype: description: The Splunk sourcetype to assign to log events. example: "custom_sourcetype" type: string token_key: description: Name of the environment variable or secret that holds the Splunk HEC token. example: SPLUNK_HEC_TOKEN type: string token_strategy: $ref: "#/components/schemas/ObservabilityPipelineSplunkHecDestinationTokenStrategy" type: $ref: "#/components/schemas/ObservabilityPipelineSplunkHecDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs] ObservabilityPipelineSplunkHecDestinationEncoding: description: Encoding format for log events. enum: - json - raw_message example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineSplunkHecDestinationTokenStrategy: description: Controls how the Splunk HEC token is supplied. Use `custom` to provide a token with `token_key`, or `from_source` to forward the token received from an upstream Splunk HEC source. enum: - custom - from_source example: custom type: string x-enum-varnames: - CUSTOM - FROM_SOURCE ObservabilityPipelineSplunkHecDestinationType: default: splunk_hec description: The destination type. Always `splunk_hec`. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC ObservabilityPipelineSplunkHecSource: description: |- The `splunk_hec` source implements the Splunk HTTP Event Collector (HEC) API. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the HEC API. example: SPLUNK_HEC_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: splunk-hec-source type: string store_hec_token: description: |- When `true`, the Splunk HEC token from the incoming request is stored in the event metadata. This allows downstream components to forward the token to other Splunk HEC destinations. example: true type: boolean tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSourceType" required: - id - type type: object x-pipeline-types: [logs] ObservabilityPipelineSplunkHecSourceType: default: splunk_hec description: The source type. Always `splunk_hec`. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC ObservabilityPipelineSplunkTcpSource: description: |- The `splunk_tcp` source receives logs from a Splunk Universal Forwarder over TCP. TLS is supported for secure transmission. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the Splunk TCP receiver. example: SPLUNK_TCP_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: splunk-tcp-source type: string tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineSplunkTcpSourceType" required: - id - type type: object x-pipeline-types: [logs] ObservabilityPipelineSplunkTcpSourceType: default: splunk_tcp description: The source type. Always `splunk_tcp`. enum: - splunk_tcp example: splunk_tcp type: string x-enum-varnames: - SPLUNK_TCP ObservabilityPipelineSumoLogicDestination: description: |- The `sumo_logic` destination forwards logs to Sumo Logic. **Supported pipeline types:** logs properties: buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" encoding: $ref: "#/components/schemas/ObservabilityPipelineSumoLogicDestinationEncoding" endpoint_url_key: description: Name of the environment variable or secret that holds the Sumo Logic HTTP endpoint URL. example: SUMO_LOGIC_ENDPOINT_URL type: string header_custom_fields: description: A list of custom headers to include in the request to Sumo Logic. items: $ref: "#/components/schemas/ObservabilityPipelineSumoLogicDestinationHeaderCustomFieldsItem" type: array header_host_name: description: Optional override for the host name header. example: "host-123" type: string header_source_category: description: Optional override for the source category header. example: "source-category" type: string header_source_name: description: Optional override for the source name header. example: "source-name" type: string id: description: The unique identifier for this component. example: "sumo-logic-destination" type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array type: $ref: "#/components/schemas/ObservabilityPipelineSumoLogicDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs] ObservabilityPipelineSumoLogicDestinationEncoding: description: The output encoding format. enum: [json, raw_message, logfmt] example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE - LOGFMT ObservabilityPipelineSumoLogicDestinationHeaderCustomFieldsItem: description: Single key-value pair used as a custom log header for Sumo Logic. properties: name: description: The header field name. example: "X-Sumo-Category" type: string value: description: The header field value. example: "my-app-logs" type: string required: - name - value type: object ObservabilityPipelineSumoLogicDestinationType: default: sumo_logic description: The destination type. The value should always be `sumo_logic`. enum: - sumo_logic example: sumo_logic type: string x-enum-varnames: - SUMO_LOGIC ObservabilityPipelineSumoLogicSource: description: |- The `sumo_logic` source receives logs from Sumo Logic collectors. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the Sumo Logic receiver. example: SUMO_LOGIC_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "sumo-logic-source" type: string type: $ref: "#/components/schemas/ObservabilityPipelineSumoLogicSourceType" required: - id - type type: object x-pipeline-types: [logs] ObservabilityPipelineSumoLogicSourceType: default: sumo_logic description: The source type. The value should always be `sumo_logic`. enum: - sumo_logic example: sumo_logic type: string x-enum-varnames: - SUMO_LOGIC ObservabilityPipelineSyslogNgDestination: description: |- The `syslog_ng` destination forwards logs to an external `syslog-ng` server over TCP or UDP using the syslog protocol. **Supported pipeline types:** logs properties: buffer: $ref: "#/components/schemas/ObservabilityPipelineBufferOptions" endpoint_url_key: description: Name of the environment variable or secret that holds the syslog-ng server endpoint URL. example: SYSLOG_ENDPOINT_URL type: string id: description: The unique identifier for this component. example: "syslog-ng-destination" type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: ["filter-processor"] items: description: The ID of a component whose output is used as input for this destination. type: string type: array keepalive: description: Optional socket keepalive duration in milliseconds. example: 60000 format: int64 minimum: 0 type: integer tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineSyslogNgDestinationType" required: - id - type - inputs type: object x-pipeline-types: [logs] ObservabilityPipelineSyslogNgDestinationType: default: syslog_ng description: The destination type. The value should always be `syslog_ng`. enum: [syslog_ng] example: syslog_ng type: string x-enum-varnames: - SYSLOG_NG ObservabilityPipelineSyslogNgSource: description: |- The `syslog_ng` source listens for logs over TCP or UDP from a `syslog-ng` server using the syslog protocol. **Supported pipeline types:** logs properties: address_key: description: Name of the environment variable or secret that holds the listen address for the syslog-ng receiver. example: SYSLOG_ADDRESS type: string id: description: The unique identifier for this component. Used in other parts of the pipeline to reference this component (for example, as the `input` to downstream components). example: "syslog-ng-source" type: string mode: $ref: "#/components/schemas/ObservabilityPipelineSyslogSourceMode" tls: $ref: "#/components/schemas/ObservabilityPipelineTls" type: $ref: "#/components/schemas/ObservabilityPipelineSyslogNgSourceType" required: - id - type - mode type: object x-pipeline-types: [logs] ObservabilityPipelineSyslogNgSourceType: default: syslog_ng description: The source type. The value should always be `syslog_ng`. enum: [syslog_ng] example: syslog_ng type: string x-enum-varnames: - SYSLOG_NG ObservabilityPipelineSyslogSourceMode: description: Protocol used by the syslog source to receive messages. enum: [tcp, udp] example: tcp type: string x-enum-varnames: - TCP - UDP ObservabilityPipelineThrottleProcessor: description: |- The `throttle` processor limits the number of events that pass through over a given time window. **Supported pipeline types:** logs properties: display_name: $ref: "#/components/schemas/ObservabilityPipelineComponentDisplayName" enabled: description: Indicates whether the processor is enabled. example: true type: boolean group_by: description: Optional list of fields used to group events before the threshold has been reached. example: ["log.user.id"] items: description: A log field name used to group events for independent throttling. type: string type: array id: description: The unique identifier for this processor. example: throttle-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: env:prod type: string threshold: description: the number of events allowed in a given time window. Events sent after the threshold has been reached, are dropped. example: 1000 format: int64 type: integer type: $ref: "#/components/schemas/ObservabilityPipelineThrottleProcessorType" window: description: The time window in seconds over which the threshold applies. example: 60.0 format: double type: number required: - id - type - include - threshold - window - enabled type: object x-pipeline-types: [logs] ObservabilityPipelineThrottleProcessorType: default: throttle description: The processor type. The value should always be `throttle`. enum: - throttle example: throttle type: string x-enum-varnames: - THROTTLE ObservabilityPipelineTls: description: Configuration for enabling TLS encryption between the pipeline component and external services. properties: ca_file: description: Path to the Certificate Authority (CA) file used to validate the server’s TLS certificate. type: string crt_file: description: Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services. example: "/path/to/cert.crt" type: string key_file: description: Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication. type: string key_pass_key: description: Name of the environment variable or secret that holds the passphrase for the private key file. example: TLS_KEY_PASSPHRASE type: string required: - crt_file type: object OktaAPIToken: description: The definition of the `OktaAPIToken` object. properties: api_token: description: The `OktaAPIToken` `api_token`. example: "" type: string domain: description: The `OktaAPIToken` `domain`. example: "" type: string type: $ref: "#/components/schemas/OktaAPITokenType" required: - type - domain - api_token type: object OktaAPITokenType: description: The definition of the `OktaAPIToken` object. enum: - OktaAPIToken example: OktaAPIToken type: string x-enum-varnames: - OKTAAPITOKEN OktaAPITokenUpdate: description: The definition of the `OktaAPIToken` object. properties: api_token: description: The `OktaAPITokenUpdate` `api_token`. type: string domain: description: The `OktaAPITokenUpdate` `domain`. type: string type: $ref: "#/components/schemas/OktaAPITokenType" required: - type type: object OktaAccount: description: Schema for an Okta account. properties: attributes: $ref: "#/components/schemas/OktaAccountAttributes" id: description: The ID of the Okta account, a UUID hash of the account name. example: "f749daaf-682e-4208-a38d-c9b43162c609" type: string type: $ref: "#/components/schemas/OktaAccountType" required: - attributes - type type: object OktaAccountAttributes: description: Attributes object for an Okta account. properties: api_key: description: The API key of the Okta account. type: string writeOnly: true auth_method: description: The authorization method for an Okta account. example: "oauth" type: string client_id: description: The Client ID of an Okta app integration. type: string client_secret: description: The client secret of an Okta app integration. type: string writeOnly: true domain: description: The domain of the Okta account. example: "https://example.okta.com/" type: string name: description: The name of the Okta account. example: "Okta-Prod" type: string required: - auth_method - domain - name type: object OktaAccountRequest: description: Request object for an Okta account. properties: data: $ref: "#/components/schemas/OktaAccount" required: - data type: object OktaAccountResponse: description: Response object for an Okta account. properties: data: $ref: "#/components/schemas/OktaAccount" type: object OktaAccountResponseData: description: Data object of an Okta account properties: attributes: $ref: "#/components/schemas/OktaAccountAttributes" id: description: The ID of the Okta account, a UUID hash of the account name. example: "f749daaf-682e-4208-a38d-c9b43162c609" type: string type: $ref: "#/components/schemas/OktaAccountType" required: - attributes - id - type type: object OktaAccountType: default: okta-accounts description: Account type for an Okta account. enum: - okta-accounts example: okta-accounts type: string x-enum-varnames: - OKTA_ACCOUNTS OktaAccountUpdateRequest: description: Payload schema when updating an Okta account. properties: data: $ref: "#/components/schemas/OktaAccountUpdateRequestData" required: - data type: object OktaAccountUpdateRequestAttributes: description: Attributes object for updating an Okta account. properties: api_key: description: The API key of the Okta account. type: string writeOnly: true auth_method: description: The authorization method for an Okta account. example: "oauth" type: string client_id: description: The Client ID of an Okta app integration. type: string client_secret: description: The client secret of an Okta app integration. type: string writeOnly: true domain: description: The domain associated with an Okta account. example: "https://dev-test.okta.com/" type: string required: - auth_method - domain type: object OktaAccountUpdateRequestData: description: Data object for updating an Okta account. properties: attributes: $ref: "#/components/schemas/OktaAccountUpdateRequestAttributes" type: $ref: "#/components/schemas/OktaAccountType" type: object OktaAccountsResponse: description: The expected response schema when getting Okta accounts. properties: data: description: List of Okta accounts. items: $ref: "#/components/schemas/OktaAccountResponseData" type: array type: object OktaCredentials: description: The definition of the `OktaCredentials` object. oneOf: - $ref: "#/components/schemas/OktaAPIToken" OktaCredentialsUpdate: description: The definition of the `OktaCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/OktaAPITokenUpdate" OktaIntegration: description: The definition of the `OktaIntegration` object. properties: credentials: $ref: "#/components/schemas/OktaCredentials" type: $ref: "#/components/schemas/OktaIntegrationType" required: - type - credentials type: object OktaIntegrationType: description: The definition of the `OktaIntegrationType` object. enum: - Okta example: Okta type: string x-enum-varnames: - OKTA OktaIntegrationUpdate: description: The definition of the `OktaIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/OktaCredentialsUpdate" type: $ref: "#/components/schemas/OktaIntegrationType" required: - type type: object OnCallNotificationRule: description: A top-level wrapper for a notification rule example: data: attributes: "category": "high_urgency" channel_settings: method: "sms" type: "phone" "delay_minutes": 1 id: 27590dae-47be-4a7d-9abf-8f4e45124020 relationships: channel: data: id: 1562fab3-a8c2-49e2-8f3a-28dcda2405e2 type: notification_channels type: notification_rules properties: data: $ref: "#/components/schemas/OnCallNotificationRuleData" included: items: $ref: "#/components/schemas/OnCallNotificationRulesIncluded" type: array required: - data type: object OnCallNotificationRuleAttributes: description: Attributes for an on-call notification rule. properties: category: $ref: "#/components/schemas/OnCallNotificationRuleCategory" channel_settings: $ref: "#/components/schemas/OnCallNotificationRuleChannelSettings" description: Configuration for the associated channel, if necessary nullable: true delay_minutes: description: The number of minutes that will elapse before this rule is evaluated. 0 indicates immediate evaluation format: int64 type: integer type: object OnCallNotificationRuleCategory: default: high_urgency description: "Specifies the category a notification rule will apply to" enum: - high_urgency - low_urgency type: string x-enum-varnames: - HIGH_URGENCY - LOW_URGENCY OnCallNotificationRuleChannelRelationship: description: Relationship object for creating a notification rule properties: data: $ref: "#/components/schemas/OnCallNotificationRuleChannelRelationshipData" required: - data type: object OnCallNotificationRuleChannelRelationshipData: description: Channel relationship data for creating a notification rule properties: id: description: ID of the notification channel type: string type: $ref: "#/components/schemas/NotificationChannelType" type: object OnCallNotificationRuleChannelSettings: description: "Defines the configuration for a channel associated with a notification rule" oneOf: - $ref: "#/components/schemas/OnCallPhoneNotificationRuleSettings" OnCallNotificationRuleData: description: Data for an on-call notification rule properties: attributes: $ref: "#/components/schemas/OnCallNotificationRuleAttributes" id: description: Unique identifier for the rule type: string relationships: $ref: "#/components/schemas/OnCallNotificationRuleRelationships" type: $ref: "#/components/schemas/OnCallNotificationRuleType" required: - type type: object OnCallNotificationRuleRelationships: description: Relationship object for creating a notification rule properties: channel: $ref: "#/components/schemas/OnCallNotificationRuleChannelRelationship" type: object OnCallNotificationRuleRequestAttributes: description: Attributes for creating or modifying an on-call notification rule. properties: category: $ref: "#/components/schemas/OnCallNotificationRuleCategory" channel_settings: $ref: "#/components/schemas/OnCallNotificationRuleChannelSettings" description: Configuration for the associated channel, if necessary nullable: true delay_minutes: description: The number of minutes that will elapse before this rule is evaluated. 0 indicates immediate evaluation format: int64 type: integer type: object OnCallNotificationRuleType: default: notification_rules description: "Indicates that the resource is of type 'notification_rules'." enum: - notification_rules example: notification_rules type: string x-enum-varnames: - NOTIFICATION_RULES OnCallNotificationRulesIncluded: description: Represents additional included resources for a on-call notification rules oneOf: - $ref: "#/components/schemas/NotificationChannelData" OnCallPageTargetType: description: The kind of target, `team_id` | `team_handle` | `user_id`. enum: - team_id - team_handle - user_id example: team_id type: string x-enum-varnames: - TEAM_ID - TEAM_HANDLE - USER_ID OnCallPhoneNotificationRuleMethod: description: "Specifies the method in which a phone is used in a notification rule" enum: - sms - voice example: sms type: string x-enum-varnames: - SMS - VOICE OnCallPhoneNotificationRuleSettings: description: "Configuration for using a phone notification channel in a notification rule" properties: method: $ref: "#/components/schemas/OnCallPhoneNotificationRuleMethod" type: $ref: "#/components/schemas/NotificationChannelPhoneConfigType" required: - type - method type: object OnCallTrigger: description: "Trigger a workflow from an On-Call Page or On-Call Handover. For automatic triggering a handle must be configured and the workflow must be published." properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object OnCallTriggerWrapper: description: "Schema for an On-Call-based trigger." properties: onCallTrigger: $ref: "#/components/schemas/OnCallTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - onCallTrigger type: object OnDemandConcurrencyCap: description: On-demand concurrency cap. properties: attributes: $ref: "#/components/schemas/OnDemandConcurrencyCapAttributes" type: $ref: "#/components/schemas/OnDemandConcurrencyCapType" type: object OnDemandConcurrencyCapAttributes: description: On-demand concurrency cap attributes. properties: on_demand_concurrency_cap: description: Value of the on-demand concurrency cap. format: double type: number type: object OnDemandConcurrencyCapResponse: description: On-demand concurrency cap response. properties: data: $ref: "#/components/schemas/OnDemandConcurrencyCap" type: object OnDemandConcurrencyCapType: description: On-demand concurrency cap type. enum: - on_demand_concurrency_cap type: string x-enum-varnames: - ON_DEMAND_CONCURRENCY_CAP OpenAIAPIKey: description: The definition of the `OpenAIAPIKey` object. properties: api_token: description: The `OpenAIAPIKey` `api_token`. example: "" type: string type: $ref: "#/components/schemas/OpenAIAPIKeyType" required: - type - api_token type: object OpenAIAPIKeyType: description: The definition of the `OpenAIAPIKey` object. enum: - OpenAIAPIKey example: OpenAIAPIKey type: string x-enum-varnames: - OPENAIAPIKEY OpenAIAPIKeyUpdate: description: The definition of the `OpenAIAPIKey` object. properties: api_token: description: The `OpenAIAPIKeyUpdate` `api_token`. type: string type: $ref: "#/components/schemas/OpenAIAPIKeyType" required: - type type: object OpenAICredentials: description: The definition of the `OpenAICredentials` object. oneOf: - $ref: "#/components/schemas/OpenAIAPIKey" OpenAICredentialsUpdate: description: The definition of the `OpenAICredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/OpenAIAPIKeyUpdate" OpenAIIntegration: description: The definition of the `OpenAIIntegration` object. properties: credentials: $ref: "#/components/schemas/OpenAICredentials" type: $ref: "#/components/schemas/OpenAIIntegrationType" required: - type - credentials type: object OpenAIIntegrationType: description: The definition of the `OpenAIIntegrationType` object. enum: - OpenAI example: OpenAI type: string x-enum-varnames: - OPENAI OpenAIIntegrationUpdate: description: The definition of the `OpenAIIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/OpenAICredentialsUpdate" type: $ref: "#/components/schemas/OpenAIIntegrationType" required: - type type: object OpenAPIEndpoint: description: Endpoint info extracted from an `OpenAPI` specification. properties: method: description: The endpoint method. type: string path: description: The endpoint path. type: string type: object OpenAPIFile: description: Object for API data in an `OpenAPI` format as a file. properties: openapi_spec_file: description: Binary `OpenAPI` spec file format: binary type: string type: object OpsgenieServiceCreateAttributes: description: The Opsgenie service attributes for a create request. properties: custom_url: description: The custom URL for a custom region. example: "https://example.com" type: string name: description: The name for the Opsgenie service. example: "fake-opsgenie-service-name" maxLength: 100 type: string opsgenie_api_key: description: The Opsgenie API key for your Opsgenie service. example: "00000000-0000-0000-0000-000000000000" type: string region: $ref: "#/components/schemas/OpsgenieServiceRegionType" required: - name - opsgenie_api_key - region type: object OpsgenieServiceCreateData: description: Opsgenie service data for a create request. properties: attributes: $ref: "#/components/schemas/OpsgenieServiceCreateAttributes" type: $ref: "#/components/schemas/OpsgenieServiceType" required: - type - attributes type: object OpsgenieServiceCreateRequest: description: Create request for an Opsgenie service. properties: data: $ref: "#/components/schemas/OpsgenieServiceCreateData" required: - data type: object OpsgenieServiceRegionType: description: The region for the Opsgenie service. enum: - us - eu - custom example: "us" type: string x-enum-varnames: - US - EU - CUSTOM OpsgenieServiceResponse: description: Response of an Opsgenie service. properties: data: $ref: "#/components/schemas/OpsgenieServiceResponseData" required: - data type: object OpsgenieServiceResponseAttributes: description: The attributes from an Opsgenie service response. properties: custom_url: description: The custom URL for a custom region. example: nullable: true type: string name: description: The name for the Opsgenie service. example: "fake-opsgenie-service-name" maxLength: 100 type: string region: $ref: "#/components/schemas/OpsgenieServiceRegionType" type: object OpsgenieServiceResponseData: description: Opsgenie service data from a response. properties: attributes: $ref: "#/components/schemas/OpsgenieServiceResponseAttributes" id: description: The ID of the Opsgenie service. example: "596da4af-0563-4097-90ff-07230c3f9db3" maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/OpsgenieServiceType" required: - id - type - attributes type: object OpsgenieServiceType: default: opsgenie-service description: Opsgenie service resource type. enum: - opsgenie-service example: opsgenie-service type: string x-enum-varnames: - OPSGENIE_SERVICE OpsgenieServiceUpdateAttributes: description: The Opsgenie service attributes for an update request. properties: custom_url: description: The custom URL for a custom region. example: "https://example.com" nullable: true type: string name: description: The name for the Opsgenie service. example: "fake-opsgenie-service-name" maxLength: 100 type: string opsgenie_api_key: description: The Opsgenie API key for your Opsgenie service. example: "00000000-0000-0000-0000-000000000000" type: string region: $ref: "#/components/schemas/OpsgenieServiceRegionType" type: object OpsgenieServiceUpdateData: description: Opsgenie service for an update request. properties: attributes: $ref: "#/components/schemas/OpsgenieServiceUpdateAttributes" id: description: The ID of the Opsgenie service. example: "596da4af-0563-4097-90ff-07230c3f9db3" maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/OpsgenieServiceType" required: - id - type - attributes type: object OpsgenieServiceUpdateRequest: description: Update request for an Opsgenie service. properties: data: $ref: "#/components/schemas/OpsgenieServiceUpdateData" required: - data type: object OpsgenieServicesResponse: description: Response with a list of Opsgenie services. properties: data: description: An array of Opsgenie services. example: [{"attributes": {"custom_url": null, "name": "fake-opsgenie-service-name", "region": "us"}, "id": "596da4af-0563-4097-90ff-07230c3f9db3", "type": "opsgenie-service"}, {"attributes": {"custom_url": null, "name": "fake-opsgenie-service-name-2", "region": "eu"}, "id": "0d2937f1-b561-44fa-914a-99910f848014", "type": "opsgenie-service"}] items: $ref: "#/components/schemas/OpsgenieServiceResponseData" type: array required: - data type: object OrderDirection: description: The sort direction for results. enum: - asc - desc example: asc type: string x-enum-varnames: - ASC - DESC OrgAttributes: description: Attributes of an organization. properties: created_at: description: The creation timestamp of the organization. example: "2019-09-26T17:28:28Z" format: date-time type: string description: description: A description of the organization. example: "Production organization." type: string disabled: description: Whether the organization is disabled. example: false type: boolean modified_at: description: The last modification timestamp of the organization. example: "2024-01-15T10:30:00Z" format: date-time type: string name: description: The name of the organization. example: "My Organization" type: string public_id: description: The public identifier of the organization. example: "abcdef12345" type: string sharing: description: The sharing setting of the organization. example: "none" type: string url: description: The URL of the organization. example: "https://app.datadoghq.com/account/my-org" type: string required: - public_id - name - description - sharing - url - disabled - created_at - modified_at type: object OrgConfigGetResponse: description: A response with a single Org Config. properties: data: {$ref: "#/components/schemas/OrgConfigRead"} required: [data] type: object OrgConfigListResponse: description: A response with multiple Org Configs. properties: data: description: An array of Org Configs. items: {$ref: "#/components/schemas/OrgConfigRead"} type: array required: [data] type: object OrgConfigRead: description: A single Org Config. properties: attributes: {$ref: "#/components/schemas/OrgConfigReadAttributes"} id: description: A unique identifier for an Org Config. example: abcd1234 type: string type: {$ref: "#/components/schemas/OrgConfigType"} required: [id, type, attributes] type: object OrgConfigReadAttributes: description: Readable attributes of an Org Config. properties: description: description: The description of an Org Config. example: Frobulate the turbo encabulator manifold type: string modified_at: description: The timestamp of the last Org Config update (if any). format: date-time nullable: true type: string name: description: The machine-friendly name of an Org Config. example: monitor_timezone type: string value: description: The value of an Org Config. value_type: description: The type of an Org Config value. example: bool type: string required: [name, description, value_type, value] type: object OrgConfigType: description: Data type of an Org Config. enum: [org_configs] example: org_configs type: string x-enum-varnames: - ORG_CONFIGS OrgConfigWrite: description: An Org Config write operation. properties: attributes: {$ref: "#/components/schemas/OrgConfigWriteAttributes"} type: {$ref: "#/components/schemas/OrgConfigType"} required: [type, attributes] type: object OrgConfigWriteAttributes: description: Writable attributes of an Org Config. properties: value: description: The value of an Org Config. required: [value] type: object OrgConfigWriteRequest: description: A request to update an Org Config. properties: data: {$ref: "#/components/schemas/OrgConfigWrite"} required: [data] type: object OrgConnection: description: An org connection. properties: attributes: $ref: "#/components/schemas/OrgConnectionAttributes" id: description: The unique identifier of the org connection. example: "f9ec96b0-8c8a-4b0a-9b0a-1b2c3d4e5f6a" format: uuid type: string relationships: $ref: "#/components/schemas/OrgConnectionRelationships" type: $ref: "#/components/schemas/OrgConnectionType" required: [id, type, attributes, relationships] type: object OrgConnectionAttributes: description: Org connection attributes. properties: connection_types: description: List of connection types. example: ["logs", "metrics"] items: $ref: "#/components/schemas/OrgConnectionTypeEnum" type: array created_at: description: Timestamp when the connection was created. example: "2023-01-01T12:00:00Z" format: date-time type: string required: [connection_types, created_at] type: object OrgConnectionCreate: description: Org connection creation data. properties: attributes: $ref: "#/components/schemas/OrgConnectionCreateAttributes" relationships: $ref: "#/components/schemas/OrgConnectionCreateRelationships" type: $ref: "#/components/schemas/OrgConnectionType" required: [type, attributes, relationships] type: object OrgConnectionCreateAttributes: description: Attributes for creating an org connection. properties: connection_types: description: List of connection types to establish. example: ["logs"] items: $ref: "#/components/schemas/OrgConnectionTypeEnum" minItems: 1 type: array required: [connection_types] type: object OrgConnectionCreateRelationships: description: Relationships for org connection creation. properties: sink_org: $ref: "#/components/schemas/OrgConnectionOrgRelationship" required: [sink_org] type: object OrgConnectionCreateRequest: description: Request to create an org connection. properties: data: $ref: "#/components/schemas/OrgConnectionCreate" required: [data] type: object OrgConnectionListResponse: description: Response containing a list of org connections. properties: data: description: List of org connections. items: $ref: "#/components/schemas/OrgConnection" type: array meta: $ref: "#/components/schemas/OrgConnectionListResponseMeta" required: [data] type: object OrgConnectionListResponseMeta: description: Pagination metadata. properties: page: $ref: "#/components/schemas/OrgConnectionListResponseMetaPage" type: object OrgConnectionListResponseMetaPage: description: Page information. properties: total_count: description: Total number of org connections. example: 0 format: int64 type: integer total_filtered_count: description: Total number of org connections matching the filter. example: 0 format: int64 type: integer type: object OrgConnectionOrgRelationship: description: Org relationship. properties: data: $ref: "#/components/schemas/OrgConnectionOrgRelationshipData" type: object OrgConnectionOrgRelationshipData: description: The definition of `OrgConnectionOrgRelationshipData` object. properties: id: description: Org UUID. example: "f9ec96b0-8c8a-4b0a-9b0a-1b2c3d4e5f6a" type: string name: description: Org name. example: "Example Org" type: string type: $ref: "#/components/schemas/OrgConnectionOrgRelationshipDataType" type: object OrgConnectionOrgRelationshipDataType: description: The type of the organization relationship. enum: [orgs] example: "orgs" type: string x-enum-varnames: - ORGS OrgConnectionRelationships: description: Related organizations and user. properties: created_by: $ref: "#/components/schemas/OrgConnectionUserRelationship" sink_org: $ref: "#/components/schemas/OrgConnectionOrgRelationship" source_org: $ref: "#/components/schemas/OrgConnectionOrgRelationship" type: object OrgConnectionResponse: description: Response containing a single org connection. properties: data: $ref: "#/components/schemas/OrgConnection" required: [data] type: object OrgConnectionType: description: Org connection type. enum: [org_connection] example: "org_connection" type: string x-enum-varnames: - ORG_CONNECTION OrgConnectionTypeEnum: description: Available connection types between organizations. enum: - logs - metrics - audit example: "logs" type: string x-enum-varnames: - LOGS - METRICS - AUDIT OrgConnectionUpdate: description: Org connection update data. properties: attributes: $ref: "#/components/schemas/OrgConnectionUpdateAttributes" id: description: The unique identifier of the org connection. example: "f9ec96b0-8c8a-4b0a-9b0a-1b2c3d4e5f6a" format: uuid type: string type: $ref: "#/components/schemas/OrgConnectionType" required: [type, id, attributes] type: object OrgConnectionUpdateAttributes: description: Attributes for updating an org connection. properties: connection_types: description: Updated list of connection types. example: ["logs", "metrics"] items: $ref: "#/components/schemas/OrgConnectionTypeEnum" minItems: 1 type: array required: [connection_types] type: object OrgConnectionUpdateRequest: description: Request to update an org connection. properties: data: $ref: "#/components/schemas/OrgConnectionUpdate" required: [data] type: object OrgConnectionUserRelationship: description: User relationship. properties: data: $ref: "#/components/schemas/OrgConnectionUserRelationshipData" type: object OrgConnectionUserRelationshipData: description: The data for a user relationship. properties: id: description: User UUID. example: "usr123abc456" type: string name: description: User name. example: "John Doe" type: string type: $ref: "#/components/schemas/OrgConnectionUserRelationshipDataType" type: object OrgConnectionUserRelationshipDataType: description: The type of the user relationship. enum: [users] example: "users" type: string x-enum-varnames: - USERS OrgData: description: An organization resource. properties: attributes: $ref: "#/components/schemas/OrgAttributes" id: description: The UUID of the organization. example: "4dee724d-00cc-11ea-a77b-570c9d03c6c5" format: uuid type: string type: $ref: "#/components/schemas/OrgResourceType" required: - id - type - attributes type: object OrgGroupAttributes: description: Attributes of an org group. properties: created_at: description: Timestamp when the org group was created. example: "2024-01-15T10:30:00Z" format: date-time type: string modified_at: description: Timestamp when the org group was last modified. example: "2024-01-15T10:30:00Z" format: date-time type: string name: description: The name of the org group. example: "My Org Group" type: string owner_org_site: description: The site of the organization that owns this org group. example: "us1" type: string owner_org_uuid: description: The UUID of the organization that owns this org group. example: "b2c3d4e5-f6a7-8901-bcde-f01234567890" format: uuid type: string required: - name - owner_org_uuid - owner_org_site - created_at - modified_at type: object OrgGroupCreateAttributes: description: Attributes for creating an org group. properties: name: description: The name of the org group. example: "My Org Group" type: string required: - name type: object OrgGroupCreateData: description: Data for creating an org group. properties: attributes: $ref: "#/components/schemas/OrgGroupCreateAttributes" type: $ref: "#/components/schemas/OrgGroupType" required: - type - attributes type: object OrgGroupCreateRequest: description: Request to create an org group. properties: data: $ref: "#/components/schemas/OrgGroupCreateData" required: - data type: object OrgGroupData: description: An org group resource. properties: attributes: $ref: "#/components/schemas/OrgGroupAttributes" id: description: The ID of the org group. example: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" format: uuid type: string relationships: $ref: "#/components/schemas/OrgGroupRelationships" type: $ref: "#/components/schemas/OrgGroupType" required: - id - type - attributes type: object OrgGroupIncludeOption: description: Allowed include options for org group endpoints. enum: - memberships type: string x-enum-varnames: - MEMBERSHIPS OrgGroupListResponse: description: Response containing a list of org groups. properties: data: description: An array of org groups. items: $ref: "#/components/schemas/OrgGroupData" type: array included: description: Related resources included in the response when requested with the `include` parameter. items: $ref: "#/components/schemas/OrgGroupMembershipData" type: array links: $ref: "#/components/schemas/OrgGroupPaginationLinks" meta: $ref: "#/components/schemas/OrgGroupPaginationMeta" required: - data type: object OrgGroupMembershipAttributes: description: Attributes of an org group membership. properties: created_at: description: Timestamp when the membership was created. example: "2024-01-15T10:30:00Z" format: date-time type: string modified_at: description: Timestamp when the membership was last modified. example: "2024-01-15T10:30:00Z" format: date-time type: string org_name: description: The name of the member organization. example: "Acme Corp" type: string org_site: description: The site of the member organization. example: "us1" type: string org_uuid: description: The UUID of the member organization. example: "c3d4e5f6-a7b8-9012-cdef-012345678901" format: uuid type: string required: - org_name - org_uuid - org_site - created_at - modified_at type: object OrgGroupMembershipBulkUpdateAttributes: description: Attributes for bulk updating org group memberships. properties: orgs: description: List of organizations to move. Maximum 100 per request. items: $ref: "#/components/schemas/GlobalOrgIdentifier" type: array required: - orgs type: object OrgGroupMembershipBulkUpdateData: description: Data for bulk updating org group memberships. properties: attributes: $ref: "#/components/schemas/OrgGroupMembershipBulkUpdateAttributes" relationships: $ref: "#/components/schemas/OrgGroupMembershipBulkUpdateRelationships" type: $ref: "#/components/schemas/OrgGroupMembershipBulkUpdateType" required: - type - attributes - relationships type: object OrgGroupMembershipBulkUpdateRelationships: description: Relationships for bulk updating memberships. properties: source_org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" target_org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" required: - source_org_group - target_org_group type: object OrgGroupMembershipBulkUpdateRequest: description: Request to bulk update org group memberships. properties: data: $ref: "#/components/schemas/OrgGroupMembershipBulkUpdateData" required: - data type: object OrgGroupMembershipBulkUpdateType: description: Org group membership bulk update resource type. enum: - org_group_membership_bulk_updates example: org_group_membership_bulk_updates type: string x-enum-varnames: - ORG_GROUP_MEMBERSHIP_BULK_UPDATES OrgGroupMembershipData: description: An org group membership resource. properties: attributes: $ref: "#/components/schemas/OrgGroupMembershipAttributes" id: description: The ID of the org group membership. example: "f1e2d3c4-b5a6-7890-1234-567890abcdef" format: uuid type: string relationships: $ref: "#/components/schemas/OrgGroupMembershipRelationships" type: $ref: "#/components/schemas/OrgGroupMembershipType" required: - id - type - attributes type: object OrgGroupMembershipListResponse: description: Response containing a list of org group memberships. properties: data: description: An array of org group memberships. items: $ref: "#/components/schemas/OrgGroupMembershipData" type: array links: $ref: "#/components/schemas/OrgGroupPaginationLinks" meta: $ref: "#/components/schemas/OrgGroupPaginationMeta" required: - data type: object OrgGroupMembershipRelationshipData: description: A reference to an org group membership. properties: id: description: The ID of the membership. example: "f1e2d3c4-b5a6-7890-1234-567890abcdef" format: uuid type: string type: $ref: "#/components/schemas/OrgGroupMembershipType" required: - id - type type: object OrgGroupMembershipRelationships: description: Relationships of an org group membership. properties: org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" type: object OrgGroupMembershipResponse: description: Response containing a single org group membership. properties: data: $ref: "#/components/schemas/OrgGroupMembershipData" required: - data type: object OrgGroupMembershipSortOption: default: uuid description: Field to sort memberships by. enum: - name - -name - uuid - -uuid example: uuid type: string x-enum-varnames: - NAME - MINUS_NAME - UUID - MINUS_UUID OrgGroupMembershipType: description: Org group memberships resource type. enum: - org_group_memberships example: org_group_memberships type: string x-enum-varnames: - ORG_GROUP_MEMBERSHIPS OrgGroupMembershipUpdateData: description: Data for updating an org group membership. properties: id: description: The ID of the membership. example: "f1e2d3c4-b5a6-7890-1234-567890abcdef" format: uuid type: string relationships: $ref: "#/components/schemas/OrgGroupMembershipUpdateRelationships" type: $ref: "#/components/schemas/OrgGroupMembershipType" required: - id - type - relationships type: object OrgGroupMembershipUpdateRelationships: description: Relationships for updating a membership. properties: org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" required: - org_group type: object OrgGroupMembershipUpdateRequest: description: Request to update an org group membership. properties: data: $ref: "#/components/schemas/OrgGroupMembershipUpdateData" required: - data type: object OrgGroupMembershipsRelationship: description: Relationship to org group memberships. properties: data: description: An array of membership relationship references. items: $ref: "#/components/schemas/OrgGroupMembershipRelationshipData" type: array required: - data type: object OrgGroupPaginationLinks: description: Pagination links for navigating between pages of an org group list response. properties: first: description: Link to the first page. type: string last: description: Link to the last page. type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to the previous page. nullable: true type: string self: description: Link to the current page. type: string type: object OrgGroupPaginationMeta: description: Pagination metadata for org group list responses. properties: page: $ref: "#/components/schemas/OrgGroupPaginationMetaPage" type: object OrgGroupPaginationMetaPage: description: Page-based pagination details for org group list responses. properties: first_number: description: First page number. format: int64 type: integer last_number: description: Last page number. format: int64 nullable: true type: integer next_number: description: Next page number. format: int64 nullable: true type: integer number: description: Page number. format: int64 type: integer prev_number: description: Previous page number. format: int64 nullable: true type: integer size: description: Page size. format: int64 type: integer total: description: Total number of results. format: int64 type: integer type: description: Pagination type. example: "number_size" type: string type: object OrgGroupPolicyAttributes: description: Attributes of an org group policy. properties: content: additionalProperties: {} description: The policy content as key-value pairs. example: value: "UTC" type: object enforcement_tier: $ref: "#/components/schemas/OrgGroupPolicyEnforcementTier" modified_at: description: Timestamp when the policy was last modified. example: "2024-01-15T10:30:00Z" format: date-time type: string policy_name: description: The name of the policy. example: "monitor_timezone" type: string policy_type: $ref: "#/components/schemas/OrgGroupPolicyPolicyType" required: - policy_name - policy_type - enforcement_tier - modified_at type: object OrgGroupPolicyConfigAttributes: description: Attributes of an org group policy config. properties: allowed_values: description: The allowed values for this config. example: ["UTC", "US/Eastern", "US/Pacific"] items: description: An allowed value for this config. type: string type: array default_value: description: The default value for this config. example: "UTC" description: description: The description of the policy config. example: "The default timezone for monitors." type: string name: description: The name of the policy config. example: "monitor_timezone" type: string value_type: description: The type of the value for this config. example: "string" type: string required: - name - description - value_type - allowed_values - default_value type: object OrgGroupPolicyConfigData: description: An org group policy config resource. properties: attributes: $ref: "#/components/schemas/OrgGroupPolicyConfigAttributes" id: description: The identifier of the policy config (uses the config name). example: "monitor_timezone" type: string type: $ref: "#/components/schemas/OrgGroupPolicyConfigType" required: - id - type - attributes type: object OrgGroupPolicyConfigListResponse: description: Response containing a list of org group policy configs. properties: data: description: An array of org group policy configs. items: $ref: "#/components/schemas/OrgGroupPolicyConfigData" type: array required: - data type: object OrgGroupPolicyConfigType: description: Org group policy configs resource type. enum: - org_group_policy_configs example: org_group_policy_configs type: string x-enum-varnames: - ORG_GROUP_POLICY_CONFIGS OrgGroupPolicyCreateAttributes: description: >- Attributes for creating an org group policy. If `policy_type` or `enforcement_tier` are not provided, they default to `org_config` and `DEFAULT` respectively. properties: content: additionalProperties: {} description: The policy content as key-value pairs. example: value: "UTC" type: object enforcement_tier: $ref: "#/components/schemas/OrgGroupPolicyEnforcementTier" policy_name: description: The name of the policy. example: "monitor_timezone" type: string policy_type: $ref: "#/components/schemas/OrgGroupPolicyPolicyType" required: - policy_name - content type: object OrgGroupPolicyCreateData: description: Data for creating an org group policy. properties: attributes: $ref: "#/components/schemas/OrgGroupPolicyCreateAttributes" relationships: $ref: "#/components/schemas/OrgGroupPolicyCreateRelationships" type: $ref: "#/components/schemas/OrgGroupPolicyType" required: - type - attributes - relationships type: object OrgGroupPolicyCreateRelationships: description: Relationships for creating a policy. properties: org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" required: - org_group type: object OrgGroupPolicyCreateRequest: description: Request to create an org group policy. properties: data: $ref: "#/components/schemas/OrgGroupPolicyCreateData" required: - data type: object OrgGroupPolicyData: description: An org group policy resource. properties: attributes: $ref: "#/components/schemas/OrgGroupPolicyAttributes" id: description: The ID of the org group policy. example: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" format: uuid type: string relationships: $ref: "#/components/schemas/OrgGroupPolicyRelationships" type: $ref: "#/components/schemas/OrgGroupPolicyType" required: - id - type - attributes type: object OrgGroupPolicyEnforcementTier: default: DEFAULT description: >- The enforcement tier of the policy. `DEFAULT` means the policy is set but member orgs may mutate it. `ENFORCE` means the policy is strictly controlled and mutations are blocked for affected orgs. `DELEGATE` means each member org controls its own value. enum: - DEFAULT - ENFORCE - DELEGATE example: DEFAULT type: string x-enum-varnames: - DEFAULT - ENFORCE - DELEGATE OrgGroupPolicyListResponse: description: Response containing a list of org group policies. properties: data: description: An array of org group policies. items: $ref: "#/components/schemas/OrgGroupPolicyData" type: array links: $ref: "#/components/schemas/OrgGroupPaginationLinks" meta: $ref: "#/components/schemas/OrgGroupPaginationMeta" required: - data type: object OrgGroupPolicyOverrideAttributes: description: Attributes of an org group policy override. properties: content: additionalProperties: {} description: The override content as key-value pairs. type: object created_at: description: Timestamp when the override was created. example: "2024-01-15T10:30:00Z" format: date-time type: string modified_at: description: Timestamp when the override was last modified. example: "2024-01-15T10:30:00Z" format: date-time type: string org_site: description: The site of the organization that has the override. example: "us1" type: string org_uuid: description: The UUID of the organization that has the override. example: "c3d4e5f6-a7b8-9012-cdef-012345678901" format: uuid type: string required: - org_uuid - org_site - created_at - modified_at type: object OrgGroupPolicyOverrideCreateAttributes: description: Attributes for creating a policy override. properties: org_site: description: The site of the organization. example: "us1" type: string org_uuid: description: The UUID of the organization to grant the override. example: "c3d4e5f6-a7b8-9012-cdef-012345678901" format: uuid type: string required: - org_uuid - org_site type: object OrgGroupPolicyOverrideCreateData: description: Data for creating an org group policy override. properties: attributes: $ref: "#/components/schemas/OrgGroupPolicyOverrideCreateAttributes" relationships: $ref: "#/components/schemas/OrgGroupPolicyOverrideCreateRelationships" type: $ref: "#/components/schemas/OrgGroupPolicyOverrideType" required: - type - attributes - relationships type: object OrgGroupPolicyOverrideCreateRelationships: description: Relationships for creating a policy override. properties: org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" org_group_policy: $ref: "#/components/schemas/OrgGroupPolicyRelationshipToOne" required: - org_group - org_group_policy type: object OrgGroupPolicyOverrideCreateRequest: description: Request to create an org group policy override. properties: data: $ref: "#/components/schemas/OrgGroupPolicyOverrideCreateData" required: - data type: object OrgGroupPolicyOverrideData: description: An org group policy override resource. properties: attributes: $ref: "#/components/schemas/OrgGroupPolicyOverrideAttributes" id: description: The ID of the policy override. example: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" format: uuid type: string relationships: $ref: "#/components/schemas/OrgGroupPolicyOverrideRelationships" type: $ref: "#/components/schemas/OrgGroupPolicyOverrideType" required: - id - type - attributes type: object OrgGroupPolicyOverrideListResponse: description: Response containing a list of org group policy overrides. properties: data: description: An array of org group policy overrides. items: $ref: "#/components/schemas/OrgGroupPolicyOverrideData" type: array links: $ref: "#/components/schemas/OrgGroupPaginationLinks" meta: $ref: "#/components/schemas/OrgGroupPaginationMeta" required: - data type: object OrgGroupPolicyOverrideRelationships: description: Relationships of an org group policy override. properties: org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" org_group_policy: $ref: "#/components/schemas/OrgGroupPolicyRelationshipToOne" type: object OrgGroupPolicyOverrideResponse: description: Response containing a single org group policy override. properties: data: $ref: "#/components/schemas/OrgGroupPolicyOverrideData" required: - data type: object OrgGroupPolicyOverrideSortOption: default: id description: Field to sort overrides by. enum: - id - -id - org_uuid - -org_uuid example: id type: string x-enum-varnames: - ID - MINUS_ID - ORG_UUID - MINUS_ORG_UUID OrgGroupPolicyOverrideType: description: Org group policy overrides resource type. enum: - org_group_policy_overrides example: org_group_policy_overrides type: string x-enum-varnames: - ORG_GROUP_POLICY_OVERRIDES OrgGroupPolicyOverrideUpdateAttributes: description: >- Attributes for updating a policy override. The `org_uuid` and `org_site` fields must match the existing override and cannot be changed. properties: org_site: description: The site of the organization. example: "us1" type: string org_uuid: description: The UUID of the organization. example: "c3d4e5f6-a7b8-9012-cdef-012345678901" format: uuid type: string required: - org_uuid - org_site type: object OrgGroupPolicyOverrideUpdateData: description: Data for updating a policy override. properties: attributes: $ref: "#/components/schemas/OrgGroupPolicyOverrideUpdateAttributes" id: description: The ID of the policy override. example: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" format: uuid type: string type: $ref: "#/components/schemas/OrgGroupPolicyOverrideType" required: - id - type - attributes type: object OrgGroupPolicyOverrideUpdateRequest: description: Request to update an org group policy override. properties: data: $ref: "#/components/schemas/OrgGroupPolicyOverrideUpdateData" required: - data type: object OrgGroupPolicyPolicyType: default: org_config description: >- The type of the policy. Only `org_config` is supported, indicating a policy backed by an organization configuration setting. enum: - org_config example: org_config type: string x-enum-varnames: - ORG_CONFIG OrgGroupPolicyRelationshipToOne: description: Relationship to a single org group policy. properties: data: $ref: "#/components/schemas/OrgGroupPolicyRelationshipToOneData" required: - data type: object OrgGroupPolicyRelationshipToOneData: description: A reference to an org group policy. properties: id: description: The ID of the policy. example: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" format: uuid type: string type: $ref: "#/components/schemas/OrgGroupPolicyType" required: - id - type type: object OrgGroupPolicyRelationships: description: Relationships of an org group policy. properties: org_group: $ref: "#/components/schemas/OrgGroupRelationshipToOne" type: object OrgGroupPolicyResponse: description: Response containing a single org group policy. properties: data: $ref: "#/components/schemas/OrgGroupPolicyData" required: - data type: object OrgGroupPolicySortOption: default: id description: Field to sort policies by. enum: - id - -id - name - -name example: id type: string x-enum-varnames: - ID - MINUS_ID - NAME - MINUS_NAME OrgGroupPolicyType: description: Org group policies resource type. enum: - org_group_policies example: org_group_policies type: string x-enum-varnames: - ORG_GROUP_POLICIES OrgGroupPolicyUpdateAttributes: description: Attributes for updating an org group policy. properties: content: additionalProperties: {} description: The policy content as key-value pairs. example: value: "UTC" type: object enforcement_tier: $ref: "#/components/schemas/OrgGroupPolicyEnforcementTier" type: object OrgGroupPolicyUpdateData: description: Data for updating an org group policy. properties: attributes: $ref: "#/components/schemas/OrgGroupPolicyUpdateAttributes" id: description: The ID of the policy. example: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" format: uuid type: string type: $ref: "#/components/schemas/OrgGroupPolicyType" required: - id - type - attributes type: object OrgGroupPolicyUpdateRequest: description: Request to update an org group policy. properties: data: $ref: "#/components/schemas/OrgGroupPolicyUpdateData" required: - data type: object OrgGroupRelationshipToOne: description: Relationship to a single org group. properties: data: $ref: "#/components/schemas/OrgGroupRelationshipToOneData" required: - data type: object OrgGroupRelationshipToOneData: description: A reference to an org group. properties: id: description: The ID of the org group. example: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" format: uuid type: string type: $ref: "#/components/schemas/OrgGroupType" required: - id - type type: object OrgGroupRelationships: description: Relationships of an org group. properties: memberships: $ref: "#/components/schemas/OrgGroupMembershipsRelationship" type: object OrgGroupResponse: description: Response containing a single org group. properties: data: $ref: "#/components/schemas/OrgGroupData" required: - data type: object OrgGroupSortOption: default: uuid description: Field to sort org groups by. enum: - name - -name - uuid - -uuid example: name type: string x-enum-varnames: - NAME - MINUS_NAME - UUID - MINUS_UUID OrgGroupType: description: Org groups resource type. enum: - org_groups example: org_groups type: string x-enum-varnames: - ORG_GROUPS OrgGroupUpdateAttributes: description: Attributes for updating an org group. properties: name: description: The name of the org group. example: "Updated Org Group Name" type: string required: - name type: object OrgGroupUpdateData: description: Data for updating an org group. properties: attributes: $ref: "#/components/schemas/OrgGroupUpdateAttributes" id: description: The ID of the org group. example: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" format: uuid type: string type: $ref: "#/components/schemas/OrgGroupType" required: - id - type - attributes type: object OrgGroupUpdateRequest: description: Request to update an org group. properties: data: $ref: "#/components/schemas/OrgGroupUpdateData" required: - data type: object OrgRelationshipData: description: Reference to an organization resource. properties: id: description: The UUID of the organization. example: "4dee724d-00cc-11ea-a77b-570c9d03c6c5" format: uuid type: string type: $ref: "#/components/schemas/OrgResourceType" required: - id - type type: object OrgResourceType: description: The resource type for organizations. enum: [orgs] example: "orgs" type: string x-enum-varnames: - ORGS Organization: description: Organization object. properties: attributes: $ref: "#/components/schemas/OrganizationAttributes" id: description: ID of the organization. type: string type: $ref: "#/components/schemas/OrganizationsType" required: - type type: object OrganizationAttributes: description: Attributes of the organization. properties: created_at: description: Creation time of the organization. format: date-time type: string description: description: Description of the organization. type: string disabled: description: Whether or not the organization is disabled. type: boolean modified_at: description: Time of last organization modification. format: date-time type: string name: description: Name of the organization. type: string public_id: description: Public ID of the organization. type: string sharing: description: Sharing type of the organization. type: string url: description: URL of the site that this organization exists at. type: string type: object OrganizationsType: default: orgs description: Organizations resource type. enum: - orgs example: orgs type: string x-enum-varnames: - ORGS OutboundEdge: description: The definition of `OutboundEdge` object. properties: branchName: description: The `OutboundEdge` `branchName`. example: "" type: string nextStepName: description: The `OutboundEdge` `nextStepName`. example: "" type: string required: - nextStepName - branchName type: object OutcomeType: default: outcome description: The JSON:API type for an outcome. enum: - outcome example: outcome type: string x-enum-varnames: - OUTCOME OutcomesBatchAttributes: description: The JSON:API attributes for a batched set of scorecard outcomes. properties: results: description: Set of scorecard outcomes to update. items: $ref: "#/components/schemas/OutcomesBatchRequestItem" type: array type: object OutcomesBatchRequest: description: Scorecard outcomes batch request. properties: data: $ref: "#/components/schemas/OutcomesBatchRequestData" type: object OutcomesBatchRequestData: description: Scorecard outcomes batch request data. properties: attributes: $ref: "#/components/schemas/OutcomesBatchAttributes" type: $ref: "#/components/schemas/OutcomesBatchType" type: object OutcomesBatchRequestItem: description: Scorecard outcome for a specific rule, for a given service within a batched update. properties: remarks: description: >- Any remarks regarding the scorecard rule's evaluation, and supports HTML hyperlinks. example: 'See: Services' type: string rule_id: $ref: "#/components/schemas/RuleId" service_name: description: The unique name for a service in the catalog. example: my-service type: string state: $ref: "#/components/schemas/State" required: - rule_id - service_name - state type: object OutcomesBatchResponse: description: Scorecard outcomes batch response. properties: data: $ref: "#/components/schemas/OutcomesBatchResponseData" example: - attributes: service_name: my-service state: pass id: "outcome-abc123" type: rule-outcome meta: $ref: "#/components/schemas/OutcomesBatchResponseMeta" required: - data - meta type: object OutcomesBatchResponseAttributes: description: The JSON:API attributes for an outcome. properties: created_at: description: Creation time of the rule outcome. format: date-time type: string modified_at: description: Time of last rule outcome modification. format: date-time type: string remarks: description: >- Any remarks regarding the scorecard rule's evaluation, and supports HTML hyperlinks. example: 'See: Services' type: string service_name: description: The unique name for a service in the catalog. example: my-service type: string state: $ref: "#/components/schemas/State" type: object OutcomesBatchResponseData: description: List of rule outcomes which were affected during the bulk operation. items: $ref: "#/components/schemas/OutcomesResponseDataItem" type: array OutcomesBatchResponseMeta: description: Metadata pertaining to the bulk operation. properties: total_received: description: Total number of scorecard results received during the bulk operation. format: int64 type: integer total_updated: description: Total number of scorecard results modified during the bulk operation. format: int64 type: integer type: object OutcomesBatchType: default: batched-outcome description: The JSON:API type for scorecard outcomes. enum: [batched-outcome] example: batched-outcome type: string x-enum-varnames: [BATCHED_OUTCOME] OutcomesResponse: description: Scorecard outcomes - the result of a rule for a service. properties: data: $ref: "#/components/schemas/OutcomesResponseData" included: $ref: "#/components/schemas/OutcomesResponseIncluded" links: $ref: "#/components/schemas/OutcomesResponseLinks" type: object OutcomesResponseData: description: List of rule outcomes. items: $ref: "#/components/schemas/OutcomesResponseDataItem" type: array OutcomesResponseDataItem: description: A single rule outcome. properties: attributes: $ref: "#/components/schemas/OutcomesBatchResponseAttributes" id: description: The unique ID for a rule outcome. type: string relationships: $ref: "#/components/schemas/RuleOutcomeRelationships" type: $ref: "#/components/schemas/OutcomeType" type: object OutcomesResponseIncluded: description: Array of rule details. items: $ref: "#/components/schemas/OutcomesResponseIncludedItem" type: array OutcomesResponseIncludedItem: description: Attributes of the included rule. properties: attributes: $ref: "#/components/schemas/OutcomesResponseIncludedRuleAttributes" id: $ref: "#/components/schemas/RuleId" type: $ref: "#/components/schemas/RuleType" type: object OutcomesResponseIncludedRuleAttributes: description: Details of a rule. properties: name: description: Name of the rule. example: Team Defined type: string scorecard_name: description: The scorecard name to which this rule must belong. example: Observability Best Practices type: string type: object OutcomesResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of results. example: "/api/v2/scorecard/outcomes?include=rule&page%5Blimit%5D=100&page%5Boffset%5D=100" type: string type: object OutputSchema: description: "A list of output parameters for the workflow." properties: parameters: description: The `OutputSchema` `parameters`. items: $ref: "#/components/schemas/OutputSchemaParameters" type: array type: object OutputSchemaParameters: description: The definition of `OutputSchemaParameters` object. properties: defaultValue: description: The `OutputSchemaParameters` `defaultValue`. description: description: The `OutputSchemaParameters` `description`. type: string label: description: The `OutputSchemaParameters` `label`. type: string name: description: The `OutputSchemaParameters` `name`. example: "" type: string type: $ref: "#/components/schemas/OutputSchemaParametersType" value: description: The `OutputSchemaParameters` `value`. required: - name - type type: object OutputSchemaParametersType: description: The definition of `OutputSchemaParametersType` object. enum: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT example: STRING type: string x-enum-varnames: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT OverwriteAllocationsRequest: description: Request to overwrite targeting rules (allocations) for a feature flag in an environment. properties: data: description: Targeting rules (allocations) to replace existing ones with. items: $ref: "#/components/schemas/AllocationDataRequest" type: array required: - data type: object PageUrgency: default: high description: On-Call Page urgency level. enum: - low - high example: high type: string x-enum-varnames: - LOW - HIGH PaginatedResponseMeta: description: Metadata for scores response. properties: count: description: Number of entities in this response. example: 10 format: int64 type: integer limit: description: Pagination limit. example: 10 format: int64 type: integer offset: description: Pagination offset. example: 0 format: int64 type: integer total: description: Total number of entities available. example: 150 format: int64 type: integer required: - count - total - limit - offset type: object Pagination: description: Pagination object. properties: total_count: description: Total count. format: int64 type: integer total_filtered_count: description: Total count of elements matched by the filter. format: int64 type: integer type: object PaginationMeta: description: Response metadata. properties: page: $ref: "#/components/schemas/PaginationMetaPage" readOnly: true type: object PaginationMetaPage: description: Offset-based pagination schema. example: first_offset: 0 last_offset: 900 limit: 100 next_offset: 100 offset: 0 prev_offset: 100 total: 1000 type: offset_limit properties: first_offset: description: Integer representing the offset to fetch the first page of results. example: 0 format: int64 type: integer last_offset: description: Integer representing the offset to fetch the last page of results. example: 900 format: int64 nullable: true type: integer limit: description: Integer representing the number of elements to be returned in the results. example: 100 format: int64 type: integer next_offset: description: >- Integer representing the index of the first element in the next page of results. Equal to page size added to the current offset. example: 100 format: int64 nullable: true type: integer offset: description: Integer representing the index of the first element in the results. example: 0 format: int64 type: integer prev_offset: description: Integer representing the index of the first element in the previous page of results. example: 100 format: int64 nullable: true type: integer total: description: Integer representing the total number of elements available. example: 1000 format: int64 nullable: true type: integer type: $ref: "#/components/schemas/PaginationMetaPageType" type: object PaginationMetaPageType: default: offset_limit description: The pagination type used for offset-based pagination. enum: - offset_limit example: offset_limit type: string x-enum-varnames: - OFFSET_LIMIT Parameter: description: The definition of `Parameter` object. properties: name: description: The `Parameter` `name`. example: "" type: string value: description: The `Parameter` `value`. required: - name - value type: object PartialAPIKey: description: Partial Datadog API key. properties: attributes: $ref: "#/components/schemas/PartialAPIKeyAttributes" id: description: ID of the API key. type: string relationships: $ref: "#/components/schemas/APIKeyRelationships" type: $ref: "#/components/schemas/APIKeysType" type: object PartialAPIKeyAttributes: description: Attributes of a partial API key. properties: category: description: The category of the API key. type: string created_at: description: Creation date of the API key. example: "2020-11-23T10:00:00.000Z" readOnly: true type: string date_last_used: description: Date the API Key was last used. example: "2020-11-27T10:00:00.000Z" format: date-time nullable: true readOnly: true type: string last4: description: The last four characters of the API key. example: "abcd" maxLength: 4 minLength: 4 readOnly: true type: string modified_at: description: Date the API key was last modified. example: "2020-11-23T10:00:00.000Z" readOnly: true type: string name: description: Name of the API key. example: "API Key for submitting metrics" type: string remote_config_read_enabled: description: The remote config read enabled status. type: boolean type: object PartialApplicationKey: description: Partial Datadog application key. properties: attributes: $ref: "#/components/schemas/PartialApplicationKeyAttributes" id: description: ID of the application key. type: string relationships: $ref: "#/components/schemas/ApplicationKeyRelationships" type: $ref: "#/components/schemas/ApplicationKeysType" type: object PartialApplicationKeyAttributes: description: Attributes of a partial application key. properties: created_at: description: Creation date of the application key. example: "2020-11-23T10:00:00.000Z" readOnly: true type: string last4: description: The last four characters of the application key. example: "abcd" maxLength: 4 minLength: 4 readOnly: true type: string last_used_at: description: Last usage timestamp of the application key. example: "2020-12-20T10:00:00.000Z" nullable: true readOnly: true type: string name: description: Name of the application key. example: "Application Key for managing dashboards" type: string scopes: description: Array of scopes to grant the application key. example: ["dashboards_read", "dashboards_write", "dashboards_public_share"] items: description: Name of scope. type: string nullable: true type: array type: object PartialApplicationKeyResponse: description: Response for retrieving a partial application key. properties: data: $ref: "#/components/schemas/PartialApplicationKey" included: description: Array of objects related to the application key. items: $ref: "#/components/schemas/ApplicationKeyResponseIncludedItem" type: array type: object PatchAttachmentRequest: description: Request to update an attachment. properties: data: $ref: "#/components/schemas/PatchAttachmentRequestData" type: object PatchAttachmentRequestData: description: Attachment data for an update request. properties: attributes: $ref: "#/components/schemas/PatchAttachmentRequestDataAttributes" id: description: The unique identifier of the attachment. example: "00000000-abcd-0002-0000-000000000000" type: string type: $ref: "#/components/schemas/IncidentAttachmentType" required: - type type: object PatchAttachmentRequestDataAttributes: description: The attributes for updating an attachment. properties: attachment: $ref: "#/components/schemas/PatchAttachmentRequestDataAttributesAttachment" type: object PatchAttachmentRequestDataAttributesAttachment: description: The updated attachment object. properties: documentUrl: description: The updated URL for the attachment. example: https://app.datadoghq.com/notebook/124/Postmortem-IR-124 type: string title: description: The updated title for the attachment. example: Postmortem-IR-124 type: string type: object PatchComponentRequest: description: Request object for updating a component. example: data: attributes: name: Metrics Intake Service position: 4 id: 1234abcd-12ab-34cd-56ef-123456abcdef type: components properties: data: $ref: "#/components/schemas/PatchComponentRequestData" type: object PatchComponentRequestData: description: The data object for updating a component. properties: attributes: $ref: "#/components/schemas/PatchComponentRequestDataAttributes" id: description: The ID of the component. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPagesComponentGroupType" required: - attributes - id - type type: object PatchComponentRequestDataAttributes: description: The supported attributes for updating a component. properties: name: description: The name of the component. example: Web App type: string position: description: The position of the component. If the component belongs to a group, the position is relative to the other components in the group. example: 1 format: int64 type: integer type: object PatchDegradationRequest: description: Request object for updating a degradation. example: data: attributes: components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational description: We've deployed a fix and latency has returned to normal. This issue has been resolved. status: resolved id: 1234abcd-12ab-34cd-56ef-123456abcdef type: degradations properties: data: $ref: "#/components/schemas/PatchDegradationRequestData" type: object PatchDegradationRequestData: description: The data object for updating a degradation. properties: attributes: $ref: "#/components/schemas/PatchDegradationRequestDataAttributes" id: description: The ID of the degradation. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/PatchDegradationRequestDataType" required: - attributes - id - type type: object PatchDegradationRequestDataAttributes: description: The supported attributes for updating a degradation. properties: components_affected: description: The components affected by the degradation. example: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational items: $ref: "#/components/schemas/PatchDegradationRequestDataAttributesComponentsAffectedItems" type: array description: description: The description of the degradation. example: We've deployed a fix and latency has returned to normal. This issue has been resolved. type: string status: $ref: "#/components/schemas/PatchDegradationRequestDataAttributesStatus" example: resolved title: description: The title of the degradation. example: Elevated API Latency type: string type: object PatchDegradationRequestDataAttributesComponentsAffectedItems: description: A component affected by a degradation. properties: id: description: The ID of the component. Must be a component of type `component`. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/StatusPagesComponentDataAttributesStatus" required: - id - status type: object PatchDegradationRequestDataAttributesStatus: description: The status of the degradation. enum: - investigating - identified - monitoring - resolved type: string x-enum-varnames: - INVESTIGATING - IDENTIFIED - MONITORING - RESOLVED PatchDegradationRequestDataType: default: degradations description: Degradations resource type. enum: - degradations example: degradations type: string x-enum-varnames: - DEGRADATIONS PatchIncidentNotificationTemplateRequest: description: Update request for a notification template. properties: data: $ref: "#/components/schemas/IncidentNotificationTemplateUpdateData" required: - data type: object PatchMaintenanceRequest: description: Request object for updating a maintenance. example: data: attributes: completed_date: "2026-02-18T20:01:13.332360075Z" in_progress_description: We are currently performing maintenance on the API to improve performance for 40 minutes. scheduled_description: We will be performing maintenance on the API to improve performance for 40 minutes. start_date: "2026-02-18T19:21:13.332360075Z" title: API Maintenance id: 1234abcd-12ab-34cd-56ef-123456abcdef type: maintenances properties: data: $ref: "#/components/schemas/PatchMaintenanceRequestData" type: object PatchMaintenanceRequestData: description: The data object for updating a maintenance. properties: attributes: $ref: "#/components/schemas/PatchMaintenanceRequestDataAttributes" id: description: The ID of the maintenance. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/PatchMaintenanceRequestDataType" required: - attributes - type - id type: object PatchMaintenanceRequestDataAttributes: description: The supported attributes for updating a maintenance. properties: completed_date: description: Timestamp of when the maintenance was completed. format: date-time type: string completed_description: description: The description shown when the maintenance is completed. type: string components_affected: description: The components affected by the maintenance. items: $ref: "#/components/schemas/PatchMaintenanceRequestDataAttributesComponentsAffectedItems" type: array in_progress_description: description: The description shown while the maintenance is in progress. type: string scheduled_description: description: The description shown when the maintenance is scheduled. type: string start_date: description: Timestamp of when the maintenance is scheduled to start. format: date-time type: string status: $ref: "#/components/schemas/MaintenanceDataAttributesStatus" description: The status of the maintenance. title: description: The title of the maintenance. type: string type: object PatchMaintenanceRequestDataAttributesComponentsAffectedItems: description: A component affected by a maintenance. properties: id: description: The ID of the component. Must be a component of type `component`. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string name: description: The name of the component. readOnly: true type: string status: $ref: "#/components/schemas/PatchMaintenanceRequestDataAttributesComponentsAffectedItemsStatus" required: - id - status type: object PatchMaintenanceRequestDataAttributesComponentsAffectedItemsStatus: description: The status of the component. enum: - operational - maintenance example: operational type: string x-enum-varnames: - OPERATIONAL - MAINTENANCE PatchMaintenanceRequestDataType: default: maintenances description: Maintenances resource type. enum: - maintenances example: maintenances type: string x-enum-varnames: - MAINTENANCES PatchNotificationRuleParameters: description: Body of the notification rule patch request. properties: data: $ref: "#/components/schemas/PatchNotificationRuleParametersData" type: object PatchNotificationRuleParametersData: description: |- Data of the notification rule patch request: the rule ID, the rule type, and the rule attributes. All fields are required. properties: attributes: $ref: "#/components/schemas/PatchNotificationRuleParametersDataAttributes" id: $ref: "#/components/schemas/ID" type: $ref: "#/components/schemas/NotificationRulesType" required: - attributes - id - type type: object PatchNotificationRuleParametersDataAttributes: description: |- Attributes of the notification rule patch request. It is required to update the version of the rule when patching it. properties: enabled: $ref: "#/components/schemas/Enabled" name: $ref: "#/components/schemas/RuleName" selectors: $ref: "#/components/schemas/Selectors" targets: $ref: "#/components/schemas/Targets" time_aggregation: $ref: "#/components/schemas/TimeAggregation" version: $ref: "#/components/schemas/Version" type: object PatchStatusPageRequest: description: Request object for updating a status page. example: data: attributes: company_logo: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAIKMMMM domain_prefix: status-page-us1-east email_header_image: data:image/png;base64,pQSLAw0KGgoAAAANSUhEUgAAAQ4AASJKFF enabled: false favicon: data:image/png;base64,kWMRNw0KGgoAAAANSUhEUgAAAEAAAABACA name: Status Page US1 East subscriptions_enabled: false type: internal visualization_type: bars_only id: 1234abcd-12ab-34cd-56ef-123456abcdef type: status_pages properties: data: $ref: "#/components/schemas/PatchStatusPageRequestData" type: object PatchStatusPageRequestData: description: The data object for updating a status page. properties: attributes: $ref: "#/components/schemas/PatchStatusPageRequestDataAttributes" id: description: The ID of the status page. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPageDataType" required: - attributes - id - type type: object PatchStatusPageRequestDataAttributes: description: The supported attributes for updating a status page. properties: company_logo: description: The base64-encoded image data displayed on the status page. example: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAIKMMMM type: string domain_prefix: description: The subdomain of the status page's url taking the form `https://{domain_prefix}.statuspage.datadoghq.com`. Globally unique across Datadog Status Pages. example: status-page-us1 type: string email_header_image: description: The base64-encoded image data displayed in email notifications sent to status page subscribers. example: data:image/png;base64,pQSLAw0KGgoAAAANSUhEUgAAAQ4AASJKFF type: string enabled: description: Whether the status page is enabled. example: true type: boolean favicon: description: The base64-encoded image data displayed in the browser tab. example: data:image/png;base64,kWMRNw0KGgoAAAANSUhEUgAAAEAAAABACA type: string name: description: The name of the status page. example: Status Page US1 type: string subscriptions_enabled: description: Whether users can subscribe to the status page. example: true type: boolean type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesType" example: public visualization_type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesVisualizationType" example: bars_and_uptime_percentage type: object PatchTableRequest: description: Request body for updating an existing reference table. example: data: attributes: description: this is a cloud table generated via a cloud bucket sync file_metadata: access_details: aws_detail: aws_account_id: test-account-id aws_bucket_name: test-bucket file_path: test_rt.csv sync_enabled: true schema: fields: - name: id type: INT32 - name: name type: STRING primary_keys: - id tags: - test_tag type: reference_table properties: data: $ref: "#/components/schemas/PatchTableRequestData" type: object PatchTableRequestData: additionalProperties: false description: The data object containing the partial table definition updates. properties: attributes: $ref: "#/components/schemas/PatchTableRequestDataAttributes" type: $ref: "#/components/schemas/PatchTableRequestDataType" required: - type type: object PatchTableRequestDataAttributes: description: Attributes that define the updates to the reference table's configuration and properties. properties: description: description: Optional text describing the purpose or contents of this reference table. example: "example description" type: string file_metadata: $ref: "#/components/schemas/PatchTableRequestDataAttributesFileMetadata" schema: $ref: "#/components/schemas/PatchTableRequestDataAttributesSchema" tags: description: Tags for organizing and filtering reference tables. example: - "tag_1" - "tag_2" items: description: A tag associated with the reference table. type: string type: array type: object PatchTableRequestDataAttributesFileMetadata: description: Metadata specifying where and how to access the reference table's data file. oneOf: - $ref: "#/components/schemas/PatchTableRequestDataAttributesFileMetadataCloudStorage" - $ref: "#/components/schemas/PatchTableRequestDataAttributesFileMetadataLocalFile" PatchTableRequestDataAttributesFileMetadataCloudStorage: additionalProperties: false description: Cloud storage file metadata for patch requests. Allows partial updates of access_details and sync_enabled. properties: access_details: $ref: "#/components/schemas/PatchTableRequestDataAttributesFileMetadataOneOfAccessDetails" sync_enabled: description: Whether this table is synced automatically. example: false type: boolean title: CloudFileMetadataV2 type: object PatchTableRequestDataAttributesFileMetadataLocalFile: additionalProperties: false description: Local file metadata for patch requests using upload ID. properties: upload_id: description: The upload ID. example: "00000000-0000-0000-0000-000000000000" type: string required: - upload_id title: LocalFileMetadataV2 type: object PatchTableRequestDataAttributesFileMetadataOneOfAccessDetails: description: Cloud storage access configuration for the reference table data file. properties: aws_detail: $ref: "#/components/schemas/PatchTableRequestDataAttributesFileMetadataOneOfAccessDetailsAwsDetail" azure_detail: $ref: "#/components/schemas/PatchTableRequestDataAttributesFileMetadataOneOfAccessDetailsAzureDetail" gcp_detail: $ref: "#/components/schemas/PatchTableRequestDataAttributesFileMetadataOneOfAccessDetailsGcpDetail" type: object PatchTableRequestDataAttributesFileMetadataOneOfAccessDetailsAwsDetail: description: Amazon Web Services S3 storage access configuration. properties: aws_account_id: description: AWS account ID where the S3 bucket is located. example: "123456789000" type: string aws_bucket_name: description: S3 bucket containing the CSV file. example: "example-data-bucket" type: string file_path: description: The relative file path from the S3 bucket root to the CSV file. example: "reference-tables/users.csv" type: string type: object x-oneOf-parent: - AwsDetail PatchTableRequestDataAttributesFileMetadataOneOfAccessDetailsAzureDetail: description: Azure Blob Storage access configuration. properties: azure_client_id: description: Azure service principal (application) client ID with permissions to read from the container. example: "aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb" type: string azure_container_name: description: Azure Blob Storage container containing the CSV file. example: "reference-data" type: string azure_storage_account_name: description: Azure storage account where the container is located. example: "examplestorageaccount" type: string azure_tenant_id: description: Azure Active Directory tenant ID. example: "cccccccc-4444-5555-6666-dddddddddddd" type: string file_path: description: The relative file path from the Azure container root to the CSV file. example: "tables/users.csv" type: string type: object x-oneOf-parent: - AzureDetail PatchTableRequestDataAttributesFileMetadataOneOfAccessDetailsGcpDetail: description: Google Cloud Platform storage access configuration. properties: file_path: description: The relative file path from the GCS bucket root to the CSV file. example: "data/reference_tables/users.csv" type: string gcp_bucket_name: description: GCP bucket containing the CSV file. example: "example-data-bucket" type: string gcp_project_id: description: GCP project ID where the bucket is located. example: "example-gcp-project-12345" type: string gcp_service_account_email: description: Service account email with read permissions for the GCS bucket. example: "example-service@example-gcp-project-12345.iam.gserviceaccount.com" type: string type: object x-oneOf-parent: - GcpDetail PatchTableRequestDataAttributesSchema: description: Schema defining the updates to the structure and columns of the reference table. Schema fields cannot be deleted or renamed. properties: fields: description: The schema fields. items: $ref: "#/components/schemas/PatchTableRequestDataAttributesSchemaFieldsItems" type: array primary_keys: description: List of field names that serve as primary keys for the table. Only one primary key is supported, and it is used as an ID to retrieve rows. Primary keys cannot be changed after table creation. example: - "field_1" items: description: A field name used as a primary key. type: string type: array required: - fields - primary_keys type: object PatchTableRequestDataAttributesSchemaFieldsItems: description: A single field (column) in the reference table schema to be updated. Schema fields cannot be deleted or renamed. properties: name: description: The field name. example: "field_1" type: string type: $ref: "#/components/schemas/ReferenceTableSchemaFieldType" required: - name - type type: object PatchTableRequestDataType: default: reference_table description: Reference table resource type. enum: - reference_table example: reference_table type: string x-enum-varnames: - REFERENCE_TABLE Permission: description: Permission object. properties: attributes: $ref: "#/components/schemas/PermissionAttributes" id: description: ID of the permission. type: string type: $ref: "#/components/schemas/PermissionsType" required: - type type: object PermissionAttributes: description: Attributes of a permission. properties: created: description: Creation time of the permission. format: date-time type: string description: description: Description of the permission. type: string display_name: description: Displayed name for the permission. type: string display_type: description: Display type. type: string group_name: description: Name of the permission group. type: string name: description: Name of the permission. type: string name_aliases: description: List of alias names for the permission. items: description: An alternative name for the permission. type: string type: array restricted: description: Whether or not the permission is restricted. type: boolean type: object PermissionsResponse: description: Payload with API-returned permissions. properties: data: description: Array of permissions. items: $ref: "#/components/schemas/Permission" type: array type: object PermissionsType: default: permissions description: Permissions resource type. enum: - permissions example: permissions type: string x-enum-varnames: - PERMISSIONS PersonalAccessToken: description: Datadog personal access token. properties: attributes: $ref: "#/components/schemas/PersonalAccessTokenAttributes" id: description: ID of the personal access token. type: string relationships: $ref: "#/components/schemas/PersonalAccessTokenRelationships" type: $ref: "#/components/schemas/PersonalAccessTokensType" type: object PersonalAccessTokenAttributes: description: Attributes of a personal access token. properties: created_at: description: Creation date of the personal access token. example: "2024-01-01T00:00:00+00:00" format: date-time readOnly: true type: string expires_at: description: Expiration date of the personal access token. example: "2025-12-31T23:59:59+00:00" format: date-time nullable: true readOnly: true type: string last_used_at: description: Date the personal access token was last used. example: "2025-06-15T12:30:00+00:00" format: date-time nullable: true readOnly: true type: string modified_at: description: Date of last modification of the personal access token. example: "2024-06-01T00:00:00+00:00" format: date-time nullable: true readOnly: true type: string name: description: Name of the personal access token. example: "My Personal Access Token" type: string public_portion: description: The public portion of the personal access token. example: "ddpat_abc123" readOnly: true type: string scopes: description: Array of scopes granted to the personal access token. example: - "dashboards_read" - "dashboards_write" items: description: Name of scope. type: string type: array type: object PersonalAccessTokenCreateAttributes: description: Attributes used to create a personal access token. properties: expires_at: description: Expiration date of the personal access token. Must be at least 24 hours in the future. example: "2025-12-31T23:59:59+00:00" format: date-time type: string name: description: Name of the personal access token. example: "My Personal Access Token" type: string scopes: description: Array of scopes to grant the personal access token. example: - "dashboards_read" - "dashboards_write" items: description: Name of scope. type: string type: array required: - name - scopes - expires_at type: object PersonalAccessTokenCreateData: description: Object used to create a personal access token. properties: attributes: $ref: "#/components/schemas/PersonalAccessTokenCreateAttributes" type: $ref: "#/components/schemas/PersonalAccessTokensType" required: - attributes - type type: object PersonalAccessTokenCreateRequest: description: Request used to create a personal access token. properties: data: $ref: "#/components/schemas/PersonalAccessTokenCreateData" required: - data type: object PersonalAccessTokenCreateResponse: description: Response for creating a personal access token. Includes the token key. properties: data: $ref: "#/components/schemas/FullPersonalAccessToken" type: object PersonalAccessTokenRelationships: description: Resources related to the personal access token. properties: owned_by: $ref: "#/components/schemas/RelationshipToUser" type: object PersonalAccessTokenResponse: description: Response for retrieving a personal access token. properties: data: $ref: "#/components/schemas/PersonalAccessToken" type: object PersonalAccessTokenResponseMeta: description: Additional information related to the personal access token response. properties: page: $ref: "#/components/schemas/PersonalAccessTokenResponseMetaPage" type: object PersonalAccessTokenResponseMetaPage: description: Pagination information. properties: total_filtered_count: description: Total filtered personal access token count. format: int64 type: integer type: object PersonalAccessTokenUpdateAttributes: description: Attributes used to update a personal access token. properties: name: description: Name of the personal access token. example: "Updated Personal Access Token" type: string scopes: description: Array of scopes to grant the personal access token. example: - "dashboards_read" - "dashboards_write" items: description: Name of scope. type: string type: array type: object PersonalAccessTokenUpdateData: description: Object used to update a personal access token. properties: attributes: $ref: "#/components/schemas/PersonalAccessTokenUpdateAttributes" id: description: ID of the personal access token. example: "00112233-4455-6677-8899-aabbccddeeff" type: string type: $ref: "#/components/schemas/PersonalAccessTokensType" required: - attributes - id - type type: object PersonalAccessTokenUpdateRequest: description: Request used to update a personal access token. properties: data: $ref: "#/components/schemas/PersonalAccessTokenUpdateData" required: - data type: object PersonalAccessTokensSort: default: name description: Sorting options enum: - name - -name - created_at - -created_at - expires_at - -expires_at type: string x-enum-varnames: - NAME_ASCENDING - NAME_DESCENDING - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - EXPIRES_AT_ASCENDING - EXPIRES_AT_DESCENDING PersonalAccessTokensType: default: personal_access_tokens description: Personal access tokens resource type. enum: - personal_access_tokens example: personal_access_tokens type: string x-enum-varnames: - PERSONAL_ACCESS_TOKENS Playlist: description: A single RUM replay playlist resource returned by create, update, or get operations. properties: data: $ref: "#/components/schemas/PlaylistData" required: - data type: object PlaylistArray: description: A list of RUM replay playlists returned by a list operation. properties: data: description: Array of playlist data objects. items: $ref: "#/components/schemas/PlaylistData" type: array required: - data type: object PlaylistData: description: Data object representing a RUM replay playlist, including its identifier, type, and attributes. properties: attributes: $ref: "#/components/schemas/PlaylistDataAttributes" id: description: Unique identifier of the playlist. type: string type: $ref: "#/components/schemas/PlaylistDataType" required: - type type: object PlaylistDataAttributes: description: Attributes of a RUM replay playlist, including its name, description, session count, and audit timestamps. properties: created_at: description: Timestamp when the playlist was created. format: date-time type: string created_by: $ref: "#/components/schemas/PlaylistDataAttributesCreatedBy" description: description: Optional human-readable description of the playlist's purpose or contents. type: string name: description: Human-readable name of the playlist. example: My Playlist type: string session_count: description: Number of replay sessions in the playlist. format: int64 type: integer updated_at: description: Timestamp when the playlist was last updated. format: date-time type: string required: - name type: object PlaylistDataAttributesCreatedBy: description: Information about the user who created the playlist. properties: handle: description: Email handle of the user who created the playlist. example: john.doe@example.com type: string icon: description: URL or identifier of the user's avatar icon. type: string id: description: Unique identifier of the user who created the playlist. example: 00000000-0000-0000-0000-000000000001 type: string name: description: Display name of the user who created the playlist. type: string uuid: description: UUID of the user who created the playlist. example: 00000000-0000-0000-0000-000000000001 type: string required: - handle - id - uuid type: object PlaylistDataType: default: rum_replay_playlist description: Rum replay playlist resource type. enum: - rum_replay_playlist example: rum_replay_playlist type: string x-enum-varnames: - RUM_REPLAY_PLAYLIST PlaylistsSession: description: A single RUM replay session resource as it appears within a playlist context. properties: data: $ref: "#/components/schemas/PlaylistsSessionData" required: - data type: object PlaylistsSessionArray: description: A list of RUM replay sessions belonging to a playlist. properties: data: description: Array of playlist session data objects. items: $ref: "#/components/schemas/PlaylistsSessionData" type: array required: - data type: object PlaylistsSessionData: description: Data object representing a session within a playlist, including its identifier, type, and attributes. properties: attributes: $ref: "#/components/schemas/PlaylistsSessionDataAttributes" id: description: Unique identifier of the RUM replay session. type: string type: $ref: "#/components/schemas/ViewershipHistorySessionDataType" required: - type type: object PlaylistsSessionDataAttributes: description: Attributes of a session within a playlist, including the session event data and its replay track. properties: session_event: additionalProperties: {} description: Raw event data associated with the replay session. type: object track: description: Replay track identifier indicating which recording track the session belongs to. type: string type: object PostmortemAttachmentRequest: description: Request body for creating a postmortem attachment. properties: data: $ref: "#/components/schemas/PostmortemAttachmentRequestData" required: - data type: object PostmortemAttachmentRequestAttributes: description: Postmortem attachment attributes properties: cells: description: The cells of the postmortem items: $ref: "#/components/schemas/PostmortemCell" type: array content: description: The content of the postmortem example: |- # Incident Report - IR-123 [...] type: string postmortem_template_id: description: The ID of the postmortem template example: "93645509-874e-45c4-adfa-623bfeaead89-123" type: string title: description: The title of the postmortem example: Postmortem-IR-123 type: string type: object PostmortemAttachmentRequestData: description: Postmortem attachment data properties: attributes: $ref: "#/components/schemas/PostmortemAttachmentRequestAttributes" type: $ref: "#/components/schemas/IncidentAttachmentType" required: - type - attributes type: object PostmortemCell: description: A cell in the postmortem properties: attributes: $ref: "#/components/schemas/PostmortemCellAttributes" id: description: The unique identifier of the cell example: "cell-1" type: string type: $ref: "#/components/schemas/PostmortemCellType" type: object PostmortemCellAttributes: description: Attributes of a postmortem cell properties: definition: $ref: "#/components/schemas/PostmortemCellDefinition" type: object PostmortemCellDefinition: description: Definition of a postmortem cell properties: content: description: The content of the cell in markdown format example: |- ## Incident Summary This incident was caused by... type: string type: object PostmortemCellType: description: The postmortem cell resource type. enum: - markdown example: markdown type: string x-enum-varnames: - MARKDOWN PostmortemTemplateAttributesRequest: description: Attributes for creating or updating a postmortem template. properties: name: description: The name of the template example: "Standard Postmortem Template" type: string required: - name type: object PostmortemTemplateAttributesResponse: description: Attributes of a postmortem template returned in a response. properties: createdAt: description: When the template was created example: "2026-01-13T17:15:53.208340Z" format: date-time type: string modifiedAt: description: When the template was last modified example: "2026-01-13T17:15:53.208340Z" format: date-time type: string name: description: The name of the template example: "Standard Postmortem Template" type: string required: - name - createdAt - modifiedAt type: object PostmortemTemplateDataRequest: description: Data object for creating or updating a postmortem template. properties: attributes: $ref: "#/components/schemas/PostmortemTemplateAttributesRequest" type: $ref: "#/components/schemas/PostmortemTemplateType" required: - type - attributes type: object PostmortemTemplateDataResponse: description: Data object for a postmortem template returned in a response. properties: attributes: $ref: "#/components/schemas/PostmortemTemplateAttributesResponse" id: description: The ID of the template example: "template-456" type: string type: $ref: "#/components/schemas/PostmortemTemplateType" required: - id - type - attributes type: object PostmortemTemplateRequest: description: Request body for creating or updating a postmortem template. properties: data: $ref: "#/components/schemas/PostmortemTemplateDataRequest" required: - data type: object PostmortemTemplateResponse: description: Response containing a single postmortem template. properties: data: $ref: "#/components/schemas/PostmortemTemplateDataResponse" required: - data type: object PostmortemTemplateType: description: Postmortem template resource type enum: - postmortem_template example: postmortem_template type: string x-enum-varnames: - POSTMORTEM_TEMPLATE PostmortemTemplatesResponse: description: Response containing a list of postmortem templates. properties: data: description: An array of postmortem template data objects. items: $ref: "#/components/schemas/PostmortemTemplateDataResponse" type: array required: - data type: object Powerpack: description: |- Powerpacks are templated groups of dashboard widgets you can save from an existing dashboard and turn into reusable packs in the widget tray. properties: data: $ref: "#/components/schemas/PowerpackData" type: object PowerpackAttributes: description: Powerpack attribute object. properties: description: description: Description of this powerpack. example: "Powerpack for ABC" type: string group_widget: $ref: "#/components/schemas/PowerpackGroupWidget" name: description: Name of the powerpack. example: "Sample Powerpack" type: string tags: description: List of tags to identify this powerpack. example: ["tag:foo1"] items: description: A tag to identify this powerpack. maxLength: 80 type: string maxItems: 8 type: array template_variables: description: List of template variables for this powerpack. example: [{"defaults": ["*"], "name": "test"}] items: $ref: "#/components/schemas/PowerpackTemplateVariable" type: array required: - group_widget - name type: object PowerpackData: description: Powerpack data object. properties: attributes: $ref: "#/components/schemas/PowerpackAttributes" id: description: ID of the powerpack. type: string relationships: $ref: "#/components/schemas/PowerpackRelationships" type: description: Type of widget, must be powerpack. example: "powerpack" type: string type: object PowerpackGroupWidget: description: Powerpack group widget definition object. properties: definition: $ref: "#/components/schemas/PowerpackGroupWidgetDefinition" layout: $ref: "#/components/schemas/PowerpackGroupWidgetLayout" live_span: $ref: "#/components/schemas/WidgetLiveSpan" required: - definition type: object PowerpackGroupWidgetDefinition: description: Powerpack group widget object. properties: layout_type: description: Layout type of widgets. example: ordered type: string show_title: description: Boolean indicating whether powerpack group title should be visible or not. example: true type: boolean title: description: Name for the group widget. example: Sample Powerpack type: string type: description: Type of widget, must be group. example: group type: string widgets: description: Widgets inside the powerpack. example: [{"definition": {"content": "example", "type": "note"}, "layout": {"height": 5, "width": 10, "x": 0, "y": 0}}] items: $ref: "#/components/schemas/PowerpackInnerWidgets" type: array required: - widgets - layout_type - type type: object PowerpackGroupWidgetLayout: description: Powerpack group widget layout. properties: height: description: The height of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer width: description: The width of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer x: description: The position of the widget on the x (horizontal) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer y: description: The position of the widget on the y (vertical) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer required: - x - y - width - height type: object PowerpackInnerWidgetLayout: description: Powerpack inner widget layout. properties: height: description: The height of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer width: description: The width of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer x: description: The position of the widget on the x (horizontal) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer y: description: The position of the widget on the y (vertical) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer required: - x - y - width - height type: object PowerpackInnerWidgets: description: Powerpack group widget definition of individual widgets. properties: definition: additionalProperties: {} description: Information about widget. example: {"definition": {"content": "example", "type": "note"}} type: object layout: $ref: "#/components/schemas/PowerpackInnerWidgetLayout" required: - definition type: object PowerpackRelationships: description: Powerpack relationship object. properties: author: $ref: "#/components/schemas/RelationshipToUser" type: object PowerpackResponse: description: Response object which includes a single powerpack configuration. properties: data: $ref: "#/components/schemas/PowerpackData" included: description: Array of objects related to the users. items: $ref: "#/components/schemas/User" type: array readOnly: true type: object PowerpackResponseLinks: description: Links attributes. properties: first: description: Link to last page. type: string last: description: Link to first page. example: "https://app.datadoghq.com/api/v2/powerpacks?page[offset]=0&page[limit]=25" nullable: true type: string next: description: Link for the next set of results. example: "https://app.datadoghq.com/api/v2/powerpacks?page[offset]=25&page[limit]=25" type: string prev: description: Link for the previous set of results. nullable: true type: string self: description: Link to current page. example: "https://app.datadoghq.com/api/v2/powerpacks" type: string type: object PowerpackTemplateVariable: description: Powerpack template variables. properties: available_values: description: The list of values that the template variable drop-down is limited to. example: ["my-host", "host1", "host2"] items: description: Template variable value. type: string nullable: true type: array defaults: description: One or many template variable default values within the saved view, which are unioned together using `OR` if more than one is specified. items: description: One or many default values of the template variable. minLength: 1 type: string type: array name: description: The name of the variable. example: datacenter type: string prefix: description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. example: host nullable: true type: string required: - name type: object PowerpacksResponseMeta: description: Powerpack response metadata. properties: pagination: $ref: "#/components/schemas/PowerpacksResponseMetaPagination" type: object PowerpacksResponseMetaPagination: description: Powerpack response pagination metadata. properties: first_offset: description: The first offset. format: int64 type: integer last_offset: description: The last offset. format: int64 nullable: true type: integer limit: description: Pagination limit. format: int64 type: integer next_offset: description: The next offset. format: int64 type: integer offset: description: The offset. format: int64 type: integer prev_offset: description: The previous offset. format: int64 type: integer total: description: Total results. format: int64 type: integer type: description: Offset type. type: string type: object PreviewEntityResponseData: description: Entity data returned in a preview response, including attributes, relationships, and type. properties: attributes: $ref: "#/components/schemas/EntityResponseDataAttributes" id: description: Entity unique identifier. type: string relationships: $ref: "#/components/schemas/EntityResponseDataRelationships" type: $ref: "#/components/schemas/EntityResponseDataType" required: - type type: object ProcessDataSource: default: process description: A data source for process-level infrastructure metrics. enum: - process example: process type: string x-enum-varnames: - PROCESS ProcessScalarQuery: description: A query for host-level process metrics such as CPU and memory usage. properties: aggregator: $ref: "#/components/schemas/MetricsAggregator" cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/ProcessDataSource" is_normalized_cpu: description: Whether CPU metrics should be normalized by core count. type: boolean limit: description: Maximum number of results to return. format: int64 type: integer metric: description: The process metric to query. example: process.stat.cpu.total_pct type: string name: description: The variable name for use in formulas. example: query1 type: string sort: $ref: "#/components/schemas/QuerySortOrder" tag_filters: description: Tag filters to narrow down processes. items: description: A tag filter value. example: "env:prod" type: string type: array text_filter: description: A full-text search filter to match process names or commands. type: string required: - data_source - name - metric type: object ProcessSummariesMeta: description: Response metadata object. properties: page: $ref: "#/components/schemas/ProcessSummariesMetaPage" type: object ProcessSummariesMetaPage: description: Paging attributes. properties: after: description: |- The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`. example: 911abf1204838d9cdfcb9a96d0b6a1bd03e1b514074f1ce1737c4cbd type: string size: description: Number of results returned. format: int32 maximum: 10000 minimum: 0 type: integer type: object ProcessSummariesResponse: description: List of process summaries. properties: data: description: Array of process summary objects. items: $ref: "#/components/schemas/ProcessSummary" type: array meta: $ref: "#/components/schemas/ProcessSummariesMeta" type: object ProcessSummary: description: Process summary object. properties: attributes: $ref: "#/components/schemas/ProcessSummaryAttributes" id: description: Process ID. type: string type: $ref: "#/components/schemas/ProcessSummaryType" type: object ProcessSummaryAttributes: description: Attributes for a process summary. properties: cmdline: description: Process command line. type: string host: description: Host running the process. type: string pid: description: Process ID. format: int64 type: integer ppid: description: Parent process ID. format: int64 type: integer start: description: Time the process was started. type: string tags: description: List of tags associated with the process. items: description: A tag associated with the process. type: string type: array timestamp: description: Time the process was seen. type: string user: description: Process owner. type: string type: object ProcessSummaryType: default: process description: Type of process summary. enum: - process example: process type: string x-enum-varnames: - PROCESS ProcessTimeseriesQuery: description: A query for host-level process metrics such as CPU and memory usage. properties: cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/ProcessDataSource" is_normalized_cpu: description: Whether CPU metrics should be normalized by core count. type: boolean limit: description: Maximum number of results to return. format: int64 type: integer metric: description: The process metric to query. example: process.stat.cpu.total_pct type: string name: description: The variable name for use in formulas. example: query1 type: string sort: $ref: "#/components/schemas/QuerySortOrder" tag_filters: description: Tag filters to narrow down processes. items: description: A tag filter value. example: "env:prod" type: string type: array text_filter: description: A full-text search filter to match process names or commands. type: string required: - data_source - name - metric type: object ProductAnalyticsAnalyticsQuery: description: The analytics query definition containing a base query, compute rule, and optional grouping. properties: audience_filters: $ref: "#/components/schemas/ProductAnalyticsAudienceFilters" compute: $ref: "#/components/schemas/ProductAnalyticsCompute" group_by: description: Group-by rules for segmenting results. items: $ref: "#/components/schemas/ProductAnalyticsGroupBy" type: array indexes: description: Restrict the query to specific indexes. Max 1 entry. items: description: Index name to restrict the query to. type: string maxItems: 1 type: array query: $ref: "#/components/schemas/ProductAnalyticsBaseQuery" required: - query - compute type: object ProductAnalyticsAnalyticsRequest: description: Request for computing analytics results (scalar or timeseries). example: data: attributes: from: 1771232048460 query: compute: aggregation: count query: data_source: product_analytics search: query: "@type:view" to: 1771836848262 type: formula_analytics_extended_request properties: data: $ref: "#/components/schemas/ProductAnalyticsAnalyticsRequestData" required: - data type: object ProductAnalyticsAnalyticsRequestAttributes: description: Attributes for an analytics request. properties: enforced_execution_type: $ref: "#/components/schemas/ProductAnalyticsExecutionType" from: description: Start time in epoch milliseconds. Must be less than `to`. example: 1771232048460 format: int64 type: integer query: $ref: "#/components/schemas/ProductAnalyticsAnalyticsQuery" request_id: description: Optional request ID for multi-step query continuation. type: string to: description: End time in epoch milliseconds. example: 1771836848262 format: int64 type: integer required: - from - to - query type: object ProductAnalyticsAnalyticsRequestData: description: Data object for an analytics request. properties: attributes: $ref: "#/components/schemas/ProductAnalyticsAnalyticsRequestAttributes" type: $ref: "#/components/schemas/ProductAnalyticsAnalyticsRequestType" required: - type - attributes type: object ProductAnalyticsAnalyticsRequestType: description: The resource type for analytics requests. enum: - formula_analytics_extended_request example: formula_analytics_extended_request type: string x-enum-varnames: - FORMULA_ANALYTICS_EXTENDED_REQUEST ProductAnalyticsAudienceAccountSubquery: description: An account-based audience query. properties: name: description: Name of this query, referenced in the formula. example: "" type: string query: description: Search query for filtering accounts. type: string required: - name type: object ProductAnalyticsAudienceFilters: description: Audience filter definitions for targeting specific user segments. properties: accounts: description: Account audience queries. items: $ref: "#/components/schemas/ProductAnalyticsAudienceAccountSubquery" type: array formula: description: Boolean formula combining audience queries by name. example: "u" type: string segments: description: Segment audience queries. items: $ref: "#/components/schemas/ProductAnalyticsAudienceSegmentSubquery" type: array users: description: User audience queries. items: $ref: "#/components/schemas/ProductAnalyticsAudienceUserSubquery" type: array type: object ProductAnalyticsAudienceSegmentSubquery: description: A segment-based audience query. properties: name: description: Name of this query, referenced in the formula. example: "" type: string segment_id: description: UUID of the segment to filter by. example: "" format: uuid type: string required: - name - segment_id type: object ProductAnalyticsAudienceUserSubquery: description: A user-based audience query. properties: name: description: Name of this query, referenced in the formula. example: u type: string query: description: Search query for filtering users. example: "*" type: string required: - name type: object ProductAnalyticsBaseQuery: description: |- A query definition discriminated by the `data_source` field. Use `product_analytics` for standard event queries, or `product_analytics_occurrence` for occurrence-filtered queries. oneOf: - $ref: "#/components/schemas/ProductAnalyticsEventQuery" - $ref: "#/components/schemas/ProductAnalyticsOccurrenceQuery" ProductAnalyticsCompute: description: A compute rule for aggregating data. properties: aggregation: description: The aggregation function (count, cardinality, avg, sum, min, max, etc.). example: count type: string interval: description: Time bucket size in milliseconds. Required for timeseries queries. example: 3600000 format: int64 type: integer metric: description: The metric to aggregate on. Required for non-count aggregations. example: "@session.time_spent" type: string required: - aggregation type: object ProductAnalyticsEventQuery: description: A standard Product Analytics event query. properties: data_source: $ref: "#/components/schemas/ProductAnalyticsEventQueryDataSource" search: $ref: "#/components/schemas/ProductAnalyticsEventSearch" required: - data_source - search type: object ProductAnalyticsEventQueryDataSource: description: The data source identifier. enum: - product_analytics example: product_analytics type: string x-enum-varnames: - PRODUCT_ANALYTICS ProductAnalyticsEventSearch: description: Search parameters for an event query. properties: query: description: The search query using Datadog search syntax. example: "@type:view" type: string type: object ProductAnalyticsExecutionType: description: Override the query execution strategy. enum: - simple - background - trino-multistep - materialized-view type: string x-enum-varnames: - SIMPLE - BACKGROUND - TRINO_MULTISTEP - MATERIALIZED_VIEW ProductAnalyticsGroupBy: description: A group-by rule for segmenting results by facet values. properties: facet: description: The facet to group by. example: "@view.name" type: string limit: description: Maximum number of groups to return. example: 10 format: int64 type: integer should_exclude_missing: default: false description: Exclude results with missing facet values. type: boolean sort: $ref: "#/components/schemas/ProductAnalyticsGroupBySort" source: description: The source for audience-filter-based group-by. type: string required: - facet type: object ProductAnalyticsGroupBySort: description: Sort configuration for group-by results. properties: aggregation: description: The aggregation function to sort by. example: count type: string metric: description: The metric to sort by. type: string order: $ref: "#/components/schemas/QuerySortOrder" type: object ProductAnalyticsInterval: description: An interval definition in a timeseries response. properties: milliseconds: description: The duration of each time bucket in milliseconds. format: int64 type: integer start_time: description: The start of this interval as an epoch timestamp in milliseconds. format: int64 type: integer times: description: Epoch timestamps (in milliseconds) for each bucket in this interval. items: description: Epoch timestamp in milliseconds for a time bucket boundary. format: int64 type: integer type: array type: description: The interval type (e.g., fixed or auto-computed bucket size). type: string type: object ProductAnalyticsOccurrenceFilter: description: Filter for occurrence-based queries. properties: meta: additionalProperties: type: string description: Additional metadata. type: object operator: description: Comparison operator (=, >=, <=, >, <). example: ">=" type: string value: description: The occurrence count threshold as a string. example: "1" type: string required: - operator - value type: object ProductAnalyticsOccurrenceQuery: description: A Product Analytics occurrence-filtered query. properties: data_source: $ref: "#/components/schemas/ProductAnalyticsOccurrenceQueryDataSource" search: $ref: "#/components/schemas/ProductAnalyticsOccurrenceSearch" required: - data_source - search type: object ProductAnalyticsOccurrenceQueryDataSource: description: The data source identifier for occurrence queries. enum: - product_analytics_occurrence example: product_analytics_occurrence type: string x-enum-varnames: - PRODUCT_ANALYTICS_OCCURRENCE ProductAnalyticsOccurrenceSearch: description: Search parameters for an occurrence query. properties: occurrences: $ref: "#/components/schemas/ProductAnalyticsOccurrenceFilter" query: description: The search query using Datadog search syntax. example: "@type:action" type: string type: object ProductAnalyticsResponseMeta: description: Metadata for a Product Analytics query response. properties: request_id: description: Unique identifier for the request, used for multi-step query continuation. type: string status: $ref: "#/components/schemas/ProductAnalyticsResponseMetaStatus" type: object ProductAnalyticsResponseMetaStatus: description: The execution status of a Product Analytics query. enum: - done - running - timeout type: string x-enum-varnames: - DONE - RUNNING - TIMEOUT ProductAnalyticsScalarColumn: description: A column in a scalar response. properties: meta: $ref: "#/components/schemas/ProductAnalyticsScalarColumnMeta" name: description: Column name (facet name for group-by, or "query"). type: string type: $ref: "#/components/schemas/ProductAnalyticsScalarColumnType" values: description: Column values. items: description: A single cell value within the column (string for group-by columns, number for metric columns). type: array type: object ProductAnalyticsScalarColumnMeta: description: Metadata associated with a scalar response column, including optional unit information. properties: unit: description: Unit definitions for the column values, if applicable. items: $ref: "#/components/schemas/ProductAnalyticsUnit" nullable: true type: array type: object ProductAnalyticsScalarColumnType: description: Column type. enum: - number - group type: string x-enum-varnames: - NUMBER - GROUP ProductAnalyticsScalarResponse: description: Response for a scalar analytics query. properties: data: $ref: "#/components/schemas/ProductAnalyticsScalarResponseData" meta: $ref: "#/components/schemas/ProductAnalyticsResponseMeta" type: object ProductAnalyticsScalarResponseAttributes: description: Attributes of a scalar analytics response, containing the result columns. properties: columns: description: The list of result columns, each containing values and metadata. items: $ref: "#/components/schemas/ProductAnalyticsScalarColumn" type: array type: object ProductAnalyticsScalarResponseData: description: Data object for a scalar response. properties: attributes: $ref: "#/components/schemas/ProductAnalyticsScalarResponseAttributes" id: description: Unique identifier for this response data object. type: string type: $ref: "#/components/schemas/ProductAnalyticsScalarResponseType" type: object ProductAnalyticsScalarResponseType: description: The resource type identifier for a scalar analytics response. enum: - scalar_response type: string x-enum-varnames: - SCALAR_RESPONSE ProductAnalyticsSerie: description: A series in a timeseries response. properties: group_tags: description: The group-by tag values that identify this series. items: description: A tag value for a group-by facet. type: string type: array query_index: description: The index of the query that produced this series. format: int64 type: integer unit: description: Unit definitions for the series values. items: $ref: "#/components/schemas/ProductAnalyticsUnit" type: array type: object ProductAnalyticsServerSideEventError: description: Error details. properties: detail: description: Error message. example: "Malformed payload" type: string status: description: Error code. example: "400" type: string title: description: Error title. example: "Bad Request" type: string type: object ProductAnalyticsServerSideEventErrors: description: Error response. properties: errors: description: Structured errors. items: $ref: "#/components/schemas/ProductAnalyticsServerSideEventError" type: array type: object ProductAnalyticsServerSideEventItem: description: A Product Analytics server-side event. properties: account: $ref: "#/components/schemas/ProductAnalyticsServerSideEventItemAccount" application: $ref: "#/components/schemas/ProductAnalyticsServerSideEventItemApplication" event: $ref: "#/components/schemas/ProductAnalyticsServerSideEventItemEvent" session: $ref: "#/components/schemas/ProductAnalyticsServerSideEventItemSession" type: $ref: "#/components/schemas/ProductAnalyticsServerSideEventItemType" usr: $ref: "#/components/schemas/ProductAnalyticsServerSideEventItemUsr" required: - application - event - type type: object ProductAnalyticsServerSideEventItemAccount: description: The account linked to your event. properties: id: description: The account ID used in Datadog. example: "account-67890" type: string required: - id type: object ProductAnalyticsServerSideEventItemApplication: description: The application in which you want to send your events. properties: id: description: |- The application ID of your application. It can be found in your [application management page](https://app.datadoghq.com/rum/list). example: "123abcde-123a-123b-1234-123456789abc" type: string required: - id type: object ProductAnalyticsServerSideEventItemEvent: description: Fields used for the event. properties: name: description: |- The name of your event, which is used for search in the same way as view or action names. example: "payment.processed" type: string required: - name type: object ProductAnalyticsServerSideEventItemSession: description: The session linked to your event. properties: id: description: The session ID captured by the SDK. example: "session-abcdef" type: string required: - id type: object ProductAnalyticsServerSideEventItemType: description: The type of Product Analytics event. Must be `server` for server-side events. enum: - server example: server type: string x-enum-varnames: - SERVER ProductAnalyticsServerSideEventItemUsr: description: The user linked to your event. properties: id: description: The user ID used in Datadog. example: "user-12345" type: string required: - id type: object ProductAnalyticsTimeseriesResponse: description: Response for a timeseries analytics query. properties: data: $ref: "#/components/schemas/ProductAnalyticsTimeseriesResponseData" meta: $ref: "#/components/schemas/ProductAnalyticsResponseMeta" type: object ProductAnalyticsTimeseriesResponseAttributes: description: Attributes of a timeseries analytics response, containing series data, timestamps, and interval definitions. properties: intervals: description: Interval definitions describing the time buckets used in the response. items: $ref: "#/components/schemas/ProductAnalyticsInterval" type: array series: description: The list of series, each corresponding to a query or group-by combination. items: $ref: "#/components/schemas/ProductAnalyticsSerie" type: array times: description: Timestamps for each data point (epoch milliseconds). items: description: Epoch timestamp in milliseconds. format: int64 type: integer type: array values: description: Values for each series at each time point. items: description: Array of numeric values for a single series across all time points. items: description: Numeric value at a time point, or null if no data is available. format: double nullable: true type: number type: array type: array type: object ProductAnalyticsTimeseriesResponseData: description: Data object for a timeseries analytics response. properties: attributes: $ref: "#/components/schemas/ProductAnalyticsTimeseriesResponseAttributes" id: description: Unique identifier for this response data object. type: string type: $ref: "#/components/schemas/ProductAnalyticsTimeseriesResponseType" type: object ProductAnalyticsTimeseriesResponseType: description: The resource type identifier for a timeseries analytics response. enum: - timeseries_response type: string x-enum-varnames: - TIMESERIES_RESPONSE ProductAnalyticsUnit: description: A unit definition for metric values. properties: family: description: The unit family (e.g., time, bytes). example: time type: string id: description: Numeric identifier for the unit. format: int64 type: integer name: description: The full name of the unit (e.g., nanosecond). example: nanosecond type: string plural: description: Plural form of the unit name (e.g., nanoseconds). type: string scale_factor: description: Conversion factor relative to the base unit of the family. format: double type: number short_name: description: Abbreviated unit name (e.g., ns). type: string type: object Project: description: A Project. properties: attributes: $ref: "#/components/schemas/ProjectAttributes" id: description: The Project's identifier. example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string relationships: $ref: "#/components/schemas/ProjectRelationships" type: $ref: "#/components/schemas/ProjectResourceType" required: - id - type - attributes type: object ProjectAttributes: description: Project attributes. properties: columns_config: $ref: "#/components/schemas/ProjectColumnsConfig" enabled_custom_case_types: description: List of enabled custom case type IDs. items: description: A custom case type identifier. type: string type: array key: description: The project's key. example: CASEM type: string name: description: Project's name. example: "Security Investigation" type: string restricted: description: Whether the project is restricted. type: boolean settings: $ref: "#/components/schemas/ProjectSettings" type: object ProjectColumnsConfig: description: Project columns configuration. properties: columns: description: List of column configurations for the project board view. items: $ref: "#/components/schemas/ProjectColumnsConfigColumnsItems" type: array type: object ProjectColumnsConfigColumnsItems: description: Configuration for a single column in a project board view. properties: sort: $ref: "#/components/schemas/ProjectColumnsConfigColumnsItemsSort" sort_field: description: The field used to sort items in this column. type: string type: description: The type of column. type: string type: object ProjectColumnsConfigColumnsItemsSort: description: Sort configuration for a project board column. properties: ascending: description: Whether to sort in ascending order. type: boolean priority: description: The sort priority order for this column. format: int64 type: integer type: object ProjectCreate: description: Project create. properties: attributes: $ref: "#/components/schemas/ProjectCreateAttributes" type: $ref: "#/components/schemas/ProjectResourceType" required: - attributes - type type: object ProjectCreateAttributes: description: Project creation attributes. properties: enabled_custom_case_types: description: List of enabled custom case type IDs. items: description: A custom case type identifier. type: string type: array key: description: Project's key. Cannot be "CASE". example: "SEC" type: string name: description: Project name. example: "Security Investigation" type: string team_uuid: description: Team UUID to associate with the project. type: string required: - name - key type: object ProjectCreateRequest: description: Project create request. properties: data: $ref: "#/components/schemas/ProjectCreate" required: - data type: object ProjectNotificationSettings: description: Project notification settings. properties: destinations: description: Notification destinations (1=email, 2=slack, 3=in-app). items: description: Notification channel identifier (1=email, 2=slack, 3=in-app). type: integer type: array enabled: description: Whether notifications are enabled. type: boolean notify_on_case_assignment: description: Whether to send a notification when a case is assigned. type: boolean notify_on_case_closed: description: Whether to send a notification when a case is closed. type: boolean notify_on_case_comment: description: Whether to send a notification when a comment is added to a case. type: boolean notify_on_case_comment_mention: description: Whether to send a notification when a user is mentioned in a case comment. type: boolean notify_on_case_priority_change: description: Whether to send a notification when a case's priority changes. type: boolean notify_on_case_status_change: description: Whether to send a notification when a case's status changes. type: boolean notify_on_case_unassignment: description: Whether to send a notification when a case is unassigned. type: boolean type: object ProjectRelationship: description: Relationship to project. properties: data: $ref: "#/components/schemas/ProjectRelationshipData" required: - data type: object ProjectRelationshipData: description: Relationship to project object. properties: id: description: A unique identifier that represents the project. example: "e555e290-ed65-49bd-ae18-8acbfcf18db7" type: string type: $ref: "#/components/schemas/ProjectResourceType" required: - id - type type: object ProjectRelationships: description: Project relationships. properties: member_team: $ref: "#/components/schemas/RelationshipToTeamLinks" member_user: $ref: "#/components/schemas/UsersRelationship" type: object ProjectResourceType: default: project description: Project resource type. enum: - project example: project type: string x-enum-varnames: - PROJECT ProjectResponse: description: Project response. properties: data: $ref: "#/components/schemas/Project" type: object ProjectSettings: description: Project settings. properties: auto_close_inactive_cases: $ref: "#/components/schemas/AutoCloseInactiveCases" auto_transition_assigned_cases: $ref: "#/components/schemas/AutoTransitionAssignedCases" integration_incident: $ref: "#/components/schemas/IntegrationIncident" integration_jira: $ref: "#/components/schemas/IntegrationJira" integration_monitor: $ref: "#/components/schemas/IntegrationMonitor" integration_on_call: $ref: "#/components/schemas/IntegrationOnCall" integration_service_now: $ref: "#/components/schemas/IntegrationServiceNow" notification: $ref: "#/components/schemas/ProjectNotificationSettings" type: object ProjectUpdate: description: Project update. properties: attributes: $ref: "#/components/schemas/ProjectUpdateAttributes" type: $ref: "#/components/schemas/ProjectResourceType" required: - type type: object ProjectUpdateAttributes: description: Project update attributes. properties: columns_config: $ref: "#/components/schemas/ProjectColumnsConfig" enabled_custom_case_types: description: List of enabled custom case type IDs. items: description: A custom case type identifier. type: string type: array name: description: Project name. type: string settings: $ref: "#/components/schemas/ProjectSettings" team_uuid: description: Team UUID to associate with the project. type: string type: object ProjectUpdateRequest: description: Project update request. properties: data: $ref: "#/components/schemas/ProjectUpdate" required: - data type: object ProjectedCost: description: Projected Cost data. properties: attributes: $ref: "#/components/schemas/ProjectedCostAttributes" id: description: Unique ID of the response. type: string type: $ref: "#/components/schemas/ProjectedCostType" type: object ProjectedCostAttributes: description: Projected Cost attributes data. properties: account_name: description: The account name. type: string account_public_id: description: The account public ID. type: string charges: description: List of charges data reported for the requested month. items: $ref: "#/components/schemas/ChargebackBreakdown" type: array date: description: The month requested. format: date-time type: string org_name: description: The organization name. type: string projected_total_cost: description: The total projected cost of products for the month. format: double type: number public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string type: object ProjectedCostResponse: description: Projected Cost response. properties: data: description: Response containing Projected Cost. items: $ref: "#/components/schemas/ProjectedCost" type: array type: object ProjectedCostType: default: projected_cost description: Type of cost data. enum: - projected_cost example: projected_cost type: string x-enum-varnames: - PROJECt_COST ProjectsResponse: description: Response with projects. properties: data: description: Projects response data. items: $ref: "#/components/schemas/Project" type: array type: object PublishAppResponse: description: The response object after an app is successfully published. properties: data: $ref: "#/components/schemas/Deployment" type: object PutAppsDatastoreItemResponseArray: description: Response after successfully inserting multiple items into a datastore, containing the identifiers of the created items. properties: data: description: An array of data objects containing the identifiers of the successfully inserted items. items: $ref: "#/components/schemas/PutAppsDatastoreItemResponseData" maxItems: 100 type: array required: - data type: object PutAppsDatastoreItemResponseData: description: Data containing the identifier of a single item that was successfully inserted into the datastore. properties: id: description: The unique identifier assigned to the inserted item. type: string type: $ref: "#/components/schemas/DatastoreItemsDataType" required: - type type: object PutIncidentNotificationRuleRequest: description: Put request for a notification rule. properties: data: $ref: "#/components/schemas/IncidentNotificationRuleUpdateData" required: - data type: object Query: description: A data query used by an app. This can take the form of an external action, a data transformation, or a state variable. oneOf: - $ref: "#/components/schemas/ActionQuery" - $ref: "#/components/schemas/DataTransform" - $ref: "#/components/schemas/StateVariable" QueryAccountRequest: description: Request body for querying accounts with optional filtering, column selection, and sorting. example: data: attributes: limit: 20 query: plan_type:enterprise AND user_count:>100 AND subscription_status:active select_columns: - account_id - account_name - user_count - plan_type - subscription_status - created_at - mrr - industry sort: field: user_count order: DESC wildcard_search_term: tech id: query_account_request type: query_account_request properties: data: $ref: "#/components/schemas/QueryAccountRequestData" type: object QueryAccountRequestData: description: The data object containing the resource type and attributes for querying accounts. properties: attributes: $ref: "#/components/schemas/QueryAccountRequestDataAttributes" id: description: Unique identifier for the query account request resource. type: string type: $ref: "#/components/schemas/QueryAccountRequestDataType" required: - type type: object QueryAccountRequestDataAttributes: description: Attributes for filtering and shaping the account query results. properties: limit: description: Maximum number of account records to return in the response. format: int64 type: integer query: description: Filter expression using account attribute conditions to narrow results. type: string select_columns: description: List of account attribute column names to include in the response. items: description: Name of an account attribute column to include in the response. type: string type: array sort: $ref: "#/components/schemas/QueryAccountRequestDataAttributesSort" wildcard_search_term: description: Free-text term used for wildcard search across account attribute values. type: string type: object QueryAccountRequestDataAttributesSort: description: Sorting configuration specifying the field and direction for ordering query results. properties: field: description: The attribute field name to sort results by. type: string order: description: The sort direction, either ascending or descending. type: string type: object QueryAccountRequestDataType: default: query_account_request description: Query account request resource type. enum: - query_account_request example: query_account_request type: string x-enum-varnames: - QUERY_ACCOUNT_REQUEST QueryEventFilteredUsersRequest: description: Request body for querying users filtered by user properties combined with event platform activity. example: data: attributes: event_query: query: "@type:view AND @view.loading_time:>3000 AND @application.name:ecommerce-platform" time_frame: end: 1761309676 start: 1760100076 include_row_count: true limit: 25 query: user_org_id:5001 AND first_country_code:US AND first_browser_name:Chrome select_columns: - user_id - user_email - first_country_code - first_browser_name - events_count - session_count - error_count - avg_loading_time id: query_event_filtered_users_request type: query_event_filtered_users_request properties: data: $ref: "#/components/schemas/QueryEventFilteredUsersRequestData" type: object QueryEventFilteredUsersRequestData: description: The data object containing the resource type and attributes for querying event-filtered users. properties: attributes: $ref: "#/components/schemas/QueryEventFilteredUsersRequestDataAttributes" id: description: Unique identifier for the query event filtered users request resource. type: string type: $ref: "#/components/schemas/QueryEventFilteredUsersRequestDataType" required: - type type: object QueryEventFilteredUsersRequestDataAttributes: description: Attributes for filtering users by both user properties and event platform activity. properties: event_query: $ref: "#/components/schemas/QueryEventFilteredUsersRequestDataAttributesEventQuery" include_row_count: description: Whether to include the total count of matching users in the response. type: boolean limit: description: Maximum number of user records to return in the response. format: int64 type: integer query: description: Filter expression using user attribute conditions to narrow results. type: string select_columns: description: List of user attribute column names to include in the response. items: description: Name of a user attribute column to include in the response. type: string type: array type: object QueryEventFilteredUsersRequestDataAttributesEventQuery: description: Event platform query used to filter users based on their event activity within a specified time window. properties: query: description: The event platform query expression for filtering users by their event activity. type: string time_frame: $ref: "#/components/schemas/QueryEventFilteredUsersRequestDataAttributesEventQueryTimeFrame" type: object QueryEventFilteredUsersRequestDataAttributesEventQueryTimeFrame: description: The time window defining the start and end of the event query period as Unix timestamps. properties: end: description: End of the time frame as a Unix timestamp in seconds. format: int64 type: integer start: description: Start of the time frame as a Unix timestamp in seconds. format: int64 type: integer type: object QueryEventFilteredUsersRequestDataType: default: query_event_filtered_users_request description: Query event filtered users request resource type. enum: - query_event_filtered_users_request example: query_event_filtered_users_request type: string x-enum-varnames: - QUERY_EVENT_FILTERED_USERS_REQUEST QueryFormula: description: A formula for calculation based on one or more queries. properties: formula: description: Formula string, referencing one or more queries with their name property. example: "a+b" type: string limit: $ref: "#/components/schemas/FormulaLimit" required: - formula type: object QueryResponse: description: Response containing the query results with matched records and total count. example: data: attributes: hits: - first_browser_name: Chrome first_city: San Francisco first_country_code: US first_device_type: Desktop last_seen: "2025-08-14T06:45:12.142Z" session_count: 47 user_created: "2024-12-15T08:42:33.287Z" user_email: john.smith@techcorp.com user_id: "150847" user_name: John Smith user_org_id: "5001" - first_browser_name: Chrome first_city: Austin first_country_code: US first_device_type: Desktop last_seen: "2025-08-14T05:22:08.951Z" session_count: 89 user_created: "2024-11-28T14:17:45.634Z" user_email: john.williams@techcorp.com user_id: "150848" user_name: John Williams user_org_id: "5001" - first_browser_name: Chrome first_city: Seattle first_country_code: US first_device_type: Desktop last_seen: "2025-08-14T04:18:34.726Z" session_count: 23 user_created: "2025-01-03T16:33:21.445Z" user_email: john.jones@techcorp.com user_id: "150849" user_name: John Jones user_org_id: "5001" total: 147 id: query_response type: query_response properties: data: $ref: "#/components/schemas/QueryResponseData" type: object QueryResponseData: description: The data object containing the resource type and attributes of the query response. properties: attributes: $ref: "#/components/schemas/QueryResponseDataAttributes" id: description: Unique identifier for the query response resource. type: string type: $ref: "#/components/schemas/QueryResponseDataType" required: - type type: object QueryResponseDataAttributes: description: Attributes of the query response, containing the matched records and total count. properties: hits: description: The list of matching records returned by the query, each as a map of attribute names to values. items: additionalProperties: {} description: A single matched record represented as a map of attribute names to their values. type: array total: description: Total number of records matching the query, regardless of the limit applied. format: int64 type: integer type: object QueryResponseDataType: default: query_response description: Query response resource type. enum: - query_response example: query_response type: string x-enum-varnames: - QUERY_RESPONSE QuerySortOrder: default: desc description: Direction of sort. enum: - asc - desc type: string x-enum-varnames: - ASC - DESC QueryUsersRequest: description: Request body for querying users with optional filtering, column selection, and sorting. example: data: attributes: limit: 25 query: user_email:*@techcorp.com AND first_country_code:US AND first_browser_name:Chrome select_columns: - user_id - user_email - user_name - user_org_id - first_country_code - first_browser_name - first_device_type - last_seen sort: field: first_seen order: DESC wildcard_search_term: john id: query_users_request type: query_users_request properties: data: $ref: "#/components/schemas/QueryUsersRequestData" type: object QueryUsersRequestData: description: The data object containing the resource type and attributes for querying users. properties: attributes: $ref: "#/components/schemas/QueryUsersRequestDataAttributes" id: description: Unique identifier for the query users request resource. type: string type: $ref: "#/components/schemas/QueryUsersRequestDataType" required: - type type: object QueryUsersRequestDataAttributes: description: Attributes for filtering and shaping the user query results. properties: limit: description: Maximum number of user records to return in the response. format: int64 type: integer query: description: Filter expression using user attribute conditions to narrow results. type: string select_columns: description: List of user attribute column names to include in the response. items: description: Name of a user attribute column to include in the response. type: string type: array sort: $ref: "#/components/schemas/QueryUsersRequestDataAttributesSort" wildcard_search_term: description: Free-text term used for wildcard search across user attribute values. type: string type: object QueryUsersRequestDataAttributesSort: description: Sorting configuration specifying the field and direction for ordering user query results. properties: field: description: The user attribute field name to sort results by. type: string order: description: The sort direction, either ascending or descending. type: string type: object QueryUsersRequestDataType: default: query_users_request description: Query users request resource type. enum: - query_users_request example: query_users_request type: string x-enum-varnames: - QUERY_USERS_REQUEST RUMAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value. oneOf: - $ref: "#/components/schemas/RUMAggregateBucketValueSingleString" - $ref: "#/components/schemas/RUMAggregateBucketValueSingleNumber" - $ref: "#/components/schemas/RUMAggregateBucketValueTimeseries" RUMAggregateBucketValueSingleNumber: description: A single number value. format: double type: number RUMAggregateBucketValueSingleString: description: A single string value. type: string RUMAggregateBucketValueTimeseries: description: A timeseries array. items: $ref: "#/components/schemas/RUMAggregateBucketValueTimeseriesPoint" type: array x-generate-alias-as-model: true RUMAggregateBucketValueTimeseriesPoint: description: A timeseries point. properties: time: description: The time value for this point. example: "2020-06-08T11:55:00.123Z" format: date-time type: string value: description: The value for this point. example: 19 format: double type: number type: object RUMAggregateRequest: description: The object sent with the request to retrieve aggregation buckets of RUM events from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: "#/components/schemas/RUMCompute" type: array filter: $ref: "#/components/schemas/RUMQueryFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/RUMGroupBy" type: array options: $ref: "#/components/schemas/RUMQueryOptions" page: $ref: "#/components/schemas/RUMQueryPageOptions" type: object RUMAggregateSort: description: A sort rule. example: {"aggregation": "count", "order": "asc"} properties: aggregation: $ref: "#/components/schemas/RUMAggregationFunction" metric: description: The metric to sort by (only used for `type=measure`). example: "@duration" type: string order: $ref: "#/components/schemas/RUMSortOrder" type: $ref: "#/components/schemas/RUMAggregateSortType" type: object RUMAggregateSortType: default: "alphabetical" description: The type of sorting algorithm. enum: ["alphabetical", "measure"] type: string x-enum-varnames: ["ALPHABETICAL", "MEASURE"] RUMAggregationBucketsResponse: description: The query results. properties: buckets: description: The list of matching buckets, one item per bucket. items: $ref: "#/components/schemas/RUMBucketResponse" type: array type: object RUMAggregationFunction: description: An aggregation function. enum: ["count", "cardinality", "pc75", "pc90", "pc95", "pc98", "pc99", "sum", "min", "max", "avg", "median"] example: "pc90" type: string x-enum-varnames: ["COUNT", "CARDINALITY", "PERCENTILE_75", "PERCENTILE_90", "PERCENTILE_95", "PERCENTILE_98", "PERCENTILE_99", "SUM", "MIN", "MAX", "AVG", "MEDIAN"] RUMAnalyticsAggregateResponse: description: The response object for the RUM events aggregate API endpoint. properties: data: $ref: "#/components/schemas/RUMAggregationBucketsResponse" links: $ref: "#/components/schemas/RUMResponseLinks" meta: $ref: "#/components/schemas/RUMResponseMetadata" type: object RUMApplication: description: RUM application. properties: attributes: $ref: "#/components/schemas/RUMApplicationAttributes" id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: "#/components/schemas/RUMApplicationType" required: - attributes - id - type type: object RUMApplicationAttributes: description: RUM application attributes. properties: api_key_id: description: ID of the API key associated with the application. example: 123456789 format: int32 maximum: 2147483647 type: integer application_id: description: ID of the RUM application. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string client_token: description: Client token of the RUM application. example: abcd1234efgh5678ijkl90abcd1234efgh0 type: string created_at: description: Timestamp in ms of the creation date. example: 1659479836169 format: int64 type: integer created_by_handle: description: Handle of the creator user. example: john.doe type: string hash: description: Hash of the RUM application. Optional. type: string is_active: description: Indicates if the RUM application is active. example: true type: boolean name: description: Name of the RUM application. example: my_rum_application type: string org_id: description: Org ID of the RUM application. example: 999 format: int32 maximum: 2147483647 type: integer product_scales: $ref: "#/components/schemas/RUMProductScales" type: description: "Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`." example: browser type: string updated_at: description: Timestamp in ms of the last update date. example: 1659479836169 format: int64 type: integer updated_by_handle: description: Handle of the updater user. example: jane.doe type: string required: - application_id - client_token - created_at - created_by_handle - name - org_id - type - updated_at - updated_by_handle type: object RUMApplicationCreate: description: RUM application creation. properties: attributes: $ref: "#/components/schemas/RUMApplicationCreateAttributes" type: $ref: "#/components/schemas/RUMApplicationCreateType" required: - attributes - type type: object RUMApplicationCreateAttributes: description: RUM application creation attributes. properties: name: description: Name of the RUM application. example: my_new_rum_application type: string product_analytics_retention_state: $ref: "#/components/schemas/RUMProductAnalyticsRetentionState" rum_event_processing_state: $ref: "#/components/schemas/RUMEventProcessingState" type: description: "Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`." example: browser type: string required: - name type: object RUMApplicationCreateRequest: description: RUM application creation request attributes. properties: data: $ref: "#/components/schemas/RUMApplicationCreate" required: - data type: object RUMApplicationCreateType: default: rum_application_create description: RUM application creation type. enum: - rum_application_create example: rum_application_create type: string x-enum-varnames: - RUM_APPLICATION_CREATE RUMApplicationList: description: RUM application list. properties: attributes: $ref: "#/components/schemas/RUMApplicationListAttributes" id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: "#/components/schemas/RUMApplicationListType" required: - attributes - type type: object RUMApplicationListAttributes: description: RUM application list attributes. properties: application_id: description: ID of the RUM application. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string created_at: description: Timestamp in ms of the creation date. example: 1659479836169 format: int64 type: integer created_by_handle: description: Handle of the creator user. example: john.doe type: string hash: description: Hash of the RUM application. Optional. type: string is_active: description: Indicates if the RUM application is active. example: true type: boolean name: description: Name of the RUM application. example: my_rum_application type: string org_id: description: Org ID of the RUM application. example: 999 format: int32 maximum: 2147483647 type: integer product_scales: $ref: "#/components/schemas/RUMProductScales" type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`. example: browser type: string updated_at: description: Timestamp in ms of the last update date. example: 1659479836169 format: int64 type: integer updated_by_handle: description: Handle of the updater user. example: jane.doe type: string required: - application_id - created_at - created_by_handle - name - org_id - type - updated_at - updated_by_handle type: object RUMApplicationListType: default: rum_application description: RUM application list type. enum: - rum_application example: rum_application type: string x-enum-varnames: - RUM_APPLICATION RUMApplicationResponse: description: RUM application response. properties: data: $ref: "#/components/schemas/RUMApplication" type: object RUMApplicationType: default: rum_application description: RUM application response type. enum: - rum_application example: rum_application type: string x-enum-varnames: - RUM_APPLICATION RUMApplicationUpdate: description: RUM application update. properties: attributes: $ref: "#/components/schemas/RUMApplicationUpdateAttributes" id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: "#/components/schemas/RUMApplicationUpdateType" required: - id - type type: object RUMApplicationUpdateAttributes: description: RUM application update attributes. properties: name: description: Name of the RUM application. example: updated_name_for_my_existing_rum_application type: string product_analytics_retention_state: $ref: "#/components/schemas/RUMProductAnalyticsRetentionState" rum_event_processing_state: $ref: "#/components/schemas/RUMEventProcessingState" type: description: "Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`." example: browser type: string type: object RUMApplicationUpdateRequest: description: RUM application update request. properties: data: $ref: "#/components/schemas/RUMApplicationUpdate" required: - data type: object RUMApplicationUpdateType: default: rum_application_update description: RUM application update type. enum: - rum_application_update example: rum_application_update type: string x-enum-varnames: - RUM_APPLICATION_UPDATE RUMApplicationsResponse: description: RUM applications response. properties: data: description: RUM applications array response. items: $ref: "#/components/schemas/RUMApplicationList" type: array type: object RUMBucketResponse: description: Bucket values. properties: by: additionalProperties: description: The values for each group-by. type: string description: The key-value pairs for each group-by. example: {"@session.type": "user", "@type": "view"} type: object computes: additionalProperties: $ref: "#/components/schemas/RUMAggregateBucketValue" description: A map of the metric name to value for regular compute, or a list of values for a timeseries. type: object type: object RUMCompute: description: A compute rule to compute metrics or timeseries. properties: aggregation: $ref: "#/components/schemas/RUMAggregationFunction" interval: description: |- The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points. example: "5m" type: string metric: description: The metric to use. example: "@duration" type: string type: $ref: "#/components/schemas/RUMComputeType" required: - aggregation type: object RUMComputeType: default: "total" description: The type of compute. enum: ["timeseries", "total"] type: string x-enum-varnames: ["TIMESERIES", "TOTAL"] RUMEvent: description: Object description of a RUM event after being processed and stored by Datadog. properties: attributes: $ref: "#/components/schemas/RUMEventAttributes" id: description: Unique ID of the event. example: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" type: string type: $ref: "#/components/schemas/RUMEventType" type: object RUMEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from RUM events. example: {"customAttribute": 123, "duration": 2345} type: object service: description: |- The name of the application or service generating RUM events. It is used to switch from RUM to APM, so make sure you define the same value when you use both products. example: "web-app" type: string tags: description: Array of tags associated with your event. example: ["team:A"] items: description: Tag associated with your event. type: string type: array timestamp: description: Timestamp of your event. example: "2019-01-02T09:42:36.320Z" format: date-time type: string type: object RUMEventProcessingScale: description: RUM event processing scale configuration. properties: last_modified_at: description: Timestamp in milliseconds when this scale was last modified. example: 1721897494108 format: int64 type: integer state: $ref: "#/components/schemas/RUMEventProcessingState" type: object RUMEventProcessingState: description: Configures which RUM events are processed and stored for the application. enum: - ALL - ERROR_FOCUSED_MODE - NONE example: ALL type: string x-enum-descriptions: - Process and store all RUM events (sessions, views, actions, resources, errors) - Process and store only error events and related critical events - Disable RUM event processing—no events are stored x-enum-varnames: - ALL - ERROR_FOCUSED_MODE - NONE RUMEventType: default: rum description: Type of the event. enum: - rum example: "rum" type: string x-enum-varnames: - RUM RUMEventsResponse: description: Response object with all events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: "#/components/schemas/RUMEvent" type: array links: $ref: "#/components/schemas/RUMResponseLinks" meta: $ref: "#/components/schemas/RUMResponseMetadata" type: object RUMGroupBy: description: A group-by rule. properties: facet: description: The name of the facet to use (required). example: "@view.time_spent" type: string histogram: $ref: "#/components/schemas/RUMGroupByHistogram" limit: default: 10 description: The maximum buckets to return for this group-by. format: int64 type: integer missing: $ref: "#/components/schemas/RUMGroupByMissing" sort: $ref: "#/components/schemas/RUMAggregateSort" total: $ref: "#/components/schemas/RUMGroupByTotal" required: - facet type: object RUMGroupByHistogram: description: |- Used to perform a histogram computation (only for measure facets). Note: At most 100 buckets are allowed, the number of buckets is (max - min)/interval. properties: interval: description: The bin size of the histogram buckets. example: 10 format: double type: number max: description: |- The maximum value for the measure used in the histogram (values greater than this one are filtered out). example: 100 format: double type: number min: description: |- The minimum value for the measure used in the histogram (values smaller than this one are filtered out). example: 50 format: double type: number required: - interval - min - max type: object RUMGroupByMissing: description: The value to use for logs that don't have the facet used to group by. oneOf: - $ref: "#/components/schemas/RUMGroupByMissingString" - $ref: "#/components/schemas/RUMGroupByMissingNumber" RUMGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number RUMGroupByMissingString: description: The missing value to use if there is string valued facet. type: string RUMGroupByTotal: default: false description: |- A resulting object to put the given computes in over all the matching records. oneOf: - $ref: "#/components/schemas/RUMGroupByTotalBoolean" - $ref: "#/components/schemas/RUMGroupByTotalString" - $ref: "#/components/schemas/RUMGroupByTotalNumber" RUMGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total". type: boolean RUMGroupByTotalNumber: description: A number to use as the key value for the total bucket. format: double type: number RUMGroupByTotalString: description: A string to use as the key value for the total bucket. type: string RUMProductAnalyticsRetentionScale: description: Product Analytics retention scale configuration. properties: last_modified_at: description: Timestamp in milliseconds when this scale was last modified. example: 1747922145974 format: int64 type: integer state: $ref: "#/components/schemas/RUMProductAnalyticsRetentionState" type: object RUMProductAnalyticsRetentionState: description: Controls the retention policy for Product Analytics data derived from RUM events. enum: - MAX - NONE example: MAX type: string x-enum-descriptions: - Store Product Analytics data for the maximum available retention period - Do not store Product Analytics data x-enum-varnames: - MAX - NONE RUMProductScales: description: Product Scales configuration for the RUM application. properties: product_analytics_retention_scale: $ref: "#/components/schemas/RUMProductAnalyticsRetentionScale" rum_event_processing_scale: $ref: "#/components/schemas/RUMEventProcessingScale" type: object RUMQueryFilter: description: The search and filter query settings. properties: from: default: "now-15m" description: The minimum time for the requested events; supports date (in [ISO 8601](https://www.w3.org/TR/NOTE-datetime) format with full date, hours, minutes, and the `Z` UTC indicator - seconds and fractional seconds are optional), math, and regular timestamps (in milliseconds). example: "now-15m" type: string query: default: "*" description: The search query following the RUM search syntax. example: "@type:session AND @session.type:user" type: string to: default: "now" description: The maximum time for the requested events; supports date (in [ISO 8601](https://www.w3.org/TR/NOTE-datetime) format with full date, hours, minutes, and the `Z` UTC indicator - seconds and fractional seconds are optional), math, and regular timestamps (in milliseconds). example: "now" type: string type: object RUMQueryOptions: description: |- Global query options that are used during the query. Note: Only supply timezone or time offset, not both. Otherwise, the query fails. properties: time_offset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: "UTC" description: |- The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: "GMT" type: string type: object RUMQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object RUMResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of results. Note that the request can also be made using the POST endpoint. example: "https://app.datadoghq.com/api/v2/rum/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object RUMResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: "#/components/schemas/RUMResponsePage" request_id: description: The identifier of the request. example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: $ref: "#/components/schemas/RUMResponseStatus" warnings: description: |- A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response. items: $ref: "#/components/schemas/RUMWarning" type: array type: object RUMResponsePage: description: Paging attributes. properties: after: description: |- The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object RUMResponseStatus: description: The status of the response. enum: ["done", "timeout"] example: "done" type: string x-enum-varnames: ["DONE", "TIMEOUT"] RUMSearchEventsRequest: description: The request for a RUM events list. properties: filter: $ref: "#/components/schemas/RUMQueryFilter" options: $ref: "#/components/schemas/RUMQueryOptions" page: $ref: "#/components/schemas/RUMQueryPageOptions" sort: $ref: "#/components/schemas/RUMSort" type: object RUMSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING RUMSortOrder: description: The order to use, ascending or descending. enum: - "asc" - "desc" example: "asc" type: string x-enum-varnames: - "ASCENDING" - "DESCENDING" RUMWarning: description: A warning message indicating something that went wrong with the query. properties: code: description: A unique code for this type of warning. example: "unknown_index" type: string detail: description: A detailed explanation of this specific warning. example: "indexes: foo, bar" type: string title: description: A short human-readable summary of the warning. example: "One or several indexes are missing or invalid, results hold data from the other indexes" type: string type: object RawErrorBudgetRemaining: description: The raw error budget remaining for the SLO. properties: unit: description: The unit of the error budget (for example, `seconds`, `requests`). example: seconds type: string value: description: The numeric value of the remaining error budget. example: 86400.5 format: double type: number required: - value - unit type: object ReadinessGate: description: Used to merge multiple branches into a single branch. properties: thresholdType: $ref: "#/components/schemas/ReadinessGateThresholdType" required: - thresholdType type: object ReadinessGateThresholdType: description: The definition of `ReadinessGateThresholdType` object. enum: - ANY - ALL example: ANY type: string x-enum-varnames: - ANY - ALL RecommendationAttributes: description: Attributes of the SPA Recommendation resource. Contains recommendations for both driver and executor components. properties: confidence_level: description: The confidence level of the recommendation, expressed as a value between 0.0 (low confidence) and 1.0 (high confidence). format: double type: number driver: $ref: "#/components/schemas/ComponentRecommendation" executor: $ref: "#/components/schemas/ComponentRecommendation" required: [driver, executor] type: object RecommendationData: description: JSON:API resource object for SPA Recommendation. Includes type, optional ID, and resource attributes with structured recommendations. properties: attributes: $ref: "#/components/schemas/RecommendationAttributes" id: description: Resource identifier for the recommendation. Optional in responses. type: string type: $ref: "#/components/schemas/RecommendationType" required: [type, attributes] type: object RecommendationDocument: description: JSON:API document containing a single Recommendation resource. Returned by SPA when the Spark Gateway requests recommendations. properties: data: $ref: "#/components/schemas/RecommendationData" required: [data] type: object RecommendationType: default: recommendation description: JSON:API resource type for Spark Pod Autosizing recommendations. Identifies the Recommendation resource returned by SPA. enum: - recommendation example: recommendation type: string x-enum-varnames: - RECOMMENDATION ReferenceTableCreateSourceType: description: The source type for creating reference table data. Only these source types can be created through this API. enum: - LOCAL_FILE - S3 - GCS - AZURE example: "LOCAL_FILE" type: string x-enum-varnames: - LOCAL_FILE - S3 - GCS - AZURE ReferenceTableSchemaFieldType: description: The field type for reference table schema fields. enum: - STRING - INT32 example: "STRING" type: string x-enum-varnames: - STRING - INT32 ReferenceTableSortType: default: "-updated_at" description: Sort field and direction for reference tables. Use field name for ascending, prefix with "-" for descending. enum: - updated_at - table_name - status - "-updated_at" - "-table_name" - "-status" type: string x-enum-varnames: - UPDATED_AT - TABLE_NAME - STATUS - MINUS_UPDATED_AT - MINUS_TABLE_NAME - MINUS_STATUS ReferenceTableSourceType: description: The source type for reference table data. Includes all possible source types that can appear in responses. enum: - LOCAL_FILE - S3 - GCS - AZURE - SERVICENOW - SALESFORCE - DATABRICKS - SNOWFLAKE example: "LOCAL_FILE" type: string x-enum-varnames: - LOCAL_FILE - S3 - GCS - AZURE - SERVICENOW - SALESFORCE - DATABRICKS - SNOWFLAKE RegisterAppKeyResponse: description: The response object after creating an app key registration. properties: data: $ref: "#/components/schemas/AppKeyRegistrationData" type: object RelationAttributes: description: Relation attributes. properties: from: $ref: "#/components/schemas/RelationEntity" to: $ref: "#/components/schemas/RelationEntity" type: $ref: "#/components/schemas/RelationType" type: object RelationEntity: description: Relation entity reference. properties: kind: description: Entity kind. type: string name: description: Entity name. type: string namespace: description: Entity namespace. type: string type: object RelationIncludeType: description: Supported include types for relations. enum: - entity - schema type: string x-enum-varnames: - ENTITY - SCHEMA RelationMeta: description: Relation metadata. properties: createdAt: description: Relation creation time. format: date-time type: string definedBy: description: Relation defined by. type: string modifiedAt: description: Relation modification time. format: date-time type: string source: description: Relation source. type: string type: object RelationRelationships: description: Relation relationships. properties: fromEntity: $ref: "#/components/schemas/RelationToEntity" toEntity: $ref: "#/components/schemas/RelationToEntity" type: object RelationResponse: description: Relation response data. properties: attributes: $ref: "#/components/schemas/RelationAttributes" id: description: Relation ID. type: string meta: $ref: "#/components/schemas/RelationMeta" relationships: $ref: "#/components/schemas/RelationRelationships" subtype: description: Relation subtype. type: string type: $ref: "#/components/schemas/RelationResponseType" type: object RelationResponseData: description: Array of relation responses items: $ref: "#/components/schemas/RelationResponse" type: array RelationResponseMeta: description: Relation response metadata. properties: count: description: Total relations count. format: int64 type: integer includeCount: description: Total included data count. format: int64 type: integer type: object RelationResponseType: description: Relation type. enum: [relation] type: string x-enum-varnames: - RELATION RelationToEntity: description: Relation to entity. properties: data: $ref: "#/components/schemas/RelationshipItem" meta: $ref: "#/components/schemas/EntityMeta" type: object RelationType: description: Supported relation types. enum: - RelationTypeOwns - RelationTypeOwnedBy - RelationTypeDependsOn - RelationTypeDependencyOf - RelationTypePartsOf - RelationTypeHasPart - RelationTypeOtherOwns - RelationTypeOtherOwnedBy - RelationTypeImplementedBy - RelationTypeImplements type: string x-enum-varnames: - RELATIONTYPEOWNS - RELATIONTYPEOWNEDBY - RELATIONTYPEDEPENDSON - RELATIONTYPEDEPENDENCYOF - RELATIONTYPEPARTSOF - RELATIONTYPEHASPART - RELATIONTYPEOTHEROWNS - RELATIONTYPEOTHEROWNEDBY - RELATIONTYPEIMPLEMENTEDBY - RELATIONTYPEIMPLEMENTS RelationshipArray: description: Relationships. items: $ref: "#/components/schemas/RelationshipItem" type: array RelationshipItem: description: Relationship entry. properties: id: description: Associated data ID. type: string type: description: Relationship type. type: string type: object RelationshipToIncident: description: Relationship to incident. properties: data: $ref: "#/components/schemas/RelationshipToIncidentData" required: - data type: object RelationshipToIncidentAttachment: description: A relationship reference for attachments. properties: data: description: |- An array of incident attachments. items: $ref: "#/components/schemas/RelationshipToIncidentAttachmentData" type: array required: - data type: object RelationshipToIncidentAttachmentData: description: The attachment relationship data. properties: id: description: A unique identifier that represents the attachment. example: "00000000-0000-abcd-1000-000000000000" type: string type: $ref: "#/components/schemas/IncidentAttachmentType" required: - id - type type: object RelationshipToIncidentData: description: Relationship to incident object. properties: id: description: A unique identifier that represents the incident. example: "00000000-0000-0000-1234-000000000000" type: string type: $ref: "#/components/schemas/IncidentType" required: - id - type type: object RelationshipToIncidentImpactData: description: Relationship to impact object. properties: id: description: A unique identifier that represents the impact. example: "00000000-0000-0000-2345-000000000000" type: string type: $ref: "#/components/schemas/IncidentImpactsType" required: - id - type type: object RelationshipToIncidentImpacts: description: Relationship to impacts. properties: data: description: An array of incident impacts. items: $ref: "#/components/schemas/RelationshipToIncidentImpactData" type: array required: - data type: object RelationshipToIncidentIntegrationMetadataData: description: A relationship reference for an integration metadata object. example: {"id": "00000000-abcd-0002-0000-000000000000", "type": "incident_integrations"} properties: id: description: A unique identifier that represents the integration metadata. example: "00000000-abcd-0001-0000-000000000000" type: string type: $ref: "#/components/schemas/IncidentIntegrationMetadataType" required: - id - type type: object RelationshipToIncidentIntegrationMetadatas: description: A relationship reference for multiple integration metadata objects. example: {"data": [{"id": "00000000-abcd-0005-0000-000000000000", "type": "incident_integrations"}, {"id": "00000000-abcd-0006-0000-000000000000", "type": "incident_integrations"}]} properties: data: description: Integration metadata relationship array example: [{"id": "00000000-abcd-0003-0000-000000000000", "type": "incident_integrations"}, {"id": "00000000-abcd-0004-0000-000000000000", "type": "incident_integrations"}] items: $ref: "#/components/schemas/RelationshipToIncidentIntegrationMetadataData" type: array required: - data type: object RelationshipToIncidentNotificationTemplate: description: A relationship reference to a notification template. properties: data: $ref: "#/components/schemas/RelationshipToIncidentNotificationTemplateData" required: - data type: object RelationshipToIncidentNotificationTemplateData: description: The notification template relationship data. properties: id: description: The unique identifier of the notification template. example: "00000000-0000-0000-0000-000000000001" format: uuid type: string type: $ref: "#/components/schemas/IncidentNotificationTemplateType" required: - id - type type: object RelationshipToIncidentPostmortem: description: A relationship reference for postmortems. example: {"data": {"id": "00000000-0000-abcd-3000-000000000000", "type": "incident_postmortems"}} properties: data: $ref: "#/components/schemas/RelationshipToIncidentPostmortemData" required: - data type: object RelationshipToIncidentPostmortemData: description: The postmortem relationship data. example: {"id": "00000000-0000-abcd-2000-000000000000", "type": "incident_postmortems"} properties: id: description: A unique identifier that represents the postmortem. example: "00000000-0000-abcd-1000-000000000000" type: string type: $ref: "#/components/schemas/IncidentPostmortemType" required: - id - type type: object RelationshipToIncidentRequest: description: Relationship to incident request properties: data: $ref: "#/components/schemas/IncidentRelationshipData" required: - data type: object RelationshipToIncidentResponderData: description: Relationship to impact object. properties: id: description: A unique identifier that represents the responder. example: "00000000-0000-0000-2345-000000000000" type: string type: $ref: "#/components/schemas/IncidentRespondersType" required: - id - type type: object RelationshipToIncidentResponders: description: Relationship to incident responders. properties: data: description: An array of incident responders. items: $ref: "#/components/schemas/RelationshipToIncidentResponderData" type: array required: - data type: object RelationshipToIncidentType: description: Relationship to an incident type. properties: data: $ref: "#/components/schemas/RelationshipToIncidentTypeData" required: - data type: object RelationshipToIncidentTypeData: description: Relationship to incident type object. properties: id: description: The incident type's ID. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/IncidentTypeType" required: - id - type type: object RelationshipToIncidentUserDefinedFieldData: description: Relationship to impact object. properties: id: description: A unique identifier that represents the responder. example: "00000000-0000-0000-2345-000000000000" type: string type: $ref: "#/components/schemas/IncidentUserDefinedFieldType" required: - id - type type: object RelationshipToIncidentUserDefinedFields: description: Relationship to incident user defined fields. properties: data: description: An array of user defined fields. items: $ref: "#/components/schemas/RelationshipToIncidentUserDefinedFieldData" type: array required: - data type: object RelationshipToOrganization: description: Relationship to an organization. properties: data: $ref: "#/components/schemas/RelationshipToOrganizationData" required: - data type: object RelationshipToOrganizationData: description: Relationship to organization object. properties: id: description: ID of the organization. example: "00000000-0000-beef-0000-000000000000" type: string type: $ref: "#/components/schemas/OrganizationsType" required: - id - type type: object RelationshipToOrganizations: description: Relationship to organizations. properties: data: description: Relationships to organization objects. example: [] items: $ref: "#/components/schemas/RelationshipToOrganizationData" type: array required: - data type: object RelationshipToOutcome: description: The JSON:API relationship to a scorecard outcome. properties: data: $ref: "#/components/schemas/RelationshipToOutcomeData" type: object RelationshipToOutcomeData: description: The JSON:API relationship to an outcome, which returns the related rule id. properties: id: $ref: "#/components/schemas/RuleId" type: $ref: "#/components/schemas/RuleType" type: object RelationshipToPermission: description: Relationship to a permissions object. properties: data: $ref: "#/components/schemas/RelationshipToPermissionData" type: object RelationshipToPermissionData: description: Relationship to permission object. properties: id: description: ID of the permission. type: string type: $ref: "#/components/schemas/PermissionsType" type: object RelationshipToPermissions: description: Relationship to multiple permissions objects. properties: data: description: Relationships to permission objects. items: $ref: "#/components/schemas/RelationshipToPermissionData" type: array type: object RelationshipToRole: description: Relationship to role. properties: data: $ref: "#/components/schemas/RelationshipToRoleData" type: object RelationshipToRoleData: description: Relationship to role object. properties: id: description: The unique identifier of the role. example: "3653d3c6-0c75-11ea-ad28-fb5701eabc7d" type: string type: $ref: "#/components/schemas/RolesType" type: object RelationshipToRoles: description: Relationship to roles. properties: data: description: An array containing type and the unique identifier of a role. items: $ref: "#/components/schemas/RelationshipToRoleData" type: array type: object RelationshipToRule: description: Scorecard create rule response relationship. properties: scorecard: $ref: "#/components/schemas/RelationshipToRuleData" type: object RelationshipToRuleData: description: Relationship data for a rule. properties: data: $ref: "#/components/schemas/RelationshipToRuleDataObject" type: object RelationshipToRuleDataObject: description: Rule relationship data. properties: id: description: The unique ID for a scorecard. example: q8MQxk8TCqrHnWkp type: string type: $ref: "#/components/schemas/ScorecardType" type: object RelationshipToSAMLAssertionAttribute: description: AuthN Mapping relationship to SAML Assertion Attribute. properties: data: $ref: "#/components/schemas/RelationshipToSAMLAssertionAttributeData" required: - data type: object RelationshipToSAMLAssertionAttributeData: description: Data of AuthN Mapping relationship to SAML Assertion Attribute. properties: id: description: The ID of the SAML assertion attribute. example: "0" type: string type: $ref: "#/components/schemas/SAMLAssertionAttributesType" required: - id - type type: object RelationshipToTeam: description: Relationship to team. properties: data: $ref: "#/components/schemas/RelationshipToTeamData" type: object RelationshipToTeamData: description: Relationship to Team object. properties: id: description: The unique identifier of the team. example: f9bb8444-af7f-11ec-ac2c-da7ad0900001 type: string type: $ref: "#/components/schemas/TeamType" type: object RelationshipToTeamLinkData: description: Relationship between a link and a team properties: id: description: The team link's identifier example: f9bb8444-af7f-11ec-ac2c-da7ad0900001 type: string type: $ref: "#/components/schemas/TeamLinkType" required: - id - type type: object RelationshipToTeamLinks: description: Relationship between a team and a team link properties: data: description: Related team links items: $ref: "#/components/schemas/RelationshipToTeamLinkData" type: array links: $ref: "#/components/schemas/TeamRelationshipsLinks" type: object RelationshipToUser: description: Relationship to user. properties: data: $ref: "#/components/schemas/RelationshipToUserData" required: - data type: object RelationshipToUserData: description: Relationship to user object. properties: id: description: A unique identifier that represents the user. example: "00000000-0000-0000-2345-000000000000" type: string type: $ref: "#/components/schemas/UsersType" required: - id - type type: object RelationshipToUserTeamPermission: description: Relationship between a user team permission and a team properties: data: $ref: "#/components/schemas/RelationshipToUserTeamPermissionData" links: $ref: "#/components/schemas/TeamRelationshipsLinks" type: object RelationshipToUserTeamPermissionData: description: Related user team permission data nullable: true properties: id: description: The ID of the user team permission example: UserTeamPermissions-aeadc05e-98a8-11ec-ac2c-da7ad0900001-416595 type: string type: $ref: "#/components/schemas/UserTeamPermissionType" required: - id - type type: object RelationshipToUserTeamTeam: description: Relationship between team membership and team properties: data: $ref: "#/components/schemas/RelationshipToUserTeamTeamData" required: - data type: object RelationshipToUserTeamTeamData: description: The team associated with the membership properties: id: description: The ID of the team associated with the membership example: d7e15d9d-d346-43da-81d8-3d9e71d9a5e9 type: string type: $ref: "#/components/schemas/UserTeamTeamType" required: - id - type type: object RelationshipToUserTeamUser: description: Relationship between team membership and user properties: data: $ref: "#/components/schemas/RelationshipToUserTeamUserData" required: - data type: object RelationshipToUserTeamUserData: description: A user's relationship with a team properties: id: description: The ID of the user associated with the team example: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: string type: $ref: "#/components/schemas/UserTeamUserType" required: - id - type type: object RelationshipToUsers: description: Relationship to users. properties: data: description: Relationships to user objects. example: [] items: $ref: "#/components/schemas/RelationshipToUserData" type: array required: - data type: object Remediation: description: Vulnerability remediation. properties: auto_solvable: description: Whether the vulnerability can be resolved when recompiling the package or not. example: false type: boolean avoided_advisories: description: Avoided advisories. items: $ref: "#/components/schemas/Advisory" type: array fixed_advisories: description: Remediation fixed advisories. items: $ref: "#/components/schemas/Advisory" type: array library_name: description: Library name remediating the vulnerability. example: stdlib type: string library_version: description: Library version remediating the vulnerability. example: Upgrade to a version >= 1.20.0 type: string new_advisories: description: New advisories. items: $ref: "#/components/schemas/Advisory" type: array remaining_advisories: description: Remaining advisories. items: $ref: "#/components/schemas/Advisory" type: array type: description: Remediation type. example: text type: string required: - type - library_name - library_version - auto_solvable - fixed_advisories - remaining_advisories - new_advisories - avoided_advisories type: object ReorderRetentionFiltersRequest: description: A list of retention filters to reorder. properties: data: description: A list of retention filters objects. items: $ref: "#/components/schemas/RetentionFilterWithoutAttributes" type: array required: - data type: object ReorderRuleResourceArray: description: The definition of `ReorderRuleResourceArray` object. example: data: - id: "456" type: arbitrary_rule - id: "123" type: arbitrary_rule - id: "789" type: arbitrary_rule properties: data: description: The `ReorderRuleResourceArray` `data`. items: $ref: "#/components/schemas/ReorderRuleResourceData" type: array required: - data type: object ReorderRuleResourceData: description: The definition of `ReorderRuleResourceData` object. properties: id: description: The `ReorderRuleResourceData` `id`. type: string type: $ref: "#/components/schemas/ReorderRuleResourceDataType" required: - type type: object ReorderRuleResourceDataType: default: arbitrary_rule description: Arbitrary rule resource type. enum: - arbitrary_rule example: arbitrary_rule type: string x-enum-varnames: - ARBITRARY_RULE ReorderRulesetResourceArray: description: The definition of `ReorderRulesetResourceArray` object. example: data: - id: "55ef2385-9ae1-4410-90c4-5ac1b60fec10" type: ruleset - id: "a7b8c9d0-1234-5678-9abc-def012345678" type: ruleset - id: "f1e2d3c4-b5a6-9780-1234-567890abcdef" type: ruleset properties: data: description: The `ReorderRulesetResourceArray` `data`. items: $ref: "#/components/schemas/ReorderRulesetResourceData" type: array required: - data type: object ReorderRulesetResourceData: description: The definition of `ReorderRulesetResourceData` object. properties: id: description: The `ReorderRulesetResourceData` `id`. type: string type: $ref: "#/components/schemas/ReorderRulesetResourceDataType" required: - type type: object ReorderRulesetResourceDataType: default: ruleset description: Ruleset resource type. enum: - ruleset example: ruleset type: string x-enum-varnames: - RULESET ResolveVulnerableSymbolsRequest: description: The top-level request object for resolving vulnerable symbols in a set of packages. properties: data: $ref: "#/components/schemas/ResolveVulnerableSymbolsRequestData" type: object ResolveVulnerableSymbolsRequestData: description: The data object in a request to resolve vulnerable symbols, containing the package PURLs and request type. properties: attributes: $ref: "#/components/schemas/ResolveVulnerableSymbolsRequestDataAttributes" id: description: An optional identifier for this request data object. type: string type: $ref: "#/components/schemas/ResolveVulnerableSymbolsRequestDataType" required: - type type: object ResolveVulnerableSymbolsRequestDataAttributes: description: The attributes of a request to resolve vulnerable symbols, containing the list of package PURLs to check. properties: purls: description: The list of Package URLs (PURLs) for which to resolve vulnerable symbols. items: description: A Package URL (PURL) identifying a specific package and version. type: string type: array type: object ResolveVulnerableSymbolsRequestDataType: default: resolve-vulnerable-symbols-request description: The type identifier for requests to resolve vulnerable symbols. enum: - resolve-vulnerable-symbols-request example: resolve-vulnerable-symbols-request type: string x-enum-varnames: - RESOLVE_VULNERABLE_SYMBOLS_REQUEST ResolveVulnerableSymbolsResponse: description: The top-level response object returned when resolving vulnerable symbols for a set of packages. properties: data: $ref: "#/components/schemas/ResolveVulnerableSymbolsResponseData" type: object ResolveVulnerableSymbolsResponseData: description: The data object in a response for resolving vulnerable symbols, containing the result attributes and response type. properties: attributes: $ref: "#/components/schemas/ResolveVulnerableSymbolsResponseDataAttributes" id: description: The unique identifier for this response data object. type: string type: $ref: "#/components/schemas/ResolveVulnerableSymbolsResponseDataType" required: - type type: object ResolveVulnerableSymbolsResponseDataAttributes: description: The attributes of a response containing resolved vulnerable symbols, organized by package. properties: results: description: The list of resolved vulnerable symbol results, one entry per queried package. items: $ref: "#/components/schemas/ResolveVulnerableSymbolsResponseResults" type: array type: object ResolveVulnerableSymbolsResponseDataType: default: resolve-vulnerable-symbols-response description: The type identifier for responses containing resolved vulnerable symbols. enum: - resolve-vulnerable-symbols-response example: resolve-vulnerable-symbols-response type: string x-enum-varnames: - RESOLVE_VULNERABLE_SYMBOLS_RESPONSE ResolveVulnerableSymbolsResponseResults: description: The result of resolving vulnerable symbols for a specific package, identified by its PURL. properties: purl: description: The Package URL (PURL) uniquely identifying the package for which vulnerable symbols are resolved. type: string vulnerable_symbols: description: The list of vulnerable symbol groups found in this package, organized by advisory. items: $ref: "#/components/schemas/ResolveVulnerableSymbolsResponseResultsVulnerableSymbols" type: array type: object ResolveVulnerableSymbolsResponseResultsVulnerableSymbols: description: A collection of vulnerable symbols associated with a specific security advisory. properties: advisory_id: description: The identifier of the security advisory that describes the vulnerability. type: string symbols: description: The list of symbols that are vulnerable according to this advisory. items: $ref: "#/components/schemas/ResolveVulnerableSymbolsResponseResultsVulnerableSymbolsSymbols" type: array type: object ResolveVulnerableSymbolsResponseResultsVulnerableSymbolsSymbols: description: A symbol identified as vulnerable within a dependency, including its name, type, and value. properties: name: description: The name of the vulnerable symbol. type: string type: description: The type classification of the vulnerable symbol (e.g., function, class, variable). type: string value: description: The value or identifier associated with the vulnerable symbol. type: string type: object ResourceFilterAttributes: description: Attributes of a resource filter. example: aws: "123456789": - environment:production - team:devops azure: sub-001: - app:frontend gcp: project-abc: - region:us-central1 properties: cloud_provider: additionalProperties: additionalProperties: items: description: Tag filter in format "key:value" example: environment:production type: string type: array type: object description: A map of cloud provider names (e.g., "aws", "gcp", "azure") to a map of account/resource IDs and their associated tag filters. type: object uuid: description: The UUID of the resource filter. type: string required: - cloud_provider type: object ResourceFilterRequestType: description: Constant string to identify the request type. enum: - csm_resource_filter example: csm_resource_filter type: string x-enum-varnames: - CSM_RESOURCE_FILTER ResponseMetaAttributes: description: Object describing meta attributes of response. properties: page: $ref: "#/components/schemas/Pagination" type: object RestrictionPolicy: description: Restriction policy object. properties: attributes: $ref: "#/components/schemas/RestrictionPolicyAttributes" id: description: The identifier, always equivalent to the value specified in the `resource_id` path parameter. example: "dashboard:abc-def-ghi" type: string type: $ref: "#/components/schemas/RestrictionPolicyType" required: - type - id - attributes type: object RestrictionPolicyAttributes: description: Restriction policy attributes. example: {"bindings": []} properties: bindings: description: An array of bindings. items: $ref: "#/components/schemas/RestrictionPolicyBinding" type: array required: - bindings type: object RestrictionPolicyBinding: description: Specifies which principals are associated with a relation. properties: principals: description: |- An array of principals. A principal is a subject or group of subjects. Each principal is formatted as `type:id`. Supported types: `role`, `team`, `user`, and `org`. The org ID can be obtained through the api/v2/current_user API. The user principal type accepts service account IDs. example: ["role:00000000-0000-1111-0000-000000000000"] items: description: |- Subject or group of subjects. Each principal is formatted as `type:id`. Supported types: `role`, `team`, `user`, and `org`. The org ID can be obtained through the api/v2/current_user API. The user principal type accepts service account IDs. type: string type: array relation: description: The role/level of access. example: editor type: string required: - relation - principals type: object RestrictionPolicyResponse: description: Response containing information about a single restriction policy. properties: data: $ref: "#/components/schemas/RestrictionPolicy" required: - data type: object RestrictionPolicyType: default: restriction_policy description: Restriction policy type. enum: - restriction_policy example: restriction_policy type: string x-enum-varnames: - RESTRICTION_POLICY RestrictionPolicyUpdateRequest: description: Update request for a restriction policy. properties: data: $ref: "#/components/schemas/RestrictionPolicy" required: - data type: object RestrictionQueryAttributes: description: Attributes of the restriction query. properties: created_at: description: Creation time of the restriction query. example: "2020-03-17T21:06:44.000Z" format: date-time readOnly: true type: string last_modifier_email: description: Email of the user who last modified this restriction query. example: "user@example.com" readOnly: true type: string last_modifier_name: description: Name of the user who last modified this restriction query. example: "John Doe" readOnly: true type: string modified_at: description: Time of last restriction query modification. example: "2020-03-17T21:15:15.000Z" format: date-time readOnly: true type: string restriction_query: description: The query that defines the restriction. Only the content matching the query can be returned. example: "env:sandbox" type: string role_count: description: Number of roles associated with this restriction query. example: 3 format: int64 readOnly: true type: integer user_count: description: Number of users associated with this restriction query. example: 5 format: int64 readOnly: true type: integer type: object RestrictionQueryCreateAttributes: description: Attributes of the created restriction query. properties: restriction_query: description: The restriction query. example: "env:sandbox" type: string required: - restriction_query type: object RestrictionQueryCreateData: description: Data related to the creation of a restriction query. properties: attributes: $ref: "#/components/schemas/RestrictionQueryCreateAttributes" type: $ref: "#/components/schemas/LogsRestrictionQueriesType" type: object RestrictionQueryCreatePayload: description: Create a restriction query. properties: data: $ref: "#/components/schemas/RestrictionQueryCreateData" type: object RestrictionQueryListResponse: description: Response containing information about multiple restriction queries. properties: data: description: Array of returned restriction queries. items: $ref: "#/components/schemas/RestrictionQueryWithoutRelationships" type: array type: object RestrictionQueryResponseIncludedItem: description: An object related to a restriction query. oneOf: - $ref: "#/components/schemas/RestrictionQueryRole" RestrictionQueryRole: description: Partial role object. properties: attributes: $ref: "#/components/schemas/RestrictionQueryRoleAttribute" id: description: ID of the role. example: "" type: string type: $ref: "#/components/schemas/RolesType" required: - type - id - attributes type: object RestrictionQueryRoleAttribute: description: Attributes of the role for a restriction query. properties: name: description: The role name. example: "Datadog Admin Role" type: string type: object RestrictionQueryRolesResponse: description: Response containing information about roles attached to a restriction query. properties: data: description: Array of roles. items: $ref: "#/components/schemas/RestrictionQueryRole" type: array type: object RestrictionQueryUpdateAttributes: description: Attributes of the edited restriction query. properties: restriction_query: description: The restriction query. example: "env:sandbox" type: string required: - restriction_query type: object RestrictionQueryUpdateData: description: Data related to the update of a restriction query. properties: attributes: $ref: "#/components/schemas/RestrictionQueryUpdateAttributes" type: $ref: "#/components/schemas/LogsRestrictionQueriesType" type: object RestrictionQueryUpdatePayload: description: Update a restriction query. properties: data: $ref: "#/components/schemas/RestrictionQueryUpdateData" type: object RestrictionQueryWithRelationships: description: Restriction query object returned by the API. properties: attributes: $ref: "#/components/schemas/RestrictionQueryAttributes" id: description: ID of the restriction query. example: "79a0e60a-644a-11ea-ad29-43329f7f58b5" type: string relationships: $ref: "#/components/schemas/UserRelationships" type: $ref: "#/components/schemas/LogsRestrictionQueriesType" type: object RestrictionQueryWithRelationshipsResponse: description: Response containing information about a single restriction query. properties: data: $ref: "#/components/schemas/RestrictionQueryWithRelationships" included: description: Array of objects related to the restriction query. items: $ref: "#/components/schemas/RestrictionQueryResponseIncludedItem" type: array type: object RestrictionQueryWithoutRelationships: description: Restriction query object returned by the API. properties: attributes: $ref: "#/components/schemas/RestrictionQueryAttributes" id: description: ID of the restriction query. example: "79a0e60a-644a-11ea-ad29-43329f7f58b5" type: string type: default: logs_restriction_queries description: Restriction queries type. example: "logs_restriction_queries" readOnly: true type: string type: object RestrictionQueryWithoutRelationshipsResponse: description: Response containing information about a single restriction query. properties: data: $ref: "#/components/schemas/RestrictionQueryWithoutRelationships" type: object RetentionFilter: description: The definition of the retention filter. properties: attributes: $ref: "#/components/schemas/RetentionFilterAttributes" id: description: The ID of the retention filter. example: "7RBOb7dLSYWI01yc3pIH8w" type: string type: $ref: "#/components/schemas/ApmRetentionFilterType" required: - id - type - attributes type: object RetentionFilterAll: description: The definition of the retention filter. properties: attributes: $ref: "#/components/schemas/RetentionFilterAllAttributes" id: description: The ID of the retention filter. example: "7RBOb7dLSYWI01yc3pIH8w" type: string type: $ref: "#/components/schemas/ApmRetentionFilterType" required: - id - type - attributes type: object RetentionFilterAllAttributes: description: The attributes of the retention filter. properties: created_at: description: The creation timestamp of the retention filter. format: int64 type: integer created_by: description: The creator of the retention filter. type: string editable: description: Shows whether the filter can be edited. example: true type: boolean enabled: description: The status of the retention filter (Enabled/Disabled). example: true type: boolean execution_order: description: The execution order of the retention filter. format: int64 type: integer filter: $ref: "#/components/schemas/SpansFilter" filter_type: $ref: "#/components/schemas/RetentionFilterAllType" modified_at: description: The modification timestamp of the retention filter. format: int64 type: integer modified_by: description: The modifier of the retention filter. type: string name: description: The name of the retention filter. example: my retention filter type: string rate: description: |- Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query. example: 1.0 format: double type: number trace_rate: description: |- Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query. example: 1.0 format: double type: number type: object RetentionFilterAllType: default: spans-sampling-processor description: The type of retention filter. enum: - spans-sampling-processor - spans-errors-sampling-processor - spans-appsec-sampling-processor example: spans-sampling-processor type: string x-enum-varnames: - SPANS_SAMPLING_PROCESSOR - SPANS_ERRORS_SAMPLING_PROCESSOR - SPANS_APPSEC_SAMPLING_PROCESSOR RetentionFilterAttributes: description: The attributes of the retention filter. properties: created_at: description: The creation timestamp of the retention filter. format: int64 type: integer created_by: description: The creator of the retention filter. type: string editable: description: Shows whether the filter can be edited. example: true type: boolean enabled: description: The status of the retention filter (Enabled/Disabled). example: true type: boolean execution_order: description: The execution order of the retention filter. format: int64 type: integer filter: $ref: "#/components/schemas/SpansFilter" filter_type: $ref: "#/components/schemas/RetentionFilterType" modified_at: description: The modification timestamp of the retention filter. format: int64 type: integer modified_by: description: The modifier of the retention filter. type: string name: description: The name of the retention filter. example: my retention filter type: string rate: description: |- Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query. example: 1.0 format: double type: number trace_rate: description: |- Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query. example: 1.0 format: double type: number type: object RetentionFilterCreateAttributes: description: The object describing the configuration of the retention filter to create/update. properties: enabled: description: Enable/Disable the retention filter. example: true type: boolean filter: $ref: "#/components/schemas/SpansFilterCreate" filter_type: $ref: "#/components/schemas/RetentionFilterType" name: description: The name of the retention filter. example: my retention filter type: string rate: description: |- Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query. example: 1.0 format: double type: number trace_rate: description: |- Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query. example: 1.0 format: double type: number required: - name - filter - enabled - filter_type - rate type: object RetentionFilterCreateData: description: The body of the retention filter to be created. properties: attributes: $ref: "#/components/schemas/RetentionFilterCreateAttributes" type: $ref: "#/components/schemas/ApmRetentionFilterType" required: - attributes - type type: object RetentionFilterCreateRequest: description: The body of the retention filter to be created. properties: data: $ref: "#/components/schemas/RetentionFilterCreateData" required: - data type: object RetentionFilterCreateResponse: description: The retention filters definition. properties: data: $ref: "#/components/schemas/RetentionFilter" type: object RetentionFilterResponse: description: The retention filters definition. properties: data: $ref: "#/components/schemas/RetentionFilterAll" type: object RetentionFilterType: default: spans-sampling-processor description: The type of retention filter. The value should always be spans-sampling-processor. enum: - spans-sampling-processor example: spans-sampling-processor type: string x-enum-varnames: - SPANS_SAMPLING_PROCESSOR RetentionFilterUpdateAttributes: description: The object describing the configuration of the retention filter to create/update. properties: enabled: description: Enable/Disable the retention filter. example: true type: boolean filter: $ref: "#/components/schemas/SpansFilterCreate" filter_type: $ref: "#/components/schemas/RetentionFilterAllType" name: description: The name of the retention filter. example: my retention filter type: string rate: description: |- Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query. example: 1.0 format: double type: number trace_rate: description: |- Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query. example: 1.0 format: double type: number required: - name - filter - enabled - filter_type - rate type: object RetentionFilterUpdateData: description: The body of the retention filter to be updated. properties: attributes: $ref: "#/components/schemas/RetentionFilterUpdateAttributes" id: description: The ID of the retention filter. example: "retention-filter-id" type: string type: $ref: "#/components/schemas/ApmRetentionFilterType" required: - id - attributes - type type: object RetentionFilterUpdateRequest: description: The body of the retention filter to be updated. properties: data: $ref: "#/components/schemas/RetentionFilterUpdateData" required: - data type: object RetentionFilterWithoutAttributes: description: The retention filter object . properties: id: description: The ID of the retention filter. example: "7RBOb7dLSYWI01yc3pIH8w" type: string type: $ref: "#/components/schemas/ApmRetentionFilterType" required: - id - type type: object RetentionFiltersResponse: description: An ordered list of retention filters. properties: data: description: A list of retention filters objects. items: $ref: "#/components/schemas/RetentionFilterAll" type: array required: - data type: object RetryStrategy: description: The definition of `RetryStrategy` object. properties: kind: $ref: "#/components/schemas/RetryStrategyKind" linear: $ref: "#/components/schemas/RetryStrategyLinear" required: - kind type: object RetryStrategyKind: description: The definition of `RetryStrategyKind` object. enum: - RETRY_STRATEGY_LINEAR example: RETRY_STRATEGY_LINEAR type: string x-enum-varnames: - RETRY_STRATEGY_LINEAR RetryStrategyLinear: description: The definition of `RetryStrategyLinear` object. properties: interval: description: The `RetryStrategyLinear` `interval`. The expected format is the number of seconds ending with an s. For example, 1 day is 86400s example: "" type: string maxRetries: description: The `RetryStrategyLinear` `maxRetries`. example: 0.0 format: double type: number required: - interval - maxRetries type: object RevertCustomRuleRevisionDataType: description: Request type enum: [revert_custom_rule_revision_request] type: string x-enum-varnames: - REVERT_CUSTOM_RULE_REVISION_REQUEST RevertCustomRuleRevisionRequest: description: Request body for reverting a custom rule to a previous revision. properties: data: $ref: "#/components/schemas/RevertCustomRuleRevisionRequestData" type: object RevertCustomRuleRevisionRequestData: description: Data object for a request to revert a custom rule to a previous revision. properties: attributes: $ref: "#/components/schemas/RevertCustomRuleRevisionRequestDataAttributes" id: description: Request identifier type: string type: $ref: "#/components/schemas/RevertCustomRuleRevisionDataType" type: object RevertCustomRuleRevisionRequestDataAttributes: description: Attributes specifying the current and target revision IDs for a revert operation. properties: currentRevision: description: Current revision ID type: string revertToRevision: description: Target revision ID to revert to type: string type: object Role: description: Role object returned by the API. properties: attributes: $ref: "#/components/schemas/RoleAttributes" id: description: The unique identifier of the role. type: string relationships: $ref: "#/components/schemas/RoleResponseRelationships" type: $ref: "#/components/schemas/RolesType" required: - type type: object RoleAttributes: additionalProperties: {} description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: The name of the role. The name is neither unique nor a stable identifier of the role. type: string receives_permissions_from: description: |- The managed role from which this role automatically inherits new permissions. Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role". If empty or not specified, the role does not automatically inherit permissions from any managed role. items: description: Name of a managed role to inherit permissions from. type: string type: array user_count: description: Number of users with that role. format: int64 readOnly: true type: integer type: object RoleClone: description: Data for the clone role request. properties: attributes: $ref: "#/components/schemas/RoleCloneAttributes" type: $ref: "#/components/schemas/RolesType" required: - type - attributes type: object RoleCloneAttributes: description: Attributes required to create a new role by cloning an existing one. properties: name: description: Name of the new role that is cloned. example: "cloned-role" type: string receives_permissions_from: description: |- The managed role from which this role automatically inherits new permissions. Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role". If empty or not specified, the role does not automatically inherit permissions from any managed role. items: description: Name of a managed role to inherit permissions from. type: string type: array required: - name type: object RoleCloneRequest: description: Request to create a role by cloning an existing role. properties: data: $ref: "#/components/schemas/RoleClone" required: - data type: object RoleCreateAttributes: description: Attributes of the created role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. example: developers type: string receives_permissions_from: description: |- The managed role from which this role automatically inherits new permissions. Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role". If empty or not specified, the role does not automatically inherit permissions from any managed role. items: description: Name of a managed role to inherit permissions from. type: string type: array required: - name type: object RoleCreateData: description: Data related to the creation of a role. properties: attributes: $ref: "#/components/schemas/RoleCreateAttributes" relationships: $ref: "#/components/schemas/RoleRelationships" type: $ref: "#/components/schemas/RolesType" required: - attributes type: object RoleCreateRequest: description: Create a role. properties: data: $ref: "#/components/schemas/RoleCreateData" required: - data type: object RoleCreateResponse: description: Response containing information about a created role. properties: data: $ref: "#/components/schemas/RoleCreateResponseData" type: object RoleCreateResponseData: description: Role object returned by the API. properties: attributes: $ref: "#/components/schemas/RoleCreateAttributes" id: description: The unique identifier of the role. type: string relationships: $ref: "#/components/schemas/RoleResponseRelationships" type: $ref: "#/components/schemas/RolesType" required: - type type: object RoleRelationships: description: Relationships of the role object. properties: permissions: $ref: "#/components/schemas/RelationshipToPermissions" type: object RoleResponse: description: Response containing information about a single role. properties: data: $ref: "#/components/schemas/Role" type: object RoleResponseRelationships: description: Relationships of the role object returned by the API. properties: permissions: $ref: "#/components/schemas/RelationshipToPermissions" type: object RoleTemplateArray: description: The definition of `RoleTemplateArray` object. properties: data: description: The `RoleTemplateArray` `data`. items: $ref: "#/components/schemas/RoleTemplateData" type: array required: - data type: object RoleTemplateData: description: The definition of `RoleTemplateData` object. properties: attributes: $ref: "#/components/schemas/RoleTemplateDataAttributes" id: description: The `RoleTemplateData` `id`. type: string type: $ref: "#/components/schemas/RoleTemplateDataType" required: - type type: object RoleTemplateDataAttributes: description: The definition of `RoleTemplateDataAttributes` object. properties: description: description: The `attributes` `description`. type: string name: description: The `attributes` `name`. type: string type: object RoleTemplateDataType: default: roles description: Roles resource type. enum: - roles example: roles type: string x-enum-varnames: - ROLES RoleUpdateAttributes: description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. type: string receives_permissions_from: description: |- The managed role from which this role automatically inherits new permissions. Specify one of the following: "Datadog Admin Role", "Datadog Standard Role", or "Datadog Read Only Role". If empty or not specified, the role does not automatically inherit permissions from any managed role. items: description: Name of a managed role to inherit permissions from. type: string type: array user_count: description: The user count. format: int32 maximum: 2147483647 type: integer type: object RoleUpdateData: description: Data related to the update of a role. properties: attributes: $ref: "#/components/schemas/RoleUpdateAttributes" id: description: The unique identifier of the role. example: "00000000-0000-1111-0000-000000000000" type: string relationships: $ref: "#/components/schemas/RoleRelationships" type: $ref: "#/components/schemas/RolesType" required: - attributes - type - id type: object RoleUpdateRequest: description: Update a role. properties: data: $ref: "#/components/schemas/RoleUpdateData" required: - data type: object RoleUpdateResponse: description: Response containing information about an updated role. properties: data: $ref: "#/components/schemas/RoleUpdateResponseData" type: object RoleUpdateResponseData: description: Role object returned by the API. properties: attributes: $ref: "#/components/schemas/RoleUpdateAttributes" id: description: The unique identifier of the role. type: string relationships: $ref: "#/components/schemas/RoleResponseRelationships" type: $ref: "#/components/schemas/RolesType" required: - type type: object RolesResponse: description: Response containing information about multiple roles. properties: data: description: Array of returned roles. items: $ref: "#/components/schemas/Role" type: array meta: $ref: "#/components/schemas/ResponseMetaAttributes" type: object RolesSort: default: name description: Sorting options for roles. enum: - name - -name - modified_at - -modified_at - user_count - -user_count type: string x-enum-varnames: - NAME_ASCENDING - NAME_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - USER_COUNT_ASCENDING - USER_COUNT_DESCENDING RolesType: default: roles description: Roles type. enum: - roles example: roles type: string x-enum-varnames: - ROLES RolloutOptions: description: Applied progression options for a progressive rollout. properties: autostart: description: Whether the schedule starts automatically. example: false type: boolean selection_interval_ms: description: Interval in milliseconds for uniform interval strategies. example: 3600000 format: int64 type: integer strategy: $ref: "#/components/schemas/RolloutStrategy" required: - strategy - autostart - selection_interval_ms type: object RolloutOptionsRequest: description: Rollout options request payload. properties: autostart: description: Whether the schedule should begin automatically. example: false nullable: true type: boolean selection_interval_ms: description: Interval in milliseconds for uniform interval strategies. example: 3600000 format: int64 type: integer strategy: $ref: "#/components/schemas/RolloutStrategy" required: - strategy type: object RolloutStrategy: description: The progression strategy used by a progressive rollout. enum: - UNIFORM_INTERVALS - NO_ROLLOUT example: "UNIFORM_INTERVALS" type: string x-enum-varnames: - UNIFORM_INTERVALS - NO_ROLLOUT RoutingRule: description: Represents a routing rule, including its attributes, relationships, and unique identifier. properties: attributes: $ref: "#/components/schemas/RoutingRuleAttributes" id: description: Specifies the unique identifier of this routing rule. type: string relationships: $ref: "#/components/schemas/RoutingRuleRelationships" type: $ref: "#/components/schemas/RoutingRuleType" required: - type type: object RoutingRuleAction: description: "Defines an action that is executed when a routing rule matches certain criteria." oneOf: - $ref: "#/components/schemas/SendSlackMessageAction" - $ref: "#/components/schemas/SendTeamsMessageAction" - $ref: "#/components/schemas/TriggerWorkflowAutomationAction" RoutingRuleAttributes: description: Defines the configurable attributes of a routing rule, such as actions, query, time restriction, and urgency. properties: actions: description: Specifies the list of actions to perform when the routing rule matches. items: $ref: "#/components/schemas/RoutingRuleAction" type: array query: description: Defines the query or condition that triggers this routing rule. type: string time_restriction: $ref: "#/components/schemas/TimeRestrictions" nullable: true urgency: $ref: "#/components/schemas/Urgency" type: object RoutingRuleRelationships: description: Specifies relationships for a routing rule, linking to associated policy resources. properties: policy: $ref: "#/components/schemas/RoutingRuleRelationshipsPolicy" type: object RoutingRuleRelationshipsPolicy: description: Defines the relationship that links a routing rule to a policy. properties: data: $ref: "#/components/schemas/RoutingRuleRelationshipsPolicyData" nullable: true type: object RoutingRuleRelationshipsPolicyData: description: Represents the policy data reference, containing the policy's ID and resource type. properties: id: description: Specifies the unique identifier of the policy. example: "" type: string type: $ref: "#/components/schemas/RoutingRuleRelationshipsPolicyDataType" required: - type - id type: object RoutingRuleRelationshipsPolicyDataType: default: policies description: "Indicates that the resource is of type 'policies'." enum: - policies example: policies type: string x-enum-varnames: - POLICIES RoutingRuleType: default: team_routing_rules description: Team routing rules resource type. enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES RuleAttributes: description: Details of a rule. properties: category: deprecated: true description: The scorecard name to which this rule must belong. type: string created_at: description: Creation time of the rule outcome. format: date-time type: string custom: description: Defines if the rule is a custom rule. type: boolean description: description: Explanation of the rule. type: string enabled: description: If enabled, the rule is calculated as part of the score. example: true type: boolean level: $ref: "#/components/schemas/RuleLevel" modified_at: description: Time of the last rule outcome modification. format: date-time type: string name: description: Name of the rule. example: Team Defined type: string owner: description: Owner of the rule. type: string scope_query: description: A query to filter which entities this rule applies to. example: "kind:service" type: string scorecard_name: description: The scorecard name to which this rule must belong. example: Deployments automated via Deployment Trains type: string type: object RuleAttributesRequest: description: Attributes for creating or updating a rule. Server-managed fields (created_at, modified_at, custom) are excluded. properties: description: description: Explanation of the rule. type: string enabled: description: If enabled, the rule is calculated as part of the score. example: true type: boolean level: $ref: "#/components/schemas/RuleLevel" name: description: Name of the rule. example: Team Defined type: string owner: description: Owner of the rule. type: string scope_query: description: A query to filter which entities this rule applies to. example: "kind:service" type: string scorecard_name: description: The scorecard name to which this rule must belong. example: Deployments automated via Deployment Trains type: string type: object RuleId: description: The unique ID for a scorecard rule. example: q8MQxk8TCqrHnWkx type: string RuleLevel: description: The maturity level of the rule (1, 2, or 3). example: 2 format: int32 maximum: 3 minimum: 1 type: integer RuleName: description: Name of the notification rule. example: Rule 1 type: string RuleOutcomeRelationships: description: The JSON:API relationship to a scorecard rule. properties: rule: $ref: "#/components/schemas/RelationshipToOutcome" type: object RuleSeverity: description: Severity of a security rule. enum: - critical - high - medium - low - unknown - info example: critical type: string x-enum-varnames: - CRITICAL - HIGH - MEDIUM - LOW - UNKNOWN - INFO RuleType: default: rule description: The JSON:API type for scorecard rules. enum: - rule example: rule type: string x-enum-varnames: - RULE RuleTypes: description: Security rule types used as filters in security rules. example: [misconfiguration, attack_path] items: $ref: "#/components/schemas/RuleTypesItems" type: array RuleTypesItems: description: |- Security rule type which can be used in security rules. Signal-based notification rules can filter signals based on rule types application_security, log_detection, workload_security, signal_correlation, cloud_configuration and infrastructure_configuration. Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability, application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability. enum: - application_security - log_detection - workload_security - signal_correlation - cloud_configuration - infrastructure_configuration - application_code_vulnerability - application_library_vulnerability - attack_path - container_image_vulnerability - identity_risk - misconfiguration - api_security - host_vulnerability - iac_misconfiguration - sast_vulnerability - secret_vulnerability type: string x-enum-varnames: - APPLICATION_SECURITY - LOG_DETECTION - WORKLOAD_SECURITY - SIGNAL_CORRELATION - CLOUD_CONFIGURATION - INFRASTRUCTURE_CONFIGURATION - APPLICATION_CODE_VULNERABILITY - APPLICATION_LIBRARY_VULNERABILITY - ATTACK_PATH - CONTAINER_IMAGE_VULNERABILITY - IDENTITY_RISK - MISCONFIGURATION - API_SECURITY - HOST_VULNERABILITY - IAC_MISCONFIGURATION - SAST_VULNERABILITY - SECRET_VULNERABILITY RuleUser: description: User creating or modifying a rule. properties: handle: description: The user handle. example: john.doe@domain.com type: string name: description: The user name. example: John Doe type: string type: object RuleVersionHistory: description: Response object containing the version history of a rule. properties: count: description: The number of rule versions. format: int32 maximum: 2147483647 type: integer data: additionalProperties: $ref: "#/components/schemas/RuleVersions" description: A rule version with a list of updates. description: The `RuleVersionHistory` `data`. type: object type: object RuleVersions: description: A rule version with a list of updates. properties: changes: description: A list of changes. items: $ref: "#/components/schemas/VersionHistoryUpdate" type: array rule: $ref: "#/components/schemas/SecurityMonitoringRuleResponse" type: object RulesValidateQueryRequest: description: The definition of `RulesValidateQueryRequest` object. example: data: attributes: Query: example:query AND test:true type: validate_query properties: data: $ref: "#/components/schemas/RulesValidateQueryRequestData" type: object RulesValidateQueryRequestData: description: The definition of `RulesValidateQueryRequestData` object. properties: attributes: $ref: "#/components/schemas/RulesValidateQueryRequestDataAttributes" id: description: The `RulesValidateQueryRequestData` `id`. type: string type: $ref: "#/components/schemas/RulesValidateQueryRequestDataType" required: - type type: object RulesValidateQueryRequestDataAttributes: description: The definition of `RulesValidateQueryRequestDataAttributes` object. properties: Query: description: The `attributes` `Query`. example: "" type: string required: - Query type: object RulesValidateQueryRequestDataType: default: validate_query description: Validate query resource type. enum: - validate_query example: validate_query type: string x-enum-varnames: - VALIDATE_QUERY RulesValidateQueryResponse: description: The definition of `RulesValidateQueryResponse` object. example: data: attributes: Canonical: canonical query representation type: validate_response properties: data: $ref: "#/components/schemas/RulesValidateQueryResponseData" type: object RulesValidateQueryResponseData: description: The definition of `RulesValidateQueryResponseData` object. properties: attributes: $ref: "#/components/schemas/RulesValidateQueryResponseDataAttributes" id: description: The `RulesValidateQueryResponseData` `id`. type: string type: $ref: "#/components/schemas/RulesValidateQueryResponseDataType" required: - type type: object RulesValidateQueryResponseDataAttributes: description: The definition of `RulesValidateQueryResponseDataAttributes` object. properties: Canonical: description: The `attributes` `Canonical`. example: "" type: string required: - Canonical type: object RulesValidateQueryResponseDataType: default: validate_response description: Validate response resource type. enum: - validate_response example: validate_response type: string x-enum-varnames: - VALIDATE_RESPONSE RulesetItemMetadata: additionalProperties: type: string description: The `items` `metadata`. nullable: true type: object RulesetResp: description: The definition of `RulesetResp` object. example: data: attributes: created: enabled: true last_modified_user_uuid: "" modified: name: Example Ruleset position: 0 rules: - enabled: false mapping: metadata: name: RC test rule edited1 query: addition: key: abc value: ww case_insensitivity: false if_tag_exists: do_not_apply query: billingcurrency:"USD" AND account_name:"SZA96462" AND billingcurrency:"USD" reference_table: - enabled: true mapping: destination_key: h if_tag_exists: do_not_apply source_keys: - accountname - accountownerid metadata: name: rule with empty source key query: reference_table: - enabled: true mapping: metadata: name: New table rule with new UI query: reference_table: case_insensitivity: true field_pairs: - input_column: status_type output_key: status - input_column: status_description output_key: dess if_tag_exists: append source_keys: - http_status - status_description table_name: http_status_codes version: 1 id: "12345" type: ruleset properties: data: $ref: "#/components/schemas/RulesetRespData" type: object RulesetRespArray: description: The definition of `RulesetRespArray` object. example: data: - attributes: created: enabled: true last_modified_user_uuid: "" modified: name: Production Cost Allocation Rules position: 0 rules: - enabled: true mapping: metadata: name: AWS Production Account Tagging query: addition: key: environment value: production case_insensitivity: false if_tag_exists: do_not_apply query: billingcurrency:"USD" AND account_name:"prod-account" reference_table: - enabled: true mapping: destination_key: team_owner if_tag_exists: do_not_apply source_keys: - account_name - service metadata: name: Team Mapping Rule query: reference_table: - enabled: true mapping: metadata: name: New table rule with new UI query: reference_table: case_insensitivity: true field_pairs: - input_column: status_type output_key: status - input_column: status_description output_key: dess if_tag_exists: append source_keys: - http_status - status_description table_name: http_status_codes version: 2 id: "55ef2385-9ae1-4410-90c4-5ac1b60fec10" type: ruleset - attributes: created: enabled: true last_modified_user_uuid: "" modified: name: Development Environment Rules position: 0 rules: - enabled: true mapping: metadata: name: Dev Account Cost Center query: addition: key: cost_center value: engineering case_insensitivity: true if_tag_exists: do_not_apply query: account_name:"dev-*" reference_table: version: 1 id: "a7b8c9d0-1234-5678-9abc-def012345678" type: ruleset properties: data: description: The `RulesetRespArray` `data`. items: $ref: "#/components/schemas/RulesetRespData" type: array required: - data type: object RulesetRespData: description: The definition of `RulesetRespData` object. properties: attributes: $ref: "#/components/schemas/RulesetRespDataAttributes" id: description: The `RulesetRespData` `id`. type: string type: $ref: "#/components/schemas/RulesetRespDataType" required: - type type: object RulesetRespDataAttributes: description: The definition of `RulesetRespDataAttributes` object. properties: created: $ref: "#/components/schemas/RulesetRespDataAttributesCreated" enabled: description: The `attributes` `enabled`. example: false type: boolean last_modified_user_uuid: description: The `attributes` `last_modified_user_uuid`. example: "" type: string modified: $ref: "#/components/schemas/RulesetRespDataAttributesModified" name: description: The `attributes` `name`. example: "" type: string position: description: The `attributes` `position`. example: 0 format: int32 maximum: 2147483647 type: integer processing_status: description: The `attributes` `processing_status`. example: "" type: string rules: description: The `attributes` `rules`. items: $ref: "#/components/schemas/RulesetRespDataAttributesRulesItems" type: array version: description: The `attributes` `version`. example: 0 format: int64 type: integer required: - created - enabled - last_modified_user_uuid - modified - name - position - rules - version type: object RulesetRespDataAttributesCreated: description: The definition of `RulesetRespDataAttributesCreated` object. properties: nanos: description: The `created` `nanos`. format: int32 maximum: 2147483647 type: integer seconds: description: The `created` `seconds`. format: int64 type: integer type: object RulesetRespDataAttributesModified: description: The definition of `RulesetRespDataAttributesModified` object. properties: nanos: description: The `modified` `nanos`. format: int32 maximum: 2147483647 type: integer seconds: description: The `modified` `seconds`. format: int64 type: integer type: object RulesetRespDataAttributesRulesItems: description: The definition of `RulesetRespDataAttributesRulesItems` object. properties: enabled: description: The `items` `enabled`. example: false type: boolean mapping: $ref: "#/components/schemas/DataAttributesRulesItemsMapping" metadata: $ref: "#/components/schemas/RulesetItemMetadata" name: description: The `items` `name`. example: "" type: string query: $ref: "#/components/schemas/RulesetRespDataAttributesRulesItemsQuery" reference_table: $ref: "#/components/schemas/RulesetRespDataAttributesRulesItemsReferenceTable" required: - enabled - name type: object RulesetRespDataAttributesRulesItemsQuery: description: The definition of `RulesetRespDataAttributesRulesItemsQuery` object. nullable: true properties: addition: $ref: "#/components/schemas/RulesetRespDataAttributesRulesItemsQueryAddition" case_insensitivity: description: The `query` `case_insensitivity`. type: boolean if_not_exists: deprecated: true description: Deprecated. Use `if_tag_exists` instead. The `query` `if_not_exists`. type: boolean if_tag_exists: $ref: "#/components/schemas/DataAttributesRulesItemsIfTagExists" query: description: The `query` `query`. example: "" type: string required: - addition - query type: object RulesetRespDataAttributesRulesItemsQueryAddition: description: The definition of `RulesetRespDataAttributesRulesItemsQueryAddition` object. nullable: true properties: key: description: The `addition` `key`. example: "" type: string value: description: The `addition` `value`. example: "" type: string required: - key - value type: object RulesetRespDataAttributesRulesItemsReferenceTable: description: The definition of `RulesetRespDataAttributesRulesItemsReferenceTable` object. nullable: true properties: case_insensitivity: description: The `reference_table` `case_insensitivity`. type: boolean field_pairs: description: The `reference_table` `field_pairs`. items: $ref: "#/components/schemas/RulesetRespDataAttributesRulesItemsReferenceTableFieldPairsItems" type: array if_not_exists: deprecated: true description: Deprecated. Use `if_tag_exists` instead. The `reference_table` `if_not_exists`. type: boolean if_tag_exists: $ref: "#/components/schemas/DataAttributesRulesItemsIfTagExists" source_keys: description: The `reference_table` `source_keys`. example: - "" items: description: A source key for the reference table lookup. type: string type: array table_name: description: The `reference_table` `table_name`. example: "" type: string required: - field_pairs - source_keys - table_name type: object RulesetRespDataAttributesRulesItemsReferenceTableFieldPairsItems: description: The definition of `RulesetRespDataAttributesRulesItemsReferenceTableFieldPairsItems` object. properties: input_column: description: The `items` `input_column`. example: "" type: string output_key: description: The `items` `output_key`. example: "" type: string required: - input_column - output_key type: object RulesetRespDataType: default: ruleset description: Ruleset resource type. enum: - ruleset example: ruleset type: string x-enum-varnames: - RULESET RulesetStatusRespArray: description: Processing statuses for all tag pipeline rulesets in the specified organization. example: data: - attributes: processing_status: processing id: 55ef2385-9ae1-4410-90c4-5ac1b60fec10 type: ruleset_status - attributes: processing_status: done id: a7b8c9d0-1234-5678-9abc-def012345678 type: ruleset_status properties: data: description: Processing status for a tag pipeline ruleset. items: $ref: "#/components/schemas/RulesetStatusRespData" type: array required: - data type: object RulesetStatusRespData: description: Processing status for a tag pipeline ruleset. properties: attributes: $ref: "#/components/schemas/RulesetStatusRespDataAttributes" id: description: The unique identifier of the ruleset. example: 55ef2385-9ae1-4410-90c4-5ac1b60fec10 type: string type: $ref: "#/components/schemas/RulesetStatusRespDataType" required: - id - type - attributes type: object RulesetStatusRespDataAttributes: description: Processing status for a tag pipeline ruleset. properties: processing_status: description: The processing status of the ruleset. example: processing type: string required: - processing_status type: object RulesetStatusRespDataType: default: ruleset_status description: Ruleset status resource type. enum: - ruleset_status example: ruleset_status type: string x-enum-varnames: - RULESET_STATUS RumCrossProductSampling: description: The configuration for cross-product retention filters. properties: trace_enabled: description: Whether the cross-product retention filter for APM traces is enabled. example: true type: boolean trace_sample_rate: description: The sample rate for the APM cross-product retention filter, between 0 and 100. example: 25.0 format: double maximum: 100 minimum: 0 type: number type: object RumCrossProductSamplingCreate: description: The configuration for cross-product retention filters. properties: trace_enabled: description: Whether the cross-product retention filter for APM traces is enabled. example: true type: boolean trace_sample_rate: description: The sample rate for the APM cross-product retention filter, between 0 and 100. example: 25.0 format: double maximum: 100 minimum: 0 type: number required: - trace_sample_rate type: object RumCrossProductSamplingUpdate: description: The configuration for cross-product retention filters. All fields are optional for partial updates. properties: trace_enabled: description: Whether the cross-product retention filter for APM traces is enabled. example: true type: boolean trace_sample_rate: description: The sample rate for the APM cross-product retention filter, between 0 and 100. example: 25.0 format: double maximum: 100 minimum: 0 type: number type: object RumMetricCompute: description: The compute rule to compute the rum-based metric. properties: aggregation_type: $ref: "#/components/schemas/RumMetricComputeAggregationType" include_percentiles: $ref: "#/components/schemas/RumMetricComputeIncludePercentiles" path: description: |- The path to the value the rum-based metric will aggregate on. Only present when `aggregation_type` is `distribution`. example: "@duration" type: string required: - aggregation_type type: object RumMetricComputeAggregationType: description: The type of aggregation to use. enum: ["count", "distribution"] example: "distribution" type: string x-enum-varnames: ["COUNT", "DISTRIBUTION"] RumMetricComputeIncludePercentiles: description: |- Toggle to include or exclude percentile aggregations for distribution metrics. Only present when `aggregation_type` is `distribution`. example: true type: boolean RumMetricCreateAttributes: description: The object describing the Datadog rum-based metric to create. properties: compute: $ref: "#/components/schemas/RumMetricCompute" event_type: $ref: "#/components/schemas/RumMetricEventType" filter: $ref: "#/components/schemas/RumMetricFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/RumMetricGroupBy" type: array uniqueness: $ref: "#/components/schemas/RumMetricUniqueness" required: - event_type - compute type: object RumMetricCreateData: description: The new rum-based metric properties. properties: attributes: $ref: "#/components/schemas/RumMetricCreateAttributes" id: $ref: "#/components/schemas/RumMetricID" type: $ref: "#/components/schemas/RumMetricType" required: - id - type - attributes type: object RumMetricCreateRequest: description: The new rum-based metric body. properties: data: $ref: "#/components/schemas/RumMetricCreateData" required: - data type: object RumMetricEventType: description: The type of RUM events to filter on. enum: ["session", "view", "action", "error", "resource", "long_task", "vital"] example: "session" type: string x-enum-varnames: ["SESSION", "VIEW", "ACTION", "ERROR", "RESOURCE", "LONG_TASK", "VITAL"] RumMetricFilter: description: The rum-based metric filter. Events matching this filter will be aggregated in this metric. properties: query: default: "*" description: The search query - following the RUM search syntax. example: "@service:web-ui:" type: string required: - query type: object RumMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the rum-based metric will be aggregated over. example: "@browser.name" type: string tag_name: description: Eventual name of the tag that gets created. By default, `path` is used as the tag name. example: "browser_name" type: string required: - path type: object RumMetricID: description: The name of the rum-based metric. example: "rum.sessions.webui.count" type: string RumMetricResponse: description: The rum-based metric object. properties: data: $ref: "#/components/schemas/RumMetricResponseData" type: object RumMetricResponseAttributes: description: The object describing a Datadog rum-based metric. properties: compute: $ref: "#/components/schemas/RumMetricResponseCompute" event_type: $ref: "#/components/schemas/RumMetricEventType" filter: $ref: "#/components/schemas/RumMetricResponseFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/RumMetricResponseGroupBy" type: array uniqueness: $ref: "#/components/schemas/RumMetricResponseUniqueness" type: object RumMetricResponseCompute: description: The compute rule to compute the rum-based metric. properties: aggregation_type: $ref: "#/components/schemas/RumMetricComputeAggregationType" include_percentiles: $ref: "#/components/schemas/RumMetricComputeIncludePercentiles" path: description: |- The path to the value the rum-based metric will aggregate on. Only present when `aggregation_type` is `distribution`. example: "@duration" type: string type: object RumMetricResponseData: description: The rum-based metric properties. properties: attributes: $ref: "#/components/schemas/RumMetricResponseAttributes" id: $ref: "#/components/schemas/RumMetricID" type: $ref: "#/components/schemas/RumMetricType" type: object RumMetricResponseFilter: description: The rum-based metric filter. RUM events matching this filter will be aggregated in this metric. properties: query: description: The search query - following the RUM search syntax. example: "service:web* AND @http.status_code:[200 TO 299]" type: string type: object RumMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the rum-based metric will be aggregated over. example: "@http.status_code" type: string tag_name: description: Eventual name of the tag that gets created. By default, `path` is used as the tag name. example: "status_code" type: string type: object RumMetricResponseUniqueness: description: The rule to count updatable events. Is only set if `event_type` is `session` or `view`. properties: when: $ref: "#/components/schemas/RumMetricUniquenessWhen" type: object RumMetricType: default: rum_metrics description: The type of the resource. The value should always be rum_metrics. enum: - rum_metrics example: rum_metrics type: string x-enum-varnames: ["RUM_METRICS"] RumMetricUniqueness: description: The rule to count updatable events. Is only set if `event_type` is `sessions` or `views`. properties: when: $ref: "#/components/schemas/RumMetricUniquenessWhen" required: - when type: object RumMetricUniquenessWhen: description: When to count updatable events. `match` when the event is first seen, or `end` when the event is complete. enum: ["match", "end"] example: "match" type: string x-enum-varnames: ["WHEN_MATCH", "WHEN_END"] RumMetricUpdateAttributes: description: The rum-based metric properties that will be updated. properties: compute: $ref: "#/components/schemas/RumMetricUpdateCompute" filter: $ref: "#/components/schemas/RumMetricFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/RumMetricGroupBy" type: array type: object RumMetricUpdateCompute: description: The compute rule to compute the rum-based metric. properties: include_percentiles: $ref: "#/components/schemas/RumMetricComputeIncludePercentiles" type: object RumMetricUpdateData: description: The new rum-based metric properties. properties: attributes: $ref: "#/components/schemas/RumMetricUpdateAttributes" id: $ref: "#/components/schemas/RumMetricID" type: $ref: "#/components/schemas/RumMetricType" required: - type - attributes type: object RumMetricUpdateRequest: description: The new rum-based metric body. properties: data: $ref: "#/components/schemas/RumMetricUpdateData" required: - data type: object RumMetricsResponse: description: All the available rum-based metric objects. properties: data: description: A list of rum-based metric objects. items: $ref: "#/components/schemas/RumMetricResponseData" type: array type: object RumRetentionFilterAttributes: description: The object describing attributes of a RUM retention filter. properties: cross_product_sampling: $ref: "#/components/schemas/RumCrossProductSampling" enabled: $ref: "#/components/schemas/RumRetentionFilterEnabled" event_type: $ref: "#/components/schemas/RumRetentionFilterEventType" name: $ref: "#/components/schemas/RunRetentionFilterName" query: $ref: "#/components/schemas/RumRetentionFilterQuery" sample_rate: $ref: "#/components/schemas/RumRetentionFilterSampleRate" type: object RumRetentionFilterCreateAttributes: description: The object describing attributes of a RUM retention filter to create. properties: cross_product_sampling: $ref: "#/components/schemas/RumCrossProductSamplingCreate" enabled: $ref: "#/components/schemas/RumRetentionFilterEnabled" event_type: $ref: "#/components/schemas/RumRetentionFilterEventType" name: $ref: "#/components/schemas/RunRetentionFilterName" query: $ref: "#/components/schemas/RumRetentionFilterQuery" sample_rate: $ref: "#/components/schemas/RumRetentionFilterSampleRate" required: - event_type - name - sample_rate type: object RumRetentionFilterCreateData: description: The new RUM retention filter properties to create. properties: attributes: $ref: "#/components/schemas/RumRetentionFilterCreateAttributes" type: $ref: "#/components/schemas/RumRetentionFilterType" required: - type - attributes type: object RumRetentionFilterCreateRequest: description: The RUM retention filter body to create. properties: data: $ref: "#/components/schemas/RumRetentionFilterCreateData" required: - data type: object RumRetentionFilterData: description: The RUM retention filter. properties: attributes: $ref: "#/components/schemas/RumRetentionFilterAttributes" id: $ref: "#/components/schemas/RumRetentionFilterID" type: $ref: "#/components/schemas/RumRetentionFilterType" type: object RumRetentionFilterEnabled: description: Whether the retention filter is enabled. example: true type: boolean RumRetentionFilterEventType: description: The type of RUM events to filter on. enum: ["session", "view", "action", "error", "resource", "long_task", "vital"] example: "session" type: string x-enum-varnames: ["SESSION", "VIEW", "ACTION", "ERROR", "RESOURCE", "LONG_TASK", "VITAL"] RumRetentionFilterID: description: ID of retention filter in UUID. example: "051601eb-54a0-abc0-03f9-cc02efa18892" type: string RumRetentionFilterQuery: description: The query string for a RUM retention filter. example: "@session.has_replay:true" type: string RumRetentionFilterResponse: description: The RUM retention filter object. properties: data: $ref: "#/components/schemas/RumRetentionFilterData" type: object RumRetentionFilterSampleRate: description: The sample rate for a RUM retention filter, between 0.1 and 100. example: 50.5 format: double maximum: 100 minimum: 0.1 type: number RumRetentionFilterType: default: retention_filters description: The type of the resource. The value should always be retention_filters. enum: - retention_filters example: retention_filters type: string x-enum-varnames: ["RETENTION_FILTERS"] RumRetentionFilterUpdateAttributes: description: The object describing attributes of a RUM retention filter to update. properties: cross_product_sampling: $ref: "#/components/schemas/RumCrossProductSamplingUpdate" enabled: $ref: "#/components/schemas/RumRetentionFilterEnabled" event_type: $ref: "#/components/schemas/RumRetentionFilterEventType" name: $ref: "#/components/schemas/RunRetentionFilterName" query: $ref: "#/components/schemas/RumRetentionFilterQuery" sample_rate: $ref: "#/components/schemas/RumRetentionFilterSampleRate" type: object RumRetentionFilterUpdateData: description: The new RUM retention filter properties to update. properties: attributes: $ref: "#/components/schemas/RumRetentionFilterUpdateAttributes" id: $ref: "#/components/schemas/RumRetentionFilterID" type: $ref: "#/components/schemas/RumRetentionFilterType" required: - id - type - attributes type: object RumRetentionFilterUpdateRequest: description: The RUM retention filter body to update. properties: data: $ref: "#/components/schemas/RumRetentionFilterUpdateData" required: - data type: object RumRetentionFiltersOrderData: description: The RUM retention filter data for ordering. properties: id: $ref: "#/components/schemas/RumRetentionFilterID" type: $ref: "#/components/schemas/RumRetentionFilterType" required: - id - type type: object RumRetentionFiltersOrderRequest: description: |- The list of RUM retention filter IDs along with their corresponding type to reorder. All retention filter IDs should be included in the list created for a RUM application. properties: data: description: A list of RUM retention filter IDs along with type. items: $ref: "#/components/schemas/RumRetentionFiltersOrderData" type: array type: object RumRetentionFiltersOrderResponse: description: The list of RUM retention filter IDs along with type. properties: data: description: A list of RUM retention filter IDs along with type. items: $ref: "#/components/schemas/RumRetentionFiltersOrderData" type: array type: object RumRetentionFiltersResponse: description: All RUM retention filters for a RUM application. properties: data: description: A list of RUM retention filters. items: $ref: "#/components/schemas/RumRetentionFilterData" type: array type: object RunHistoricalJobRequest: description: Run a historical job request. properties: data: $ref: "#/components/schemas/RunHistoricalJobRequestData" type: object RunHistoricalJobRequestAttributes: description: Run a historical job request. properties: fromRule: $ref: "#/components/schemas/JobDefinitionFromRule" id: description: Request ID. type: string jobDefinition: $ref: "#/components/schemas/JobDefinition" type: object RunHistoricalJobRequestData: description: Data for running a historical job request. properties: attributes: $ref: "#/components/schemas/RunHistoricalJobRequestAttributes" type: $ref: "#/components/schemas/RunHistoricalJobRequestDataType" type: object RunHistoricalJobRequestDataType: description: Type of data. enum: - historicalDetectionsJobCreate type: string x-enum-varnames: - HISTORICALDETECTIONSJOBCREATE RunRetentionFilterName: description: The name of a RUM retention filter. example: "Retention filter for session" type: string SAMLAssertionAttribute: description: SAML assertion attribute. properties: attributes: $ref: "#/components/schemas/SAMLAssertionAttributeAttributes" id: description: The ID of the SAML assertion attribute. example: "0" type: string type: $ref: "#/components/schemas/SAMLAssertionAttributesType" required: - id - type type: object SAMLAssertionAttributeAttributes: description: Key/Value pair of attributes used in SAML assertion attributes. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object SAMLAssertionAttributesType: default: saml_assertion_attributes description: SAML assertion attributes resource type. enum: - saml_assertion_attributes example: saml_assertion_attributes type: string x-enum-varnames: - SAML_ASSERTION_ATTRIBUTES SBOM: description: A single SBOM properties: attributes: $ref: "#/components/schemas/SBOMAttributes" id: description: The unique ID for this SBOM (it is equivalent to the `asset_name` or `asset_name@repo_digest` (Image) example: "github.com/datadog/datadog-agent" type: string type: $ref: "#/components/schemas/SBOMType" type: object SBOMAttributes: description: The JSON:API attributes of the SBOM. properties: bomFormat: description: Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOM do not have a filename convention nor does JSON schema support namespaces. This value MUST be `CycloneDX`. example: CycloneDX type: string components: description: A list of software and hardware components. items: $ref: "#/components/schemas/SBOMComponent" type: array dependencies: description: List of dependencies between components of the SBOM. items: $ref: "#/components/schemas/SBOMComponentDependency" type: array metadata: $ref: "#/components/schemas/SBOMMetadata" serialNumber: description: Every BOM generated has a unique serial number, even if the contents of the BOM have not changed overt time. The serial number follows [RFC-4122](https://datatracker.ietf.org/doc/html/rfc4122) example: urn:uuid:f7119d2f-1vgh-24b5-91f0-12010db72da7 type: string specVersion: $ref: "#/components/schemas/SpecVersion" version: description: It increments when a BOM is modified. The default value is 1. example: 1 format: int64 type: integer required: - bomFormat - specVersion - components - metadata - serialNumber - version - dependencies type: object SBOMComponent: description: Software or hardware component. properties: bom-ref: description: An optional identifier that can be used to reference the component elsewhere in the BOM. example: "pkg:golang/google.golang.org/grpc@1.68.1" type: string licenses: description: The software licenses of the SBOM component. items: $ref: "#/components/schemas/SBOMComponentLicense" type: array name: description: The name of the component. This will often be a shortened, single name of the component. example: "google.golang.org/grpc" type: string properties: description: The custom properties of the component of the SBOM. items: $ref: "#/components/schemas/SBOMComponentProperty" type: array purl: description: Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the [specification](https://github.com/package-url/purl-spec). example: "pkg:golang/google.golang.org/grpc@1.68.1" type: string supplier: $ref: "#/components/schemas/SBOMComponentSupplier" type: $ref: "#/components/schemas/SBOMComponentType" version: description: The component version. example: "1.68.1" type: string required: - type - name - version - supplier type: object SBOMComponentDependency: description: The dependencies of a component of the SBOM. properties: dependsOn: description: The components that are dependencies of the ref component. items: description: A package URL (purl) identifying a dependency of the component. example: pkg:golang/google.golang.org/grpc@1.68.1 type: string required: - ref - dependsOn type: array ref: description: The identifier for the related component. example: Repository|github.com/datadog/datadog-agent type: string type: object SBOMComponentLicense: description: The software license of the component of the SBOM. properties: license: $ref: "#/components/schemas/SBOMComponentLicenseLicense" required: - license type: object SBOMComponentLicenseLicense: description: The software license of the component of the SBOM. properties: name: description: The name of the software license of the component of the SBOM. example: MIT type: string required: - name type: object SBOMComponentLicenseType: description: The SBOM component license type. enum: - network_strong_copyleft - non_standard_copyleft - other_non_free - other_non_standard - permissive - public_domain - strong_copyleft - weak_copyleft example: application type: string x-enum-varnames: - NETWORK_STRONG_COPYLEFT - NON_STANDARD_COPYLEFT - OTHER_NON_FREE - OTHER_NON_STANDARD - PERMISSIVE - PUBLIC_DOMAIN - STRONG_COPYLEFT - WEAK_COPYLEFT SBOMComponentProperty: description: The custom property of the component of the SBOM. properties: name: description: The name of the custom property of the component of the SBOM. example: license_type type: string value: description: The value of the custom property of the component of the SBOM. example: permissive type: string required: - name - value type: object SBOMComponentSupplier: description: The supplier of the component. properties: name: description: Identifier of the supplier of the component. example: https://go.dev type: string required: - name type: object SBOMComponentType: description: The SBOM component type enum: - application - container - data - device - device-driver - file - firmware - framework - library - machine-learning-model - operating-system - platform example: application type: string x-enum-varnames: - APPLICATION - CONTAINER - DATA - DEVICE - DEVICE_DRIVER - FILE - FIRMWARE - FRAMEWORK - LIBRARY - MACHINE_LEARNING_MODEL - OPERATING_SYSTEM - PLATFORM SBOMFormat: description: The SBOM standard enum: - CycloneDX - SPDX example: CycloneDX type: string x-enum-varnames: - CYCLONEDX - SPDX SBOMMetadata: description: Provides additional information about a BOM. properties: authors: description: List of authors of the SBOM. items: $ref: "#/components/schemas/SBOMMetadataAuthor" type: array component: $ref: "#/components/schemas/SBOMMetadataComponent" timestamp: description: The timestamp of the SBOM creation. example: "2025-07-08T07:24:53Z" type: string type: object SBOMMetadataAuthor: description: Author of the SBOM. properties: name: description: The identifier of the Author of the SBOM. example: "Datadog, Inc." type: string type: object SBOMMetadataComponent: description: The component that the BOM describes. properties: name: description: The name of the component. This will often be a shortened, single name of the component. example: "github.com/datadog/datadog-agent" type: string type: description: Specifies the type of the component. example: application type: string type: object SBOMType: description: The JSON:API type. enum: - sboms example: sboms type: string x-enum-varnames: - SBOMS SLOReportInterval: description: |- The frequency at which report data is to be generated. enum: - daily - weekly - monthly example: weekly type: string x-enum-varnames: - DAILY - WEEKLY - MONTHLY SLOReportPostResponse: description: The SLO report response. properties: data: $ref: "#/components/schemas/SLOReportPostResponseData" type: object SLOReportPostResponseData: description: The data portion of the SLO report response. properties: id: description: The ID of the report job. example: "dc8d92aa-e0af-11ee-af21-1feeaccaa3a3" type: string type: description: The type of ID. example: "report_id" type: string type: object SLOReportStatus: description: The status of the SLO report job. enum: - in_progress - completed - completed_with_errors - failed example: "completed" type: string x-enum-varnames: - IN_PROGRESS - COMPLETED - COMPLETED_WITH_ERRORS - FAILED SLOReportStatusGetResponse: description: The SLO report status response. properties: data: $ref: "#/components/schemas/SLOReportStatusGetResponseData" type: object SLOReportStatusGetResponseAttributes: description: The attributes portion of the SLO report status response. properties: status: $ref: "#/components/schemas/SLOReportStatus" type: object SLOReportStatusGetResponseData: description: The data portion of the SLO report status response. properties: attributes: $ref: "#/components/schemas/SLOReportStatusGetResponseAttributes" id: description: The ID of the report job. example: "dc8d92aa-e0af-11ee-af21-1feeaccaa3a3" type: string type: description: The type of ID. example: "report_id" type: string type: object ScaRequest: description: The top-level request object for submitting a Software Composition Analysis (SCA) scan result. properties: data: $ref: "#/components/schemas/ScaRequestData" type: object ScaRequestData: description: The data object in an SCA request, containing the dependency graph attributes and request type. properties: attributes: $ref: "#/components/schemas/ScaRequestDataAttributes" id: description: An optional identifier for this SCA request data object. type: string type: $ref: "#/components/schemas/ScaRequestDataType" required: - type type: object ScaRequestDataAttributes: description: The attributes of an SCA request, containing dependency graph data, vulnerability information, and repository context. properties: commit: $ref: "#/components/schemas/ScaRequestDataAttributesCommit" dependencies: description: The list of dependencies discovered in the repository. items: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItems" type: array env: description: The environment context in which the SCA scan was performed (e.g., production, staging). type: string files: description: The list of dependency manifest files found in the repository. items: $ref: "#/components/schemas/ScaRequestDataAttributesFilesItems" type: array relations: description: The dependency relations describing the inter-component dependency graph. items: $ref: "#/components/schemas/ScaRequestDataAttributesRelationsItems" type: array repository: $ref: "#/components/schemas/ScaRequestDataAttributesRepository" service: description: The name of the service or application being analyzed. type: string tags: additionalProperties: type: string description: A map of key-value tags providing additional metadata for the SCA scan. type: object vulnerabilities: description: The list of vulnerabilities identified in the dependency graph. items: $ref: "#/components/schemas/ScaRequestDataAttributesVulnerabilitiesItems" type: array type: object ScaRequestDataAttributesCommit: description: Metadata about the commit associated with the SCA scan, including author, committer, and branch information. properties: author_date: description: The date when the commit was authored. type: string author_email: description: The email address of the commit author. type: string author_name: description: The full name of the commit author. type: string branch: description: The branch name on which the commit was made. type: string committer_email: description: The email address of the person who committed the change. type: string committer_name: description: The full name of the person who committed the change. type: string sha: description: The SHA hash uniquely identifying the commit. type: string type: object ScaRequestDataAttributesDependenciesItems: description: A dependency found in the repository, including its identity, location, and reachability metadata. properties: exclusions: description: A list of patterns or identifiers that should be excluded from analysis for this dependency. items: description: An exclusion pattern or identifier. type: string type: array group: description: The group or organization namespace of the dependency (e.g., Maven group ID). type: string is_dev: description: Indicates whether this is a development-only dependency not used in production. type: boolean is_direct: description: Indicates whether this is a direct dependency (as opposed to a transitive one). type: boolean language: description: The programming language ecosystem of this dependency (e.g., java, python, javascript). type: string locations: description: The list of source file locations where this dependency is declared. items: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsLocationsItems" type: array name: description: The name of the dependency package. type: string package_manager: description: The package manager responsible for this dependency (e.g., maven, pip, npm). type: string purl: description: The Package URL (PURL) uniquely identifying this dependency. type: string reachable_symbol_properties: description: Properties describing symbols from this dependency that are reachable in the application code. items: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsReachableSymbolPropertiesItems" type: array version: description: The version of the dependency. type: string type: object ScaRequestDataAttributesDependenciesItemsLocationsItems: description: The source code location where a dependency is declared, including block, name, namespace, and version positions within the file. properties: block: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsLocationsItemsFilePosition" name: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsLocationsItemsFilePosition" namespace: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsLocationsItemsFilePosition" version: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsLocationsItemsFilePosition" type: object ScaRequestDataAttributesDependenciesItemsLocationsItemsFilePosition: description: A range within a file defined by a start and end position, along with the file name. properties: end: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsLocationsItemsPosition" file_name: description: The name or path of the file containing this location. type: string start: $ref: "#/components/schemas/ScaRequestDataAttributesDependenciesItemsLocationsItemsPosition" type: object ScaRequestDataAttributesDependenciesItemsLocationsItemsPosition: description: A specific position (line and column) within a source file. properties: col: description: The column number of the position within the line. format: int32 maximum: 2147483647 type: integer line: description: The line number of the position within the file. format: int32 maximum: 2147483647 type: integer type: object ScaRequestDataAttributesDependenciesItemsReachableSymbolPropertiesItems: description: A key-value property describing a reachable symbol within a dependency. properties: name: description: The name of the reachable symbol property. type: string value: description: The value of the reachable symbol property. type: string type: object ScaRequestDataAttributesFilesItems: description: A file entry in the repository associated with a dependency manifest. properties: name: description: The name or path of the file within the repository. type: string purl: description: The Package URL (PURL) associated with the dependency declared in this file. type: string type: object ScaRequestDataAttributesRelationsItems: description: A dependency relation describing which other components a given component depends on. properties: depends_on: description: The list of BOM references that this component directly depends on. items: description: A BOM reference of a dependency. type: string type: array ref: description: The BOM reference of the component that has dependencies. type: string type: object ScaRequestDataAttributesRepository: description: Information about the source code repository being analyzed. properties: url: description: The URL of the repository. type: string type: object ScaRequestDataAttributesVulnerabilitiesItems: description: A vulnerability entry from the Software Bill of Materials (SBOM), describing a known security issue and the components it affects. properties: affects: description: The list of components affected by this vulnerability. items: $ref: "#/components/schemas/ScaRequestDataAttributesVulnerabilitiesItemsAffectsItems" type: array bom_ref: description: The unique BOM reference identifier for this vulnerability entry. type: string id: description: The vulnerability identifier (e.g., CVE ID or similar). type: string type: object ScaRequestDataAttributesVulnerabilitiesItemsAffectsItems: description: A reference to a component affected by a vulnerability. properties: ref: description: The BOM reference identifying the affected component. type: string type: object ScaRequestDataType: default: scarequests description: The type identifier for SCA dependency analysis requests. enum: - scarequests example: scarequests type: string x-enum-varnames: - SCAREQUESTS ScalarColumn: description: A single column in a scalar query response. oneOf: - $ref: "#/components/schemas/GroupScalarColumn" - $ref: "#/components/schemas/DataScalarColumn" ScalarColumnTypeGroup: default: group description: The type of column present for groups. enum: - group example: group type: string x-enum-varnames: - GROUP ScalarColumnTypeNumber: default: number description: The type of column present for numbers. enum: - number example: number type: string x-enum-varnames: - NUMBER ScalarFormulaQueryRequest: description: A wrapper request around one scalar query to be executed. properties: data: $ref: "#/components/schemas/ScalarFormulaRequest" required: - data type: object ScalarFormulaQueryResponse: description: A message containing one or more responses to scalar queries. properties: data: $ref: "#/components/schemas/ScalarResponse" errors: description: An error generated when processing a request. type: string type: object ScalarFormulaRequest: description: A single scalar query to be executed. properties: attributes: $ref: "#/components/schemas/ScalarFormulaRequestAttributes" type: $ref: "#/components/schemas/ScalarFormulaRequestType" required: - type - attributes type: object ScalarFormulaRequestAttributes: description: The object describing a scalar formula request. properties: formulas: description: List of formulas to be calculated and returned as responses. items: $ref: "#/components/schemas/QueryFormula" type: array from: description: Start date (inclusive) of the query in milliseconds since the Unix epoch. example: 1568899800000 format: int64 type: integer queries: $ref: "#/components/schemas/ScalarFormulaRequestQueries" to: description: End date (exclusive) of the query in milliseconds since the Unix epoch. example: 1568923200000 format: int64 type: integer required: - to - from - queries type: object ScalarFormulaRequestQueries: description: List of queries to be run and used as inputs to the formulas. example: - aggregator: avg data_source: metrics query: "avg:system.cpu.user{*} by {env}" items: $ref: "#/components/schemas/ScalarQuery" type: array ScalarFormulaRequestType: default: "scalar_request" description: The type of the resource. The value should always be scalar_request. enum: ["scalar_request"] example: "scalar_request" type: string x-enum-varnames: ["SCALAR_REQUEST"] ScalarFormulaResponseAtrributes: description: The object describing a scalar response. properties: columns: description: List of response columns, each corresponding to an individual formula or query in the request and with values in parallel arrays matching the series list. items: $ref: "#/components/schemas/ScalarColumn" type: array type: object ScalarFormulaResponseType: default: "scalar_response" description: The type of the resource. The value should always be scalar_response. enum: ["scalar_response"] example: "scalar_response" type: string x-enum-varnames: ["SCALAR_RESPONSE"] ScalarMeta: description: Metadata for the resulting numerical values. properties: unit: description: |- Detailed information about the unit. First element describes the "primary unit" (for example, `bytes` in `bytes per second`). The second element describes the "per unit" (for example, `second` in `bytes per second`). If the second element is not present, the API returns null. items: $ref: "#/components/schemas/Unit" nullable: true type: array type: object ScalarQuery: description: An individual scalar query to one of the basic Datadog data sources. example: aggregator: avg data_source: metrics query: "avg:system.cpu.user{*} by {env}" oneOf: - $ref: "#/components/schemas/MetricsScalarQuery" - $ref: "#/components/schemas/EventsScalarQuery" - $ref: "#/components/schemas/ApmResourceStatsQuery" - $ref: "#/components/schemas/ApmMetricsQuery" - $ref: "#/components/schemas/ApmDependencyStatsQuery" - $ref: "#/components/schemas/SloQuery" - $ref: "#/components/schemas/ProcessScalarQuery" - $ref: "#/components/schemas/ContainerScalarQuery" ScalarResponse: description: A message containing the response to a scalar query. properties: attributes: $ref: "#/components/schemas/ScalarFormulaResponseAtrributes" type: $ref: "#/components/schemas/ScalarFormulaResponseType" type: object ScannedAssetMetadata: description: The metadata of a scanned asset. properties: attributes: $ref: "#/components/schemas/ScannedAssetMetadataAttributes" id: description: The ID of the scanned asset metadata. example: "Host|i-0fc7edef1ab26d7ef" type: string required: - id - attributes type: object ScannedAssetMetadataAsset: description: The asset of a scanned asset metadata. properties: name: description: The name of the asset. example: "i-0fc7edef1ab26d7ef" type: string type: $ref: "#/components/schemas/CloudAssetType" required: - type - name type: object ScannedAssetMetadataAttributes: description: The attributes of a scanned asset metadata. properties: asset: $ref: "#/components/schemas/ScannedAssetMetadataAsset" first_success_timestamp: description: The timestamp when the scan of the asset was performed for the first time. example: "2025-07-08T07:24:53Z" type: string last_success: $ref: "#/components/schemas/ScannedAssetMetadataLastSuccess" required: - asset - last_success - first_success_timestamp type: object ScannedAssetMetadataLastSuccess: description: Metadata for the last successful scan of an asset. properties: env: description: The environment of the last success scan of the asset. example: "prod" type: string origin: description: The list of origins of the last success scan of the asset. example: - production items: description: An origin identifier for the last successful scan of the asset. example: production type: string type: array timestamp: description: The timestamp of the last success scan of the asset. example: "2025-07-08T07:24:53Z" type: string required: - timestamp type: object ScannedAssetsMetadata: description: The expected response schema when listing scanned assets metadata. properties: data: description: List of scanned assets metadata. items: $ref: "#/components/schemas/ScannedAssetMetadata" type: array links: $ref: "#/components/schemas/Links" meta: $ref: "#/components/schemas/Metadata" required: - data type: object Schedule: description: Top-level container for a schedule object, including both the `data` payload and any related `included` resources (such as teams, layers, or members). example: data: attributes: name: On-Call Schedule time_zone: America/New_York id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d relationships: layers: data: - id: 00000000-0000-0000-0000-000000000001 type: layers teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules included: - attributes: avatar: "" description: Team 1 description handle: team1 name: Team 1 id: 00000000-da3a-0000-0000-000000000000 type: teams - attributes: effective_date: "2025-02-03T05:00:00Z" end_date: "2025-12-31T00:00:00Z" interval: days: 1 name: Layer 1 restrictions: - end_day: friday end_time: "17:00:00" start_day: monday start_time: "09:00:00" rotation_start: "2025-02-01T00:00:00Z" id: 00000000-0000-0000-0000-000000000001 relationships: members: data: - id: 00000000-0000-0000-0000-000000000002 type: members type: layers - id: 00000000-0000-0000-0000-000000000002 relationships: user: data: id: 00000000-aba1-0000-0000-000000000000 type: users type: members - attributes: email: foo@bar.com name: User 1 id: 00000000-aba1-0000-0000-000000000000 type: users properties: data: $ref: "#/components/schemas/ScheduleData" included: description: Any additional resources related to this schedule, such as teams and layers. items: $ref: "#/components/schemas/ScheduleDataIncludedItem" type: array type: object ScheduleCreateRequest: description: The top-level request body for schedule creation, wrapping a `data` object. example: data: attributes: layers: - effective_date: "2025-02-03T05:00:00Z" end_date: "2025-12-31T00:00:00Z" interval: days: 1 members: - user: id: 00000000-aba1-0000-0000-000000000000 name: Layer 1 restrictions: - end_day: friday end_time: "17:00:00" start_day: monday start_time: "09:00:00" rotation_start: "2025-02-01T00:00:00Z" name: On-Call Schedule time_zone: America/New_York relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules properties: data: $ref: "#/components/schemas/ScheduleCreateRequestData" required: - data type: object ScheduleCreateRequestData: description: The core data wrapper for creating a schedule, encompassing attributes, relationships, and the resource type. properties: attributes: $ref: "#/components/schemas/ScheduleCreateRequestDataAttributes" relationships: $ref: "#/components/schemas/ScheduleCreateRequestDataRelationships" type: $ref: "#/components/schemas/ScheduleCreateRequestDataType" required: - type - attributes type: object ScheduleCreateRequestDataAttributes: description: Describes the main attributes for creating a new schedule, including name, layers, and time zone. properties: layers: description: The layers of On-Call coverage that define rotation intervals and restrictions. items: $ref: "#/components/schemas/ScheduleCreateRequestDataAttributesLayersItems" type: array name: description: A human-readable name for the new schedule. example: Team A On-Call type: string time_zone: description: The time zone in which the schedule is defined. example: America/New_York type: string required: - name - time_zone - layers type: object ScheduleCreateRequestDataAttributesLayersItems: description: |- Describes a schedule layer, including rotation intervals, members, restrictions, and timeline settings. properties: effective_date: description: The date/time when this layer becomes active (in ISO 8601). example: "2025-01-01T00:00:00Z" format: date-time type: string end_date: description: The date/time after which this layer no longer applies (in ISO 8601). format: date-time type: string interval: $ref: "#/components/schemas/LayerAttributesInterval" members: description: A list of members who participate in this layer's rotation. items: $ref: "#/components/schemas/ScheduleRequestDataAttributesLayersItemsMembersItems" type: array name: description: The name of this layer. example: Primary On-Call Layer type: string restrictions: description: Zero or more time-based restrictions (for example, only weekdays, during business hours). items: $ref: "#/components/schemas/TimeRestriction" type: array rotation_start: description: The date/time when the rotation for this layer starts (in ISO 8601). example: "2025-01-01T00:00:00Z" format: date-time type: string time_zone: description: The time zone for this layer. example: "America/New_York" type: string required: - name - interval - rotation_start - effective_date - members type: object ScheduleCreateRequestDataRelationships: description: Gathers relationship objects for the schedule creation request, including the teams to associate. properties: teams: $ref: "#/components/schemas/DataRelationshipsTeams" type: object ScheduleCreateRequestDataType: default: schedules description: |- Schedules resource type. enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleData: description: Represents the primary data object for a schedule, linking attributes and relationships. properties: attributes: $ref: "#/components/schemas/ScheduleDataAttributes" id: description: The schedule's unique identifier. example: "3653d3c6-0c75-11ea-ad28-fb5701eabc7d" type: string relationships: $ref: "#/components/schemas/ScheduleDataRelationships" type: $ref: "#/components/schemas/ScheduleDataType" required: - type type: object ScheduleDataAttributes: description: Provides core properties of a schedule object such as its name and time zone. properties: name: description: A short name for the schedule. example: Primary On-Call type: string time_zone: description: The time zone in which this schedule operates. example: America/New_York type: string type: object ScheduleDataIncludedItem: description: Any additional resources related to this schedule, such as teams and layers. oneOf: - $ref: "#/components/schemas/TeamReference" - $ref: "#/components/schemas/Layer" - $ref: "#/components/schemas/ScheduleMember" - $ref: "#/components/schemas/ScheduleUser" ScheduleDataRelationships: description: Groups the relationships for a schedule object, referencing layers and teams. properties: layers: $ref: "#/components/schemas/ScheduleDataRelationshipsLayers" teams: $ref: "#/components/schemas/DataRelationshipsTeams" type: object ScheduleDataRelationshipsLayers: description: Associates layers with this schedule in a data structure. properties: data: description: An array of layer references for this schedule. items: $ref: "#/components/schemas/ScheduleDataRelationshipsLayersDataItems" type: array type: object ScheduleDataRelationshipsLayersDataItems: description: |- Relates a layer to this schedule, identified by `id` and `type` (must be `layers`). properties: id: description: The unique identifier of the layer in this relationship. example: "00000000-0000-0000-0000-000000000001" type: string type: $ref: "#/components/schemas/ScheduleDataRelationshipsLayersDataItemsType" required: - type - id type: object ScheduleDataRelationshipsLayersDataItemsType: default: layers description: |- Layers resource type. enum: - layers example: layers type: string x-enum-varnames: - LAYERS ScheduleDataType: default: schedules description: |- Schedules resource type. enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleMember: description: Represents a single member entry in a schedule, referencing a specific user. properties: id: description: The unique identifier for this schedule member. type: string relationships: $ref: "#/components/schemas/ScheduleMemberRelationships" type: $ref: "#/components/schemas/ScheduleMemberType" required: - type type: object ScheduleMemberRelationships: description: Defines relationships for a schedule member, primarily referencing a single user. properties: user: $ref: "#/components/schemas/ScheduleMemberRelationshipsUser" type: object ScheduleMemberRelationshipsUser: description: Wraps the user data reference for a schedule member. properties: data: $ref: "#/components/schemas/ScheduleMemberRelationshipsUserData" required: - data type: object ScheduleMemberRelationshipsUserData: description: Points to the user data associated with this schedule member, including an ID and type. properties: id: description: The user's unique identifier. example: "00000000-aba1-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/ScheduleMemberRelationshipsUserDataType" required: - type - id type: object ScheduleMemberRelationshipsUserDataType: default: users description: |- Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS ScheduleMemberType: default: members description: |- Schedule Members resource type. enum: - members example: members type: string x-enum-varnames: - MEMBERS ScheduleRequestDataAttributesLayersItemsMembersItems: description: |- Defines a single member within a schedule layer, including the reference to the underlying user. properties: user: $ref: "#/components/schemas/ScheduleRequestDataAttributesLayersItemsMembersItemsUser" type: object ScheduleRequestDataAttributesLayersItemsMembersItemsUser: description: Identifies the user participating in this layer as a single object with an `id`. properties: id: description: The user's ID. example: "00000000-aba1-0000-0000-000000000000" type: string type: object ScheduleTarget: description: "Represents a schedule target for an escalation policy step, including its ID and resource type. This is a shortcut for a configured schedule target with position set to 'current'." properties: id: description: "Specifies the unique identifier of the schedule resource." example: "00000000-aba1-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/ScheduleTargetType" required: - type - id type: object ScheduleTargetPosition: description: "Specifies the position of a schedule target (example `previous`, `current`, or `next`)." enum: - previous - current - next example: previous type: string x-enum-varnames: - PREVIOUS - CURRENT - NEXT ScheduleTargetType: default: schedules description: "Indicates that the resource is of type `schedules`." enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleTrigger: description: "Trigger a workflow from a Schedule. The workflow must be published." properties: rruleExpression: description: "Recurrence rule expression for scheduling." example: "" type: string required: - rruleExpression type: object ScheduleTriggerWrapper: description: "Schema for a Schedule-based trigger." properties: scheduleTrigger: $ref: "#/components/schemas/ScheduleTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - scheduleTrigger type: object ScheduleUpdateRequest: description: A top-level wrapper for a schedule update request, referring to the `data` object with the new details. example: data: attributes: layers: - effective_date: "2025-02-03T05:00:00Z" end_date: "2025-12-31T00:00:00Z" interval: seconds: 3600 members: - user: id: 00000000-aba1-0000-0000-000000000000 name: Layer 1 restrictions: - end_day: friday end_time: "17:00:00" start_day: monday start_time: "09:00:00" rotation_start: "2025-02-01T00:00:00Z" name: On-Call Schedule Updated time_zone: America/New_York id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules properties: data: $ref: "#/components/schemas/ScheduleUpdateRequestData" required: - data type: object ScheduleUpdateRequestData: description: Contains all data needed to update an existing schedule, including its attributes (such as name and time zone) and any relationships to teams. properties: attributes: $ref: "#/components/schemas/ScheduleUpdateRequestDataAttributes" id: description: The ID of the schedule to be updated. example: "3653d3c6-0c75-11ea-ad28-fb5701eabc7d" type: string relationships: $ref: "#/components/schemas/ScheduleUpdateRequestDataRelationships" type: $ref: "#/components/schemas/ScheduleUpdateRequestDataType" required: - type - id - attributes type: object ScheduleUpdateRequestDataAttributes: description: |- Defines the updatable attributes for a schedule, such as name, time zone, and layers. properties: layers: description: The updated list of layers (rotations) for this schedule. items: $ref: "#/components/schemas/ScheduleUpdateRequestDataAttributesLayersItems" type: array name: description: A short name for the schedule. example: Primary On-Call type: string time_zone: description: The time zone used when interpreting rotation times. example: America/New_York type: string required: - name - time_zone - layers type: object ScheduleUpdateRequestDataAttributesLayersItems: description: |- Represents a layer within a schedule update, including rotation details, members, and optional restrictions. properties: effective_date: description: When this updated layer takes effect (ISO 8601 format). example: "2025-02-03T05:00:00Z" format: date-time type: string end_date: description: When this updated layer should stop being active (ISO 8601 format). example: "2025-12-31T00:00:00Z" format: date-time type: string id: description: A unique identifier for the layer being updated. example: "00000000-0000-0000-0000-000000000001" type: string interval: $ref: "#/components/schemas/LayerAttributesInterval" members: description: The members assigned to this layer. items: $ref: "#/components/schemas/ScheduleRequestDataAttributesLayersItemsMembersItems" type: array name: description: The name for this layer (for example, "Secondary Coverage"). example: "Primary On-Call Layer" type: string restrictions: description: Any time restrictions that define when this layer is active. items: $ref: "#/components/schemas/TimeRestriction" type: array rotation_start: description: The date/time at which the rotation begins (ISO 8601 format). example: "2025-02-01T00:00:00Z" format: date-time type: string time_zone: description: The time zone for this layer. example: "America/New_York" type: string required: - effective_date - interval - members - name - rotation_start type: object ScheduleUpdateRequestDataRelationships: description: |- Houses relationships for the schedule update, typically referencing teams. properties: teams: $ref: "#/components/schemas/DataRelationshipsTeams" type: object ScheduleUpdateRequestDataType: default: schedules description: |- Schedules resource type. enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleUser: description: Represents a user object in the context of a schedule, including their `id`, type, and basic attributes. properties: attributes: $ref: "#/components/schemas/ScheduleUserAttributes" id: description: The unique user identifier. type: string type: $ref: "#/components/schemas/ScheduleUserType" required: - type type: object ScheduleUserAttributes: description: Provides basic user information for a schedule, including a name and email address. properties: email: description: The user's email address. example: "jane.doe@example.com" type: string name: description: The user's name. example: "Jane Doe" type: string status: $ref: "#/components/schemas/UserAttributesStatus" type: object ScheduleUserType: default: users description: |- Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS ScorecardListResponseAttributes: description: Scorecard attributes. properties: created_at: description: Creation time of the scorecard. example: "2023-01-15T10:30:00Z" format: date-time type: string description: description: The description of the scorecard. example: Best practices for observability. type: string modified_at: description: Time of last scorecard modification. example: "2024-01-05T14:20:00Z" format: date-time type: string name: description: The name of the scorecard. example: Observability Best Practices type: string required: - name - created_at - modified_at type: object ScorecardListResponseData: description: Scorecard data. properties: attributes: $ref: "#/components/schemas/ScorecardListResponseAttributes" id: description: The unique ID of the scorecard. example: q8MQxk8TCqrHnWkx type: string type: $ref: "#/components/schemas/ScorecardListType" required: - id - type - attributes type: object ScorecardListType: description: The JSON:API type for scorecard list. enum: - scorecard example: scorecard type: string x-enum-varnames: - SCORECARD ScorecardType: default: scorecard description: The JSON:API type for scorecard. enum: - scorecard example: scorecard type: string x-enum-varnames: - SCORECARD SearchIssuesIncludeQueryParameterItem: description: Relationship object that should be included in the search response. enum: - issue - issue.assignee - issue.case - issue.team_owners example: "issue.case" type: string x-enum-varnames: - ISSUE - ISSUE_ASSIGNEE - ISSUE_CASE - ISSUE_TEAM_OWNERS SeatAssignmentsDataType: default: seat-assignments description: Seat assignments resource type. enum: - seat-assignments example: seat-assignments type: string x-enum-varnames: - SEAT_ASSIGNMENTS SeatUserData: description: A seat user resource object containing its ID, type, and associated attributes. properties: attributes: $ref: "#/components/schemas/SeatUserDataAttributes" description: The attributes of the seat user. id: description: The ID of the seat user. example: "00000000-0000-0000-0000-000000000000" nullable: true type: string type: $ref: "#/components/schemas/SeatUserDataType" type: object SeatUserDataArray: description: A paginated list of seat user resources with associated pagination metadata. properties: data: description: The list of seat users. items: $ref: "#/components/schemas/SeatUserData" type: array meta: $ref: "#/components/schemas/SeatUserMeta" description: The metadata of the seat users. type: object SeatUserDataAttributes: description: Attributes of a user assigned to a seat, including their email, name, and assignment timestamp. properties: assigned_at: description: The date and time the seat was assigned. example: "2021-01-01T00:00:00Z" format: date-time nullable: true type: string email: description: The email of the user. example: "user@example.com" nullable: true type: string name: description: The name of the user. example: "John Doe" nullable: true type: string type: object SeatUserDataType: default: seat-users description: Seat users resource type. enum: - seat-users example: seat-users type: string x-enum-varnames: - SEAT_USERS SeatUserMeta: description: Pagination metadata for the seat users list response. properties: cursor: description: The cursor for the seat users. type: string limit: description: The limit for the seat users. format: int64 type: integer next_cursor: description: The next cursor for the seat users. type: string type: object SecretRuleArray: description: A collection of secret detection rules returned by the list endpoint. properties: data: description: The list of secret detection rules. items: $ref: "#/components/schemas/SecretRuleData" type: array required: - data type: object SecretRuleData: description: The data object representing a secret detection rule, including its attributes and resource type. properties: attributes: $ref: "#/components/schemas/SecretRuleDataAttributes" id: description: The unique identifier of the secret rule resource. type: string type: $ref: "#/components/schemas/SecretRuleDataType" required: - type type: object SecretRuleDataAttributes: description: The attributes of a secret detection rule, including its pattern, priority, and validation configuration. properties: default_included_keywords: description: A list of keywords that are included by default when scanning for secrets matching this rule. items: description: A keyword used to narrow down secret detection to relevant contexts. type: string type: array description: description: A detailed explanation of what type of secret this rule detects. type: string license: description: The license under which this secret rule is distributed. type: string match_validation: $ref: "#/components/schemas/SecretRuleDataAttributesMatchValidation" name: description: The unique name of the secret detection rule. type: string pattern: description: The regular expression pattern used to identify potential secrets in source code or configuration. type: string priority: description: The priority level of this rule, used to rank findings when multiple rules match. type: string sds_id: description: The identifier of the corresponding Sensitive Data Scanner rule, if one exists. type: string validators: description: A list of validator identifiers used to further confirm a detected secret is genuine. items: description: A validator identifier applied to refine secret detection accuracy. type: string type: array type: object SecretRuleDataAttributesMatchValidation: description: Configuration for validating whether a detected secret is active by making an HTTP request and inspecting the response. properties: endpoint: description: The URL endpoint to call when validating a detected secret. type: string hosts: description: The list of hostnames to include when performing secret match validation. items: description: A hostname used during match validation. type: string type: array http_method: description: The HTTP method (e.g., GET, POST) to use when making the validation request. type: string invalid_http_status_code: description: The HTTP status code ranges that indicate the detected secret is invalid or inactive. items: $ref: "#/components/schemas/SecretRuleDataAttributesMatchValidationInvalidHttpStatusCodeItems" type: array request_headers: additionalProperties: type: string description: A map of HTTP header names to values to include in the validation request. type: object timeout_seconds: description: The maximum number of seconds to wait for a response during validation before timing out. format: int64 maximum: 1.8446744073709551e+19 minimum: 0 type: integer type: description: The type of match validation to perform (e.g., http). type: string valid_http_status_code: description: The HTTP status code ranges that indicate the detected secret is valid and active. items: $ref: "#/components/schemas/SecretRuleDataAttributesMatchValidationValidHttpStatusCodeItems" type: array type: object SecretRuleDataAttributesMatchValidationInvalidHttpStatusCodeItems: description: An HTTP status code range that indicates an invalid (unsuccessful) secret match during validation. properties: end: description: The inclusive upper bound of the HTTP status code range. format: int64 maximum: 1.8446744073709551e+19 minimum: 0 type: integer start: description: The inclusive lower bound of the HTTP status code range. format: int64 maximum: 1.8446744073709551e+19 minimum: 0 type: integer type: object SecretRuleDataAttributesMatchValidationValidHttpStatusCodeItems: description: An HTTP status code range that indicates a valid (successful) secret match during validation. properties: end: description: The inclusive upper bound of the HTTP status code range. format: int64 maximum: 1.8446744073709551e+19 minimum: 0 type: integer start: description: The inclusive lower bound of the HTTP status code range. format: int64 maximum: 1.8446744073709551e+19 minimum: 0 type: integer type: object SecretRuleDataType: default: secret_rule description: Secret rule resource type. enum: - secret_rule example: secret_rule type: string x-enum-varnames: - SECRET_RULE SecureEmbedCreateRequest: description: Request to create a secure embed shared dashboard. properties: data: $ref: "#/components/schemas/SecureEmbedCreateRequestData" required: - data type: object SecureEmbedCreateRequestAttributes: description: Attributes for creating a secure embed shared dashboard. properties: global_time: $ref: "#/components/schemas/SecureEmbedGlobalTime" global_time_selectable: description: Whether viewers can change the time range. example: true type: boolean selectable_template_vars: description: Template variables viewers can modify. items: $ref: "#/components/schemas/SecureEmbedSelectableTemplateVariable" type: array status: $ref: "#/components/schemas/SecureEmbedStatus" title: description: Display title for the shared dashboard. example: "Q1 Metrics Dashboard" type: string viewing_preferences: $ref: "#/components/schemas/SecureEmbedViewingPreferences" required: - status - title - global_time_selectable - selectable_template_vars - viewing_preferences - global_time type: object SecureEmbedCreateRequestData: description: Data object for creating a secure embed. properties: attributes: $ref: "#/components/schemas/SecureEmbedCreateRequestAttributes" type: $ref: "#/components/schemas/SecureEmbedRequestType" required: - type - attributes type: object SecureEmbedCreateResponse: description: Response for creating a secure embed shared dashboard. properties: data: $ref: "#/components/schemas/SecureEmbedCreateResponseData" required: - data type: object SecureEmbedCreateResponseAttributes: description: Attributes of a newly created secure embed shared dashboard. properties: created_at: description: Creation timestamp. example: "2026-03-11T18:30:00.000000" readOnly: true type: string credential: description: >- The secret credential used for HMAC signing. Returned only on creation. Store securely — it cannot be retrieved again. example: "A1b2C3d4E5f6G7h8I9j0K1l2M3n4O5p6Q7r8S9t0U1v2" readOnly: true type: string dashboard_id: description: The source dashboard ID. example: "abc-def-ghi" readOnly: true type: string global_time: $ref: "#/components/schemas/SecureEmbedGlobalTime" global_time_selectable: description: Whether time range is viewer-selectable. example: true type: boolean id: description: Internal share ID. example: "12345" readOnly: true type: string selectable_template_vars: description: Template variables with their configuration. items: $ref: "#/components/schemas/SecureEmbedSelectableTemplateVariable" type: array share_type: $ref: "#/components/schemas/SecureEmbedShareType" status: $ref: "#/components/schemas/SecureEmbedStatus" title: description: Display title. example: "Q1 Metrics Dashboard" type: string token: description: Public share token. example: "s3cur3t0k3n-abcdef123456" readOnly: true type: string url: description: CDN URL for the shared dashboard. example: "https://p.datadoghq.com/sb/secure-embed/s3cur3t0k3n-abcdef123456" readOnly: true type: string viewing_preferences: $ref: "#/components/schemas/SecureEmbedViewingPreferences" type: object SecureEmbedCreateResponseData: description: Data object for a secure embed create response. properties: attributes: $ref: "#/components/schemas/SecureEmbedCreateResponseAttributes" id: description: Internal share ID. example: "12345" type: string type: $ref: "#/components/schemas/SecureEmbedCreateResponseType" required: - type - id - attributes type: object SecureEmbedCreateResponseType: description: Resource type for secure embed create responses. enum: - secure_embed_create_response example: "secure_embed_create_response" type: string x-enum-varnames: - SECURE_EMBED_CREATE_RESPONSE SecureEmbedGetResponse: description: Response for getting a secure embed shared dashboard. properties: data: $ref: "#/components/schemas/SecureEmbedGetResponseData" required: - data type: object SecureEmbedGetResponseAttributes: description: Attributes of an existing secure embed shared dashboard. properties: created_at: description: Creation timestamp. example: "2026-03-11T18:30:00.000000" readOnly: true type: string credential_suffix: description: Last 4 characters of the credential. Defaults to `0000` if unavailable. example: "ab3f" readOnly: true type: string dashboard_id: description: The source dashboard ID. example: "abc-def-ghi" readOnly: true type: string global_time: $ref: "#/components/schemas/SecureEmbedGlobalTime" global_time_selectable: description: Whether time range is viewer-selectable. example: true type: boolean id: description: Internal share ID. example: "12345" readOnly: true type: string selectable_template_vars: description: Template variables with their configuration. items: $ref: "#/components/schemas/SecureEmbedSelectableTemplateVariable" type: array share_type: $ref: "#/components/schemas/SecureEmbedShareType" status: $ref: "#/components/schemas/SecureEmbedStatus" title: description: Display title. example: "Q1 Metrics Dashboard" type: string token: description: Public share token. example: "s3cur3t0k3n-abcdef123456" readOnly: true type: string url: description: CDN URL for the shared dashboard. example: "https://p.datadoghq.com/sb/secure-embed/s3cur3t0k3n-abcdef123456" readOnly: true type: string viewing_preferences: $ref: "#/components/schemas/SecureEmbedViewingPreferences" type: object SecureEmbedGetResponseData: description: Data object for a secure embed get response. properties: attributes: $ref: "#/components/schemas/SecureEmbedGetResponseAttributes" id: description: Internal share ID. example: "12345" type: string type: $ref: "#/components/schemas/SecureEmbedGetResponseType" required: - type - id - attributes type: object SecureEmbedGetResponseType: description: Resource type for secure embed get responses. enum: - secure_embed_get_response example: "secure_embed_get_response" type: string x-enum-varnames: - SECURE_EMBED_GET_RESPONSE SecureEmbedGlobalTime: description: Default time range configuration for the secure embed. properties: live_span: $ref: "#/components/schemas/SecureEmbedGlobalTimeLiveSpan" type: object SecureEmbedGlobalTimeLiveSpan: description: Dashboard global time live_span selection. enum: - 15m - 1h - 4h - 1d - 2d - 1w - 1mo - 3mo example: "1h" type: string x-enum-varnames: - PAST_FIFTEEN_MINUTES - PAST_ONE_HOUR - PAST_FOUR_HOURS - PAST_ONE_DAY - PAST_TWO_DAYS - PAST_ONE_WEEK - PAST_ONE_MONTH - PAST_THREE_MONTHS SecureEmbedRequestType: description: Resource type for secure embed create requests. enum: - secure_embed_request example: "secure_embed_request" type: string x-enum-varnames: - SECURE_EMBED_REQUEST SecureEmbedSelectableTemplateVariable: description: A template variable that viewers can modify on the secure embed shared dashboard. properties: default_values: description: Default selected values for the variable. example: ["1"] items: description: A default value for the template variable. type: string type: array name: description: Name of the template variable. Usually matches the prefix unless you want a different display name. example: "org_id" type: string prefix: description: Tag prefix for the variable (e.g., `environment`, `service`). example: "org_id" type: string visible_tags: description: Restrict which tag values are visible to the viewer. example: ["1"] items: description: A visible tag value for the template variable. type: string type: array type: object SecureEmbedShareType: description: The type of share. Always `secure_embed`. enum: - secure_embed example: "secure_embed" type: string x-enum-varnames: - SECURE_EMBED SecureEmbedStatus: description: The status of the secure embed share. Active means the shared dashboard is available. Paused means it is not. enum: - active - paused example: "active" type: string x-enum-varnames: - ACTIVE - PAUSED SecureEmbedUpdateRequest: description: Request to update a secure embed shared dashboard. properties: data: $ref: "#/components/schemas/SecureEmbedUpdateRequestData" required: - data type: object SecureEmbedUpdateRequestAttributes: description: Attributes for updating a secure embed shared dashboard. All fields are optional. properties: global_time: $ref: "#/components/schemas/SecureEmbedGlobalTime" global_time_selectable: description: Updated time selectability. example: true type: boolean selectable_template_vars: description: Updated template variables. items: $ref: "#/components/schemas/SecureEmbedSelectableTemplateVariable" type: array status: $ref: "#/components/schemas/SecureEmbedStatus" title: description: Updated title. example: "Q1 Metrics Dashboard (Updated)" type: string viewing_preferences: $ref: "#/components/schemas/SecureEmbedViewingPreferences" type: object SecureEmbedUpdateRequestData: description: Data object for updating a secure embed. properties: attributes: $ref: "#/components/schemas/SecureEmbedUpdateRequestAttributes" type: $ref: "#/components/schemas/SecureEmbedUpdateRequestType" required: - type - attributes type: object SecureEmbedUpdateRequestType: description: Resource type for secure embed update requests. enum: - secure_embed_update_request example: "secure_embed_update_request" type: string x-enum-varnames: - SECURE_EMBED_UPDATE_REQUEST SecureEmbedUpdateResponse: description: Response for updating a secure embed shared dashboard. properties: data: $ref: "#/components/schemas/SecureEmbedUpdateResponseData" required: - data type: object SecureEmbedUpdateResponseAttributes: description: Attributes of an updated secure embed shared dashboard. properties: created_at: description: Creation timestamp. example: "2026-03-11T18:30:00.000000" readOnly: true type: string credential_suffix: description: Last 4 characters of the credential. Defaults to `0000` if unavailable. example: "ab3f" readOnly: true type: string dashboard_id: description: The source dashboard ID. example: "abc-def-ghi" readOnly: true type: string global_time: $ref: "#/components/schemas/SecureEmbedGlobalTime" global_time_selectable: description: Whether time range is viewer-selectable. example: true type: boolean id: description: Internal share ID. example: "12345" readOnly: true type: string selectable_template_vars: description: Template variables with their configuration. items: $ref: "#/components/schemas/SecureEmbedSelectableTemplateVariable" type: array share_type: $ref: "#/components/schemas/SecureEmbedShareType" status: $ref: "#/components/schemas/SecureEmbedStatus" title: description: Display title. example: "Q1 Metrics Dashboard (Updated)" type: string token: description: Public share token. example: "s3cur3t0k3n-abcdef123456" readOnly: true type: string url: description: CDN URL for the shared dashboard. example: "https://p.datadoghq.com/sb/secure-embed/s3cur3t0k3n-abcdef123456" readOnly: true type: string viewing_preferences: $ref: "#/components/schemas/SecureEmbedViewingPreferences" type: object SecureEmbedUpdateResponseData: description: Data object for a secure embed update response. properties: attributes: $ref: "#/components/schemas/SecureEmbedUpdateResponseAttributes" id: description: Internal share ID. example: "12345" type: string type: $ref: "#/components/schemas/SecureEmbedUpdateResponseType" required: - type - id - attributes type: object SecureEmbedUpdateResponseType: description: Resource type for secure embed update responses. enum: - secure_embed_update_response example: "secure_embed_update_response" type: string x-enum-varnames: - SECURE_EMBED_UPDATE_RESPONSE SecureEmbedViewingPreferences: description: Display settings for the secure embed shared dashboard. properties: high_density: description: Whether widgets are displayed in high density mode. example: false type: boolean theme: $ref: "#/components/schemas/SecureEmbedViewingPreferencesTheme" type: object SecureEmbedViewingPreferencesTheme: description: The theme of the shared dashboard view. `system` follows the viewer's system default. enum: - system - light - dark example: "system" type: string x-enum-varnames: - SYSTEM - LIGHT - DARK SecurityEntityConfigRisks: description: Configuration risks associated with the entity properties: hasIdentityRisk: description: Whether the entity has identity risks example: false type: boolean hasMisconfiguration: description: Whether the entity has misconfigurations example: true type: boolean hasPrivilegedRole: description: Whether the entity has privileged roles example: true type: boolean isPrivileged: description: Whether the entity has privileged access example: false type: boolean isProduction: description: Whether the entity is in a production environment example: true type: boolean isPubliclyAccessible: description: Whether the entity is publicly accessible example: true type: boolean required: - hasMisconfiguration - hasIdentityRisk - isPubliclyAccessible - isProduction - hasPrivilegedRole - isPrivileged type: object SecurityEntityMetadata: description: Metadata about the entity from cloud providers properties: accountID: description: Cloud account ID (AWS) example: "123456789012" type: string environments: description: Environment tags associated with the entity example: ["production", "us-east-1"] items: description: An environment tag associated with the entity. type: string type: array mitreTactics: description: MITRE ATT&CK tactics detected example: ["Credential Access", "Privilege Escalation"] items: description: Detected MITRE ATT&CK tactic type: string type: array mitreTechniques: description: MITRE ATT&CK techniques detected example: ["T1078", "T1098"] items: description: Detected MITRE ATT&CK technique type: string type: array projectID: description: Cloud project ID (GCP) example: "my-gcp-project" type: string services: description: Services associated with the entity example: ["api-gateway", "lambda"] items: description: A service name associated with the entity. type: string type: array sources: description: Data sources that detected this entity example: ["cloudtrail", "cloud-security-posture-management"] items: description: A data source identifier. type: string type: array subscriptionID: description: Cloud subscription ID (Azure) example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" type: string required: - sources - environments - services - mitreTactics - mitreTechniques type: object SecurityEntityRiskScore: description: An entity risk score containing security risk assessment information properties: attributes: $ref: "#/components/schemas/SecurityEntityRiskScoreAttributes" id: description: Unique identifier for the entity example: "arn:aws:iam::123456789012:user/john.doe" type: string type: $ref: "#/components/schemas/SecurityEntityRiskScoreType" required: - id - type - attributes type: object SecurityEntityRiskScoreAttributes: description: Attributes of an entity risk score properties: configRisks: $ref: "#/components/schemas/SecurityEntityConfigRisks" entityID: description: Unique identifier for the entity example: "arn:aws:iam::123456789012:user/john.doe" type: string entityMetadata: $ref: "#/components/schemas/SecurityEntityMetadata" entityName: description: Human-readable name of the entity example: "john.doe" type: string entityProviders: description: Cloud providers associated with the entity example: ["aws"] items: description: A cloud provider name. type: string type: array entityRoles: description: Roles associated with the entity example: ["Admin", "Developer"] items: description: A role assigned to the entity. type: string type: array entityType: description: Type of the entity (e.g., aws_iam_user, aws_ec2_instance) example: "aws_iam_user" type: string firstDetected: description: Timestamp when the entity was first detected (Unix milliseconds) example: 1704067200000 format: int64 type: integer lastActivityTitle: description: Title of the most recent signal detected for this entity example: "Suspicious API call detected" type: string lastDetected: description: Timestamp when the entity was last detected (Unix milliseconds) example: 1705276800000 format: int64 type: integer riskScore: description: Current risk score for the entity example: 85 format: int64 type: integer riskScoreEvolution: description: Change in risk score compared to previous period example: 12 format: int64 type: integer severity: $ref: "#/components/schemas/SecurityEntityRiskScoreAttributesSeverity" signalsDetected: description: Number of security signals detected for this entity example: 15 format: int64 type: integer required: - entityID - entityType - entityProviders - riskScore - riskScoreEvolution - severity - firstDetected - lastDetected - lastActivityTitle - signalsDetected - configRisks - entityMetadata type: object SecurityEntityRiskScoreAttributesSeverity: description: Severity level based on risk score enum: - critical - high - medium - low - info example: "critical" type: string x-enum-varnames: - CRITICAL - HIGH - MEDIUM - LOW - INFO SecurityEntityRiskScoreType: description: Resource type enum: - security_entity_risk_score example: security_entity_risk_score type: string x-enum-varnames: - SECURITY_ENTITY_RISK_SCORE SecurityEntityRiskScoresMeta: description: Metadata for pagination properties: pageNumber: description: Current page number (1-indexed) example: 1 format: int64 type: integer pageSize: description: Number of items per page example: 10 format: int64 type: integer queryId: description: Query ID for pagination consistency example: "abc123def456" type: string totalRowCount: description: Total number of entities matching the query example: 150 format: int64 type: integer required: - queryId - totalRowCount - pageSize - pageNumber type: object SecurityEntityRiskScoresResponse: description: Response containing a list of entity risk scores properties: data: description: Array of entity risk score objects. items: $ref: "#/components/schemas/SecurityEntityRiskScore" type: array meta: $ref: "#/components/schemas/SecurityEntityRiskScoresMeta" required: - data - meta type: object SecurityFilter: description: The security filter's properties. properties: attributes: $ref: "#/components/schemas/SecurityFilterAttributes" id: $ref: "#/components/schemas/SecurityFilterID" type: $ref: "#/components/schemas/SecurityFilterType" type: object SecurityFilterAttributes: description: The object describing a security filter. properties: exclusion_filters: description: The list of exclusion filters applied in this security filter. items: $ref: "#/components/schemas/SecurityFilterExclusionFilterResponse" type: array filtered_data_type: $ref: "#/components/schemas/SecurityFilterFilteredDataType" is_builtin: description: Whether the security filter is the built-in filter. example: false type: boolean is_enabled: description: Whether the security filter is enabled. example: false type: boolean name: description: The security filter name. example: Custom security filter type: string query: description: The security filter query. Logs accepted by this query will be accepted by this filter. example: service:api type: string version: description: The version of the security filter. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterCreateAttributes: description: Object containing the attributes of the security filter to be created. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: - name: Exclude staging query: source:staging items: $ref: "#/components/schemas/SecurityFilterExclusionFilter" type: array filtered_data_type: $ref: "#/components/schemas/SecurityFilterFilteredDataType" is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string required: - name - query - exclusion_filters - filtered_data_type - is_enabled type: object SecurityFilterCreateData: description: Object for a single security filter. properties: attributes: $ref: "#/components/schemas/SecurityFilterCreateAttributes" type: $ref: "#/components/schemas/SecurityFilterType" required: - type - attributes type: object SecurityFilterCreateRequest: description: Request object that includes the security filter that you would like to create. properties: data: $ref: "#/components/schemas/SecurityFilterCreateData" required: - data type: object SecurityFilterExclusionFilter: description: Exclusion filter for the security filter. example: name: Exclude staging query: source:staging properties: name: description: Exclusion filter name. example: Exclude staging type: string query: description: Exclusion filter query. Logs that match this query are excluded from the security filter. example: source:staging type: string required: - name - query type: object SecurityFilterExclusionFilterResponse: description: A single exclusion filter. properties: name: description: The exclusion filter name. example: Exclude staging type: string query: description: The exclusion filter query. example: source:staging type: string type: object SecurityFilterFilteredDataType: description: The filtered data type. enum: - logs example: logs type: string x-enum-varnames: - LOGS SecurityFilterID: description: The ID of the security filter. example: 3dd-0uc-h1s type: string SecurityFilterMeta: description: Optional metadata associated to the response. properties: warning: description: A warning message. example: All the security filters are disabled. As a result, no logs are being analyzed. type: string type: object SecurityFilterResponse: description: Response object which includes a single security filter. properties: data: $ref: "#/components/schemas/SecurityFilter" meta: $ref: "#/components/schemas/SecurityFilterMeta" type: object SecurityFilterType: default: security_filters description: The type of the resource. The value should always be `security_filters`. enum: - security_filters example: security_filters type: string x-enum-varnames: - SECURITY_FILTERS SecurityFilterUpdateAttributes: description: The security filters properties to be updated. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: [] items: $ref: "#/components/schemas/SecurityFilterExclusionFilter" type: array filtered_data_type: $ref: "#/components/schemas/SecurityFilterFilteredDataType" is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string version: description: The version of the security filter to update. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterUpdateData: description: The new security filter properties. properties: attributes: $ref: "#/components/schemas/SecurityFilterUpdateAttributes" type: $ref: "#/components/schemas/SecurityFilterType" required: - type - attributes type: object SecurityFilterUpdateRequest: description: The new security filter body. properties: data: $ref: "#/components/schemas/SecurityFilterUpdateData" required: - data type: object SecurityFiltersResponse: description: All the available security filters objects. properties: data: description: A list of security filters objects. items: $ref: "#/components/schemas/SecurityFilter" type: array meta: $ref: "#/components/schemas/SecurityFilterMeta" type: object SecurityFindingsAttributes: description: The JSON object containing all attributes of the security finding. properties: attributes: additionalProperties: {} description: The custom attributes of the security finding. example: {"severity": "high", "status": "open"} type: object tags: description: List of tags associated with the security finding. example: - "team:platform" - "env:prod" items: description: A tag associated with the security finding. type: string type: array timestamp: description: The Unix timestamp at which the detection changed for the resource. Same value as @detection_changed_at. example: 1765901760 format: int64 type: integer type: object SecurityFindingsData: description: A single security finding. properties: attributes: $ref: "#/components/schemas/SecurityFindingsAttributes" id: description: The unique ID of the security finding. example: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==" type: string type: $ref: "#/components/schemas/SecurityFindingsDataType" type: object SecurityFindingsDataType: default: finding description: The type of the security finding resource. enum: - finding example: finding type: string x-enum-varnames: - FINDING SecurityFindingsLinks: description: Links for pagination. properties: next: description: Link for the next page of results. Note that paginated requests can also be made using the POST endpoint. example: "https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==&page[limit]=25" type: string type: object SecurityFindingsMeta: description: Metadata about the response. properties: elapsed: description: The time elapsed in milliseconds. example: 548 format: int64 type: integer page: $ref: "#/components/schemas/SecurityFindingsPage" request_id: description: The identifier of the request. example: "pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx" type: string status: $ref: "#/components/schemas/SecurityFindingsStatus" type: object SecurityFindingsPage: description: Pagination information. properties: after: description: The cursor used to get the next page of results. example: "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=" type: string type: object SecurityFindingsSearchRequest: description: The request body for searching security findings. properties: data: $ref: "#/components/schemas/SecurityFindingsSearchRequestData" type: object SecurityFindingsSearchRequestData: description: Request data for searching security findings. properties: attributes: $ref: "#/components/schemas/SecurityFindingsSearchRequestDataAttributes" type: object SecurityFindingsSearchRequestDataAttributes: description: Request attributes for searching security findings. properties: filter: default: "*" description: The search query following log search syntax. example: "@severity:(critical OR high) @status:open team:platform" type: string page: $ref: "#/components/schemas/SecurityFindingsSearchRequestPage" sort: $ref: "#/components/schemas/SecurityFindingsSort" type: object SecurityFindingsSearchRequestPage: description: Pagination attributes for the search request. properties: cursor: description: Get the next page of results with a cursor provided in the previous query. example: "eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==" type: string limit: default: 10 description: The maximum number of security findings in the response. example: 25 format: int64 maximum: 150 minimum: 1 type: integer type: object SecurityFindingsSort: default: "-@detection_changed_at" description: The sort parameters when querying security findings. enum: - "@detection_changed_at" - "-@detection_changed_at" type: string x-enum-varnames: - DETECTION_CHANGED_AT_ASC - DETECTION_CHANGED_AT_DESC SecurityFindingsStatus: description: The status of the response. enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT SecurityMonitoringContentPackActivation: description: The activation status of a content pack. enum: - never_activated - activated - deactivated example: activated type: string x-enum-descriptions: - Pack has never been activated for this organization. - Pack is currently activated. - Pack was previously activated but has since been deactivated. x-enum-varnames: - NEVER_ACTIVATED - ACTIVATED - DEACTIVATED SecurityMonitoringContentPackIntegrationStatus: description: The installation status of the related integration. enum: - installed - available - partially_installed - detected - error example: installed type: string x-enum-descriptions: - Integration is fully installed. - Integration exists in the catalog but is not installed. - Integration is only partially configured. - Integration detected (for example, logs are flowing) but not explicitly installed. - Integration is in an error state. x-enum-varnames: - INSTALLED - AVAILABLE - PARTIALLY_INSTALLED - DETECTED - ERROR SecurityMonitoringContentPackStateAttributes: description: Attributes of a content pack state properties: cloud_siem_index_incorrect: description: Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models) example: false type: boolean cp_activation: $ref: "#/components/schemas/SecurityMonitoringContentPackActivation" filters_configured_for_logs: description: |- Whether filters (Security Filters or Index Query depending on the pricing model) are present and correctly configured to route logs into Cloud SIEM. example: true type: boolean integration_installed_status: $ref: "#/components/schemas/SecurityMonitoringContentPackIntegrationStatus" logs_last_collected: $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket" logs_seen_from_any_index: description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. example: true type: boolean state: $ref: "#/components/schemas/SecurityMonitoringContentPackStatus" required: - state - cp_activation - logs_seen_from_any_index - logs_last_collected - cloud_siem_index_incorrect - filters_configured_for_logs type: object SecurityMonitoringContentPackStateData: description: Content pack state data. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringContentPackStateAttributes" id: description: The content pack identifier. example: aws-cloudtrail type: string type: $ref: "#/components/schemas/SecurityMonitoringContentPackStateType" required: - id - type - attributes type: object SecurityMonitoringContentPackStateMeta: description: Metadata for content pack states properties: cloud_siem_index_incorrect: description: Whether the cloud SIEM index configuration is incorrect at the organization level example: false type: boolean sku: $ref: "#/components/schemas/SecurityMonitoringSKU" required: - cloud_siem_index_incorrect - sku type: object SecurityMonitoringContentPackStateType: description: Type for content pack state object enum: - content_pack_state example: content_pack_state type: string x-enum-varnames: - CONTENT_PACK_STATE SecurityMonitoringContentPackStatesResponse: description: Response containing content pack states. properties: data: description: Array of content pack states. items: $ref: "#/components/schemas/SecurityMonitoringContentPackStateData" type: array meta: $ref: "#/components/schemas/SecurityMonitoringContentPackStateMeta" required: - data - meta type: object SecurityMonitoringContentPackStatus: description: The current operational status of a content pack. enum: - install - activate - initializing - active - warning - broken example: active type: string x-enum-descriptions: - Not activated; no logs detected in the last 72 hours. - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM. - Activated; awaiting first log ingestion. - Activated; logs received within the last 24 hours. - Activated; integration not installed or logs last seen 24 to 72 hours ago. - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered. x-enum-varnames: - INSTALL - ACTIVATE - INITIALIZING - ACTIVE - WARNING - BROKEN SecurityMonitoringContentPackTimestampBucket: description: Timestamp bucket indicating when logs were last collected. enum: - not_seen - within_24_hours - within_24_to_72_hours - over_72h_to_30d - over_30d example: within_24_hours type: string x-enum-descriptions: - No logs observed. - Logs received within the last 24 hours. - Logs last seen 24 to 72 hours ago. - Logs last seen 3 to 30 days ago. - Logs last seen more than 30 days ago. x-enum-varnames: - NOT_SEEN - WITHIN_24_HOURS - WITHIN_24_TO_72_HOURS - OVER_72H_TO_30D - OVER_30D SecurityMonitoringCriticalAsset: description: The critical asset's properties. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetAttributes" id: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetID" type: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetType" type: object SecurityMonitoringCriticalAssetAttributes: description: The attributes of the critical asset. properties: creation_author_id: description: ID of user who created the critical asset. example: 367742 format: int64 type: integer creation_date: description: A Unix millisecond timestamp given the creation date of the critical asset. format: int64 type: integer creator: $ref: "#/components/schemas/SecurityMonitoringUser" enabled: description: Whether the critical asset is enabled. example: true type: boolean query: description: The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. example: security:monitoring type: string rule_query: description: The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. example: type:log_detection source:cloudtrail type: string severity: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetSeverity" tags: description: List of tags associated with the critical asset. example: - team:database - source:cloudtrail items: description: A tag string in `key:value` format. type: string type: array update_author_id: description: ID of user who updated the critical asset. example: 367743 format: int64 type: integer update_date: description: A Unix millisecond timestamp given the update date of the critical asset. format: int64 type: integer updater: $ref: "#/components/schemas/SecurityMonitoringUser" version: description: The version of the critical asset; it starts at 1, and is incremented at each update. example: 2 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringCriticalAssetCreateAttributes: description: Object containing the attributes of the critical asset to be created. properties: enabled: default: true description: Whether the critical asset is enabled. Defaults to `true` if not specified. example: true type: boolean query: description: The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. example: security:monitoring type: string rule_query: description: The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. example: type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail type: string severity: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetSeverity" tags: description: List of tags associated with the critical asset. example: - team:database - source:cloudtrail items: description: A tag string in `key:value` format. type: string type: array required: - query - severity - rule_query type: object SecurityMonitoringCriticalAssetCreateData: description: Object for a single critical asset. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetCreateAttributes" type: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetType" required: - type - attributes type: object SecurityMonitoringCriticalAssetCreateRequest: description: Request object that includes the critical asset that you would like to create. properties: data: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetCreateData" required: - data type: object SecurityMonitoringCriticalAssetID: description: The ID of the critical asset. example: 4e2435a5-6670-4b8f-baff-46083cd1c250 type: string SecurityMonitoringCriticalAssetResponse: description: Response object containing a single critical asset. properties: data: $ref: "#/components/schemas/SecurityMonitoringCriticalAsset" type: object SecurityMonitoringCriticalAssetSeverity: description: Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). enum: - info - low - medium - high - critical - increase - decrease - no-op example: increase type: string x-enum-varnames: - INFO - LOW - MEDIUM - HIGH - CRITICAL - INCREASE - DECREASE - NO_OP SecurityMonitoringCriticalAssetType: default: critical_assets description: The type of the resource. The value should always be `critical_assets`. enum: - critical_assets example: critical_assets type: string x-enum-varnames: - CRITICAL_ASSETS SecurityMonitoringCriticalAssetUpdateAttributes: description: The critical asset properties to be updated. properties: enabled: description: Whether the critical asset is enabled. example: true type: boolean query: description: The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. example: security:monitoring type: string rule_query: description: The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. example: type:log_detection source:cloudtrail type: string severity: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetSeverity" tags: description: List of tags associated with the critical asset. example: - technique:T1110-brute-force - source:cloudtrail items: description: A tag string in `key:value` format. type: string type: array version: description: The version of the critical asset being updated. Used for optimistic locking to prevent concurrent modifications. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringCriticalAssetUpdateData: description: The new critical asset properties; partial updates are supported. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetUpdateAttributes" type: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetType" required: - type - attributes type: object SecurityMonitoringCriticalAssetUpdateRequest: description: Request object containing the fields to update on the critical asset. properties: data: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetUpdateData" required: - data type: object SecurityMonitoringCriticalAssetsResponse: description: Response object containing the available critical assets. properties: data: description: A list of critical assets objects. items: $ref: "#/components/schemas/SecurityMonitoringCriticalAsset" type: array type: object SecurityMonitoringFilter: description: The rule's suppression filter. properties: action: $ref: "#/components/schemas/SecurityMonitoringFilterAction" query: description: Query for selecting logs to apply the filtering action. type: string type: object SecurityMonitoringFilterAction: description: The type of filtering action. enum: - require - suppress type: string x-enum-varnames: - REQUIRE - SUPPRESS SecurityMonitoringListRulesResponse: description: List of rules. properties: data: description: Array containing the list of rules. items: $ref: "#/components/schemas/SecurityMonitoringRuleResponse" type: array meta: $ref: "#/components/schemas/ResponseMetaAttributes" type: object SecurityMonitoringPaginatedSuppressionsResponse: description: Response object containing the available suppression rules with pagination metadata. properties: data: description: A list of suppressions objects. items: $ref: "#/components/schemas/SecurityMonitoringSuppression" type: array meta: $ref: "#/components/schemas/SecurityMonitoringSuppressionsMeta" type: object SecurityMonitoringReferenceTable: description: Reference tables used in the queries. properties: checkPresence: description: Whether to include or exclude the matched values. type: boolean columnName: description: The name of the column in the reference table. type: string logFieldPath: description: The field in the log to match against the reference table. type: string ruleQueryName: description: The name of the query to apply the reference table to. type: string tableName: description: The name of the reference table. type: string type: object SecurityMonitoringRuleAnomalyDetectionOptions: additionalProperties: {} description: Options on anomaly detection method. properties: bucketDuration: $ref: "#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration" detectionTolerance: $ref: "#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance" instantaneousBaseline: $ref: "#/components/schemas/SecurityMonitoringRuleInstantaneousBaseline" learningDuration: $ref: "#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration" learningPeriodBaseline: description: An optional override baseline to apply while the rule is in the learning period. Must be greater than or equal to 0. format: int64 minimum: 0 type: integer type: object SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration: description: "Duration in seconds of the time buckets used to aggregate events matched by the rule.\nMust be greater than or equal to 300." enum: - 300 - 600 - 900 - 1800 - 3600 - 10800 example: 300 format: int32 type: integer x-enum-varnames: - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - THREE_HOURS SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance: description: "An optional parameter that sets how permissive anomaly detection is.\nHigher values require higher deviations before triggering a signal." enum: - 1 - 2 - 3 - 4 - 5 example: 5 format: int32 type: integer x-enum-varnames: - ONE - TWO - THREE - FOUR - FIVE SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration: description: Learning duration in hours. Anomaly detection waits for at least this amount of historical data before it starts evaluating. enum: - 1 - 6 - 12 - 24 - 48 - 168 - 336 format: int32 type: integer x-enum-varnames: - ONE_HOUR - SIX_HOURS - TWELVE_HOURS - ONE_DAY - TWO_DAYS - ONE_WEEK - TWO_WEEKS SecurityMonitoringRuleBulkDeleteAttributes: description: Attributes for bulk deleting security monitoring rules. properties: ruleIds: description: List of rule IDs to delete. example: - abc-000-u7q - abc-000-7dd items: description: A rule ID to delete. type: string minItems: 1 type: array required: - ruleIds type: object SecurityMonitoringRuleBulkDeleteData: description: Data for bulk deleting security monitoring rules. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteAttributes" type: $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteRequestDataType" required: - attributes - type type: object SecurityMonitoringRuleBulkDeletePayload: description: Payload for bulk deleting security monitoring rules. properties: data: $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteData" required: - data type: object SecurityMonitoringRuleBulkDeleteRequestDataType: description: The resource type for a bulk delete request. enum: - bulk_delete_rules example: bulk_delete_rules type: string x-enum-varnames: - BULK_DELETE_RULES SecurityMonitoringRuleBulkDeleteResponse: description: Response for bulk deleting security monitoring rules. properties: deletedRules: description: List of successfully deleted rule IDs. items: type: string type: array failedRules: description: List of rule IDs that could not be deleted. items: type: string type: array type: object SecurityMonitoringRuleBulkExportAttributes: description: Attributes for bulk exporting security monitoring rules. properties: ruleIds: description: "List of rule IDs to export. Each rule will be included in the resulting ZIP file\nas a separate JSON file." example: - def-000-u7q - def-000-7dd items: description: A rule ID to include in the bulk export. type: string minItems: 1 type: array required: - ruleIds type: object SecurityMonitoringRuleBulkExportData: description: Data for bulk exporting security monitoring rules. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringRuleBulkExportAttributes" id: description: Request ID. example: bulk_export type: string type: $ref: "#/components/schemas/SecurityMonitoringRuleBulkExportDataType" required: - attributes - type type: object SecurityMonitoringRuleBulkExportDataType: description: The type of the resource. enum: - security_monitoring_rules_bulk_export example: security_monitoring_rules_bulk_export type: string x-enum-varnames: - SECURITY_MONITORING_RULES_BULK_EXPORT SecurityMonitoringRuleBulkExportPayload: description: Payload for bulk exporting security monitoring rules. properties: data: $ref: "#/components/schemas/SecurityMonitoringRuleBulkExportData" required: - data type: object SecurityMonitoringRuleCase: description: Case when signal is generated. properties: actions: description: Action to perform for each rule case. items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseAction" type: array condition: description: "A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated\nbased on the event counts in the previously defined queries." type: string customStatus: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" type: object SecurityMonitoringRuleCaseAction: description: Action to perform when a signal is triggered. Only available for Application Security rule type. properties: options: $ref: "#/components/schemas/SecurityMonitoringRuleCaseActionOptions" type: $ref: "#/components/schemas/SecurityMonitoringRuleCaseActionType" type: object SecurityMonitoringRuleCaseActionOptions: additionalProperties: {} description: Options for the rule action properties: duration: description: Duration of the action in seconds. 0 indicates no expiration. example: 0 format: int64 minimum: 0 type: integer flaggedIPType: $ref: "#/components/schemas/SecurityMonitoringRuleCaseActionOptionsFlaggedIPType" userBehaviorName: $ref: "#/components/schemas/SecurityMonitoringRuleCaseActionOptionsUserBehaviorName" type: object SecurityMonitoringRuleCaseActionOptionsFlaggedIPType: description: Used with the case action of type 'flag_ip'. The value specified in this field is applied as a flag to the IP addresses. enum: - SUSPICIOUS - FLAGGED example: FLAGGED type: string x-enum-varnames: - SUSPICIOUS - FLAGGED SecurityMonitoringRuleCaseActionOptionsUserBehaviorName: description: Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule. type: string SecurityMonitoringRuleCaseActionType: description: The action type. enum: - block_ip - block_user - user_behavior - flag_ip type: string x-enum-varnames: - BLOCK_IP - BLOCK_USER - USER_BEHAVIOR - FLAG_IP SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: actions: description: Action to perform for each rule case. items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseAction" type: array condition: description: "A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated\nbased on the event counts in the previously defined queries." type: string name: description: Name of the case. type: string notifications: description: Notification targets. items: description: Notification. type: string type: array status: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" required: - status type: object SecurityMonitoringRuleConvertPayload: description: Convert a rule from JSON to Terraform. oneOf: - $ref: "#/components/schemas/SecurityMonitoringStandardRulePayload" - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload" SecurityMonitoringRuleConvertResponse: description: Result of the convert rule request containing Terraform content. properties: ruleId: description: the ID of the rule. type: string terraformContent: description: Terraform string as a result of converting the rule from JSON. type: string type: object SecurityMonitoringRuleCreatePayload: description: Create a new rule. oneOf: - $ref: "#/components/schemas/SecurityMonitoringStandardRuleCreatePayload" - $ref: "#/components/schemas/SecurityMonitoringSignalRuleCreatePayload" - $ref: "#/components/schemas/CloudConfigurationRuleCreatePayload" SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv: description: "If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise.\nThe severity is decreased by one level: `CRITICAL` in production becomes `HIGH` in non-production, `HIGH` becomes `MEDIUM` and so on. `INFO` remains `INFO`.\nThe decrement is applied when the environment tag of the signal starts with `staging`, `test` or `dev`." example: false type: boolean SecurityMonitoringRuleDetectionMethod: description: The detection method. enum: - threshold - new_value - anomaly_detection - impossible_travel - hardcoded - third_party - anomaly_threshold - sequence_detection type: string x-enum-varnames: - THRESHOLD - NEW_VALUE - ANOMALY_DETECTION - IMPOSSIBLE_TRAVEL - HARDCODED - THIRD_PARTY - ANOMALY_THRESHOLD - SEQUENCE_DETECTION SecurityMonitoringRuleEvaluationWindow: description: "A time window is specified to match when at least one of the cases matches true. This is a sliding window\nand evaluates in real time. For third party detection method, this field is not used." enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleHardcodedEvaluatorType: description: Hardcoded evaluator type. enum: - log4shell type: string x-enum-varnames: - LOG4SHELL SecurityMonitoringRuleImpossibleTravelOptions: description: Options on impossible travel detection method. properties: baselineUserLocations: $ref: "#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptionsBaselineUserLocations" type: object SecurityMonitoringRuleImpossibleTravelOptionsBaselineUserLocations: description: "If true, signals are suppressed for the first 24 hours. In that time, Datadog learns the user's regular\naccess locations. This can be helpful to reduce noise and infer VPN usage or credentialed API access." example: true type: boolean SecurityMonitoringRuleInstantaneousBaseline: description: When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time. example: false type: boolean SecurityMonitoringRuleKeepAlive: description: 'Once a signal is generated, the signal will remain "open" if a case is matched at least once within this keep alive window. For third party detection method, this field is not used.' enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleMaxSignalDuration: description: 'A signal will "close" regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp.' enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleNewValueOptions: description: Options on new value detection method. properties: forgetAfter: $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter" instantaneousBaseline: $ref: "#/components/schemas/SecurityMonitoringRuleInstantaneousBaseline" learningDuration: $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration" learningMethod: $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningMethod" learningThreshold: $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningThreshold" type: object SecurityMonitoringRuleNewValueOptionsForgetAfter: description: The duration in days after which a learned value is forgotten. format: int32 maximum: 30 minimum: 1 type: integer SecurityMonitoringRuleNewValueOptionsLearningDuration: default: 0 description: "The duration in days during which values are learned, and after which signals will be generated for values that\nweren't learned. If set to 0, a signal will be generated for all new values after the first value is learned." format: int32 maximum: 30 minimum: 0 type: integer SecurityMonitoringRuleNewValueOptionsLearningMethod: default: duration description: The learning method used to determine when signals should be generated for values that weren't learned. enum: - duration - threshold type: string x-enum-varnames: - DURATION - THRESHOLD SecurityMonitoringRuleNewValueOptionsLearningThreshold: default: 0 description: A number of occurrences after which signals will be generated for values that weren't learned. enum: - 0 - 1 format: int32 type: integer x-enum-varnames: - ZERO_OCCURRENCES - ONE_OCCURRENCE SecurityMonitoringRuleOptions: description: Options. properties: anomalyDetectionOptions: $ref: "#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions" complianceRuleOptions: $ref: "#/components/schemas/CloudConfigurationComplianceRuleOptions" decreaseCriticalityBasedOnEnv: $ref: "#/components/schemas/SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv" detectionMethod: $ref: "#/components/schemas/SecurityMonitoringRuleDetectionMethod" evaluationWindow: $ref: "#/components/schemas/SecurityMonitoringRuleEvaluationWindow" hardcodedEvaluatorType: $ref: "#/components/schemas/SecurityMonitoringRuleHardcodedEvaluatorType" impossibleTravelOptions: $ref: "#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions" keepAlive: $ref: "#/components/schemas/SecurityMonitoringRuleKeepAlive" maxSignalDuration: $ref: "#/components/schemas/SecurityMonitoringRuleMaxSignalDuration" newValueOptions: $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptions" sequenceDetectionOptions: $ref: "#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions" thirdPartyRuleOptions: $ref: "#/components/schemas/SecurityMonitoringRuleThirdPartyOptions" type: object SecurityMonitoringRuleQuery: description: Query for matching rule. oneOf: - $ref: "#/components/schemas/SecurityMonitoringStandardRuleQuery" - $ref: "#/components/schemas/SecurityMonitoringSignalRuleQuery" SecurityMonitoringRuleQueryAggregation: description: The aggregation type. enum: - count - cardinality - sum - max - new_value - geo_data - event_count - none type: string x-enum-varnames: - COUNT - CARDINALITY - SUM - MAX - NEW_VALUE - GEO_DATA - EVENT_COUNT - NONE SecurityMonitoringRuleQueryPayload: description: Payload to test a rule query with the expected result. properties: expectedResult: description: Expected result of the test. example: true type: boolean index: description: Index of the query under test. example: 0 format: int64 minimum: 0 type: integer payload: $ref: "#/components/schemas/SecurityMonitoringRuleQueryPayloadData" type: object SecurityMonitoringRuleQueryPayloadData: additionalProperties: {} description: Payload used to test the rule query. properties: ddsource: description: Source of the payload. example: nginx type: string ddtags: description: Tags associated with your data. example: env:staging,version:5.1 type: string hostname: description: The name of the originating host of the log. example: i-012345678 type: string message: description: The message of the payload. example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World type: string service: description: The name of the application or service generating the data. example: payment type: string type: object SecurityMonitoringRuleResponse: description: Create a new rule. oneOf: - $ref: "#/components/schemas/SecurityMonitoringStandardRuleResponse" - $ref: "#/components/schemas/SecurityMonitoringSignalRuleResponse" SecurityMonitoringRuleSequenceDetectionOptions: description: Options on sequence detection method. properties: stepTransitions: description: Transitions defining the allowed order of steps and their evaluation windows. items: $ref: "#/components/schemas/SecurityMonitoringRuleSequenceDetectionStepTransition" type: array steps: description: Steps that define the conditions to be matched in sequence. items: $ref: "#/components/schemas/SecurityMonitoringRuleSequenceDetectionStep" type: array type: object SecurityMonitoringRuleSequenceDetectionStep: description: Step definition for sequence detection containing the step name, condition, and evaluation window. properties: condition: description: Condition referencing rule queries (e.g., `a > 0`). type: string evaluationWindow: $ref: "#/components/schemas/SecurityMonitoringRuleEvaluationWindow" name: description: Unique name identifying the step. type: string type: object SecurityMonitoringRuleSequenceDetectionStepTransition: description: Transition from a parent step to a child step within a sequence detection rule. properties: child: description: Name of the child step. type: string evaluationWindow: $ref: "#/components/schemas/SecurityMonitoringRuleEvaluationWindow" parent: description: Name of the parent step. type: string type: object SecurityMonitoringRuleSeverity: description: Severity of the Security Signal. enum: - info - low - medium - high - critical example: critical type: string x-enum-varnames: - INFO - LOW - MEDIUM - HIGH - CRITICAL SecurityMonitoringRuleSort: description: The sort parameters used for querying security monitoring rules. enum: - name - creation_date - update_date - enabled - type - highest_severity - source - -name - -creation_date - -update_date - -enabled - -type - -highest_severity - -source type: string x-enum-varnames: - NAME - CREATION_DATE - UPDATE_DATE - ENABLED - TYPE - HIGHEST_SEVERITY - SOURCE - NAME_DESCENDING - CREATION_DATE_DESCENDING - UPDATE_DATE_DESCENDING - ENABLED_DESCENDING - TYPE_DESCENDING - HIGHEST_SEVERITY_DESCENDING - SOURCE_DESCENDING SecurityMonitoringRuleTestPayload: description: Test a rule. oneOf: - $ref: "#/components/schemas/SecurityMonitoringStandardRuleTestPayload" SecurityMonitoringRuleTestRequest: description: Test the rule queries of a rule (rule property is ignored when applied to an existing rule) properties: rule: $ref: "#/components/schemas/SecurityMonitoringRuleTestPayload" ruleQueryPayloads: description: Data payloads used to test rules query with the expected result. items: $ref: "#/components/schemas/SecurityMonitoringRuleQueryPayload" type: array type: object SecurityMonitoringRuleTestResponse: description: Result of the test of the rule queries. properties: results: description: "Assert results are returned in the same order as the rule query payloads.\nFor each payload, it returns True if the result matched the expected result,\nFalse otherwise." items: description: Whether the rule query result matched the expected result. type: boolean type: array type: object SecurityMonitoringRuleThirdPartyOptions: description: Options on third party detection method. properties: defaultNotifications: description: Notification targets for the logs that do not correspond to any of the cases. items: description: Notification. type: string type: array defaultStatus: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" rootQueries: description: Queries to be combined with third party case queries. Each of them can have different group by fields, to aggregate differently based on the type of alert. items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRootQuery" type: array signalTitleTemplate: description: A template for the signal title; if omitted, the title is generated based on the case name. type: string type: object SecurityMonitoringRuleTypeCreate: description: The rule type. enum: - api_security - application_security - log_detection - workload_activity - workload_security type: string x-enum-varnames: - API_SECURITY - APPLICATION_SECURITY - LOG_DETECTION - WORKLOAD_ACTIVITY - WORKLOAD_SECURITY SecurityMonitoringRuleTypeRead: description: The rule type. enum: - log_detection - infrastructure_configuration - workload_security - cloud_configuration - application_security - api_security - workload_activity type: string x-enum-varnames: - LOG_DETECTION - INFRASTRUCTURE_CONFIGURATION - WORKLOAD_SECURITY - CLOUD_CONFIGURATION - APPLICATION_SECURITY - API_SECURITY - WORKLOAD_ACTIVITY SecurityMonitoringRuleTypeTest: description: The rule type. enum: - log_detection type: string x-enum-varnames: - LOG_DETECTION SecurityMonitoringRuleUpdatePayload: description: Update an existing rule. properties: calculatedFields: description: Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. items: $ref: "#/components/schemas/CalculatedField" type: array cases: description: Cases for generating signals. items: $ref: "#/components/schemas/SecurityMonitoringRuleCase" type: array complianceSignalOptions: $ref: "#/components/schemas/CloudConfigurationRuleComplianceSignalOptions" customMessage: description: Custom/Overridden Message for generated signals (used in case of Default rule update). type: string customName: description: Custom/Overridden name (used in case of Default rule update). type: string filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: Name of the rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting logs which are part of the rule. items: $ref: "#/components/schemas/SecurityMonitoringRuleQuery" type: array referenceTables: description: Reference tables for the rule. items: $ref: "#/components/schemas/SecurityMonitoringReferenceTable" type: array schedulingOptions: $ref: "#/components/schemas/SecurityMonitoringSchedulingOptions" tags: description: Tags for generated signals. items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCase" type: array version: description: The version of the rule being updated. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringRuleValidatePayload: description: Validate a rule. oneOf: - $ref: "#/components/schemas/SecurityMonitoringStandardRulePayload" - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload" - $ref: "#/components/schemas/CloudConfigurationRulePayload" SecurityMonitoringSKU: description: The Cloud SIEM pricing model (SKU) for the organization. enum: - per_gb_analyzed - per_event_in_siem_index_2023 - add_on_2024 example: add_on_2024 type: string x-enum-varnames: - PER_GB_ANALYZED - PER_EVENT_IN_SIEM_INDEX_2023 - ADD_ON_2024 SecurityMonitoringSchedulingOptions: description: Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. nullable: true properties: rrule: description: Schedule for the rule queries, written in RRULE syntax. See [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html) for syntax reference. example: FREQ=HOURLY;INTERVAL=1; type: string start: description: Start date for the schedule, in ISO 8601 format without timezone. example: "2025-07-14T12:00:00" type: string timezone: description: Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) format. example: America/New_York type: string type: object SecurityMonitoringSignal: description: Object description of a security signal. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalAttributes" id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: "#/components/schemas/SecurityMonitoringSignalType" type: object SecurityMonitoringSignalArchiveComment: description: Optional comment to display on archived signals. type: string SecurityMonitoringSignalArchiveReason: description: Reason a signal is archived. enum: - none - false_positive - testing_or_maintenance - remediated - investigated_case_opened - true_positive_benign - true_positive_malicious - other type: string x-enum-varnames: - NONE - FALSE_POSITIVE - TESTING_OR_MAINTENANCE - REMEDIATED - INVESTIGATED_CASE_OPENED - TRUE_POSITIVE_BENIGN - TRUE_POSITIVE_MALICIOUS - OTHER SecurityMonitoringSignalAssigneeUpdateAttributes: description: Attributes describing the new assignee of a security signal. properties: assignee: $ref: "#/components/schemas/SecurityMonitoringTriageUser" version: $ref: "#/components/schemas/SecurityMonitoringSignalVersion" required: - assignee type: object SecurityMonitoringSignalAssigneeUpdateData: description: Data containing the patch for changing the assignee of a signal. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalAssigneeUpdateAttributes" required: - attributes type: object SecurityMonitoringSignalAssigneeUpdateRequest: description: Request body for changing the assignee of a given security monitoring signal. properties: data: $ref: "#/components/schemas/SecurityMonitoringSignalAssigneeUpdateData" required: - data type: object SecurityMonitoringSignalAttributes: additionalProperties: {} description: "The object containing all signal attributes and their\nassociated values." properties: custom: additionalProperties: {} description: A JSON object of attributes in the security signal. example: workflow: first_seen: "2020-06-23T14:46:01.000Z" last_seen: "2020-06-23T14:46:49.000Z" rule: id: 0f5-e0c-805 name: "Brute Force Attack Grouped By User" version: 12 type: object message: description: The message in the security signal defined by the rule that generated the signal. example: Detect Account Take Over (ATO) through brute force attempts type: string tags: description: An array of tags associated with the security signal. example: - security:attack - technique:T1110-brute-force items: description: The tag associated with the security signal. type: string type: array timestamp: description: The timestamp of the security signal. example: "2019-01-02T09:42:36.320Z" format: date-time type: string type: object SecurityMonitoringSignalIncidentIds: description: Array of incidents that are associated with this signal. example: - 2066 items: description: Public ID attribute of the incident that is associated with the signal. example: 2066 format: int64 type: integer type: array SecurityMonitoringSignalIncidentsUpdateAttributes: description: Attributes describing the new list of related signals for a security signal. properties: incident_ids: $ref: "#/components/schemas/SecurityMonitoringSignalIncidentIds" version: $ref: "#/components/schemas/SecurityMonitoringSignalVersion" required: - incident_ids type: object SecurityMonitoringSignalIncidentsUpdateData: description: Data containing the patch for changing the related incidents of a signal. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalIncidentsUpdateAttributes" required: - attributes type: object SecurityMonitoringSignalIncidentsUpdateRequest: description: Request body for changing the related incidents of a given security monitoring signal. properties: data: $ref: "#/components/schemas/SecurityMonitoringSignalIncidentsUpdateData" required: - data type: object SecurityMonitoringSignalInvestigationQueryTemplateVariables: additionalProperties: items: description: A value for this template variable extracted from the signal. type: string type: array description: Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. example: "@userIdentity.arn": - foo type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: filter: $ref: "#/components/schemas/SecurityMonitoringSignalListRequestFilter" page: $ref: "#/components/schemas/SecurityMonitoringSignalListRequestPage" sort: $ref: "#/components/schemas/SecurityMonitoringSignalsSort" type: object SecurityMonitoringSignalListRequestFilter: description: Search filters for listing security signals. properties: from: description: The minimum timestamp for requested security signals. example: "2019-01-02T09:42:36.320Z" format: date-time type: string query: description: Search query for listing security signals. example: security:attack status:high type: string to: description: The maximum timestamp for requested security signals. example: "2019-01-03T09:42:36.320Z" format: date-time type: string type: object SecurityMonitoringSignalListRequestPage: description: The paging attributes for listing security signals. properties: cursor: description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: The maximum number of security signals in the response. example: 25 format: int32 maximum: 1000 type: integer type: object SecurityMonitoringSignalMetadataType: default: signal_metadata description: The type of event. enum: - signal_metadata example: signal_metadata type: string x-enum-varnames: - SIGNAL_METADATA SecurityMonitoringSignalResponse: description: Security Signal response data object. properties: data: $ref: "#/components/schemas/SecurityMonitoringSignal" type: object SecurityMonitoringSignalRuleCreatePayload: description: Create a new signal correlation rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: "" type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting signals which are part of the rule. example: [] items: $ref: "#/components/schemas/SecurityMonitoringSignalRuleQuery" type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: "#/components/schemas/SecurityMonitoringSignalRuleType" required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringSignalRulePayload: description: The payload of a signal correlation rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" type: array customMessage: description: Custom/Overridden message for generated signals (used in case of Default rule update). type: string customName: description: Custom/Overridden name of the rule (used in case of Default rule update). type: string filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: "" type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting signals which are part of the rule. example: [] items: $ref: "#/components/schemas/SecurityMonitoringSignalRuleQuery" type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: "#/components/schemas/SecurityMonitoringSignalRuleType" required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringSignalRuleQuery: description: Query for matching rule on signals. properties: aggregation: $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" correlatedByFields: description: Fields to group by. items: description: Field. type: string type: array correlatedQueryIndex: description: Index of the rule query used to retrieve the correlated field. format: int32 maximum: 9 type: integer metrics: description: Group of target fields to aggregate over. items: description: Field. type: string type: array name: description: Name of the query. type: string ruleId: description: Rule ID to match on signals. example: org-ru1-e1d type: string required: - ruleId type: object SecurityMonitoringSignalRuleResponse: description: Rule. properties: cases: description: Cases for generating signals. items: $ref: "#/components/schemas/SecurityMonitoringRuleCase" type: array createdAt: description: When the rule was created, timestamp in milliseconds. format: int64 type: integer creationAuthorId: description: User ID of the user who created the rule. format: int64 type: integer customMessage: description: Custom/Overridden message for generated signals (used in case of Default rule update). type: string customName: description: Custom/Overridden name of the rule (used in case of Default rule update). type: string deprecationDate: description: When the rule will be deprecated, timestamp in milliseconds. format: int64 type: integer filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. type: boolean id: description: The ID of the rule. type: string isDefault: description: Whether the rule is included by default. type: boolean isDeleted: description: Whether the rule has been deleted. type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: The name of the rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting logs which are part of the rule. items: $ref: "#/components/schemas/SecurityMonitoringSignalRuleResponseQuery" type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array type: $ref: "#/components/schemas/SecurityMonitoringSignalRuleType" updateAuthorId: description: User ID of the user who updated the rule. format: int64 type: integer version: description: The version of the rule. format: int64 type: integer type: object SecurityMonitoringSignalRuleResponseQuery: description: Query for matching rule on signals. properties: aggregation: $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" correlatedByFields: description: Fields to correlate by. items: description: Field. type: string type: array correlatedQueryIndex: description: Index of the rule query used to retrieve the correlated field. format: int32 maximum: 9 type: integer defaultRuleId: description: Default Rule ID to match on signals. example: d3f-ru1-e1d type: string distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array metrics: description: Group of target fields to aggregate over. items: description: Field. type: string type: array name: description: Name of the query. type: string ruleId: description: Rule ID to match on signals. example: org-ru1-e1d type: string type: object SecurityMonitoringSignalRuleType: description: The rule type. enum: - signal_correlation type: string x-enum-varnames: - SIGNAL_CORRELATION SecurityMonitoringSignalState: description: The new triage state of the signal. enum: - open - archived - under_review example: open type: string x-enum-varnames: - OPEN - ARCHIVED - UNDER_REVIEW SecurityMonitoringSignalStateUpdateAttributes: description: Attributes describing the change of state of a security signal. properties: archive_comment: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment" archive_reason: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason" state: $ref: "#/components/schemas/SecurityMonitoringSignalState" version: $ref: "#/components/schemas/SecurityMonitoringSignalVersion" required: - state type: object SecurityMonitoringSignalStateUpdateData: description: Data containing the patch for changing the state of a signal. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalStateUpdateAttributes" id: description: The unique ID of the security signal. type: $ref: "#/components/schemas/SecurityMonitoringSignalMetadataType" required: - attributes type: object SecurityMonitoringSignalStateUpdateRequest: description: Request body for changing the state of a given security monitoring signal. properties: data: $ref: "#/components/schemas/SecurityMonitoringSignalStateUpdateData" required: - data type: object SecurityMonitoringSignalSuggestedAction: description: A suggested action for a security signal. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionAttributes" id: description: The unique ID of the suggested action. example: w00-t10-992 type: string type: $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionType" required: - id - type - attributes type: object SecurityMonitoringSignalSuggestedActionAttributes: description: Attributes of a suggested action for a security signal. The available fields depend on the action type. properties: name: description: The name of the investigation log query. example: Cloudtrail events for user ARN type: string query_filter: description: The log query filter for the investigation. example: 'source:cloudtrail @userIdentity.arn:"foo"' type: string template_variables: $ref: "#/components/schemas/SecurityMonitoringSignalInvestigationQueryTemplateVariables" title: description: The title of the recommended blog post. example: Monitor Okta logs to track system access and unusual activity type: string url: description: The URL of the suggested action. example: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 type: string type: object SecurityMonitoringSignalSuggestedActionList: description: List of suggested actions for a security signal. example: - attributes: name: Cloudtrail events for user ARN query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' template_variables: "@userIdentity.arn": - foo url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 id: w00-t10-992 type: investigation_log_queries - attributes: title: Monitor Okta logs to track system access and unusual activity url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ id: bxy-o8v-i1a type: recommended_blog_posts items: $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedAction" type: array SecurityMonitoringSignalSuggestedActionType: description: The type of the suggested action resource. enum: - investigation_log_queries - recommended_blog_posts example: investigation_log_queries type: string x-enum-varnames: - INVESTIGATION_LOG_QUERIES - RECOMMENDED_BLOG_POSTS SecurityMonitoringSignalSuggestedActionsResponse: description: Response with suggested actions for a security signal. properties: data: $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionList" required: - data type: object SecurityMonitoringSignalTriageAttributes: description: Attributes describing a triage state update operation over a security signal. properties: archive_comment: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment" archive_comment_timestamp: description: Timestamp of the last edit to the comment. format: int64 minimum: 0 type: integer archive_comment_user: $ref: "#/components/schemas/SecurityMonitoringTriageUser" archive_reason: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason" assignee: $ref: "#/components/schemas/SecurityMonitoringTriageUser" incident_ids: $ref: "#/components/schemas/SecurityMonitoringSignalIncidentIds" state: $ref: "#/components/schemas/SecurityMonitoringSignalState" state_update_timestamp: description: Timestamp of the last update to the signal state. format: int64 minimum: 0 type: integer state_update_user: $ref: "#/components/schemas/SecurityMonitoringTriageUser" required: - assignee - state - incident_ids type: object SecurityMonitoringSignalTriageUpdateData: description: Data containing the updated triage attributes of the signal. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalTriageAttributes" id: description: The unique ID of the security signal. type: string type: $ref: "#/components/schemas/SecurityMonitoringSignalMetadataType" type: object SecurityMonitoringSignalTriageUpdateResponse: description: The response returned after all triage operations, containing the updated signal triage data. properties: data: $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateData" required: - data type: object SecurityMonitoringSignalType: default: signal description: The type of event. enum: - signal example: signal type: string x-enum-varnames: - SIGNAL SecurityMonitoringSignalUpdateAttributes: description: Attributes for updating the triage state or assignee of a security signal. properties: archive_comment: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment" archive_reason: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason" assignee: $ref: "#/components/schemas/SecurityMonitoringTriageUser" state: $ref: "#/components/schemas/SecurityMonitoringSignalState" version: $ref: "#/components/schemas/SecurityMonitoringSignalVersion" type: object SecurityMonitoringSignalUpdateData: description: Data containing the triage state or assignee update for a security signal. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes" type: $ref: "#/components/schemas/SecurityMonitoringSignalMetadataType" required: - attributes type: object SecurityMonitoringSignalUpdateRequest: description: Request body for updating the triage state or assignee of a security signal. properties: data: $ref: "#/components/schemas/SecurityMonitoringSignalUpdateData" required: - data type: object SecurityMonitoringSignalVersion: description: Version of the updated signal. If server side version is higher, update will be rejected. format: int64 type: integer SecurityMonitoringSignalsBulkAssigneeUpdateAttributes: description: Attributes describing the new assignees for a bulk signal update. properties: assignee: description: UUID of the user to assign to the signal. Use an empty string to unassign. example: 773b045d-ccf8-4808-bd3b-955ef6a8c940 type: string version: $ref: "#/components/schemas/SecurityMonitoringSignalVersion" required: - assignee type: object SecurityMonitoringSignalsBulkAssigneeUpdateData: description: Data for updating the assignees for multiple security signals. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkAssigneeUpdateAttributes" id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: "#/components/schemas/SecurityMonitoringSignalType" required: - id - attributes type: object SecurityMonitoringSignalsBulkAssigneeUpdateRequest: description: Request body for updating the assignee of multiple security signals. properties: data: description: An array of signal assignee updates. items: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkAssigneeUpdateData" maxItems: 199 type: array required: - data type: object SecurityMonitoringSignalsBulkStateUpdateData: description: Data for updating the state for multiple security signals. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalStateUpdateAttributes" id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: "#/components/schemas/SecurityMonitoringSignalType" required: - id - attributes type: object SecurityMonitoringSignalsBulkStateUpdateRequest: description: Request body for updating the triage states of multiple security signals. properties: data: description: An array of signal state updates. items: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkStateUpdateData" maxItems: 199 type: array required: - data type: object SecurityMonitoringSignalsBulkTriageEvent: description: A single signal event entry in a bulk triage update response. properties: event: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageEventAttributes" id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string required: - id - event type: object SecurityMonitoringSignalsBulkTriageEventAttributes: description: Triage attributes of a security signal returned in a bulk update response. properties: archive_comment: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment" archive_comment_timestamp: description: Timestamp of the last edit to the archive comment. format: int64 type: integer archive_comment_user: $ref: "#/components/schemas/SecurityMonitoringTriageUser" archive_reason: $ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason" assignee: $ref: "#/components/schemas/SecurityMonitoringTriageUser" id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string incident_ids: $ref: "#/components/schemas/SecurityMonitoringSignalIncidentIds" state: $ref: "#/components/schemas/SecurityMonitoringSignalState" state_update_timestamp: description: Timestamp of the last state update. format: int64 type: integer state_update_user: $ref: "#/components/schemas/SecurityMonitoringTriageUser" required: - id - state - assignee - incident_ids type: object SecurityMonitoringSignalsBulkTriageUpdateResponse: description: Response for a bulk triage update of security signals. properties: result: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResult" status: description: The status of the bulk operation. example: done type: string type: description: The type of the response. example: status type: string required: - type - status - result type: object SecurityMonitoringSignalsBulkTriageUpdateResult: description: The result payload of a bulk signal triage update. properties: count: description: The number of signals updated. example: 2 format: int64 type: integer events: description: The list of updated signals. items: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageEvent" type: array required: - count - events type: object SecurityMonitoringSignalsBulkUpdateData: description: Data for updating a single security signal in a bulk update operation. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes" id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: "#/components/schemas/SecurityMonitoringSignalType" required: - id - attributes type: object SecurityMonitoringSignalsBulkUpdateRequest: description: Request body for updating multiple attributes of multiple security signals. properties: data: description: An array of signal updates. items: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateData" maxItems: 199 type: array required: - data type: object SecurityMonitoringSignalsListResponse: description: "The response object with all security signals matching the request\nand pagination information." properties: data: description: An array of security signals matching the request. items: $ref: "#/components/schemas/SecurityMonitoringSignal" type: array links: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponseLinks" meta: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponseMeta" type: object SecurityMonitoringSignalsListResponseLinks: description: Links attributes. properties: next: description: "The link for the next set of results. **Note**: The request can also be made using the\nPOST endpoint." example: https://app.datadoghq.com/api/v2/security_monitoring/signals?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SecurityMonitoringSignalsListResponseMeta: description: Meta attributes. properties: page: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponseMetaPage" type: object SecurityMonitoringSignalsListResponseMetaPage: description: Paging attributes. properties: after: description: "The cursor used to get the next results, if any. To make the next request, use the same\nparameters with the addition of the `page[cursor]`." example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SecurityMonitoringSignalsSort: description: The sort parameters used for querying security signals. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING SecurityMonitoringStandardDataSource: default: logs description: Source of events, either logs, audit trail, security signals, or Datadog events. `app_sec_spans` is deprecated in favor of `spans`. enum: - logs - audit - app_sec_spans - spans - security_runtime - network - events - security_signals example: logs type: string x-enum-varnames: - LOGS - AUDIT - APP_SEC_SPANS - SPANS - SECURITY_RUNTIME - NETWORK - EVENTS - SECURITY_SIGNALS SecurityMonitoringStandardRuleCreatePayload: description: Create a new rule. properties: calculatedFields: description: Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. items: $ref: "#/components/schemas/CalculatedField" type: array cases: description: Cases for generating signals. example: [] items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: "" type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: "#/components/schemas/SecurityMonitoringStandardRuleQuery" type: array referenceTables: description: Reference tables for the rule. items: $ref: "#/components/schemas/SecurityMonitoringReferenceTable" type: array schedulingOptions: $ref: "#/components/schemas/SecurityMonitoringSchedulingOptions" tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate" type: array type: $ref: "#/components/schemas/SecurityMonitoringRuleTypeCreate" required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringStandardRulePayload: description: The payload of a rule. properties: calculatedFields: description: Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. items: $ref: "#/components/schemas/CalculatedField" type: array cases: description: Cases for generating signals. example: [] items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" type: array customMessage: description: Custom/Overridden message for generated signals (used in case of Default rule update). type: string customName: description: Custom/Overridden name of the rule (used in case of Default rule update). type: string filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: "" type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: "#/components/schemas/SecurityMonitoringStandardRuleQuery" type: array referenceTables: description: Reference tables for the rule. items: $ref: "#/components/schemas/SecurityMonitoringReferenceTable" type: array schedulingOptions: $ref: "#/components/schemas/SecurityMonitoringSchedulingOptions" tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate" type: array type: $ref: "#/components/schemas/SecurityMonitoringRuleTypeCreate" required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringStandardRuleQuery: description: Query for matching rule. properties: aggregation: $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" customQueryExtension: description: Query extension to append to the logs query. example: a > 3 type: string dataSource: $ref: "#/components/schemas/SecurityMonitoringStandardDataSource" distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array hasOptionalGroupByFields: default: false description: When false, events without a group-by value are ignored by the rule. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. example: false type: boolean index: description: "**This field is currently unstable and might be removed in a minor version upgrade.**\nThe index to run the query on, if the `dataSource` is `logs`. Only used for scheduled rules - in other words, when the `schedulingOptions` field is present in the rule payload." type: string indexes: description: List of indexes to query when the `dataSource` is `logs`. Only used for scheduled rules, such as when the `schedulingOptions` field is present in the rule payload. items: description: Index. type: string type: array metric: deprecated: true description: "(Deprecated) The target field to aggregate over when using the sum or max\naggregations. `metrics` field should be used instead." type: string metrics: description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. items: description: Field. type: string type: array name: description: Name of the query. type: string query: description: Query to run on logs. example: a > 3 type: string type: object SecurityMonitoringStandardRuleResponse: description: Rule. properties: calculatedFields: description: Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. items: $ref: "#/components/schemas/CalculatedField" type: array cases: description: Cases for generating signals. items: $ref: "#/components/schemas/SecurityMonitoringRuleCase" type: array complianceSignalOptions: $ref: "#/components/schemas/CloudConfigurationRuleComplianceSignalOptions" createdAt: description: When the rule was created, timestamp in milliseconds. format: int64 type: integer creationAuthorId: description: User ID of the user who created the rule. format: int64 type: integer customMessage: description: Custom/Overridden message for generated signals (used in case of Default rule update). type: string customName: description: Custom/Overridden name of the rule (used in case of Default rule update). type: string defaultTags: description: Default Tags for default rules (included in tags) example: - security:attacks items: description: Default Tag. type: string type: array deprecationDate: description: When the rule will be deprecated, timestamp in milliseconds. format: int64 type: integer filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. type: boolean id: description: The ID of the rule. type: string isDefault: description: Whether the rule is included by default. type: boolean isDeleted: description: Whether the rule has been deleted. type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: The name of the rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting logs which are part of the rule. items: $ref: "#/components/schemas/SecurityMonitoringStandardRuleQuery" type: array referenceTables: description: Reference tables for the rule. items: $ref: "#/components/schemas/SecurityMonitoringReferenceTable" type: array schedulingOptions: $ref: "#/components/schemas/SecurityMonitoringSchedulingOptions" tags: description: Tags for generated signals. items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCase" type: array type: $ref: "#/components/schemas/SecurityMonitoringRuleTypeRead" updateAuthorId: description: User ID of the user who updated the rule. format: int64 type: integer updatedAt: description: The date the rule was last updated, in milliseconds. format: int64 type: integer version: description: The version of the rule. format: int64 type: integer type: object SecurityMonitoringStandardRuleTestPayload: description: The payload of a rule to test properties: calculatedFields: description: Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. items: $ref: "#/components/schemas/CalculatedField" type: array cases: description: Cases for generating signals. example: [] items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: "#/components/schemas/SecurityMonitoringFilter" type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: "" type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: "#/components/schemas/SecurityMonitoringRuleOptions" queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: "#/components/schemas/SecurityMonitoringStandardRuleQuery" type: array referenceTables: description: Reference tables for the rule. items: $ref: "#/components/schemas/SecurityMonitoringReferenceTable" type: array schedulingOptions: $ref: "#/components/schemas/SecurityMonitoringSchedulingOptions" tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate" type: array type: $ref: "#/components/schemas/SecurityMonitoringRuleTypeTest" required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringSuppression: description: The suppression rule's properties. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSuppressionAttributes" id: $ref: "#/components/schemas/SecurityMonitoringSuppressionID" type: $ref: "#/components/schemas/SecurityMonitoringSuppressionType" type: object SecurityMonitoringSuppressionAttributes: description: The attributes of the suppression rule. properties: creation_date: description: A Unix millisecond timestamp given the creation date of the suppression rule. format: int64 type: integer creator: $ref: "#/components/schemas/SecurityMonitoringUser" data_exclusion_query: description: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. example: source:cloudtrail account_id:12345 type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. type: string editable: description: Whether the suppression rule is editable. example: true type: boolean enabled: description: Whether the suppression rule is enabled. example: true type: boolean expiration_date: description: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. example: 1703187336000 format: int64 type: integer name: description: The name of the suppression rule. example: Custom suppression type: string rule_query: description: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. example: type:log_detection source:cloudtrail type: string start_date: description: A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. example: 1703187336000 format: int64 type: integer suppression_query: description: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. example: env:staging status:low type: string tags: description: List of tags associated with the suppression rule. example: - technique:T1110-brute-force - source:cloudtrail items: description: A tag string in `key:value` format. type: string type: array update_date: description: A Unix millisecond timestamp given the update date of the suppression rule. format: int64 type: integer updater: $ref: "#/components/schemas/SecurityMonitoringUser" version: description: The version of the suppression rule; it starts at 1, and is incremented at each update. example: 42 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringSuppressionCreateAttributes: description: Object containing the attributes of the suppression rule to be created. properties: data_exclusion_query: description: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. example: source:cloudtrail account_id:12345 type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. type: string enabled: description: Whether the suppression rule is enabled. example: true type: boolean expiration_date: description: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. example: 1703187336000 format: int64 type: integer name: description: The name of the suppression rule. example: Custom suppression type: string rule_query: description: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. example: type:log_detection source:cloudtrail type: string start_date: description: A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. example: 1703187336000 format: int64 type: integer suppression_query: description: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. example: env:staging status:low type: string tags: description: List of tags associated with the suppression rule. example: - technique:T1110-brute-force - source:cloudtrail items: description: A tag string in `key:value` format. type: string type: array required: - name - enabled - rule_query type: object SecurityMonitoringSuppressionCreateData: description: Object for a single suppression rule. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSuppressionCreateAttributes" type: $ref: "#/components/schemas/SecurityMonitoringSuppressionType" required: - type - attributes type: object SecurityMonitoringSuppressionCreateRequest: description: Request object that includes the suppression rule that you would like to create. properties: data: $ref: "#/components/schemas/SecurityMonitoringSuppressionCreateData" required: - data type: object SecurityMonitoringSuppressionID: description: The ID of the suppression rule. example: 3dd-0uc-h1s type: string SecurityMonitoringSuppressionResponse: description: Response object containing a single suppression rule. properties: data: $ref: "#/components/schemas/SecurityMonitoringSuppression" type: object SecurityMonitoringSuppressionSort: description: The sort parameters used for querying suppression rules. enum: - name - start_date - expiration_date - update_date - enabled - -name - -start_date - -expiration_date - -update_date - -creation_date - -enabled type: string x-enum-varnames: - NAME - START_DATE - EXPIRATION_DATE - UPDATE_DATE - ENABLED - NAME_DESCENDING - START_DATE_DESCENDING - EXPIRATION_DATE_DESCENDING - UPDATE_DATE_DESCENDING - CREATION_DATE_DESCENDING - ENABLED_DESCENDING SecurityMonitoringSuppressionType: default: suppressions description: The type of the resource. The value should always be `suppressions`. enum: - suppressions example: suppressions type: string x-enum-varnames: - SUPPRESSIONS SecurityMonitoringSuppressionUpdateAttributes: description: The suppression rule properties to be updated. properties: data_exclusion_query: description: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. example: source:cloudtrail account_id:12345 type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. type: string enabled: description: Whether the suppression rule is enabled. example: true type: boolean expiration_date: description: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. If unset, the expiration date of the suppression rule is left untouched. If set to `null`, the expiration date is removed. example: 1703187336000 format: int64 nullable: true type: integer name: description: The name of the suppression rule. example: Custom suppression type: string rule_query: description: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. example: type:log_detection source:cloudtrail type: string start_date: description: A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. If unset, the start date of the suppression rule is left untouched. If set to `null`, the start date is removed. example: 1703187336000 format: int64 nullable: true type: integer suppression_query: description: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. example: env:staging status:low type: string tags: description: List of tags associated with the suppression rule. example: - technique:T1110-brute-force - source:cloudtrail items: description: A tag string in `key:value` format. type: string type: array version: description: The current version of the suppression. This is optional, but it can help prevent concurrent modifications. format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringSuppressionUpdateData: description: The new suppression properties; partial updates are supported. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringSuppressionUpdateAttributes" type: $ref: "#/components/schemas/SecurityMonitoringSuppressionType" required: - type - attributes type: object SecurityMonitoringSuppressionUpdateRequest: description: Request object containing the fields to update on the suppression rule. properties: data: $ref: "#/components/schemas/SecurityMonitoringSuppressionUpdateData" required: - data type: object SecurityMonitoringSuppressionsMeta: description: Metadata for the suppression list response. properties: page: $ref: "#/components/schemas/SecurityMonitoringSuppressionsPageMeta" type: object SecurityMonitoringSuppressionsPageMeta: description: Pagination metadata. properties: pageNumber: description: Current page number. example: 0 format: int64 type: integer pageSize: description: Current page size. example: 2 format: int64 type: integer totalCount: description: Total count of suppressions. example: 2 format: int64 type: integer type: object SecurityMonitoringSuppressionsResponse: description: Response object containing the available suppression rules. properties: data: description: A list of suppressions objects. items: $ref: "#/components/schemas/SecurityMonitoringSuppression" type: array type: object SecurityMonitoringTerraformBulkExportAttributes: description: Attributes for the bulk export request. properties: resource_ids: description: The list of resource IDs to export. Maximum 1000 items. example: - "" items: description: The ID of the resource to export. type: string maxItems: 1000 type: array required: - resource_ids type: object SecurityMonitoringTerraformBulkExportData: description: The bulk export request data object. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringTerraformBulkExportAttributes" type: description: The JSON:API type. Always `bulk_export_resources`. example: bulk_export_resources type: string required: - type - attributes type: object SecurityMonitoringTerraformBulkExportRequest: description: Request body for bulk exporting security monitoring resources to Terraform. properties: data: $ref: "#/components/schemas/SecurityMonitoringTerraformBulkExportData" required: - data type: object SecurityMonitoringTerraformConvertAttributes: description: Attributes for the convert request. properties: resource_json: additionalProperties: {} description: The resource attributes as a JSON object, matching the structure returned by the corresponding Datadog API (for example, the attributes of a suppression rule). example: enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail suppression_query: env:staging status:low type: object required: - resource_json type: object SecurityMonitoringTerraformConvertData: description: The convert request data object. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringTerraformConvertAttributes" id: description: The ID of the resource being converted. example: abc-123 type: string type: description: The JSON:API type. Always `convert_resource`. example: convert_resource type: string required: - type - id - attributes type: object SecurityMonitoringTerraformConvertRequest: description: Request body for converting a security monitoring resource JSON to Terraform. properties: data: $ref: "#/components/schemas/SecurityMonitoringTerraformConvertData" required: - data type: object SecurityMonitoringTerraformExportAttributes: description: Attributes of the Terraform export response. properties: output: description: The Terraform configuration for the resource. type: string resource_id: description: The ID of the exported resource. example: abc-123 type: string type_name: description: The Terraform resource type name. example: datadog_security_monitoring_suppression type: string required: - type_name - resource_id type: object SecurityMonitoringTerraformExportData: description: The Terraform export data object. properties: attributes: $ref: "#/components/schemas/SecurityMonitoringTerraformExportAttributes" id: description: The resource identifier composed of the Terraform type name and the resource ID separated by `|`. example: datadog_security_monitoring_suppression|abc-123 type: string type: description: The JSON:API type. Always `format_resource`. example: format_resource type: string required: - type - id - attributes type: object SecurityMonitoringTerraformExportResponse: description: Response containing the Terraform configuration for a security monitoring resource. properties: data: $ref: "#/components/schemas/SecurityMonitoringTerraformExportData" type: object SecurityMonitoringTerraformResourceType: description: The type of security monitoring resource to export to Terraform. enum: - suppressions - critical_assets type: string x-enum-varnames: - SUPPRESSIONS - CRITICAL_ASSETS SecurityMonitoringThirdPartyRootQuery: description: A query to be combined with the third party case query. properties: groupByFields: description: Fields to group by. items: description: Field. type: string type: array query: description: Query to run on logs. example: source:cloudtrail type: string type: object SecurityMonitoringThirdPartyRuleCase: description: Case when signal is generated by a third party rule. properties: customStatus: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array query: description: A query to map a third party event to this case. type: string status: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" type: object SecurityMonitoringThirdPartyRuleCaseCreate: description: Case when a signal is generated by a third party rule. properties: name: description: Name of the case. type: string notifications: description: Notification targets for each case. items: description: Notification. type: string type: array query: description: A query to map a third party event to this case. type: string status: $ref: "#/components/schemas/SecurityMonitoringRuleSeverity" required: - status type: object SecurityMonitoringTriageUser: description: Object representing a given user entity. properties: handle: description: The handle for this user account. type: string icon: description: Gravatar icon associated to the user. example: /path/to/matching/gravatar/icon readOnly: true type: string id: description: Numerical ID assigned by Datadog to this user account. format: int64 type: integer name: description: The name for this user account. nullable: true type: string uuid: description: UUID assigned by Datadog to this user account. example: 773b045d-ccf8-4808-bd3b-955ef6a8c940 type: string required: - uuid type: object SecurityMonitoringUser: description: A user. properties: handle: description: The handle of the user. example: john.doe@datadoghq.com type: string name: description: The name of the user. example: John Doe nullable: true type: string type: object SecurityTrigger: description: "Trigger a workflow from a Security Signal or Finding. For automatic triggering a handle must be configured and the workflow must be published." properties: rateLimit: $ref: "#/components/schemas/TriggerRateLimit" type: object SecurityTriggerWrapper: description: "Schema for a Security-based trigger." properties: securityTrigger: $ref: "#/components/schemas/SecurityTrigger" startStepNames: $ref: "#/components/schemas/StartStepNames" required: - securityTrigger type: object Selectors: description: |- Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required. properties: query: $ref: "#/components/schemas/NotificationRuleQuery" rule_types: $ref: "#/components/schemas/RuleTypes" severities: description: The security rules severities to consider. items: $ref: "#/components/schemas/RuleSeverity" type: array trigger_source: $ref: "#/components/schemas/TriggerSource" required: - trigger_source type: object SelfServiceTriggerWrapper: description: "Schema for a Self Service-based trigger." properties: selfServiceTrigger: description: "Trigger a workflow from Self Service." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - selfServiceTrigger type: object SendSlackMessageAction: description: "Sends a message to a Slack channel." properties: channel: description: "The channel ID." example: CHANNEL type: string type: $ref: "#/components/schemas/SendSlackMessageActionType" workspace: description: "The workspace ID." example: WORKSPACE type: string required: - type - channel - workspace type: object SendSlackMessageActionType: default: send_slack_message description: "Indicates that the action is a send Slack message action." enum: - send_slack_message example: send_slack_message type: string x-enum-varnames: - SEND_SLACK_MESSAGE SendTeamsMessageAction: description: "Sends a message to a Microsoft Teams channel." properties: channel: description: The channel ID. example: CHANNEL type: string team: description: The team ID. example: TEAM type: string tenant: description: The tenant ID. example: TENANT type: string type: $ref: "#/components/schemas/SendTeamsMessageActionType" required: - type - channel - tenant - team type: object SendTeamsMessageActionType: default: send_teams_message description: "Indicates that the action is a send Microsoft Teams message action." enum: - send_teams_message example: send_teams_message type: string x-enum-varnames: - SEND_TEAMS_MESSAGE SensitiveDataScannerConfigRequest: description: Group reorder request. properties: data: $ref: "#/components/schemas/SensitiveDataScannerReorderConfig" meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" required: - data - meta type: object SensitiveDataScannerConfiguration: description: A Sensitive Data Scanner configuration. properties: id: description: ID of the configuration. type: string type: $ref: "#/components/schemas/SensitiveDataScannerConfigurationType" type: object SensitiveDataScannerConfigurationData: description: A Sensitive Data Scanner configuration data. properties: data: $ref: "#/components/schemas/SensitiveDataScannerConfiguration" type: object SensitiveDataScannerConfigurationRelationships: description: Relationships of the configuration. properties: groups: $ref: "#/components/schemas/SensitiveDataScannerGroupList" type: object SensitiveDataScannerConfigurationType: default: sensitive_data_scanner_configuration description: Sensitive Data Scanner configuration type. enum: - sensitive_data_scanner_configuration example: sensitive_data_scanner_configuration type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_CONFIGURATIONS SensitiveDataScannerCreateGroupResponse: description: Create group response. properties: data: $ref: "#/components/schemas/SensitiveDataScannerGroupResponse" meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" type: object SensitiveDataScannerCreateRuleResponse: description: Create rule response. properties: data: $ref: "#/components/schemas/SensitiveDataScannerRuleResponse" meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" type: object SensitiveDataScannerFilter: description: Filter for the Scanning Group. properties: query: description: Query to filter the events. type: string type: object SensitiveDataScannerGetConfigIncludedArray: description: Included objects from relationships. items: $ref: "#/components/schemas/SensitiveDataScannerGetConfigIncludedItem" type: array SensitiveDataScannerGetConfigIncludedItem: description: An object related to the configuration. oneOf: - $ref: "#/components/schemas/SensitiveDataScannerRuleIncludedItem" - $ref: "#/components/schemas/SensitiveDataScannerGroupIncludedItem" SensitiveDataScannerGetConfigResponse: description: Get all groups response. properties: data: $ref: "#/components/schemas/SensitiveDataScannerGetConfigResponseData" included: $ref: "#/components/schemas/SensitiveDataScannerGetConfigIncludedArray" meta: $ref: "#/components/schemas/SensitiveDataScannerMeta" type: object SensitiveDataScannerGetConfigResponseData: description: Response data related to the scanning groups. properties: attributes: additionalProperties: {} description: Attributes of the Sensitive Data configuration. type: object id: description: ID of the configuration. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerConfigurationRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerConfigurationType" type: object SensitiveDataScannerGroup: description: A scanning group. properties: id: description: ID of the group. type: string type: $ref: "#/components/schemas/SensitiveDataScannerGroupType" type: object SensitiveDataScannerGroupAttributes: description: Attributes of the Sensitive Data Scanner group. properties: description: description: Description of the group. type: string filter: $ref: "#/components/schemas/SensitiveDataScannerFilter" is_enabled: description: Whether or not the group is enabled. type: boolean name: description: Name of the group. type: string product_list: description: List of products the scanning group applies. items: $ref: "#/components/schemas/SensitiveDataScannerProduct" type: array samplings: description: List of sampling rates per product type. items: $ref: "#/components/schemas/SensitiveDataScannerSamplings" type: array type: object SensitiveDataScannerGroupCreate: description: Data related to the creation of a group. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerGroupAttributes" relationships: $ref: "#/components/schemas/SensitiveDataScannerGroupRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerGroupType" required: - type - attributes type: object SensitiveDataScannerGroupCreateRequest: description: Create group request. properties: data: $ref: "#/components/schemas/SensitiveDataScannerGroupCreate" meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" type: object SensitiveDataScannerGroupData: description: A scanning group data. properties: data: $ref: "#/components/schemas/SensitiveDataScannerGroup" type: object SensitiveDataScannerGroupDeleteRequest: description: Delete group request. properties: meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" required: - meta type: object SensitiveDataScannerGroupDeleteResponse: description: Delete group response. properties: meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" type: object SensitiveDataScannerGroupIncludedItem: description: A Scanning Group included item. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerGroupAttributes" id: description: ID of the group. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerGroupRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerGroupType" type: object SensitiveDataScannerGroupItem: description: Data related to a Sensitive Data Scanner Group. properties: id: description: ID of the group. type: string type: $ref: "#/components/schemas/SensitiveDataScannerGroupType" type: object SensitiveDataScannerGroupList: description: List of groups, ordered. properties: data: description: List of groups. The order is important. items: $ref: "#/components/schemas/SensitiveDataScannerGroupItem" type: array type: object SensitiveDataScannerGroupRelationships: description: Relationships of the group. properties: configuration: $ref: "#/components/schemas/SensitiveDataScannerConfigurationData" rules: $ref: "#/components/schemas/SensitiveDataScannerRuleData" type: object SensitiveDataScannerGroupResponse: description: Response data related to the creation of a group. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerGroupAttributes" id: description: ID of the group. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerGroupRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerGroupType" type: object SensitiveDataScannerGroupType: default: sensitive_data_scanner_group description: Sensitive Data Scanner group type. enum: - sensitive_data_scanner_group example: sensitive_data_scanner_group type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_GROUP SensitiveDataScannerGroupUpdate: description: Data related to the update of a group. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerGroupAttributes" id: description: ID of the group. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerGroupRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerGroupType" type: object SensitiveDataScannerGroupUpdateRequest: description: Update group request. properties: data: $ref: "#/components/schemas/SensitiveDataScannerGroupUpdate" meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" required: - data - meta type: object SensitiveDataScannerGroupUpdateResponse: description: Update group response. properties: meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" type: object SensitiveDataScannerIncludedKeywordConfiguration: description: |- Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check, the match is kept. If none are found, the match is discarded. properties: character_count: description: |- The number of characters behind a match detected by Sensitive Data Scanner to look for the keywords defined. `character_count` should be greater than the maximum length of a keyword defined for a rule. example: 30 format: int64 maximum: 50 minimum: 1 type: integer keywords: description: |- Keyword list that will be checked during scanning in order to validate a match. The number of keywords in the list must be less than or equal to 30. example: ["email", "address", "login"] items: description: A keyword to match within the defined proximity of the detected pattern. type: string type: array use_recommended_keywords: description: |- Should the rule use the underlying standard pattern keyword configuration. If set to `true`, the rule must be tied to a standard pattern. If set to `false`, the specified keywords and `character_count` are applied. type: boolean required: - keywords - character_count type: object SensitiveDataScannerMeta: description: Meta response containing information about the API. properties: count_limit: description: Maximum number of scanning rules allowed for the org. format: int64 type: integer group_count_limit: description: Maximum number of scanning groups allowed for the org. format: int64 type: integer has_highlight_enabled: default: true deprecated: true description: (Deprecated) Whether or not scanned events are highlighted in Logs or RUM for the org. type: boolean has_multi_pass_enabled: deprecated: true description: (Deprecated) Whether or not scanned events have multi-pass enabled. type: boolean is_pci_compliant: description: Whether or not the org is compliant to the payment card industry standard. type: boolean version: description: Version of the API. example: 0 format: int64 minimum: 0 type: integer type: object SensitiveDataScannerMetaVersionOnly: description: Meta payload containing information about the API. properties: version: description: Version of the API (optional). example: 0 format: int64 minimum: 0 type: integer type: object SensitiveDataScannerProduct: default: logs description: Datadog product onto which Sensitive Data Scanner can be activated. enum: - logs - rum - events - apm type: string x-enum-varnames: - LOGS - RUM - EVENTS - APM SensitiveDataScannerReorderConfig: description: Data related to the reordering of scanning groups. properties: id: description: ID of the configuration. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerConfigurationRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerConfigurationType" type: object SensitiveDataScannerReorderGroupsResponse: description: Group reorder response. properties: meta: $ref: "#/components/schemas/SensitiveDataScannerMeta" type: object SensitiveDataScannerRule: description: Rule item included in the group. properties: id: description: ID of the rule. type: string type: $ref: "#/components/schemas/SensitiveDataScannerRuleType" type: object SensitiveDataScannerRuleAttributes: description: Attributes of the Sensitive Data Scanner rule. properties: description: description: Description of the rule. type: string excluded_namespaces: description: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array. example: ["admin.name"] items: description: An attribute path to exclude from the scan. type: string type: array included_keyword_configuration: $ref: "#/components/schemas/SensitiveDataScannerIncludedKeywordConfiguration" is_enabled: description: Whether or not the rule is enabled. type: boolean name: description: Name of the rule. type: string namespaces: description: |- Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned. example: ["admin"] items: description: An attribute path to include in the scan. type: string type: array pattern: description: Not included if there is a relationship to a standard pattern. type: string priority: description: Integer from 1 (high) to 5 (low) indicating rule issue severity. format: int64 maximum: 5 minimum: 1 type: integer suppressions: $ref: "#/components/schemas/SensitiveDataScannerSuppressions" tags: description: List of tags. items: description: A tag associated with the rule. type: string type: array text_replacement: $ref: "#/components/schemas/SensitiveDataScannerTextReplacement" type: object SensitiveDataScannerRuleCreate: description: Data related to the creation of a rule. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerRuleAttributes" relationships: $ref: "#/components/schemas/SensitiveDataScannerRuleRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerRuleType" required: - type - attributes - relationships type: object SensitiveDataScannerRuleCreateRequest: description: Create rule request. properties: data: $ref: "#/components/schemas/SensitiveDataScannerRuleCreate" meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" required: - data - meta type: object SensitiveDataScannerRuleData: description: Rules included in the group. properties: data: description: Rules included in the group. The order is important. items: $ref: "#/components/schemas/SensitiveDataScannerRule" type: array type: object SensitiveDataScannerRuleDeleteRequest: description: Delete rule request. properties: meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" required: - meta type: object SensitiveDataScannerRuleDeleteResponse: description: Delete rule response. properties: meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" type: object SensitiveDataScannerRuleIncludedItem: description: A Scanning Rule included item. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerRuleAttributes" id: description: ID of the rule. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerRuleRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerRuleType" type: object SensitiveDataScannerRuleRelationships: description: Relationships of a scanning rule. properties: group: $ref: "#/components/schemas/SensitiveDataScannerGroupData" standard_pattern: $ref: "#/components/schemas/SensitiveDataScannerStandardPatternData" type: object SensitiveDataScannerRuleResponse: description: Response data related to the creation of a rule. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerRuleAttributes" id: description: ID of the rule. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerRuleRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerRuleType" type: object SensitiveDataScannerRuleType: default: sensitive_data_scanner_rule description: Sensitive Data Scanner rule type. enum: - sensitive_data_scanner_rule example: sensitive_data_scanner_rule type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_RULE SensitiveDataScannerRuleUpdate: description: Data related to the update of a rule. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerRuleAttributes" id: description: ID of the rule. type: string relationships: $ref: "#/components/schemas/SensitiveDataScannerRuleRelationships" type: $ref: "#/components/schemas/SensitiveDataScannerRuleType" type: object SensitiveDataScannerRuleUpdateRequest: description: Update rule request. properties: data: $ref: "#/components/schemas/SensitiveDataScannerRuleUpdate" meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" required: - data - meta type: object SensitiveDataScannerRuleUpdateResponse: description: Update rule response. properties: meta: $ref: "#/components/schemas/SensitiveDataScannerMetaVersionOnly" type: object SensitiveDataScannerSamplings: description: Sampling configurations for the Scanning Group. properties: product: $ref: "#/components/schemas/SensitiveDataScannerProduct" rate: description: Rate at which data in product type will be scanned, as a percentage. example: 100.0 format: double maximum: 100.0 minimum: 0.0 type: number type: object SensitiveDataScannerStandardPattern: description: Data containing the standard pattern id. properties: id: description: ID of the standard pattern. type: string type: $ref: "#/components/schemas/SensitiveDataScannerStandardPatternType" type: object SensitiveDataScannerStandardPatternAttributes: description: Attributes of the Sensitive Data Scanner standard pattern. properties: description: description: Description of the standard pattern. type: string included_keywords: description: List of included keywords. items: description: A keyword used to increase match precision for the standard pattern. type: string type: array name: description: Name of the standard pattern. type: string pattern: deprecated: true description: (Deprecated) Regex to match, optionally documented for older standard rules. Refer to the `description` field to understand what the rule does. type: string priority: description: Integer from 1 (high) to 5 (low) indicating standard pattern issue severity. format: int64 maximum: 5 minimum: 1 type: integer tags: description: List of tags. items: description: A tag associated with the standard pattern. type: string type: array type: object SensitiveDataScannerStandardPatternData: description: A standard pattern. properties: data: $ref: "#/components/schemas/SensitiveDataScannerStandardPattern" type: object SensitiveDataScannerStandardPatternType: default: sensitive_data_scanner_standard_pattern description: Sensitive Data Scanner standard pattern type. enum: - sensitive_data_scanner_standard_pattern example: sensitive_data_scanner_standard_pattern type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_STANDARD_PATTERN SensitiveDataScannerStandardPatternsResponse: description: List Standard patterns response. items: $ref: "#/components/schemas/SensitiveDataScannerStandardPatternsResponseItem" type: array SensitiveDataScannerStandardPatternsResponseData: description: List Standard patterns response data. properties: data: $ref: "#/components/schemas/SensitiveDataScannerStandardPatternsResponse" type: object SensitiveDataScannerStandardPatternsResponseItem: description: Standard pattern item. properties: attributes: $ref: "#/components/schemas/SensitiveDataScannerStandardPatternAttributes" id: description: ID of the standard pattern. type: string type: $ref: "#/components/schemas/SensitiveDataScannerStandardPatternType" type: object SensitiveDataScannerSuppressions: description: |- Object describing the suppressions for a rule. There are three types of suppressions, `starts_with`, `ends_with`, and `exact_match`. Suppressed matches are not obfuscated, counted in metrics, or displayed in the Findings page. properties: ends_with: description: List of strings to use for suppression of matches ending with these strings. example: ["@example.com", "another.example.com"] items: description: A string suffix; matches ending with this value are suppressed. type: string type: array exact_match: description: List of strings to use for suppression of matches exactly matching these strings. example: ["admin@example.com", "user@example.com"] items: description: A string value; matches exactly equal to this value are suppressed. type: string type: array starts_with: description: List of strings to use for suppression of matches starting with these strings. example: ["admin", "user"] items: description: A string prefix; matches starting with this value are suppressed. type: string type: array type: object SensitiveDataScannerTextReplacement: description: Object describing how the scanned event will be replaced. properties: number_of_chars: description: |- Required if type == 'partial_replacement_from_beginning' or 'partial_replacement_from_end'. It must be > 0. format: int64 minimum: 0 type: integer replacement_string: description: Required if type == 'replacement_string'. type: string should_save_match: description: Only valid when type == `replacement_string`. When enabled, matches can be unmasked in logs by users with ‘Data Scanner Unmask’ permission. As a security best practice, avoid masking for highly-sensitive, long-lived data. type: boolean type: $ref: "#/components/schemas/SensitiveDataScannerTextReplacementType" type: object SensitiveDataScannerTextReplacementType: default: none description: |- Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacement_string means that one can chose a text to replace the data. partial_replacement_from_beginning allows a user to partially replace the data from the beginning, and partial_replacement_from_end on the other hand, allows to replace data from the end. enum: - none - hash - replacement_string - partial_replacement_from_beginning - partial_replacement_from_end type: string x-enum-varnames: - NONE - HASH - REPLACEMENT_STRING - PARTIAL_REPLACEMENT_FROM_BEGINNING - PARTIAL_REPLACEMENT_FROM_END ServiceAccountAccessTokenCreateAttributes: description: Attributes used to create a service account access token. properties: expires_at: description: Expiration date of the access token. Optional for service account tokens. example: "2025-12-31T23:59:59+00:00" format: date-time type: string name: description: Name of the access token. example: "Service Account Access Token" type: string scopes: description: Array of scopes to grant the access token. example: - "dashboards_read" - "dashboards_write" items: description: Name of scope. type: string type: array required: - name - scopes type: object ServiceAccountAccessTokenCreateData: description: Object used to create a service account access token. properties: attributes: $ref: "#/components/schemas/ServiceAccountAccessTokenCreateAttributes" type: $ref: "#/components/schemas/PersonalAccessTokensType" required: - attributes - type type: object ServiceAccountAccessTokenCreateRequest: description: Request used to create a service account access token. properties: data: $ref: "#/components/schemas/ServiceAccountAccessTokenCreateData" required: - data type: object ServiceAccountCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: "jane.doe@example.com" type: string name: description: The name of the user. type: string service_account: description: Whether the user is a service account. Must be true. example: true type: boolean title: description: The title of the user. type: string required: - email - service_account type: object ServiceAccountCreateData: description: Object to create a service account User. properties: attributes: $ref: "#/components/schemas/ServiceAccountCreateAttributes" relationships: $ref: "#/components/schemas/UserRelationships" type: $ref: "#/components/schemas/UsersType" required: - attributes - type type: object ServiceAccountCreateRequest: description: Create a service account. properties: data: $ref: "#/components/schemas/ServiceAccountCreateData" required: - data type: object ServiceDefinitionCreateResponse: description: Create service definitions response. properties: data: description: Create service definitions response payload. items: $ref: "#/components/schemas/ServiceDefinitionData" type: array type: object ServiceDefinitionData: description: Service definition data. properties: attributes: $ref: "#/components/schemas/ServiceDefinitionDataAttributes" id: description: Service definition id. type: string type: description: Service definition type. type: string type: object ServiceDefinitionDataAttributes: description: Service definition attributes. properties: meta: $ref: "#/components/schemas/ServiceDefinitionMeta" schema: $ref: "#/components/schemas/ServiceDefinitionSchema" type: object ServiceDefinitionGetResponse: description: Get service definition response. properties: data: $ref: "#/components/schemas/ServiceDefinitionData" type: object ServiceDefinitionMeta: description: Metadata about a service definition. properties: github-html-url: description: GitHub HTML URL. type: string ingested-schema-version: description: Ingestion schema version. type: string ingestion-source: description: Ingestion source of the service definition. type: string last-modified-time: description: Last modified time of the service definition. type: string origin: description: User defined origin of the service definition. type: string origin-detail: description: User defined origin's detail of the service definition. type: string warnings: description: A list of schema validation warnings. items: $ref: "#/components/schemas/ServiceDefinitionMetaWarnings" type: array type: object ServiceDefinitionMetaWarnings: description: Schema validation warnings. properties: instance-location: description: The warning instance location. type: string keyword-location: description: The warning keyword location. type: string message: description: The warning message. type: string type: object ServiceDefinitionRaw: description: Service Definition in raw JSON/YAML representation. example: |- --- schema-version: v2 dd-service: my-service type: string ServiceDefinitionSchema: description: Service definition schema. oneOf: - $ref: "#/components/schemas/ServiceDefinitionV1" - $ref: "#/components/schemas/ServiceDefinitionV2" - $ref: "#/components/schemas/ServiceDefinitionV2Dot1" - $ref: "#/components/schemas/ServiceDefinitionV2Dot2" ServiceDefinitionSchemaVersions: description: Schema versions enum: - v1 - v2 - v2.1 - v2.2 type: string x-enum-varnames: - V1 - V2 - V2_1 - V2_2 ServiceDefinitionV1: deprecated: true description: Deprecated - Service definition V1 for providing additional service metadata and integrations. properties: contact: $ref: "#/components/schemas/ServiceDefinitionV1Contact" extensions: additionalProperties: {} description: Extensions to V1 schema. example: {"myorg/extension": "extensionValue"} type: object external-resources: description: A list of external links related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV1Resource" type: array info: $ref: "#/components/schemas/ServiceDefinitionV1Info" integrations: $ref: "#/components/schemas/ServiceDefinitionV1Integrations" org: $ref: "#/components/schemas/ServiceDefinitionV1Org" schema-version: $ref: "#/components/schemas/ServiceDefinitionV1Version" tags: description: A set of custom tags. example: ["my:tag", "service:tag"] items: description: A custom tag string in `key:value` format. type: string type: array required: - schema-version - info type: object ServiceDefinitionV1Contact: description: Contact information about the service. properties: email: description: Service owner’s email. example: contact@datadoghq.com type: string slack: description: Service owner’s Slack channel. example: https://yourcompany.slack.com/archives/channel123 type: string type: object ServiceDefinitionV1Info: description: Basic information about a service. properties: dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: myservice type: string description: description: A short description of the service. example: A shopping cart service type: string display-name: description: A friendly name of the service. example: My Service type: string service-tier: description: Service tier. example: Tier 1 type: string required: [dd-service] type: object ServiceDefinitionV1Integrations: description: Third party integrations that Datadog supports. properties: pagerduty: $ref: "#/components/schemas/ServiceDefinitionV1Pagerduty" type: object ServiceDefinitionV1Org: description: Org related information about the service. properties: application: description: App feature this service supports. example: E-Commerce type: string team: description: Team that owns the service. example: my-team type: string type: object ServiceDefinitionV1Pagerduty: description: PagerDuty service URL for the service. example: https://my-org.pagerduty.com/service-directory/PMyService type: string ServiceDefinitionV1Resource: description: Service's external links. properties: name: description: Link name. example: Runbook type: string type: $ref: "#/components/schemas/ServiceDefinitionV1ResourceType" url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV1ResourceType: description: Link type. enum: - doc - wiki - runbook - url - repo - dashboard - oncall - code - link example: runbook type: string x-enum-varnames: - DOC - WIKI - RUNBOOK - URL - REPO - DASHBOARD - ONCALL - CODE - LINK ServiceDefinitionV1Version: default: v1 description: Schema version being used. enum: - v1 example: v1 type: string x-enum-varnames: - V1 ServiceDefinitionV2: description: Service definition V2 for providing service metadata and integrations. properties: contacts: description: A list of contacts related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Contact" type: array dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: my-service type: string dd-team: description: Experimental feature. A Team handle that matches a Team in the Datadog Teams product. example: my-team type: string docs: description: A list of documentation related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Doc" type: array extensions: additionalProperties: {} description: Extensions to V2 schema. example: {"myorg/extension": "extensionValue"} type: object integrations: $ref: "#/components/schemas/ServiceDefinitionV2Integrations" links: description: A list of links related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Link" type: array repos: description: A list of code repositories related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Repo" type: array schema-version: $ref: "#/components/schemas/ServiceDefinitionV2Version" tags: description: A set of custom tags. example: ["my:tag", "service:tag"] items: description: A custom tag string in `key:value` format. type: string type: array team: description: Team that owns the service. example: my-team type: string required: - schema-version - dd-service type: object ServiceDefinitionV2Contact: description: Service owner's contacts information. oneOf: - $ref: "#/components/schemas/ServiceDefinitionV2Email" - $ref: "#/components/schemas/ServiceDefinitionV2Slack" - $ref: "#/components/schemas/ServiceDefinitionV2MSTeams" ServiceDefinitionV2Doc: description: Service documents. properties: name: description: Document name. example: Architecture type: string provider: description: Document provider. example: google drive type: string url: description: Document URL. example: "https://gdrive/mydoc" type: string required: - name - url type: object ServiceDefinitionV2Dot1: description: Service definition v2.1 for providing service metadata and integrations. properties: application: description: Identifier for a group of related services serving a product feature, which the service is a part of. example: my-app type: string contacts: description: A list of contacts related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Dot1Contact" type: array dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: my-service type: string description: description: A short description of the service. example: My service description type: string extensions: additionalProperties: {} description: Extensions to v2.1 schema. example: {"myorg/extension": "extensionValue"} type: object integrations: $ref: "#/components/schemas/ServiceDefinitionV2Dot1Integrations" lifecycle: description: The current life cycle phase of the service. example: sandbox type: string links: description: A list of links related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Dot1Link" type: array schema-version: $ref: "#/components/schemas/ServiceDefinitionV2Dot1Version" tags: description: A set of custom tags. example: ["my:tag", "service:tag"] items: description: A custom tag string in `key:value` format. type: string type: array team: description: Team that owns the service. It is used to locate a team defined in Datadog Teams if it exists. example: my-team type: string tier: description: Importance of the service. example: High type: string required: - schema-version - dd-service type: object ServiceDefinitionV2Dot1Contact: description: Service owner's contacts information. oneOf: - $ref: "#/components/schemas/ServiceDefinitionV2Dot1Email" - $ref: "#/components/schemas/ServiceDefinitionV2Dot1Slack" - $ref: "#/components/schemas/ServiceDefinitionV2Dot1MSTeams" ServiceDefinitionV2Dot1Email: description: Service owner's email. properties: contact: description: Contact value. example: contact@datadoghq.com type: string name: description: Contact email. example: Team Email type: string type: $ref: "#/components/schemas/ServiceDefinitionV2Dot1EmailType" required: - type - contact type: object ServiceDefinitionV2Dot1EmailType: description: Contact type. enum: - email example: email type: string x-enum-varnames: - EMAIL ServiceDefinitionV2Dot1Integrations: description: Third party integrations that Datadog supports. properties: opsgenie: $ref: "#/components/schemas/ServiceDefinitionV2Dot1Opsgenie" pagerduty: $ref: "#/components/schemas/ServiceDefinitionV2Dot1Pagerduty" type: object ServiceDefinitionV2Dot1Link: description: Service's external links. properties: name: description: Link name. example: Runbook type: string provider: description: Link provider. example: Github type: string type: $ref: "#/components/schemas/ServiceDefinitionV2Dot1LinkType" url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV2Dot1LinkType: description: Link type. enum: - doc - repo - runbook - dashboard - other example: runbook type: string x-enum-varnames: - DOC - REPO - RUNBOOK - DASHBOARD - OTHER ServiceDefinitionV2Dot1MSTeams: description: Service owner's Microsoft Teams. properties: contact: description: Contact value. example: https://teams.microsoft.com/myteam type: string name: description: Contact Microsoft Teams. example: My team channel type: string type: $ref: "#/components/schemas/ServiceDefinitionV2Dot1MSTeamsType" required: - type - contact type: object ServiceDefinitionV2Dot1MSTeamsType: description: Contact type. enum: - microsoft-teams example: microsoft-teams type: string x-enum-varnames: - MICROSOFT_TEAMS ServiceDefinitionV2Dot1Opsgenie: description: Opsgenie integration for the service. properties: region: $ref: "#/components/schemas/ServiceDefinitionV2Dot1OpsgenieRegion" service-url: description: Opsgenie service url. example: "https://my-org.opsgenie.com/service/123e4567-e89b-12d3-a456-426614174000" type: string required: [service-url] type: object ServiceDefinitionV2Dot1OpsgenieRegion: description: Opsgenie instance region. enum: [US, EU] example: US type: string x-enum-varnames: [US, EU] ServiceDefinitionV2Dot1Pagerduty: description: PagerDuty integration for the service. properties: service-url: description: PagerDuty service url. example: "https://my-org.pagerduty.com/service-directory/PMyService" type: string type: object ServiceDefinitionV2Dot1Slack: description: Service owner's Slack channel. properties: contact: description: Slack Channel. example: https://yourcompany.slack.com/archives/channel123 type: string name: description: Contact Slack. example: Team Slack type: string type: $ref: "#/components/schemas/ServiceDefinitionV2Dot1SlackType" required: - type - contact type: object ServiceDefinitionV2Dot1SlackType: description: Contact type. enum: - slack example: slack type: string x-enum-varnames: - SLACK ServiceDefinitionV2Dot1Version: default: v2.1 description: Schema version being used. enum: - v2.1 example: v2.1 type: string x-enum-varnames: - V2_1 ServiceDefinitionV2Dot2: description: Service definition v2.2 for providing service metadata and integrations. properties: application: description: Identifier for a group of related services serving a product feature, which the service is a part of. example: my-app type: string ci-pipeline-fingerprints: description: A set of CI fingerprints. example: ["j88xdEy0J5lc", "eZ7LMljCk8vo"] items: description: A CI pipeline fingerprint string. type: string type: array contacts: description: A list of contacts related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Dot2Contact" type: array dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: my-service type: string description: description: A short description of the service. example: My service description type: string extensions: additionalProperties: {} description: Extensions to v2.2 schema. example: {"myorg/extension": "extensionValue"} type: object integrations: $ref: "#/components/schemas/ServiceDefinitionV2Dot2Integrations" languages: description: "The service's programming language. Datadog recognizes the following languages: `dotnet`, `go`, `java`, `js`, `php`, `python`, `ruby`, and `c++`." example: ["dotnet", "go", "java", "js", "php", "python", "ruby", "c++"] items: description: A programming language identifier. type: string type: array lifecycle: description: The current life cycle phase of the service. example: sandbox type: string links: description: A list of links related to the services. items: $ref: "#/components/schemas/ServiceDefinitionV2Dot2Link" type: array schema-version: $ref: "#/components/schemas/ServiceDefinitionV2Dot2Version" tags: description: A set of custom tags. example: ["my:tag", "service:tag"] items: description: A custom tag string in `key:value` format. type: string type: array team: description: Team that owns the service. It is used to locate a team defined in Datadog Teams if it exists. example: my-team type: string tier: description: Importance of the service. example: High type: string type: $ref: "#/components/schemas/ServiceDefinitionV2Dot2Type" required: - schema-version - dd-service type: object ServiceDefinitionV2Dot2Contact: description: Service owner's contacts information. properties: contact: description: Contact value. example: https://teams.microsoft.com/myteam type: string name: description: Contact Name. example: My team channel type: string type: description: "Contact type. Datadog recognizes the following types: `email`, `slack`, and `microsoft-teams`." example: slack type: string required: - type - contact type: object ServiceDefinitionV2Dot2Integrations: description: Third party integrations that Datadog supports. properties: opsgenie: $ref: "#/components/schemas/ServiceDefinitionV2Dot2Opsgenie" pagerduty: $ref: "#/components/schemas/ServiceDefinitionV2Dot2Pagerduty" type: object ServiceDefinitionV2Dot2Link: description: Service's external links. properties: name: description: Link name. example: Runbook type: string provider: description: Link provider. example: Github type: string type: description: "Link type. Datadog recognizes the following types: `runbook`, `doc`, `repo`, `dashboard`, and `other`." example: runbook type: string url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV2Dot2Opsgenie: description: Opsgenie integration for the service. properties: region: $ref: "#/components/schemas/ServiceDefinitionV2Dot2OpsgenieRegion" service-url: description: Opsgenie service url. example: "https://my-org.opsgenie.com/service/123e4567-e89b-12d3-a456-426614174000" type: string required: [service-url] type: object ServiceDefinitionV2Dot2OpsgenieRegion: description: Opsgenie instance region. enum: [US, EU] example: US type: string x-enum-varnames: [US, EU] ServiceDefinitionV2Dot2Pagerduty: description: PagerDuty integration for the service. properties: service-url: description: PagerDuty service url. example: "https://my-org.pagerduty.com/service-directory/PMyService" type: string type: object ServiceDefinitionV2Dot2Type: description: "The type of service." example: web type: string ServiceDefinitionV2Dot2Version: default: v2.2 description: Schema version being used. enum: - v2.2 example: v2.2 type: string x-enum-varnames: - V2_2 ServiceDefinitionV2Email: description: Service owner's email. properties: contact: description: Contact value. example: contact@datadoghq.com type: string name: description: Contact email. example: Team Email type: string type: $ref: "#/components/schemas/ServiceDefinitionV2EmailType" required: - type - contact type: object ServiceDefinitionV2EmailType: description: Contact type. enum: - email example: email type: string x-enum-varnames: - EMAIL ServiceDefinitionV2Integrations: description: Third party integrations that Datadog supports. properties: opsgenie: $ref: "#/components/schemas/ServiceDefinitionV2Opsgenie" pagerduty: $ref: "#/components/schemas/ServiceDefinitionV2Pagerduty" type: object ServiceDefinitionV2Link: description: Service's external links. properties: name: description: Link name. example: Runbook type: string type: $ref: "#/components/schemas/ServiceDefinitionV2LinkType" url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV2LinkType: description: Link type. enum: - doc - wiki - runbook - url - repo - dashboard - oncall - code - link example: runbook type: string x-enum-varnames: - DOC - WIKI - RUNBOOK - URL - REPO - DASHBOARD - ONCALL - CODE - LINK ServiceDefinitionV2MSTeams: description: Service owner's Microsoft Teams. properties: contact: description: Contact value. example: https://teams.microsoft.com/myteam type: string name: description: Contact Microsoft Teams. example: My team channel type: string type: $ref: "#/components/schemas/ServiceDefinitionV2MSTeamsType" required: - type - contact type: object ServiceDefinitionV2MSTeamsType: description: Contact type. enum: - microsoft-teams example: microsoft-teams type: string x-enum-varnames: - MICROSOFT_TEAMS ServiceDefinitionV2Opsgenie: description: Opsgenie integration for the service. properties: region: $ref: "#/components/schemas/ServiceDefinitionV2OpsgenieRegion" service-url: description: Opsgenie service url. example: "https://my-org.opsgenie.com/service/123e4567-e89b-12d3-a456-426614174000" type: string required: [service-url] type: object ServiceDefinitionV2OpsgenieRegion: description: Opsgenie instance region. enum: [US, EU] example: US type: string x-enum-varnames: [US, EU] ServiceDefinitionV2Pagerduty: description: PagerDuty service URL for the service. example: https://my-org.pagerduty.com/service-directory/PMyService type: string ServiceDefinitionV2Repo: description: Service code repositories. properties: name: description: Repository name. example: Source Code type: string provider: description: Repository provider. example: GitHub type: string url: description: Repository URL. example: "https://github.com/DataDog/schema" type: string required: - name - url type: object ServiceDefinitionV2Slack: description: Service owner's Slack channel. properties: contact: description: Slack Channel. example: https://yourcompany.slack.com/archives/channel123 type: string name: description: Contact Slack. example: Team Slack type: string type: $ref: "#/components/schemas/ServiceDefinitionV2SlackType" required: - type - contact type: object ServiceDefinitionV2SlackType: description: Contact type. enum: - slack example: slack type: string x-enum-varnames: - SLACK ServiceDefinitionV2Version: default: v2 description: Schema version being used. enum: - v2 example: v2 type: string x-enum-varnames: - V2 ServiceDefinitionsCreateRequest: description: Create service definitions request. oneOf: - $ref: "#/components/schemas/ServiceDefinitionV2Dot2" - $ref: "#/components/schemas/ServiceDefinitionV2Dot1" - $ref: "#/components/schemas/ServiceDefinitionV2" - $ref: "#/components/schemas/ServiceDefinitionRaw" ServiceDefinitionsListResponse: description: Create service definitions response. properties: data: description: Data representing service definitions. items: $ref: "#/components/schemas/ServiceDefinitionData" type: array type: object ServiceList: description: The response body for the service list endpoint. properties: data: $ref: "#/components/schemas/ServiceListData" type: object ServiceListData: description: A single data item in the service list response. properties: attributes: $ref: "#/components/schemas/ServiceListDataAttributes" id: description: The unique identifier of the service. type: string type: $ref: "#/components/schemas/ServiceListDataType" required: - type type: object ServiceListDataAttributes: description: Attributes of a service list entry, containing metadata and a list of service names. properties: metadata: description: A list of metadata items associated with the service. items: $ref: "#/components/schemas/ServiceListDataAttributesMetadataItems" type: array services: description: A list of service names. items: description: A single service name. type: string type: array type: object ServiceListDataAttributesMetadataItems: description: An object containing metadata flags for a service, indicating whether it is traced by APM or monitored through Universal Service Monitoring. properties: isTraced: description: Indicates whether the service is traced by APM. type: boolean isUsm: description: Indicates whether the service uses Universal Service Monitoring. type: boolean type: object ServiceListDataType: default: services_list description: Services list resource type. enum: - services_list example: services_list type: string x-enum-varnames: - SERVICES_LIST ServiceNowAssignmentGroupAttributes: description: Attributes of a ServiceNow assignment group properties: assignment_group_name: description: The name of the assignment group example: "Network Team" type: string assignment_group_sys_id: description: The system ID of the assignment group in ServiceNow example: "abc123def456" type: string instance_id: description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string required: - instance_id - assignment_group_name - assignment_group_sys_id type: object ServiceNowAssignmentGroupData: description: Data object for a ServiceNow assignment group properties: attributes: $ref: "#/components/schemas/ServiceNowAssignmentGroupAttributes" id: description: Unique identifier for the ServiceNow assignment group example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string type: $ref: "#/components/schemas/ServiceNowAssignmentGroupType" required: - id - type - attributes type: object ServiceNowAssignmentGroupType: description: Type identifier for ServiceNow assignment group resources enum: - assignment_groups example: assignment_groups type: string x-enum-varnames: - ASSIGNMENT_GROUPS ServiceNowAssignmentGroupsData: description: Array of ServiceNow assignment group data objects items: $ref: "#/components/schemas/ServiceNowAssignmentGroupData" type: array ServiceNowAssignmentGroupsResponse: description: Response containing ServiceNow assignment groups properties: data: $ref: "#/components/schemas/ServiceNowAssignmentGroupsData" example: - attributes: group_name: "IT Operations" group_sys_id: "abc123def456" instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" id: "65b3341b-0680-47f9-a6d4-134db45c603e" type: assignment_groups required: - data type: object ServiceNowBasicAuth: description: The definition of the `ServiceNowBasicAuth` object. properties: instance: description: The `ServiceNowBasicAuth` `instance`. example: "" type: string password: description: The `ServiceNowBasicAuth` `password`. example: "" type: string type: $ref: "#/components/schemas/ServiceNowBasicAuthType" username: description: The `ServiceNowBasicAuth` `username`. example: "" type: string required: - type - instance - username - password type: object ServiceNowBasicAuthType: description: The definition of the `ServiceNowBasicAuth` object. enum: - ServiceNowBasicAuth example: ServiceNowBasicAuth type: string x-enum-varnames: - SERVICENOWBASICAUTH ServiceNowBasicAuthUpdate: description: The definition of the `ServiceNowBasicAuth` object. properties: instance: description: The `ServiceNowBasicAuthUpdate` `instance`. type: string password: description: The `ServiceNowBasicAuthUpdate` `password`. type: string type: $ref: "#/components/schemas/ServiceNowBasicAuthType" username: description: The `ServiceNowBasicAuthUpdate` `username`. type: string required: - type type: object ServiceNowBusinessServiceAttributes: description: Attributes of a ServiceNow business service properties: instance_id: description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string service_name: description: The name of the business service example: "IT Support" type: string service_sys_id: description: The system ID of the business service in ServiceNow example: "abc123def456" type: string required: - instance_id - service_name - service_sys_id type: object ServiceNowBusinessServiceData: description: Data object for a ServiceNow business service properties: attributes: $ref: "#/components/schemas/ServiceNowBusinessServiceAttributes" id: description: Unique identifier for the ServiceNow business service example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string type: $ref: "#/components/schemas/ServiceNowBusinessServiceType" required: - id - type - attributes type: object ServiceNowBusinessServiceType: description: Type identifier for ServiceNow business service resources enum: - business_services example: business_services type: string x-enum-varnames: - BUSINESS_SERVICES ServiceNowBusinessServicesData: description: Array of ServiceNow business service data objects items: $ref: "#/components/schemas/ServiceNowBusinessServiceData" type: array ServiceNowBusinessServicesResponse: description: Response containing ServiceNow business services properties: data: $ref: "#/components/schemas/ServiceNowBusinessServicesData" example: - attributes: instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" service_name: "IT Support" service_sys_id: "abc123def456" id: "65b3341b-0680-47f9-a6d4-134db45c603e" type: business_services required: - data type: object ServiceNowCredentials: description: The definition of the `ServiceNowCredentials` object. oneOf: - $ref: "#/components/schemas/ServiceNowBasicAuth" ServiceNowCredentialsUpdate: description: The definition of the `ServiceNowCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/ServiceNowBasicAuthUpdate" ServiceNowInstanceAttributes: description: Attributes of a ServiceNow instance properties: instance_name: description: The name of the ServiceNow instance example: "my-servicenow-instance" type: string required: - instance_name type: object ServiceNowInstanceData: description: Data object for a ServiceNow instance properties: attributes: $ref: "#/components/schemas/ServiceNowInstanceAttributes" id: description: Unique identifier for the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string type: $ref: "#/components/schemas/ServiceNowInstanceType" required: - id - type - attributes type: object ServiceNowInstanceType: description: Type identifier for ServiceNow instance resources enum: - instance example: instance type: string x-enum-varnames: - INSTANCE ServiceNowInstancesData: description: Array of ServiceNow instance data objects items: $ref: "#/components/schemas/ServiceNowInstanceData" type: array ServiceNowInstancesResponse: description: Response containing ServiceNow instances properties: data: $ref: "#/components/schemas/ServiceNowInstancesData" example: - attributes: instance_name: "my-servicenow-instance" id: "65b3341b-0680-47f9-a6d4-134db45c603e" type: instance required: - data type: object ServiceNowIntegration: description: The definition of the `ServiceNowIntegration` object. properties: credentials: $ref: "#/components/schemas/ServiceNowCredentials" type: $ref: "#/components/schemas/ServiceNowIntegrationType" required: - type - credentials type: object ServiceNowIntegrationType: description: The definition of the `ServiceNowIntegrationType` object. enum: - ServiceNow example: ServiceNow type: string x-enum-varnames: - SERVICENOW ServiceNowIntegrationUpdate: description: The definition of the `ServiceNowIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/ServiceNowCredentialsUpdate" type: $ref: "#/components/schemas/ServiceNowIntegrationType" required: - type type: object ServiceNowTemplateAttributes: description: Attributes of a ServiceNow template properties: assignment_group_id: description: The ID of the assignment group example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string business_service_id: description: The ID of the business service example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string fields_mapping: additionalProperties: type: string description: Custom field mappings for the template example: category: "software" priority: "1" type: object handle_name: description: The handle name of the template example: "incident-template" type: string instance_id: description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string servicenow_tablename: description: The name of the destination ServiceNow table example: "incident" type: string user_id: description: The ID of the user example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string required: - instance_id - handle_name - servicenow_tablename type: object ServiceNowTemplateCreateRequest: description: Request to create a ServiceNow template properties: data: $ref: "#/components/schemas/ServiceNowTemplateCreateRequestData" required: - data type: object ServiceNowTemplateCreateRequestAttributes: description: Attributes for creating a ServiceNow template properties: assignment_group_id: description: The ID of the assignment group example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string business_service_id: description: The ID of the business service example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string fields_mapping: additionalProperties: type: string description: Custom field mappings for the template example: category: "software" priority: "1" type: object handle_name: description: The handle name of the template example: "incident-template" type: string instance_id: description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string servicenow_tablename: description: The name of the destination ServiceNow table example: "incident" type: string user_id: description: The ID of the user example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string required: - instance_id - handle_name - servicenow_tablename type: object ServiceNowTemplateCreateRequestData: description: Data object for creating a ServiceNow template properties: attributes: $ref: "#/components/schemas/ServiceNowTemplateCreateRequestAttributes" type: $ref: "#/components/schemas/ServiceNowTemplateType" required: - type - attributes type: object ServiceNowTemplateData: description: Data object for a ServiceNow template properties: attributes: $ref: "#/components/schemas/ServiceNowTemplateAttributes" id: description: Unique identifier for the ServiceNow template example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string type: $ref: "#/components/schemas/ServiceNowTemplateType" required: - id - type - attributes type: object ServiceNowTemplateResponse: description: Response containing a single ServiceNow template properties: data: $ref: "#/components/schemas/ServiceNowTemplateData" required: - data type: object ServiceNowTemplateType: description: Type identifier for ServiceNow template resources enum: - servicenow_templates example: servicenow_templates type: string x-enum-varnames: - SERVICENOW_TEMPLATES ServiceNowTemplateUpdateRequest: description: Request to update a ServiceNow template properties: data: $ref: "#/components/schemas/ServiceNowTemplateUpdateRequestData" required: - data type: object ServiceNowTemplateUpdateRequestAttributes: description: Attributes for updating a ServiceNow template properties: assignment_group_id: description: The ID of the assignment group example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string business_service_id: description: The ID of the business service example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string fields_mapping: additionalProperties: type: string description: Custom field mappings for the template example: category: "hardware" priority: "2" type: object handle_name: description: The handle name of the template example: "incident-template-updated" type: string instance_id: description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string servicenow_tablename: description: The name of the destination ServiceNow table example: "incident" type: string user_id: description: The ID of the user example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string required: - instance_id - handle_name - servicenow_tablename type: object ServiceNowTemplateUpdateRequestData: description: Data object for updating a ServiceNow template properties: attributes: $ref: "#/components/schemas/ServiceNowTemplateUpdateRequestAttributes" type: $ref: "#/components/schemas/ServiceNowTemplateType" required: - type - attributes type: object ServiceNowTemplatesData: description: Array of ServiceNow template data objects items: $ref: "#/components/schemas/ServiceNowTemplateData" type: array ServiceNowTemplatesResponse: description: Response containing ServiceNow templates properties: data: $ref: "#/components/schemas/ServiceNowTemplatesData" example: - attributes: handle_name: "incident-template" instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" servicenow_tablename: "incident" id: "65b3341b-0680-47f9-a6d4-134db45c603e" type: servicenow_templates required: - data type: object ServiceNowTicket: description: ServiceNow ticket attached to case nullable: true properties: result: $ref: "#/components/schemas/ServiceNowTicketResult" status: $ref: "#/components/schemas/Case3rdPartyTicketStatus" readOnly: true type: object ServiceNowTicketCreateAttributes: description: ServiceNow ticket creation attributes properties: assignment_group: description: ServiceNow assignment group example: "IT Support" type: string instance_name: description: ServiceNow instance name example: "my-instance" type: string required: - instance_name type: object ServiceNowTicketCreateData: description: ServiceNow ticket creation data properties: attributes: $ref: "#/components/schemas/ServiceNowTicketCreateAttributes" type: $ref: "#/components/schemas/ServiceNowTicketResourceType" required: - type - attributes type: object ServiceNowTicketCreateRequest: description: ServiceNow ticket creation request properties: data: $ref: "#/components/schemas/ServiceNowTicketCreateData" required: - data type: object ServiceNowTicketResourceType: description: ServiceNow ticket resource type enum: - tickets example: tickets type: string x-enum-varnames: - TICKETS ServiceNowTicketResult: description: ServiceNow ticket information properties: sys_target_link: description: Link to the Incident created on ServiceNow type: string type: object ServiceNowUserAttributes: description: Attributes of a ServiceNow user properties: email: description: The email address of the user example: "john.doe@example.com" type: string full_name: description: The full name of the user example: "John Doe" type: string instance_id: description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string user_name: description: The username of the ServiceNow user example: "john.doe" type: string user_sys_id: description: The system ID of the user in ServiceNow example: "abc123def456" type: string required: - instance_id - user_name - user_sys_id - email type: object ServiceNowUserData: description: Data object for a ServiceNow user properties: attributes: $ref: "#/components/schemas/ServiceNowUserAttributes" id: description: Unique identifier for the ServiceNow user example: "65b3341b-0680-47f9-a6d4-134db45c603e" format: uuid type: string type: $ref: "#/components/schemas/ServiceNowUserType" required: - id - type - attributes type: object ServiceNowUserType: description: Type identifier for ServiceNow user resources enum: - users example: users type: string x-enum-varnames: - USERS ServiceNowUsersData: description: Array of ServiceNow user data objects items: $ref: "#/components/schemas/ServiceNowUserData" type: array ServiceNowUsersResponse: description: Response containing ServiceNow users properties: data: $ref: "#/components/schemas/ServiceNowUsersData" example: - attributes: email: "john.doe@example.com" instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" user_name: "john.doe" user_sys_id: "abc123def456" id: "65b3341b-0680-47f9-a6d4-134db45c603e" type: users required: - data type: object SessionIdArray: description: A collection of session identifiers used for bulk add or remove operations on a playlist. properties: data: description: Array of session identifier data objects. items: $ref: "#/components/schemas/SessionIdData" type: array required: - data type: object SessionIdData: description: A session identifier data object used for bulk playlist operations. properties: id: description: Unique identifier of the RUM replay session. example: 00000000-0000-0000-0000-000000000001 type: string type: $ref: "#/components/schemas/ViewershipHistorySessionDataType" required: - type type: object Shift: description: An on-call shift with its associated data and relationships. example: data: attributes: end: "2025-05-07T03:53:01.206662873Z" start: "2025-05-07T02:53:01.206662814Z" id: 00000000-0000-0000-0000-000000000000 relationships: user: data: id: 00000000-aba1-0000-0000-000000000000 type: users type: shifts included: - attributes: email: foo@bar.com name: User 1 status: "" id: 00000000-aba1-0000-0000-000000000000 type: users properties: data: $ref: "#/components/schemas/ShiftData" nullable: true included: description: The `Shift` `included`. items: $ref: "#/components/schemas/ShiftIncluded" type: array type: object ShiftData: description: Data for an on-call shift. properties: attributes: $ref: "#/components/schemas/ShiftDataAttributes" id: description: The `ShiftData` `id`. type: string relationships: $ref: "#/components/schemas/ShiftDataRelationships" type: $ref: "#/components/schemas/ShiftDataType" required: - type type: object ShiftDataAttributes: description: Attributes for an on-call shift. properties: end: description: The end time of the shift. format: date-time type: string start: description: The start time of the shift. format: date-time type: string type: object ShiftDataRelationships: description: Relationships for an on-call shift. properties: user: $ref: "#/components/schemas/ShiftDataRelationshipsUser" type: object ShiftDataRelationshipsUser: description: "Defines the relationship between a shift and the user who is working that shift." properties: data: $ref: "#/components/schemas/ShiftDataRelationshipsUserData" required: - data type: object ShiftDataRelationshipsUserData: description: "Represents a reference to the user assigned to this shift, containing the user's ID and resource type." properties: id: description: "Specifies the unique identifier of the user." example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/ShiftDataRelationshipsUserDataType" required: - type - id type: object ShiftDataRelationshipsUserDataType: default: users description: "Indicates that the related resource is of type 'users'." enum: - users example: users type: string x-enum-varnames: - USERS ShiftDataType: default: shifts description: "Indicates that the resource is of type 'shifts'." enum: - shifts example: shifts type: string x-enum-varnames: - SHIFTS ShiftIncluded: description: Included data for shift operations. oneOf: - $ref: "#/components/schemas/ScheduleUser" SimpleMonitorUserTemplate: description: A simplified version of a monitor user template. properties: created: $ref: "#/components/schemas/MonitorUserTemplateCreated" description: $ref: "#/components/schemas/MonitorUserTemplateDescription" id: description: The unique identifier. The initial version will match the template ID. example: "00000000-0000-1234-0000-000000000000" type: string monitor_definition: additionalProperties: {} description: A valid monitor definition in the same format as the [V1 Monitor API](https://docs.datadoghq.com/api/latest/monitors/#create-a-monitor). example: {"message": "You may need to add web hosts if this is consistently high.", "name": "Bytes received on host0", "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100", "type": "query alert"} type: object tags: $ref: "#/components/schemas/MonitorUserTemplateTags" template_variables: $ref: "#/components/schemas/MonitorUserTemplateTemplateVariables" title: $ref: "#/components/schemas/MonitorUserTemplateTitle" version: $ref: "#/components/schemas/MonitorUserTemplateVersion" type: object SingleAggregatedConnectionResponseArray: description: List of aggregated connections. example: data: - attributes: bytes_sent_by_client: 100 bytes_sent_by_server: 200 group_bys: client_team: - networks server_service: - hucklebuck packets_sent_by_client: 10 packets_sent_by_server: 20 rtt_micro_seconds: 800 tcp_closed_connections: 30 tcp_established_connections: 40 tcp_refusals: 7 tcp_resets: 5 tcp_retransmits: 30 tcp_timeouts: 6 id: client_team:networks, server_service:hucklebuck type: aggregated_connection properties: data: description: Array of aggregated connection objects. items: $ref: "#/components/schemas/SingleAggregatedConnectionResponseData" type: array type: object SingleAggregatedConnectionResponseData: description: Object describing an aggregated connection. properties: attributes: $ref: "#/components/schemas/SingleAggregatedConnectionResponseDataAttributes" id: description: A unique identifier for the aggregated connection based on the group by values. type: string type: $ref: "#/components/schemas/SingleAggregatedConnectionResponseDataType" type: object SingleAggregatedConnectionResponseDataAttributes: description: Attributes for an aggregated connection. properties: bytes_sent_by_client: description: The total number of bytes sent by the client over the given period. format: int64 type: integer bytes_sent_by_server: description: The total number of bytes sent by the server over the given period. format: int64 type: integer group_bys: additionalProperties: description: The values for each group by. items: description: A group-by value. type: string type: array description: The key, value pairs for each group by. type: object packets_sent_by_client: description: The total number of packets sent by the client over the given period. format: int64 type: integer packets_sent_by_server: description: The total number of packets sent by the server over the given period. format: int64 type: integer rtt_micro_seconds: description: Measured as TCP smoothed round trip time in microseconds (the time between a TCP frame being sent and acknowledged). format: int64 type: integer tcp_closed_connections: description: The number of TCP connections in a closed state. Measured in connections per second from the client. format: int64 type: integer tcp_established_connections: description: The number of TCP connections in an established state. Measured in connections per second from the client. format: int64 type: integer tcp_refusals: description: The number of TCP connections that were refused by the server. Typically this indicates an attempt to connect to an IP/port that is not receiving connections, or a firewall/security misconfiguration. format: int64 type: integer tcp_resets: description: The number of TCP connections that were reset by the server. format: int64 type: integer tcp_retransmits: description: TCP Retransmits represent detected failures that are retransmitted to ensure delivery. Measured in count of retransmits from the client. format: int64 type: integer tcp_timeouts: description: The number of TCP connections that timed out from the perspective of the operating system. This can indicate general connectivity and latency issues. format: int64 type: integer type: object SingleAggregatedConnectionResponseDataType: default: aggregated_connection description: |- Aggregated connection resource type. enum: - aggregated_connection type: string x-enum-varnames: - AGGREGATED_CONNECTION SingleAggregatedDnsResponseArray: description: List of aggregated DNS flows. example: data: - attributes: group_bys: - key: client_service value: example-service - key: network.dns_query value: example.com metrics: - key: dns_total_requests value: 100 - key: dns_failures value: 7 - key: dns_successful_responses value: 93 - key: dns_failed_responses value: 5 - key: dns_timeouts value: 2 - key: dns_responses.nxdomain value: 1 - key: dns_responses.servfail value: 1 - key: dns_responses.other value: 3 - key: dns_success_latency_percentile value: 50 - key: dns_failure_latency_percentile value: 75 id: client_service:example-service,network.dns_query:example.com type: aggregated_dns properties: data: description: Array of aggregated DNS objects. items: $ref: "#/components/schemas/SingleAggregatedDnsResponseData" type: array type: object SingleAggregatedDnsResponseData: description: Object describing an aggregated DNS flow. properties: attributes: $ref: "#/components/schemas/SingleAggregatedDnsResponseDataAttributes" id: description: A unique identifier for the aggregated DNS traffic based on the group by values. type: string type: $ref: "#/components/schemas/SingleAggregatedDnsResponseDataType" type: object SingleAggregatedDnsResponseDataAttributes: description: Attributes for an aggregated DNS flow. properties: group_bys: description: The key, value pairs for each group by. items: $ref: "#/components/schemas/SingleAggregatedDnsResponseDataAttributesGroupByItems" type: array metrics: description: Metrics associated with an aggregated DNS flow. items: $ref: "#/components/schemas/SingleAggregatedDnsResponseDataAttributesMetricsItems" type: array type: object SingleAggregatedDnsResponseDataAttributesGroupByItems: description: Attributes associated with a group by properties: key: description: The group by key. type: string value: description: The group by value. type: string type: object SingleAggregatedDnsResponseDataAttributesMetricsItems: description: Metrics associated with an aggregated DNS flow. properties: key: $ref: "#/components/schemas/DnsMetricKey" value: description: The metric value. format: int64 type: integer type: object SingleAggregatedDnsResponseDataType: default: aggregated_dns description: |- Aggregated DNS resource type. enum: - aggregated_dns type: string x-enum-varnames: - AGGREGATED_DNS SlackIntegrationMetadata: description: Incident integration metadata for the Slack integration. properties: channels: description: Array of Slack channels in this integration metadata. example: [] items: $ref: "#/components/schemas/SlackIntegrationMetadataChannelItem" type: array required: - channels type: object SlackIntegrationMetadataChannelItem: description: Item in the Slack integration metadata channel array. properties: channel_id: description: Slack channel ID. example: C0123456789 type: string channel_name: description: Name of the Slack channel. example: "#example-channel-name" type: string redirect_url: description: URL redirecting to the Slack channel. example: https://slack.com/app_redirect?channel=C0123456789&team=T01234567 type: string team_id: description: Slack team ID. example: T01234567 type: string required: - channel_id - channel_name - redirect_url type: object SlackTriggerWrapper: description: "Schema for a Slack-based trigger." properties: slackTrigger: description: "Trigger a workflow from Slack. The workflow must be published." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - slackTrigger type: object SloDataSource: default: slo description: A data source for SLO queries. enum: - slo example: slo type: string x-enum-varnames: - SLO SloQuery: description: A query for SLO status, error budget, and burn rate metrics. example: additional_query_filters: "*" data_source: "slo" group_mode: "overall" measure: "good_events" name: "my_slo" slo_id: "12345678910" slo_query_type: "metric" properties: additional_query_filters: description: Additional filters applied to the SLO query. example: "host:host_a,env:prod" type: string cross_org_uuids: $ref: "#/components/schemas/CrossOrgUuids" data_source: $ref: "#/components/schemas/SloDataSource" group_mode: $ref: "#/components/schemas/SlosGroupMode" measure: $ref: "#/components/schemas/SlosMeasure" name: description: The variable name for use in formulas. example: query1 type: string slo_id: description: The unique identifier of the SLO to query. example: "a]b123c45de6f78g90h" type: string slo_query_type: $ref: "#/components/schemas/SlosQueryType" required: - data_source - slo_id - measure type: object SloReportCreateRequest: description: The SLO report request body. properties: data: $ref: "#/components/schemas/SloReportCreateRequestData" required: - data type: object SloReportCreateRequestAttributes: description: The attributes portion of the SLO report request. properties: from_ts: description: The `from` timestamp for the report in epoch seconds. example: 1690901870 format: int64 type: integer interval: $ref: "#/components/schemas/SLOReportInterval" query: description: The query string used to filter SLO results. Some examples of queries include `service:` and `slo-name`. example: "slo_type:metric" type: string timezone: description: The timezone used to determine the start and end of each interval. For example, weekly intervals start at 12am on Sunday in the specified timezone. example: America/New_York type: string to_ts: description: The `to` timestamp for the report in epoch seconds. example: 1706803070 format: int64 type: integer required: - query - from_ts - to_ts type: object SloReportCreateRequestData: description: The data portion of the SLO report request. properties: attributes: $ref: "#/components/schemas/SloReportCreateRequestAttributes" required: - attributes type: object SloStatusData: description: The data portion of the SLO status response. properties: attributes: $ref: "#/components/schemas/SloStatusDataAttributes" id: description: The ID of the SLO. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/SloStatusType" required: - id - type - attributes type: object SloStatusDataAttributes: description: The attributes of the SLO status. properties: error_budget_remaining: description: The percentage of error budget remaining. example: 99.5 format: double type: number raw_error_budget_remaining: $ref: "#/components/schemas/RawErrorBudgetRemaining" sli: description: The current Service Level Indicator (SLI) value as a percentage. example: 99.95 format: double type: number span_precision: description: The precision of the time span in seconds. example: 2 format: int64 type: integer state: description: The current state of the SLO (for example, `breached`, `warning`, `ok`). example: ok type: string required: - sli - error_budget_remaining - raw_error_budget_remaining - state - span_precision type: object SloStatusResponse: description: The SLO status response. properties: data: $ref: "#/components/schemas/SloStatusData" required: - data type: object SloStatusType: description: The type of the SLO status resource. enum: - slo_status example: slo_status type: string x-enum-varnames: - SLO_STATUS SlosGroupMode: description: How SLO results are grouped in the response. enum: - overall - components example: overall type: string x-enum-varnames: - OVERALL - COMPONENTS SlosMeasure: description: The SLO measurement to retrieve. enum: - good_events - bad_events - slo_status - error_budget_remaining - error_budget_remaining_history - error_budget_burndown - burn_rate - slo_status_history - good_minutes - bad_minutes example: slo_status type: string x-enum-varnames: - GOOD_EVENTS - BAD_EVENTS - SLO_STATUS - ERROR_BUDGET_REMAINING - ERROR_BUDGET_REMAINING_HISTORY - ERROR_BUDGET_BURNDOWN - BURN_RATE - SLO_STATUS_HISTORY - GOOD_MINUTES - BAD_MINUTES SlosQueryType: description: The type of SLO definition being queried. enum: - metric - time_slice - monitor example: metric type: string x-enum-varnames: - METRIC - TIME_SLICE - MONITOR Snapshot: description: A single heatmap snapshot resource returned by create or update operations. properties: data: $ref: "#/components/schemas/SnapshotData" type: object SnapshotArray: description: A list of heatmap snapshots returned by a list operation. properties: data: description: Array of heatmap snapshot data objects. items: $ref: "#/components/schemas/SnapshotData" type: array required: - data type: object SnapshotCreateRequest: description: Request body for creating a heatmap snapshot. properties: data: $ref: "#/components/schemas/SnapshotCreateRequestData" required: - data type: object SnapshotCreateRequestData: description: Data object for a heatmap snapshot creation request, containing the resource type and attributes. properties: attributes: $ref: "#/components/schemas/SnapshotCreateRequestDataAttributes" type: $ref: "#/components/schemas/SnapshotUpdateRequestDataType" required: - type type: object SnapshotCreateRequestDataAttributes: description: Attributes for creating a heatmap snapshot, including the view, session, event, and device context. properties: application_id: description: Unique identifier of the RUM application. example: aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb type: string device_type: description: Device type used when capturing the snapshot (e.g., desktop, mobile, tablet). example: desktop type: string event_id: description: Unique identifier of the RUM event associated with the snapshot. example: 11111111-2222-3333-4444-555555555555 type: string is_device_type_selected_by_user: description: Indicates whether the device type was explicitly selected by the user rather than auto-detected. example: false type: boolean session_id: description: Unique identifier of the RUM session associated with the snapshot. type: string snapshot_name: description: Human-readable name for the snapshot. example: My Snapshot type: string start: description: Offset in milliseconds from the start of the session at which the snapshot was captured. example: 0 format: int64 type: integer view_id: description: Unique identifier of the RUM view associated with the snapshot. type: string view_name: description: URL path or name of the view where the snapshot was captured. example: /home type: string required: - view_name - device_type - application_id - snapshot_name - event_id - start - is_device_type_selected_by_user type: object SnapshotData: description: Data object representing a heatmap snapshot, including its identifier, type, and attributes. properties: attributes: $ref: "#/components/schemas/SnapshotDataAttributes" id: description: Unique identifier of the heatmap snapshot. readOnly: true type: string type: $ref: "#/components/schemas/SnapshotUpdateRequestDataType" required: - type type: object SnapshotDataAttributes: description: Attributes of a heatmap snapshot, including view context, device information, and audit metadata. properties: application_id: description: Unique identifier of the RUM application. type: string created_at: description: Timestamp when the snapshot was created. format: date-time readOnly: true type: string created_by: description: Display name of the user who created the snapshot. readOnly: true type: string created_by_handle: description: Email handle of the user who created the snapshot. readOnly: true type: string created_by_user_id: description: Numeric identifier of the user who created the snapshot. format: int64 readOnly: true type: integer device_type: description: Device type used when capturing the snapshot (e.g., desktop, mobile, tablet). type: string event_id: description: Unique identifier of the RUM event associated with the snapshot. type: string is_device_type_selected_by_user: description: Indicates whether the device type was explicitly selected by the user rather than auto-detected. type: boolean modified_at: description: Timestamp when the snapshot was last modified. format: date-time readOnly: true type: string org_id: description: Numeric identifier of the organization that owns the snapshot. format: int64 readOnly: true type: integer session_id: description: Unique identifier of the RUM session associated with the snapshot. type: string snapshot_name: description: Human-readable name for the snapshot. type: string start: description: Offset in milliseconds from the start of the session at which the snapshot was captured. format: int64 type: integer view_id: description: Unique identifier of the RUM view associated with the snapshot. type: string view_name: description: URL path or name of the view where the snapshot was captured. type: string type: object SnapshotUpdateRequest: description: Request body for updating a heatmap snapshot. properties: data: $ref: "#/components/schemas/SnapshotUpdateRequestData" required: - data type: object SnapshotUpdateRequestData: description: Data object for a heatmap snapshot update request, containing the resource identifier, type, and attributes. properties: attributes: $ref: "#/components/schemas/SnapshotUpdateRequestDataAttributes" id: description: Unique identifier of the heatmap snapshot to update. example: 00000000-0000-0000-0000-000000000001 type: string type: $ref: "#/components/schemas/SnapshotUpdateRequestDataType" required: - type type: object SnapshotUpdateRequestDataAttributes: description: Attributes for updating a heatmap snapshot, including event, session, and view context. properties: event_id: description: Unique identifier of the RUM event associated with the snapshot. example: 11111111-2222-3333-4444-555555555555 type: string is_device_type_selected_by_user: description: Indicates whether the device type was explicitly selected by the user rather than auto-detected. example: false type: boolean session_id: description: Unique identifier of the RUM session associated with the snapshot. type: string start: description: Offset in milliseconds from the start of the session at which the snapshot was captured. example: 0 format: int64 type: integer view_id: description: Unique identifier of the RUM view associated with the snapshot. type: string required: - event_id - start - is_device_type_selected_by_user type: object SnapshotUpdateRequestDataType: default: snapshots description: Snapshots resource type. enum: - snapshots example: snapshots type: string x-enum-varnames: - SNAPSHOTS SoftwareCatalogTriggerWrapper: description: "Schema for a Software Catalog-based trigger." properties: softwareCatalogTrigger: description: "Trigger a workflow from Software Catalog." type: object startStepNames: $ref: "#/components/schemas/StartStepNames" required: - softwareCatalogTrigger type: object SortDirection: default: desc description: The direction to sort by. enum: - desc - asc type: string x-enum-varnames: - DESC - ASC Span: description: Object description of a spans after being processed and stored by Datadog. properties: attributes: $ref: "#/components/schemas/SpansAttributes" id: description: Unique ID of the Span. example: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" type: string type: $ref: "#/components/schemas/SpansType" type: object SpansAggregateBucket: description: Spans aggregate. properties: attributes: $ref: "#/components/schemas/SpansAggregateBucketAttributes" id: description: ID of the spans aggregate. type: string type: $ref: "#/components/schemas/SpansAggregateBucketType" type: object SpansAggregateBucketAttributes: description: A bucket values. properties: by: additionalProperties: description: The values for each group by. description: The key, value pairs for each group by. example: {"@state": "success", "@version": "abc"} type: object compute: description: The compute data. type: object computes: additionalProperties: $ref: "#/components/schemas/SpansAggregateBucketValue" description: A map of the metric name -> value for regular compute or list of values for a timeseries. type: object type: object SpansAggregateBucketType: description: The spans aggregate bucket type. enum: ["bucket"] example: "bucket" type: string x-enum-varnames: ["BUCKET"] SpansAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value. oneOf: - $ref: "#/components/schemas/SpansAggregateBucketValueSingleString" - $ref: "#/components/schemas/SpansAggregateBucketValueSingleNumber" - $ref: "#/components/schemas/SpansAggregateBucketValueTimeseries" SpansAggregateBucketValueSingleNumber: description: A single number value. format: double type: number SpansAggregateBucketValueSingleString: description: A single string value. type: string SpansAggregateBucketValueTimeseries: description: A timeseries array. items: $ref: "#/components/schemas/SpansAggregateBucketValueTimeseriesPoint" type: array x-generate-alias-as-model: true SpansAggregateBucketValueTimeseriesPoint: description: A timeseries point. properties: time: description: The time value for this point. example: "2023-06-08T11:55:00Z" type: string value: description: The value for this point. example: 19 format: double type: number type: object SpansAggregateData: description: The object containing the query content. properties: attributes: $ref: "#/components/schemas/SpansAggregateRequestAttributes" type: $ref: "#/components/schemas/SpansAggregateRequestType" type: object SpansAggregateRequest: description: The object sent with the request to retrieve a list of aggregated spans from your organization. properties: data: $ref: "#/components/schemas/SpansAggregateData" type: object SpansAggregateRequestAttributes: description: The object containing all the query parameters. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: "#/components/schemas/SpansCompute" type: array filter: $ref: "#/components/schemas/SpansQueryFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/SpansGroupBy" type: array options: $ref: "#/components/schemas/SpansQueryOptions" type: object SpansAggregateRequestType: default: aggregate_request description: The type of resource. The value should always be aggregate_request. enum: - aggregate_request example: aggregate_request type: string x-enum-varnames: ["AGGREGATE_REQUEST"] SpansAggregateResponse: description: The response object for the spans aggregate API endpoint. properties: data: description: The list of matching buckets, one item per bucket. items: $ref: "#/components/schemas/SpansAggregateBucket" type: array meta: $ref: "#/components/schemas/SpansAggregateResponseMetadata" type: object SpansAggregateResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer request_id: description: The identifier of the request. example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: $ref: "#/components/schemas/SpansAggregateResponseStatus" warnings: description: |- A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response. items: $ref: "#/components/schemas/SpansWarning" type: array type: object SpansAggregateResponseStatus: description: The status of the response. enum: ["done", "timeout"] example: "done" type: string x-enum-varnames: ["DONE", "TIMEOUT"] SpansAggregateSort: description: A sort rule. example: {"aggregation": "count", "order": "asc"} properties: aggregation: $ref: "#/components/schemas/SpansAggregationFunction" metric: description: The metric to sort by (only used for `type=measure`). example: "@duration" type: string order: $ref: "#/components/schemas/SpansSortOrder" type: $ref: "#/components/schemas/SpansAggregateSortType" type: object SpansAggregateSortType: default: "alphabetical" description: The type of sorting algorithm. enum: ["alphabetical", "measure"] type: string x-enum-varnames: ["ALPHABETICAL", "MEASURE"] SpansAggregationFunction: description: An aggregation function. enum: ["count", "cardinality", "pc75", "pc90", "pc95", "pc98", "pc99", "sum", "min", "max", "avg", "median"] example: "pc90" type: string x-enum-varnames: ["COUNT", "CARDINALITY", "PERCENTILE_75", "PERCENTILE_90", "PERCENTILE_95", "PERCENTILE_98", "PERCENTILE_99", "SUM", "MIN", "MAX", "AVG", "MEDIAN"] SpansAttributes: description: JSON object containing all span attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from your span. example: {"customAttribute": 123, "duration": 2345} type: object custom: additionalProperties: {} description: JSON object of custom spans data. type: object end_timestamp: description: End timestamp of your span. example: "2023-01-02T09:42:36.420Z" format: date-time type: string env: description: |- Name of the environment from where the spans are being sent. example: "prod" type: string host: description: |- Name of the machine from where the spans are being sent. example: "i-0123" type: string ingestion_reason: description: The reason why the span was ingested. example: "rule" type: string parent_id: description: Id of the span that's parent of this span. example: "0" type: string resource_hash: description: Unique identifier of the resource. example: "a12345678b91c23d" type: string resource_name: description: The name of the resource. example: "agent" type: string retained_by: description: The reason why the span was indexed. example: "retention_filter" type: string service: description: |- The name of the application or service generating the span events. It is used to switch from APM to Logs, so make sure you define the same value when you use both products. example: "agent" type: string single_span: description: |- Whether or not the span was collected as a stand-alone span. Always associated to "single_span" ingestion_reason if true. example: true type: boolean span_id: description: Id of the span. example: "1234567890987654321" type: string start_timestamp: description: Start timestamp of your span. example: "2023-01-02T09:42:36.320Z" format: date-time type: string tags: description: Array of tags associated with your span. example: ["team:A"] items: description: Tag associated with your span. type: string type: array trace_id: description: Id of the trace to which the span belongs. example: "1234567890987654321" type: string type: description: The type of the span. example: "web" type: string type: object SpansCompute: description: A compute rule to compute metrics or timeseries. properties: aggregation: $ref: "#/components/schemas/SpansAggregationFunction" interval: description: |- The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points. example: "5m" type: string metric: description: The metric to use. example: "@duration" type: string type: $ref: "#/components/schemas/SpansComputeType" required: - aggregation type: object SpansComputeType: default: "total" description: The type of compute. enum: ["timeseries", "total"] type: string x-enum-varnames: ["TIMESERIES", "TOTAL"] SpansFilter: description: The spans filter used to index spans. properties: query: description: The search query - following the [span search syntax](https://docs.datadoghq.com/tracing/trace_explorer/query_syntax/). example: "@http.status_code:200 service:my-service" type: string type: object SpansFilterCreate: description: The spans filter. Spans matching this filter will be indexed and stored. properties: query: description: The search query - following the [span search syntax](https://docs.datadoghq.com/tracing/trace_explorer/query_syntax/). example: "@http.status_code:200 service:my-service" type: string required: - query type: object SpansGroupBy: description: A group by rule. properties: facet: description: The name of the facet to use (required). example: "host" type: string histogram: $ref: "#/components/schemas/SpansGroupByHistogram" limit: default: 10 description: The maximum buckets to return for this group by. format: int64 type: integer missing: $ref: "#/components/schemas/SpansGroupByMissing" sort: $ref: "#/components/schemas/SpansAggregateSort" total: $ref: "#/components/schemas/SpansGroupByTotal" required: - facet type: object SpansGroupByHistogram: description: |- Used to perform a histogram computation (only for measure facets). Note: At most 100 buckets are allowed, the number of buckets is (max - min)/interval. properties: interval: description: The bin size of the histogram buckets. example: 10 format: double type: number max: description: |- The maximum value for the measure used in the histogram (values greater than this one are filtered out). example: 100 format: double type: number min: description: |- The minimum value for the measure used in the histogram (values smaller than this one are filtered out). example: 50 format: double type: number required: - interval - min - max type: object SpansGroupByMissing: description: The value to use for spans that don't have the facet used to group by. oneOf: - $ref: "#/components/schemas/SpansGroupByMissingString" - $ref: "#/components/schemas/SpansGroupByMissingNumber" SpansGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number SpansGroupByMissingString: description: The missing value to use if there is string valued facet. type: string SpansGroupByTotal: default: false description: |- A resulting object to put the given computes in over all the matching records. oneOf: - $ref: "#/components/schemas/SpansGroupByTotalBoolean" - $ref: "#/components/schemas/SpansGroupByTotalString" - $ref: "#/components/schemas/SpansGroupByTotalNumber" SpansGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total". type: boolean SpansGroupByTotalNumber: description: A number to use as the key value for the total bucket. format: double type: number SpansGroupByTotalString: description: A string to use as the key value for the total bucket. type: string SpansListRequest: description: The request for a spans list. properties: data: $ref: "#/components/schemas/SpansListRequestData" type: object SpansListRequestAttributes: description: The object containing all the query parameters. properties: filter: $ref: "#/components/schemas/SpansQueryFilter" options: $ref: "#/components/schemas/SpansQueryOptions" page: $ref: "#/components/schemas/SpansListRequestPage" sort: $ref: "#/components/schemas/SpansSort" type: object SpansListRequestData: description: The object containing the query content. properties: attributes: $ref: "#/components/schemas/SpansListRequestAttributes" type: $ref: "#/components/schemas/SpansListRequestType" type: object SpansListRequestPage: description: Paging attributes for listing spans. properties: cursor: description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string limit: default: 10 description: Maximum number of spans in the response. example: 25 format: int32 maximum: 1000 type: integer type: object SpansListRequestType: default: search_request description: The type of resource. The value should always be search_request. enum: - search_request example: search_request type: string x-enum-varnames: ["SEARCH_REQUEST"] SpansListResponse: description: Response object with all spans matching the request and pagination information. properties: data: description: Array of spans matching the request. items: $ref: "#/components/schemas/Span" type: array links: $ref: "#/components/schemas/SpansListResponseLinks" meta: $ref: "#/components/schemas/SpansListResponseMetadata" type: object SpansListResponseLinks: description: Links attributes. properties: next: description: |- Link for the next set of results. Note that the request can also be made using the POST endpoint. example: "https://app.datadoghq.com/api/v2/spans/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object SpansListResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: "#/components/schemas/SpansResponseMetadataPage" request_id: description: The identifier of the request. example: "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR" type: string status: $ref: "#/components/schemas/SpansAggregateResponseStatus" warnings: description: |- A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response. items: $ref: "#/components/schemas/SpansWarning" type: array type: object SpansMetricCompute: description: The compute rule to compute the span-based metric. properties: aggregation_type: $ref: "#/components/schemas/SpansMetricComputeAggregationType" include_percentiles: $ref: "#/components/schemas/SpansMetricComputeIncludePercentiles" path: description: The path to the value the span-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: "@duration" type: string required: - aggregation_type type: object SpansMetricComputeAggregationType: description: The type of aggregation to use. enum: ["count", "distribution"] example: "distribution" type: string x-enum-varnames: ["COUNT", "DISTRIBUTION"] SpansMetricComputeIncludePercentiles: description: |- Toggle to include or exclude percentile aggregations for distribution metrics. Only present when the `aggregation_type` is `distribution`. example: false type: boolean SpansMetricCreateAttributes: description: The object describing the Datadog span-based metric to create. properties: compute: $ref: "#/components/schemas/SpansMetricCompute" filter: $ref: "#/components/schemas/SpansMetricFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/SpansMetricGroupBy" type: array required: - compute type: object SpansMetricCreateData: description: The new span-based metric properties. properties: attributes: $ref: "#/components/schemas/SpansMetricCreateAttributes" id: $ref: "#/components/schemas/SpansMetricID" type: $ref: "#/components/schemas/SpansMetricType" required: - id - type - attributes type: object SpansMetricCreateRequest: description: The new span-based metric body. properties: data: $ref: "#/components/schemas/SpansMetricCreateData" required: - data type: object SpansMetricFilter: description: The span-based metric filter. Spans matching this filter will be aggregated in this metric. properties: query: default: "*" description: The search query - following the span search syntax. example: "@http.status_code:200 service:my-service" type: string type: object SpansMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the span-based metric will be aggregated over. example: "resource_name" type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: "resource_name" type: string required: - path type: object SpansMetricID: description: The name of the span-based metric. example: "my.metric" type: string SpansMetricResponse: description: The span-based metric object. properties: data: $ref: "#/components/schemas/SpansMetricResponseData" type: object SpansMetricResponseAttributes: description: The object describing a Datadog span-based metric. properties: compute: $ref: "#/components/schemas/SpansMetricResponseCompute" filter: $ref: "#/components/schemas/SpansMetricResponseFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/SpansMetricResponseGroupBy" type: array type: object SpansMetricResponseCompute: description: The compute rule to compute the span-based metric. properties: aggregation_type: $ref: "#/components/schemas/SpansMetricComputeAggregationType" include_percentiles: $ref: "#/components/schemas/SpansMetricComputeIncludePercentiles" path: description: The path to the value the span-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: "@duration" type: string type: object SpansMetricResponseData: description: The span-based metric properties. properties: attributes: $ref: "#/components/schemas/SpansMetricResponseAttributes" id: $ref: "#/components/schemas/SpansMetricID" type: $ref: "#/components/schemas/SpansMetricType" type: object SpansMetricResponseFilter: description: The span-based metric filter. Spans matching this filter will be aggregated in this metric. properties: query: description: The search query - following the span search syntax. example: "@http.status_code:200 service:my-service" type: string type: object SpansMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the span-based metric will be aggregated over. example: "resource_name" type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: "resource_name" type: string type: object SpansMetricType: default: spans_metrics description: The type of resource. The value should always be spans_metrics. enum: - spans_metrics example: spans_metrics type: string x-enum-varnames: ["SPANS_METRICS"] SpansMetricUpdateAttributes: description: The span-based metric properties that will be updated. properties: compute: $ref: "#/components/schemas/SpansMetricUpdateCompute" filter: $ref: "#/components/schemas/SpansMetricFilter" group_by: description: The rules for the group by. items: $ref: "#/components/schemas/SpansMetricGroupBy" type: array type: object SpansMetricUpdateCompute: description: The compute rule to compute the span-based metric. properties: include_percentiles: $ref: "#/components/schemas/SpansMetricComputeIncludePercentiles" type: object SpansMetricUpdateData: description: The new span-based metric properties. properties: attributes: $ref: "#/components/schemas/SpansMetricUpdateAttributes" type: $ref: "#/components/schemas/SpansMetricType" required: - type - attributes type: object SpansMetricUpdateRequest: description: The new span-based metric body. properties: data: $ref: "#/components/schemas/SpansMetricUpdateData" required: - data type: object SpansMetricsResponse: description: All the available span-based metric objects. properties: data: description: A list of span-based metric objects. items: $ref: "#/components/schemas/SpansMetricResponseData" type: array type: object SpansQueryFilter: description: The search and filter query settings. properties: from: default: "now-15m" description: The minimum time for the requested spans, supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: "now-15m" type: string query: default: "*" description: The search query - following the span search syntax. example: "service:web* AND @http.status_code:[200 TO 299]" type: string to: default: "now" description: The maximum time for the requested spans, supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: "now" type: string type: object SpansQueryOptions: description: |- Global query options that are used during the query. Note: You should only supply timezone or time offset but not both otherwise the query will fail. properties: timeOffset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: "UTC" description: |- The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: "GMT" type: string type: object SpansResponseMetadataPage: description: Paging attributes. properties: after: description: |- The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" type: string type: object SpansSort: description: Sort parameters when querying spans. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING SpansSortOrder: description: The order to use, ascending or descending. enum: - "asc" - "desc" example: "asc" type: string x-enum-varnames: - "ASCENDING" - "DESCENDING" SpansType: default: spans description: Type of the span. enum: - spans example: "spans" type: string x-enum-varnames: - SPANS SpansWarning: description: A warning message indicating something that went wrong with the query. properties: code: description: A unique code for this type of warning. example: "unknown_index" type: string detail: description: A detailed explanation of this specific warning. example: "indexes: foo, bar" type: string title: description: A short human-readable summary of the warning. example: "One or several indexes are missing or invalid, results hold data from the other indexes" type: string type: object Spec: description: The spec defines what the workflow does. properties: annotations: description: "A list of annotations used in the workflow. These are like sticky notes for your workflow!" items: $ref: "#/components/schemas/Annotation" type: array connectionEnvs: description: A list of connections or connection groups used in the workflow. items: $ref: "#/components/schemas/ConnectionEnv" type: array handle: description: Unique identifier used to trigger workflows automatically in Datadog. type: string inputSchema: $ref: "#/components/schemas/InputSchema" outputSchema: $ref: "#/components/schemas/OutputSchema" steps: description: A `Step` is a sub-component of a workflow. Each `Step` performs an action. items: $ref: "#/components/schemas/Step" type: array triggers: description: The list of triggers that activate this workflow. At least one trigger is required, and each trigger type may appear at most once. items: $ref: "#/components/schemas/Trigger" type: array type: object SpecVersion: description: The version of the CycloneDX specification a BOM conforms to. enum: - "1.0" - "1.1" - "1.2" - "1.3" - "1.4" - "1.5" example: "1.5" type: string x-enum-varnames: - ONE_ZERO - ONE_ONE - ONE_TWO - ONE_THREE - ONE_FOUR - ONE_FIVE SplitAPIKey: description: The definition of the `SplitAPIKey` object. properties: api_key: description: The `SplitAPIKey` `api_key`. example: "" type: string type: $ref: "#/components/schemas/SplitAPIKeyType" required: - type - api_key type: object SplitAPIKeyType: description: The definition of the `SplitAPIKey` object. enum: - SplitAPIKey example: SplitAPIKey type: string x-enum-varnames: - SPLITAPIKEY SplitAPIKeyUpdate: description: The definition of the `SplitAPIKey` object. properties: api_key: description: The `SplitAPIKeyUpdate` `api_key`. type: string type: $ref: "#/components/schemas/SplitAPIKeyType" required: - type type: object SplitCredentials: description: The definition of the `SplitCredentials` object. oneOf: - $ref: "#/components/schemas/SplitAPIKey" SplitCredentialsUpdate: description: The definition of the `SplitCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/SplitAPIKeyUpdate" SplitIntegration: description: The definition of the `SplitIntegration` object. properties: credentials: $ref: "#/components/schemas/SplitCredentials" type: $ref: "#/components/schemas/SplitIntegrationType" required: - type - credentials type: object SplitIntegrationType: description: The definition of the `SplitIntegrationType` object. enum: - Split example: Split type: string x-enum-varnames: - SPLIT SplitIntegrationUpdate: description: The definition of the `SplitIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/SplitCredentialsUpdate" type: $ref: "#/components/schemas/SplitIntegrationType" required: - type type: object StartStepNames: description: "A list of steps that run first after a trigger fires." example: - "" items: description: The `StartStepNames` `items`. type: string type: array State: description: The state of the rule evaluation. enum: [pass, fail, skip] example: pass type: string x-enum-varnames: [PASS, FAIL, SKIP] StateVariable: description: A variable, which can be set and read by other components in the app. properties: id: description: The ID of the state variable. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string name: description: A unique identifier for this state variable. This name is also used to access the variable's value throughout the app. example: "ordersToSubmit" type: string properties: $ref: "#/components/schemas/StateVariableProperties" type: $ref: "#/components/schemas/StateVariableType" required: - id - name - type - properties type: object StateVariableProperties: description: The properties of the state variable. properties: defaultValue: description: The default value of the state variable. example: "${['order_3145', 'order_4920']}" type: object StateVariableType: default: stateVariable description: The state variable type. enum: - stateVariable example: stateVariable type: string x-enum-varnames: - STATEVARIABLE StatsigAPIKey: description: The definition of the `StatsigAPIKey` object. properties: api_key: description: The `StatsigAPIKey` `api_key`. example: "" type: string type: $ref: "#/components/schemas/StatsigAPIKeyType" required: - type - api_key type: object StatsigAPIKeyType: description: The definition of the `StatsigAPIKey` object. enum: - StatsigAPIKey example: StatsigAPIKey type: string x-enum-varnames: - STATSIGAPIKEY StatsigAPIKeyUpdate: description: The definition of the `StatsigAPIKey` object. properties: api_key: description: The `StatsigAPIKeyUpdate` `api_key`. type: string type: $ref: "#/components/schemas/StatsigAPIKeyType" required: - type type: object StatsigCredentials: description: The definition of the `StatsigCredentials` object. oneOf: - $ref: "#/components/schemas/StatsigAPIKey" StatsigCredentialsUpdate: description: The definition of the `StatsigCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/StatsigAPIKeyUpdate" StatsigIntegration: description: The definition of the `StatsigIntegration` object. properties: credentials: $ref: "#/components/schemas/StatsigCredentials" type: $ref: "#/components/schemas/StatsigIntegrationType" required: - type - credentials type: object StatsigIntegrationType: description: The definition of the `StatsigIntegrationType` object. enum: - Statsig example: Statsig type: string x-enum-varnames: - STATSIG StatsigIntegrationUpdate: description: The definition of the `StatsigIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/StatsigCredentialsUpdate" type: $ref: "#/components/schemas/StatsigIntegrationType" required: - type type: object StatusPage: description: Response object for a single status page. properties: data: $ref: "#/components/schemas/StatusPageData" included: description: The included related resources of a status page. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/StatusPageArrayIncluded" type: array type: object StatusPageArray: description: Response object for a list of status pages. properties: data: description: A list of status page data objects. items: $ref: "#/components/schemas/StatusPageData" type: array included: description: The included related resources of a status page. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/StatusPageArrayIncluded" type: array meta: $ref: "#/components/schemas/PaginationMeta" required: - data type: object StatusPageArrayIncluded: description: An included resource related to a status page. oneOf: - $ref: "#/components/schemas/StatusPagesUser" StatusPageAsIncluded: description: The included status page resource. properties: attributes: $ref: "#/components/schemas/StatusPageAsIncludedAttributes" id: description: The ID of the status page. format: uuid type: string relationships: $ref: "#/components/schemas/StatusPageAsIncludedRelationships" type: $ref: "#/components/schemas/StatusPageDataType" required: - type type: object StatusPageAsIncludedAttributes: description: The attributes of a status page. properties: company_logo: description: The base64-encoded image data displayed in the company logo. type: string components: description: Components displayed on the status page. items: $ref: "#/components/schemas/StatusPageAsIncludedAttributesComponentsItems" type: array created_at: description: Timestamp of when the status page was created. format: date-time type: string custom_domain: description: If configured, the url that the status page is accessible at. type: string custom_domain_enabled: description: Whether the custom domain is configured. type: boolean domain_prefix: description: The subdomain of the status page's url taking the form `https://{domain_prefix}.statuspage.datadoghq.com`. Globally unique across Datadog Status Pages. type: string email_header_image: description: Base64-encoded image data included in email notifications sent to status page subscribers. type: string enabled: description: Whether the status page is enabled. type: boolean favicon: description: Base64-encoded image data displayed in the browser tab. type: string modified_at: description: Timestamp of when the status page was last modified. format: date-time type: string name: description: The name of the status page. type: string page_url: description: The url that the status page is accessible at. type: string subscriptions_enabled: description: Whether users can subscribe to the status page. type: boolean type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesType" visualization_type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesVisualizationType" type: object StatusPageAsIncludedAttributesComponentsItems: description: A component displayed on an included status page. properties: components: description: If the component is of type `group`, the components within the group. items: $ref: "#/components/schemas/StatusPageAsIncludedAttributesComponentsItemsComponentsItems" type: array id: description: The ID of the component. format: uuid readOnly: true type: string name: description: The name of the component. type: string position: description: The zero-indexed position of the component. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/CreateComponentRequestDataAttributesType" type: object StatusPageAsIncludedAttributesComponentsItemsComponentsItems: description: A grouped component within a status page component group. properties: id: description: The ID of the grouped component. format: uuid readOnly: true type: string name: description: The name of the grouped component. type: string position: description: The zero-indexed position of the grouped component. Relative to the other components in the group. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsType" type: object StatusPageAsIncludedRelationships: description: The relationships of a status page. properties: created_by_user: $ref: "#/components/schemas/StatusPageAsIncludedRelationshipsCreatedByUser" description: The Datadog user who created the status page. last_modified_by_user: $ref: "#/components/schemas/StatusPageAsIncludedRelationshipsLastModifiedByUser" description: The Datadog user who last modified the status page. type: object StatusPageAsIncludedRelationshipsCreatedByUser: description: The Datadog user who created the status page. properties: data: $ref: "#/components/schemas/StatusPageAsIncludedRelationshipsCreatedByUserData" required: - data type: object StatusPageAsIncludedRelationshipsCreatedByUserData: description: The data object identifying the Datadog user who created the status page. properties: id: description: The ID of the Datadog user who created the status page. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPageAsIncludedRelationshipsLastModifiedByUser: description: The Datadog user who last modified the status page. properties: data: $ref: "#/components/schemas/StatusPageAsIncludedRelationshipsLastModifiedByUserData" required: - data type: object StatusPageAsIncludedRelationshipsLastModifiedByUserData: description: The data object identifying the Datadog user who last modified the status page. properties: id: description: The ID of the Datadog user who last modified the status page. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPageData: description: The data object for a status page. properties: attributes: $ref: "#/components/schemas/StatusPageDataAttributes" id: description: The ID of the status page. format: uuid type: string relationships: $ref: "#/components/schemas/StatusPageDataRelationships" type: $ref: "#/components/schemas/StatusPageDataType" required: - type type: object StatusPageDataAttributes: description: The attributes of a status page. properties: company_logo: description: Base64-encoded image data displayed on the status page. nullable: true type: string components: description: Components displayed on the status page. items: $ref: "#/components/schemas/StatusPageDataAttributesComponentsItems" type: array created_at: description: Timestamp of when the status page was created. format: date-time type: string custom_domain: description: If configured, the url that the status page is accessible at. nullable: true type: string custom_domain_enabled: description: Whether the custom domain is configured. type: boolean domain_prefix: description: The subdomain of the status page's url taking the form `https://{domain_prefix}.statuspage.datadoghq.com`. Globally unique across Datadog Status Pages. type: string email_header_image: description: Base64-encoded image data included in email notifications sent to status page subscribers. nullable: true type: string enabled: description: Whether the status page is enabled. type: boolean favicon: description: Base64-encoded image data displayed in the browser tab. nullable: true type: string modified_at: description: Timestamp of when the status page was last modified. format: date-time type: string name: description: The name of the status page. type: string page_url: description: The url that the status page is accessible at. type: string subscriptions_enabled: description: Whether users can subscribe to the status page. type: boolean type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesType" visualization_type: $ref: "#/components/schemas/CreateStatusPageRequestDataAttributesVisualizationType" type: object StatusPageDataAttributesComponentsItems: description: A component displayed on a status page. properties: components: description: If the component is of type `group`, the components within the group. items: $ref: "#/components/schemas/StatusPageDataAttributesComponentsItemsComponentsItems" type: array id: description: The ID of the component. format: uuid type: string name: description: The name of the component. type: string position: description: The zero-indexed position of the component. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/CreateComponentRequestDataAttributesType" type: object StatusPageDataAttributesComponentsItemsComponentsItems: description: A grouped component within a status page component group. properties: id: description: The ID of the component. format: uuid type: string name: description: The name of the component. type: string position: description: The zero-indexed position of the component. Relative to the other components in the group. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsType" type: object StatusPageDataRelationships: description: The relationships of a status page. properties: created_by_user: $ref: "#/components/schemas/StatusPageDataRelationshipsCreatedByUser" description: The Datadog user who created the status page. last_modified_by_user: $ref: "#/components/schemas/StatusPageDataRelationshipsLastModifiedByUser" description: The Datadog user who last modified the status page. type: object StatusPageDataRelationshipsCreatedByUser: description: The Datadog user who created the status page. properties: data: $ref: "#/components/schemas/StatusPageDataRelationshipsCreatedByUserData" required: - data type: object StatusPageDataRelationshipsCreatedByUserData: description: The data object identifying the Datadog user who created the status page. properties: id: description: The ID of the Datadog user who created the status page. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPageDataRelationshipsLastModifiedByUser: description: The Datadog user who last modified the status page. properties: data: $ref: "#/components/schemas/StatusPageDataRelationshipsLastModifiedByUserData" required: - data type: object StatusPageDataRelationshipsLastModifiedByUserData: description: The data object identifying the Datadog user who last modified the status page. properties: id: description: The ID of the Datadog user who last modified the status page. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPageDataType: default: status_pages description: Status pages resource type. enum: - status_pages example: status_pages type: string x-enum-varnames: - STATUS_PAGES StatusPagesComponent: description: Response object for a single component. properties: data: $ref: "#/components/schemas/StatusPagesComponentData" included: description: The included related resources of a component. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/StatusPagesComponentArrayIncluded" type: array type: object StatusPagesComponentArray: description: Response object for a list of components. properties: data: description: A list of component data objects. items: $ref: "#/components/schemas/StatusPagesComponentData" type: array included: description: The included related resources of a component. Client must explicitly request these resources by name in the `include` query parameter. items: $ref: "#/components/schemas/StatusPagesComponentArrayIncluded" type: array required: - data type: object StatusPagesComponentArrayIncluded: description: An included resource related to a component. oneOf: - $ref: "#/components/schemas/StatusPagesUser" - $ref: "#/components/schemas/StatusPageAsIncluded" - $ref: "#/components/schemas/StatusPagesComponentGroup" StatusPagesComponentData: description: The data object for a component. properties: attributes: $ref: "#/components/schemas/StatusPagesComponentDataAttributes" id: description: The ID of the component. format: uuid type: string relationships: $ref: "#/components/schemas/StatusPagesComponentDataRelationships" type: $ref: "#/components/schemas/StatusPagesComponentGroupType" required: - type type: object StatusPagesComponentDataAttributes: description: The attributes of a component. properties: components: description: If the component is of type `group`, the components within the group. items: $ref: "#/components/schemas/StatusPagesComponentDataAttributesComponentsItems" type: array created_at: description: Timestamp of when the component was created. format: date-time type: string modified_at: description: Timestamp of when the component was last modified. format: date-time type: string name: description: The name of the component. type: string position: description: The zero-indexed position of the component. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentDataAttributesStatus" type: $ref: "#/components/schemas/CreateComponentRequestDataAttributesType" required: - type type: object StatusPagesComponentDataAttributesComponentsItems: description: A component within a component group. properties: id: description: The ID of the component within the group. format: uuid readOnly: true type: string name: description: The name of the component within the group. type: string position: description: The zero-indexed position of the component within the group. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsType" type: object StatusPagesComponentDataAttributesStatus: description: The status of the component. enum: - operational - degraded - partial_outage - major_outage - maintenance example: operational type: string x-enum-varnames: - OPERATIONAL - DEGRADED - PARTIAL_OUTAGE - MAJOR_OUTAGE - MAINTENANCE StatusPagesComponentDataRelationships: description: The relationships of a component. properties: created_by_user: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsCreatedByUser" description: The Datadog user who created the component. group: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsGroup" description: The group the component belongs to. last_modified_by_user: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsLastModifiedByUser" description: The Datadog user who last modified the component. status_page: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsStatusPage" description: The status page the component belongs to. type: object StatusPagesComponentDataRelationshipsCreatedByUser: description: The Datadog user who created the component. properties: data: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsCreatedByUserData" required: - data type: object StatusPagesComponentDataRelationshipsCreatedByUserData: description: The data object identifying the Datadog user who created the component. properties: id: description: The ID of the Datadog user who created the component. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPagesComponentDataRelationshipsGroup: description: The group the component belongs to. properties: data: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsGroupData" required: - data type: object StatusPagesComponentDataRelationshipsGroupData: description: The data object identifying the group the component belongs to. nullable: true properties: id: description: The ID of the group the component belongs to. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPagesComponentGroupType" required: - type - id type: object StatusPagesComponentDataRelationshipsLastModifiedByUser: description: The Datadog user who last modified the component. properties: data: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsLastModifiedByUserData" required: - data type: object StatusPagesComponentDataRelationshipsLastModifiedByUserData: description: The data object identifying the Datadog user who last modified the component. properties: id: description: The ID of the Datadog user who last modified the component. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPagesComponentDataRelationshipsStatusPage: description: The status page the component belongs to. properties: data: $ref: "#/components/schemas/StatusPagesComponentDataRelationshipsStatusPageData" required: - data type: object StatusPagesComponentDataRelationshipsStatusPageData: description: The data object identifying the status page the component belongs to. properties: id: description: The ID of the status page the component belongs to. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPageDataType" required: - type - id type: object StatusPagesComponentGroup: description: The included component group resource. properties: attributes: $ref: "#/components/schemas/StatusPagesComponentGroupAttributes" id: description: The ID of the component. format: uuid type: string relationships: $ref: "#/components/schemas/StatusPagesComponentGroupRelationships" type: $ref: "#/components/schemas/StatusPagesComponentGroupType" required: - type type: object StatusPagesComponentGroupAttributes: description: The attributes of a component group. properties: components: description: If the component is of type `group`, the components within the group. items: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItems" type: array created_at: description: Timestamp of when the component was created. format: date-time type: string modified_at: description: Timestamp of when the component was last modified. format: date-time type: string name: description: The name of the component. type: string position: description: The zero-indexed position of the component. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentDataAttributesStatus" type: $ref: "#/components/schemas/CreateComponentRequestDataAttributesType" required: - type type: object StatusPagesComponentGroupAttributesComponentsItems: description: A component within a component group. properties: id: description: The ID of the grouped component. format: uuid readOnly: true type: string name: description: The name of the grouped component. type: string position: description: The zero-indexed position of the grouped component. Relative to the other components in the group. format: int64 type: integer status: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsStatus" type: $ref: "#/components/schemas/StatusPagesComponentGroupAttributesComponentsItemsType" type: object StatusPagesComponentGroupAttributesComponentsItemsStatus: description: The status of the component. enum: - operational - degraded - partial_outage - major_outage - maintenance readOnly: true type: string x-enum-varnames: - OPERATIONAL - DEGRADED - PARTIAL_OUTAGE - MAJOR_OUTAGE - MAINTENANCE StatusPagesComponentGroupAttributesComponentsItemsType: description: The type of the component. enum: - component example: component type: string x-enum-varnames: - COMPONENT StatusPagesComponentGroupRelationships: description: The relationships of a component group. properties: created_by_user: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsCreatedByUser" group: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsGroup" last_modified_by_user: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsLastModifiedByUser" status_page: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsStatusPage" type: object StatusPagesComponentGroupRelationshipsCreatedByUser: description: The Datadog user who created the component group. properties: data: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsCreatedByUserData" required: - data type: object StatusPagesComponentGroupRelationshipsCreatedByUserData: description: The data object identifying the Datadog user who created the component group. properties: id: description: The ID of the Datadog user who created the component group. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPagesComponentGroupRelationshipsGroup: description: The group the component group belongs to. properties: data: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsGroupData" required: - data type: object StatusPagesComponentGroupRelationshipsGroupData: description: The data object identifying the parent group of a component group. nullable: true properties: id: description: The ID of the parent group. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPagesComponentGroupType" required: - type - id type: object StatusPagesComponentGroupRelationshipsLastModifiedByUser: description: The Datadog user who last modified the component group. properties: data: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsLastModifiedByUserData" required: - data type: object StatusPagesComponentGroupRelationshipsLastModifiedByUserData: description: The data object identifying the Datadog user who last modified the component group. properties: id: description: The ID of the Datadog user who last modified the component group. example: "" type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type - id type: object StatusPagesComponentGroupRelationshipsStatusPage: description: The status page the component group belongs to. properties: data: $ref: "#/components/schemas/StatusPagesComponentGroupRelationshipsStatusPageData" required: - data type: object StatusPagesComponentGroupRelationshipsStatusPageData: description: The data object identifying the status page the component group belongs to. properties: id: description: The ID of the status page. example: "1234abcd-12ab-34cd-56ef-123456abcdef" format: uuid type: string type: $ref: "#/components/schemas/StatusPageDataType" required: - type - id type: object StatusPagesComponentGroupType: default: components description: Components resource type. enum: - components example: components type: string x-enum-varnames: - COMPONENTS StatusPagesUser: description: The included Datadog user resource. properties: attributes: $ref: "#/components/schemas/StatusPagesUserAttributes" id: description: The ID of the Datadog user. format: uuid type: string type: $ref: "#/components/schemas/StatusPagesUserType" required: - type type: object StatusPagesUserAttributes: description: Attributes of the Datadog user. properties: email: description: The email of the Datadog user. type: string handle: description: The handle of the Datadog user. type: string icon: description: The icon of the Datadog user. type: string name: description: The name of the Datadog user. type: string uuid: description: The UUID of the Datadog user. type: string type: object StatusPagesUserType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS Step: description: A Step is a sub-component of a workflow. Each Step performs an action. properties: actionId: description: The unique identifier of an action. example: "" type: string completionGate: $ref: "#/components/schemas/CompletionGate" connectionLabel: description: The unique identifier of a connection defined in the spec. type: string display: $ref: "#/components/schemas/StepDisplay" errorHandlers: description: The `Step` `errorHandlers`. items: $ref: "#/components/schemas/ErrorHandler" type: array name: description: Name of the step. example: "" type: string outboundEdges: description: A list of subsequent actions to run. items: $ref: "#/components/schemas/OutboundEdge" type: array parameters: description: A list of inputs for an action. items: $ref: "#/components/schemas/Parameter" type: array readinessGate: $ref: "#/components/schemas/ReadinessGate" required: - name - actionId type: object StepDisplay: description: The definition of `StepDisplay` object. properties: bounds: $ref: "#/components/schemas/StepDisplayBounds" type: object StepDisplayBounds: description: The definition of `StepDisplayBounds` object. properties: x: description: The `bounds` `x`. format: double type: number y: description: The `bounds` `y`. format: double type: number type: object SuiteCreateEdit: description: Data object for creating or editing a Synthetic test suite. properties: attributes: $ref: "#/components/schemas/SyntheticsSuite" type: $ref: "#/components/schemas/SyntheticsSuiteTypes" required: - attributes - type type: object SuiteCreateEditRequest: description: Request body for creating or editing a Synthetic test suite. properties: data: $ref: "#/components/schemas/SuiteCreateEdit" required: - data type: object SuiteJsonPatchRequest: description: JSON Patch request for a Synthetic test suite. properties: data: $ref: "#/components/schemas/SuiteJsonPatchRequestData" required: - data type: object SuiteJsonPatchRequestData: description: Data object for a JSON Patch request on a Synthetic test suite. properties: attributes: $ref: "#/components/schemas/SuiteJsonPatchRequestDataAttributes" type: $ref: "#/components/schemas/SuiteJsonPatchType" type: object SuiteJsonPatchRequestDataAttributes: description: Attributes for a JSON Patch request on a Synthetic test suite. properties: json_patch: description: JSON Patch operations following RFC 6902. items: $ref: "#/components/schemas/JsonPatchOperation" type: array type: object SuiteJsonPatchType: default: suites_json_patch description: Type for a JSON Patch request on a Synthetic test suite, `suites_json_patch`. enum: - suites_json_patch example: suites_json_patch type: string x-enum-varnames: - SUITES_JSON_PATCH SuiteSearchResponseType: default: suites_search description: Type for the Synthetics suites search response, `suites_search`. enum: - suites_search example: suites_search type: string x-enum-varnames: - SUITES_SEARCH SuppressionVersionHistory: description: Response object containing the version history of a suppression. properties: count: description: The number of suppression versions. format: int32 maximum: 2147483647 type: integer data: additionalProperties: $ref: "#/components/schemas/SuppressionVersions" description: A suppression version with a list of updates. description: The version history of a suppression. type: object type: object SuppressionVersions: description: A suppression version with a list of updates. properties: changes: description: A list of changes. items: $ref: "#/components/schemas/VersionHistoryUpdate" type: array suppression: $ref: "#/components/schemas/SecurityMonitoringSuppressionAttributes" type: object SyncProperty: description: Sync property configuration. properties: sync_type: description: The direction and type of synchronization for this property. type: string type: object SyncPropertyWithMapping: description: Sync property with mapping configuration. properties: mapping: additionalProperties: type: string description: Map of source values to destination values for synchronization. type: object name_mapping: additionalProperties: type: string description: Map of source names to display names used during synchronization. type: object sync_type: description: The direction and type of synchronization for this property. type: string type: object SyntheticsApiMultistepParentTestAttributes: description: Attributes of a parent API multistep test. properties: child_name: description: The name of the child subtest. example: My API Subtest type: string child_public_id: description: The public ID of the child subtest. example: xyz-uvw-789 type: string monitor_id: description: The associated monitor ID. example: 12345678 format: int64 type: integer name: description: Name of the parent test. example: My Multistep Test type: string overall_state: description: The overall state of the parent test. example: 0 format: int64 type: integer overall_state_modified: description: Timestamp of when the overall state was last modified. example: "2024-01-01T00:00:00+00:00" type: string public_id: description: The public ID of the parent test. example: abc-def-123 type: string type: object SyntheticsApiMultistepParentTestData: description: Data object for a parent API multistep test. properties: attributes: $ref: "#/components/schemas/SyntheticsApiMultistepParentTestAttributes" id: description: The public ID of the parent test. example: abc-def-123 type: string type: $ref: "#/components/schemas/SyntheticsApiMultistepParentTestType" type: object SyntheticsApiMultistepParentTestType: default: parent_test description: Type of the parent test resource. enum: - parent_test example: parent_test type: string x-enum-varnames: - PARENT_TEST SyntheticsApiMultistepParentTestsResponse: description: |- Response containing the list of parent tests for an API multistep subtest. properties: data: description: List of parent tests that include this subtest. items: $ref: "#/components/schemas/SyntheticsApiMultistepParentTestData" type: array type: object SyntheticsApiMultistepSubtestAttributes: description: Attributes of a Synthetic API multistep subtest. properties: name: description: Name of the subtest. example: My API Test type: string public_id: description: The public ID of the subtest. example: abc-def-123 type: string type: object SyntheticsApiMultistepSubtestData: description: Data object for a Synthetic API multistep subtest. properties: attributes: $ref: "#/components/schemas/SyntheticsApiMultistepSubtestAttributes" id: description: The public ID of the subtest. example: abc-def-123 type: string type: $ref: "#/components/schemas/SyntheticsApiMultistepSubtestType" type: object SyntheticsApiMultistepSubtestType: default: subtest description: Type of the subtest resource. enum: - subtest example: subtest type: string x-enum-varnames: - SUBTEST SyntheticsApiMultistepSubtestsResponse: description: |- Response containing the list of available subtests for an API multistep test. properties: data: description: List of API tests that can be added as subtests. items: $ref: "#/components/schemas/SyntheticsApiMultistepSubtestData" type: array type: object SyntheticsDowntimeData: description: A Synthetics downtime object. properties: attributes: $ref: "#/components/schemas/SyntheticsDowntimeDataAttributesResponse" id: description: The unique identifier of the downtime. example: "00000000-0000-0000-0000-000000000001" type: string type: $ref: "#/components/schemas/SyntheticsDowntimeResourceType" required: - id - type - attributes type: object SyntheticsDowntimeDataAttributesRequest: description: Attributes for creating or updating a Synthetics downtime. properties: description: description: An optional description of the downtime. example: Scheduled weekly maintenance window. type: string isEnabled: description: Whether the downtime is enabled. example: true type: boolean name: description: The name of the downtime. example: Weekly maintenance type: string tags: $ref: "#/components/schemas/SyntheticsDowntimeTags" testIds: $ref: "#/components/schemas/SyntheticsDowntimeTestIds" timeSlots: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotRequests" required: - name - isEnabled - timeSlots - testIds type: object SyntheticsDowntimeDataAttributesResponse: description: Attributes of a Synthetics downtime response object. properties: createdAt: description: The timestamp when the downtime was created. example: "2024-01-15T10:30:00Z" format: date-time type: string createdBy: description: The UUID of the user who created the downtime. example: "00000000-0000-0000-0000-000000000003" type: string createdByName: description: The display name of the user who created the downtime. example: Jane Doe type: string description: description: The description of the downtime. example: Scheduled weekly maintenance window. type: string isEnabled: description: Whether the downtime is enabled. example: true type: boolean name: description: The name of the downtime. example: Weekly maintenance type: string tags: $ref: "#/components/schemas/SyntheticsDowntimeTags" testIds: $ref: "#/components/schemas/SyntheticsDowntimeTestIds" timeSlots: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotResponses" updatedAt: description: The timestamp when the downtime was last updated. example: "2024-01-15T10:30:00Z" format: date-time type: string updatedBy: description: The UUID of the user who last updated the downtime. example: "00000000-0000-0000-0000-000000000003" type: string updatedByName: description: The display name of the user who last updated the downtime. example: Jane Doe type: string required: - name - description - isEnabled - createdBy - createdByName - createdAt - updatedBy - updatedByName - updatedAt - timeSlots - testIds - tags type: object SyntheticsDowntimeDataList: description: List of Synthetics downtime objects. example: - attributes: createdAt: "2024-01-15T10:30:00Z" createdBy: "00000000-0000-0000-0000-000000000003" createdByName: Jane Doe description: Scheduled weekly maintenance window. isEnabled: true name: Weekly maintenance tags: [] testIds: - abc-def-123 timeSlots: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris updatedAt: "2024-01-15T10:30:00Z" updatedBy: "00000000-0000-0000-0000-000000000003" updatedByName: Jane Doe id: "00000000-0000-0000-0000-000000000001" type: downtime items: $ref: "#/components/schemas/SyntheticsDowntimeData" type: array SyntheticsDowntimeDataRequest: description: The data object for a Synthetics downtime create or update request. example: attributes: isEnabled: true name: Weekly maintenance testIds: - abc-def-123 timeSlots: - duration: 3600 start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris type: downtime properties: attributes: $ref: "#/components/schemas/SyntheticsDowntimeDataAttributesRequest" type: $ref: "#/components/schemas/SyntheticsDowntimeResourceType" required: - type - attributes type: object SyntheticsDowntimeFrequency: description: The recurrence frequency of a Synthetics downtime time slot. enum: - DAILY - WEEKLY - MONTHLY - YEARLY example: WEEKLY type: string x-enum-varnames: - DAILY - WEEKLY - MONTHLY - YEARLY SyntheticsDowntimeRequest: description: Request body for creating or updating a Synthetics downtime. properties: data: $ref: "#/components/schemas/SyntheticsDowntimeDataRequest" required: - data type: object SyntheticsDowntimeResourceType: description: The resource type for a Synthetics downtime. enum: - downtime example: downtime type: string x-enum-varnames: - DOWNTIME SyntheticsDowntimeResponse: description: Response containing a single Synthetics downtime. properties: data: $ref: "#/components/schemas/SyntheticsDowntimeData" required: - data type: object SyntheticsDowntimeTags: description: List of tags associated with a Synthetics downtime. example: - "team:backend" - "env:prod" items: description: A tag. type: string type: array SyntheticsDowntimeTestIds: description: List of Synthetics test public IDs associated with a downtime. example: - abc-def-123 - xyz-uvw-456 items: description: A Synthetics test public ID. type: string type: array SyntheticsDowntimeTimeSlotDate: description: A specific date and time used to define the start or end of a Synthetics downtime time slot. properties: day: description: The day component of the date (1-31). example: 15 format: int64 type: integer hour: description: The hour component of the time (0-23). example: 10 format: int64 type: integer minute: description: The minute component of the time (0-59). example: 30 format: int64 type: integer month: description: The month component of the date (1-12). example: 1 format: int64 type: integer year: description: The year component of the date. example: 2024 format: int64 type: integer required: - year - month - day - hour - minute type: object SyntheticsDowntimeTimeSlotRecurrenceRequest: description: Recurrence settings for a Synthetics downtime time slot. properties: end: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotDate" frequency: $ref: "#/components/schemas/SyntheticsDowntimeFrequency" interval: description: The interval between recurrences, relative to the frequency. example: 1 format: int64 type: integer weekdays: $ref: "#/components/schemas/SyntheticsDowntimeWeekdays" required: - frequency type: object SyntheticsDowntimeTimeSlotRecurrenceResponse: description: Recurrence settings returned in a Synthetics downtime time slot response. properties: frequency: $ref: "#/components/schemas/SyntheticsDowntimeFrequency" interval: description: The interval between recurrences, relative to the frequency. example: 1 format: int64 type: integer until: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotDate" weekdays: $ref: "#/components/schemas/SyntheticsDowntimeWeekdays" required: - frequency - interval - weekdays type: object SyntheticsDowntimeTimeSlotRequest: description: A time slot for a Synthetics downtime create or update request. properties: duration: description: The duration of the time slot in seconds, between 60 and 604800. example: 3600 format: int64 type: integer name: description: An optional label for the time slot. example: Weekly maintenance window type: string recurrence: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotRecurrenceRequest" start: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotDate" timezone: description: The IANA timezone name for the time slot. example: Europe/Paris type: string required: - start - timezone - duration type: object SyntheticsDowntimeTimeSlotRequests: description: List of time slots for a Synthetics downtime create or update request. example: - duration: 3600 start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris items: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotRequest" type: array SyntheticsDowntimeTimeSlotResponse: description: A time slot returned in a Synthetics downtime response. properties: duration: description: The duration of the time slot in seconds. example: 3600 format: int64 type: integer id: description: The unique identifier of the time slot. example: "00000000-0000-0000-0000-000000000002" type: string name: description: The label for the time slot. example: Weekly maintenance window type: string recurrence: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotRecurrenceResponse" start: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotDate" timezone: description: The IANA timezone name for the time slot. example: Europe/Paris type: string required: - id - start - timezone - duration type: object SyntheticsDowntimeTimeSlotResponses: description: List of time slots in a Synthetics downtime response. example: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris items: $ref: "#/components/schemas/SyntheticsDowntimeTimeSlotResponse" type: array SyntheticsDowntimeWeekday: description: A day of the week for a Synthetics downtime recurrence. enum: - MO - TU - WE - TH - FR - SA - SU example: MO type: string x-enum-varnames: - MONDAY - TUESDAY - WEDNESDAY - THURSDAY - FRIDAY - SATURDAY - SUNDAY SyntheticsDowntimeWeekdays: description: Days of the week for a Synthetics downtime recurrence schedule. example: - MO - WE - FR items: $ref: "#/components/schemas/SyntheticsDowntimeWeekday" type: array SyntheticsDowntimesResponse: description: Response containing a list of Synthetics downtimes. properties: data: $ref: "#/components/schemas/SyntheticsDowntimeDataList" required: - data type: object SyntheticsFastTestResult: description: |- Fast test result response. Returns `null` if the result is not yet available (the test is still running or timed out before completing). nullable: true properties: data: $ref: "#/components/schemas/SyntheticsFastTestResultData" type: object SyntheticsFastTestResultAttributes: description: Attributes of the fast test result. properties: device: $ref: "#/components/schemas/SyntheticsTestResultDevice" location: $ref: "#/components/schemas/SyntheticsTestResultLocation" result: $ref: "#/components/schemas/SyntheticsFastTestResultDetail" test_sub_type: $ref: "#/components/schemas/SyntheticsFastTestSubType" test_type: $ref: "#/components/schemas/SyntheticsFastTestType" test_version: description: Version of the test at the time the fast test was triggered. example: 1 format: int64 type: integer type: object SyntheticsFastTestResultData: description: Fast test result data object (JSON:API format). properties: attributes: $ref: "#/components/schemas/SyntheticsFastTestResultAttributes" id: description: The UUID of the fast test, used as the result identifier. example: abc12345-1234-1234-1234-abc123456789 type: string type: $ref: "#/components/schemas/SyntheticsFastTestResultType" type: object SyntheticsFastTestResultDetail: description: |- Detailed result data for the fast test run. The exact shape of nested fields (`request`, `response`, `assertions`, etc.) depends on the test subtype. properties: assertions: description: Results of each assertion evaluated during the test. items: $ref: "#/components/schemas/SyntheticsTestResultAssertionResult" type: array call_type: description: gRPC call type (for example, `unary`, `healthCheck`, or `reflection`). example: unary type: string cert: $ref: "#/components/schemas/SyntheticsTestResultCertificate" duration: description: Total duration of the test in milliseconds. example: 150.5 format: double type: number failure: $ref: "#/components/schemas/SyntheticsTestResultFailure" finished_at: description: Unix timestamp (ms) of when the test finished. example: 1679328001000 format: int64 type: integer id: description: The result ID. Set to the fast test UUID because no persistent result ID exists for fast tests. example: abc12345-1234-1234-1234-abc123456789 type: string is_fast_retry: description: Whether this result is from an automatic fast retry. example: false type: boolean request: $ref: "#/components/schemas/SyntheticsTestResultRequestInfo" resolved_ip: description: IP address resolved for the target host. example: "1.2.3.4" type: string response: $ref: "#/components/schemas/SyntheticsTestResultResponseInfo" run_type: $ref: "#/components/schemas/SyntheticsTestResultRunType" started_at: description: Unix timestamp (ms) of when the test started. example: 1679328000000 format: int64 type: integer status: description: Status of the test result (`passed` or `failed`). example: passed type: string steps: description: Step results for multistep API tests. items: $ref: "#/components/schemas/SyntheticsTestResultStep" type: array timings: additionalProperties: {} description: Timing breakdown of the test request phases (for example, DNS, TCP, TLS, first byte). example: dns: 2.9 download: 2.1 firstByte: 95.2 ssl: 187.9 tcp: 92.6 total: 380.7 type: object traceroute: description: Traceroute hop results, present for ICMP and TCP tests. items: $ref: "#/components/schemas/SyntheticsTestResultTracerouteHop" type: array triggered_at: description: Unix timestamp (ms) of when the test was triggered. example: 1679327999000 format: int64 type: integer tunnel: description: Whether the test was run through a Synthetics tunnel. example: false type: boolean type: object SyntheticsFastTestResultType: default: result description: JSON:API type for a fast test result. enum: - result example: result type: string x-enum-varnames: - RESULT SyntheticsFastTestSubType: description: Subtype of the Synthetic test that produced this result. enum: - dns - grpc - http - icmp - mcp - multi - ssl - tcp - udp - websocket example: http type: string x-enum-varnames: - DNS - GRPC - HTTP - ICMP - MCP - MULTI - SSL - TCP - UDP - WEBSOCKET SyntheticsFastTestType: description: Type of the Synthetic fast test that produced this result. enum: - fast-api - fast-browser example: fast-api type: string x-enum-varnames: - FAST_API - FAST_BROWSER SyntheticsGlobalVariable: description: Synthetic global variable. properties: attributes: $ref: "#/components/schemas/SyntheticsGlobalVariableAttributes" description: description: Description of the global variable. example: "Example description" type: string id: description: Unique identifier of the global variable. readOnly: true type: string is_fido: description: Determines if the global variable is a FIDO variable. type: boolean is_totp: description: Determines if the global variable is a TOTP/MFA variable. type: boolean name: description: Name of the global variable. Unique across Synthetic global variables. example: "MY_VARIABLE" type: string parse_test_options: $ref: "#/components/schemas/SyntheticsGlobalVariableParseTestOptions" parse_test_public_id: description: A Synthetic test ID to use as a test to generate the variable value. example: "abc-def-123" type: string tags: description: Tags of the global variable. example: ["team:front", "test:workflow-1"] items: description: Tag name. type: string type: array value: $ref: "#/components/schemas/SyntheticsGlobalVariableValue" required: - description - name - tags - value type: object SyntheticsGlobalVariableAttributes: description: Attributes of the global variable. properties: restricted_roles: $ref: "#/components/schemas/SyntheticsRestrictedRoles" type: object SyntheticsGlobalVariableOptions: description: Options for the Global Variable for MFA. properties: totp_parameters: $ref: "#/components/schemas/SyntheticsGlobalVariableTOTPParameters" type: object SyntheticsGlobalVariableParseTestOptions: description: Parser options to use for retrieving a Synthetic global variable from a Synthetic test. Used in conjunction with `parse_test_public_id`. properties: field: description: When type is `http_header`, name of the header to use to extract the value. example: "content-type" type: string localVariableName: description: When type is `local_variable`, name of the local variable to use to extract the value. example: "LOCAL_VARIABLE" type: string parser: $ref: "#/components/schemas/SyntheticsVariableParser" type: $ref: "#/components/schemas/SyntheticsGlobalVariableParseTestOptionsType" required: - type type: object SyntheticsGlobalVariableParseTestOptionsType: description: Type of value to extract from a test for a Synthetic global variable. enum: - http_body - http_header - http_status_code - local_variable example: http_body type: string x-enum-varnames: - HTTP_BODY - HTTP_HEADER - HTTP_STATUS_CODE - LOCAL_VARIABLE SyntheticsGlobalVariableParserType: description: Type of parser for a Synthetic global variable from a synthetics test. enum: - raw - json_path - regex - x_path example: raw type: string x-enum-varnames: - RAW - JSON_PATH - REGEX - X_PATH SyntheticsGlobalVariableTOTPParameters: description: "Parameters for the TOTP/MFA variable" properties: digits: description: Number of digits for the OTP code. example: 6 format: int32 maximum: 10 minimum: 4 type: integer refresh_interval: description: Interval for which to refresh the token (in seconds). example: 30 format: int32 maximum: 999 minimum: 0 type: integer type: object SyntheticsGlobalVariableValue: description: Value of the global variable. example: secure: true value: value properties: options: $ref: "#/components/schemas/SyntheticsGlobalVariableOptions" secure: description: Determines if the value of the variable is hidden. type: boolean value: description: |- Value of the global variable. When reading a global variable, the value will not be present if the variable is hidden with the `secure` property. example: "example-value" type: string type: object SyntheticsNetworkAssertion: description: Object describing an assertion for a Network Path test. oneOf: - $ref: "#/components/schemas/SyntheticsNetworkAssertionLatency" - $ref: "#/components/schemas/SyntheticsNetworkAssertionMultiNetworkHop" - $ref: "#/components/schemas/SyntheticsNetworkAssertionPacketLossPercentage" - $ref: "#/components/schemas/SyntheticsNetworkAssertionJitter" SyntheticsNetworkAssertionJitter: description: Jitter assertion for a Network Path test. properties: operator: $ref: "#/components/schemas/SyntheticsNetworkAssertionOperator" target: description: Target value in milliseconds. example: 5 format: double type: number type: $ref: "#/components/schemas/SyntheticsNetworkAssertionJitterType" required: - operator - target - type type: object SyntheticsNetworkAssertionJitterType: default: jitter description: Type of the jitter assertion. enum: - jitter example: jitter type: string x-enum-varnames: - JITTER SyntheticsNetworkAssertionLatency: description: Network latency assertion for a Network Path test. properties: operator: $ref: "#/components/schemas/SyntheticsNetworkAssertionOperator" property: $ref: "#/components/schemas/SyntheticsNetworkAssertionProperty" target: description: Target value in milliseconds. example: 500 format: double type: number type: $ref: "#/components/schemas/SyntheticsNetworkAssertionLatencyType" required: - operator - property - target - type type: object SyntheticsNetworkAssertionLatencyType: default: latency description: Type of the latency assertion. enum: - latency example: latency type: string x-enum-varnames: - LATENCY SyntheticsNetworkAssertionMultiNetworkHop: description: Multi-network hop assertion for a Network Path test. properties: operator: $ref: "#/components/schemas/SyntheticsNetworkAssertionOperator" property: $ref: "#/components/schemas/SyntheticsNetworkAssertionProperty" target: description: Target value in number of hops. example: 3 format: double type: number type: $ref: "#/components/schemas/SyntheticsNetworkAssertionMultiNetworkHopType" required: - operator - property - target - type type: object SyntheticsNetworkAssertionMultiNetworkHopType: default: multiNetworkHop description: Type of the multi-network hop assertion. enum: - multiNetworkHop example: multiNetworkHop type: string x-enum-varnames: - MULTI_NETWORK_HOP SyntheticsNetworkAssertionOperator: description: Assertion operator to apply. enum: - is - isNot - lessThan - lessThanOrEqual - moreThan - moreThanOrEqual example: lessThan type: string x-enum-varnames: - IS - IS_NOT - LESS_THAN - LESS_THAN_OR_EQUAL - MORE_THAN - MORE_THAN_OR_EQUAL SyntheticsNetworkAssertionPacketLossPercentage: description: Packet loss percentage assertion for a Network Path test. properties: operator: $ref: "#/components/schemas/SyntheticsNetworkAssertionOperator" target: description: Target value as a percentage (0 to 1). example: 0.05 format: double maximum: 1 minimum: 0 type: number type: $ref: "#/components/schemas/SyntheticsNetworkAssertionPacketLossPercentageType" required: - operator - target - type type: object SyntheticsNetworkAssertionPacketLossPercentageType: default: packetLossPercentage description: Type of the packet loss percentage assertion. enum: - packetLossPercentage example: packetLossPercentage type: string x-enum-varnames: - PACKET_LOSS_PERCENTAGE SyntheticsNetworkAssertionProperty: description: The associated assertion property. enum: - avg - max - min example: avg type: string x-enum-varnames: - AVG - MAX - MIN SyntheticsNetworkTest: description: Object containing details about a Network Path test. properties: config: $ref: "#/components/schemas/SyntheticsNetworkTestConfig" locations: description: |- Array of locations used to run the test. Network Path tests can be run from managed locations to test public endpoints, or from a [Datadog Agent](https://docs.datadoghq.com/synthetics/network_path_tests/#agent-configuration) to test private environments. example: ["aws:us-east-1", "agent:my-agent-name"] items: description: A location to run the test from. type: string type: array message: description: Notification message associated with the test. example: "Network Path test notification" type: string monitor_id: description: The associated monitor ID. example: 12345678 format: int64 readOnly: true type: integer name: description: Name of the test. example: "Example Network Path test" type: string options: $ref: "#/components/schemas/SyntheticsTestOptions" public_id: description: The public ID for the test. example: abc-def-123 readOnly: true type: string status: $ref: "#/components/schemas/SyntheticsTestPauseStatus" subtype: $ref: "#/components/schemas/SyntheticsNetworkTestSubType" tags: description: Array of tags attached to the test. example: ["env:production"] items: description: A tag attached to the test. type: string type: array type: $ref: "#/components/schemas/SyntheticsNetworkTestType" required: - name - config - locations - options - type - message type: object SyntheticsNetworkTestConfig: description: Configuration object for a Network Path test. properties: assertions: default: [] description: Array of assertions used for the test. example: [{"operator": "lessThan", "property": "avg", "target": 500, "type": "latency"}] items: $ref: "#/components/schemas/SyntheticsNetworkAssertion" type: array request: $ref: "#/components/schemas/SyntheticsNetworkTestRequest" type: object SyntheticsNetworkTestEdit: description: Data object for creating or editing a Network Path test. properties: attributes: $ref: "#/components/schemas/SyntheticsNetworkTest" type: $ref: "#/components/schemas/SyntheticsNetworkTestType" required: - attributes - type type: object SyntheticsNetworkTestEditRequest: description: Network Path test request. properties: data: $ref: "#/components/schemas/SyntheticsNetworkTestEdit" required: - data type: object SyntheticsNetworkTestRequest: description: Object describing the request for a Network Path test. properties: destination_service: description: An optional label displayed for the destination host in the Network Path visualization. type: string e2e_queries: description: The number of packets sent to probe the destination to measure packet loss, latency and jitter. example: 50 format: int64 type: integer host: description: Host name to query. example: "" type: string max_ttl: description: The maximum time-to-live (max number of hops) used in outgoing probe packets. example: 30 format: int64 type: integer port: description: |- For TCP or UDP tests, the port to use when performing the test. If not set on a UDP test, a random port is assigned, which may affect the results. example: 443 format: int64 type: integer source_service: description: An optional label displayed for the source host in the Network Path visualization. type: string tcp_method: $ref: "#/components/schemas/SyntheticsNetworkTestRequestTCPMethod" timeout: description: Timeout in seconds. format: int64 type: integer traceroute_queries: description: The number of traceroute path tracings. example: 3 format: int64 type: integer required: - host - max_ttl - e2e_queries - traceroute_queries type: object SyntheticsNetworkTestRequestTCPMethod: description: For TCP tests, the TCP traceroute strategy. enum: - prefer_sack - syn - sack example: prefer_sack type: string x-enum-varnames: - PREFER_SACK - SYN - SACK SyntheticsNetworkTestResponse: description: Network Path test response. properties: data: $ref: "#/components/schemas/SyntheticsNetworkTestResponseData" type: object SyntheticsNetworkTestResponseData: description: Network Path test response data. properties: attributes: $ref: "#/components/schemas/SyntheticsNetworkTest" id: description: The public ID of the Network Path test. example: abc-def-123 readOnly: true type: string type: $ref: "#/components/schemas/SyntheticsNetworkTestResponseType" type: object SyntheticsNetworkTestResponseType: default: "network_test" description: Type of response, `network_test`. enum: - network_test example: network_test type: string x-enum-varnames: - NETWORK_TEST SyntheticsNetworkTestSubType: description: |- Subtype of the Synthetic Network Path test: `tcp`, `udp`, or `icmp`. enum: - tcp - udp - icmp example: tcp type: string x-enum-varnames: - TCP - UDP - ICMP SyntheticsNetworkTestType: default: "network" description: Type of the Synthetic test, `network`. enum: - network example: network type: string x-enum-varnames: - NETWORK SyntheticsPollTestResultsResponse: description: Response object for polling Synthetic test results. properties: data: description: Array of Synthetic test results. items: $ref: "#/components/schemas/SyntheticsTestResultData" type: array included: description: Array of included related resources, such as the test definition. items: $ref: "#/components/schemas/SyntheticsTestResultIncludedItem" type: array type: object SyntheticsRestrictedRoles: deprecated: true description: A list of role identifiers that can be pulled from the Roles API, for restricting read and write access. This field is deprecated. Use the restriction policies API to manage permissions. example: ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"] items: description: UUID for a role. example: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx type: string type: array SyntheticsSuite: description: Object containing details about a Synthetic suite. properties: message: description: Notification message associated with the suite. example: Notification message type: string monitor_id: description: The associated monitor ID. example: 12345678 format: int64 readOnly: true type: integer name: description: Name of the suite. example: "Example suite name" type: string options: $ref: "#/components/schemas/SyntheticsSuiteOptions" public_id: description: The public ID for the test. example: 123-abc-456 readOnly: true type: string tags: description: Array of tags attached to the suite. example: ["env:production"] items: description: A tag attached to the suite. type: string type: array tests: description: Array of Synthetic tests included in the suite. items: $ref: "#/components/schemas/SyntheticsSuiteTest" type: array type: $ref: "#/components/schemas/SyntheticsSuiteType" required: - name - type - tests - options type: object SyntheticsSuiteOptions: description: Object describing the extra options for a Synthetic suite. properties: alerting_threshold: description: Percentage of critical tests failure needed for a suite to fail. format: double maximum: 1 minimum: 0 type: number type: object SyntheticsSuiteResponse: description: Synthetics suite response properties: data: $ref: "#/components/schemas/SyntheticsSuiteResponseData" type: object SyntheticsSuiteResponseData: description: Synthetics suite response data properties: attributes: $ref: "#/components/schemas/SyntheticsSuite" id: description: The public ID for the suite. example: 123-abc-456 readOnly: true type: string type: $ref: "#/components/schemas/SyntheticsSuiteTypes" type: object SyntheticsSuiteSearchResponse: description: Synthetics suite search response properties: data: $ref: "#/components/schemas/SyntheticsSuiteSearchResponseData" type: object SyntheticsSuiteSearchResponseData: description: Synthetics suite search response data properties: attributes: $ref: "#/components/schemas/SyntheticsSuiteSearchResponseDataAttributes" id: description: The unique identifier of the suite search response data. format: uuid type: string type: $ref: "#/components/schemas/SuiteSearchResponseType" type: object SyntheticsSuiteSearchResponseDataAttributes: description: Synthetics suite search response data attributes properties: suites: description: List of Synthetic suites matching the search query. items: $ref: "#/components/schemas/SyntheticsSuite" type: array total: description: Total number of Synthetic suites matching the search query. format: int32 maximum: 2147483647 type: integer type: object SyntheticsSuiteTest: description: Object containing details about a Synthetic test included in a Synthetic suite. properties: alerting_criticality: $ref: "#/components/schemas/SyntheticsSuiteTestAlertingCriticality" public_id: description: The public ID of the Synthetic test included in the suite. example: "" type: string required: - public_id type: object SyntheticsSuiteTestAlertingCriticality: description: Alerting criticality for each the test. enum: - ignore - critical example: critical type: string x-enum-varnames: - IGNORE - CRITICAL SyntheticsSuiteType: default: "suite" description: Type of the Synthetic suite, `suite`. enum: - suite example: suite type: string x-enum-varnames: - SUITE SyntheticsSuiteTypes: default: "suites" description: Type for the Synthetics suites responses, `suites`. enum: - suites example: suites type: string x-enum-varnames: - SUITES SyntheticsTestFileAbortMultipartUploadRequest: description: Request body for aborting a multipart file upload. properties: key: description: The full storage path of the file whose upload should be aborted. example: "org-123/api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json" type: string uploadId: description: The upload ID of the multipart upload to abort. example: "upload-id-abc123" type: string required: - uploadId - key type: object SyntheticsTestFileCompleteMultipartUploadPart: description: A completed part of a multipart upload. properties: ETag: description: The ETag returned by the storage provider after uploading the part. example: '"d41d8cd98f00b204e9800998ecf8427e"' type: string PartNumber: description: The 1-indexed part number for the multipart upload. example: 1 format: int64 type: integer required: - ETag - PartNumber type: object SyntheticsTestFileCompleteMultipartUploadRequest: description: Request body for completing a multipart file upload. properties: key: description: The full storage path for the uploaded file. example: "org-123/api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json" type: string parts: description: Array of completed parts with their ETags. items: $ref: "#/components/schemas/SyntheticsTestFileCompleteMultipartUploadPart" type: array uploadId: description: The upload ID returned when the multipart upload was initiated. example: "upload-id-abc123" type: string required: - uploadId - key - parts type: object SyntheticsTestFileDownloadRequest: description: Request body for getting a presigned download URL for a test file. properties: bucketKey: description: The bucket key referencing the file to download. example: "api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json" minLength: 1 type: string required: - bucketKey type: object SyntheticsTestFileDownloadResponse: description: Response containing a presigned URL for downloading a test file. properties: url: description: A presigned URL to download the file. The URL expires after a short period. example: "https://storage.example.com/presigned-download-url" type: string type: object SyntheticsTestFileMultipartPresignedUrlsParams: description: Presigned URL parameters returned for a multipart upload. properties: key: description: The full storage path for the file being uploaded. example: "org-123/api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json" type: string upload_id: description: The upload ID assigned by the storage provider for this multipart upload. example: "upload-id-abc123" type: string urls: additionalProperties: type: string description: A map of part numbers to presigned upload URLs. example: "1": "https://storage.example.com/presigned-upload-url-part-1" "2": "https://storage.example.com/presigned-upload-url-part-2" type: object type: object SyntheticsTestFileMultipartPresignedUrlsPart: description: A part descriptor for initiating a multipart upload. properties: md5: description: Base64-encoded MD5 digest of the part content. example: "1B2M2Y8AsgTpgAmY7PhCfg==" maxLength: 24 minLength: 22 type: string partNumber: description: The 1-indexed part number for the multipart upload. example: 1 format: int64 type: integer required: - md5 - partNumber type: object SyntheticsTestFileMultipartPresignedUrlsRequest: description: Request body for getting presigned URLs for a multipart file upload. properties: bucketKeyPrefix: $ref: "#/components/schemas/SyntheticsTestFileMultipartPresignedUrlsRequestBucketKeyPrefix" parts: description: Array of part descriptors for the multipart upload. items: $ref: "#/components/schemas/SyntheticsTestFileMultipartPresignedUrlsPart" type: array required: - bucketKeyPrefix - parts type: object SyntheticsTestFileMultipartPresignedUrlsRequestBucketKeyPrefix: description: The bucket key prefix indicating the type of file upload. enum: - api-upload-file - browser-upload-file-step example: "api-upload-file" type: string x-enum-varnames: - API_UPLOAD_FILE - BROWSER_UPLOAD_FILE_STEP SyntheticsTestFileMultipartPresignedUrlsResponse: description: Response containing presigned URLs for multipart file upload and the bucket key. properties: bucketKey: description: The bucket key that references the uploaded file after completion. example: "api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json" type: string multipart_presigned_urls_params: $ref: "#/components/schemas/SyntheticsTestFileMultipartPresignedUrlsParams" type: object SyntheticsTestLatestResultsResponse: description: Response object for a Synthetic test's latest result summaries. properties: data: description: Array of Synthetic test result summaries. items: $ref: "#/components/schemas/SyntheticsTestResultSummaryData" type: array included: description: Array of included related resources, such as the test definition. items: $ref: "#/components/schemas/SyntheticsTestResultIncludedItem" type: array type: object SyntheticsTestOptions: description: Object describing the extra options for a Synthetic test. properties: min_failure_duration: description: Minimum amount of time in failure required to trigger an alert. format: int64 type: integer min_location_failed: description: |- Minimum number of locations in failure required to trigger an alert. format: int64 type: integer monitor_name: description: The monitor name is used for the alert title as well as for all monitor dashboard widgets and SLOs. type: string monitor_options: $ref: "#/components/schemas/SyntheticsTestOptionsMonitorOptions" monitor_priority: description: Integer from 1 (high) to 5 (low) indicating alert severity. format: int32 maximum: 5 minimum: 1 type: integer restricted_roles: $ref: "#/components/schemas/SyntheticsRestrictedRoles" retry: $ref: "#/components/schemas/SyntheticsTestOptionsRetry" scheduling: $ref: "#/components/schemas/SyntheticsTestOptionsScheduling" tick_every: description: The frequency at which to run the Synthetic test (in seconds). format: int64 maximum: 604800 minimum: 30 type: integer type: object SyntheticsTestOptionsMonitorOptions: description: |- Object containing the options for a Synthetic test as a monitor (for example, renotification). properties: escalation_message: description: Message to include in the escalation notification. type: string notification_preset_name: $ref: "#/components/schemas/SyntheticsTestOptionsMonitorOptionsNotificationPresetName" renotify_interval: description: |- Time interval before renotifying if the test is still failing (in minutes). format: int64 minimum: 0 type: integer renotify_occurrences: description: The number of times to renotify if the test is still failing. format: int64 type: integer type: object SyntheticsTestOptionsMonitorOptionsNotificationPresetName: description: The name of the preset for the notification for the monitor. enum: - show_all - hide_all - hide_query - hide_handles - hide_query_and_handles - show_only_snapshot - hide_handles_and_footer type: string x-enum-varnames: - SHOW_ALL - HIDE_ALL - HIDE_QUERY - HIDE_HANDLES - HIDE_QUERY_AND_HANDLES - SHOW_ONLY_SNAPSHOT - HIDE_HANDLES_AND_FOOTER SyntheticsTestOptionsRetry: description: Object describing the retry strategy to apply to a Synthetic test. properties: count: description: |- Number of times a test needs to be retried before marking a location as failed. Defaults to 0. format: int64 type: integer interval: description: |- Time interval between retries (in milliseconds). Defaults to 300ms. format: double type: number type: object SyntheticsTestOptionsScheduling: description: Object containing timeframes and timezone used for advanced scheduling. properties: timeframes: description: Array containing objects describing the scheduling pattern to apply to each day. example: [{"day": 1, "from": "07:00", "to": "16:00"}, {"day": 3, "from": "07:00", "to": "16:00"}] items: $ref: "#/components/schemas/SyntheticsTestOptionsSchedulingTimeframe" type: array timezone: description: Timezone in which the timeframe is based. example: "America/New_York" type: string required: - timeframes - timezone type: object SyntheticsTestOptionsSchedulingTimeframe: description: Object describing a timeframe. properties: day: description: Number representing the day of the week. example: 1 format: int32 maximum: 7 minimum: 1 type: integer from: description: The hour of the day on which scheduling starts. example: "07:00" type: string to: description: The hour of the day on which scheduling ends. example: "16:00" type: string required: - day - from - to type: object SyntheticsTestParentSuiteAttributes: description: Object containing details about a parent suite of a Synthetic test. properties: child_name: description: The name of the child test within the suite. example: My API Test type: string child_public_id: description: The public ID of the child test within the suite. example: xyz-uvw-789 type: string monitor_id: description: The associated monitor ID. example: 12345678 format: int64 type: integer name: description: Name of the parent suite. example: My Suite type: string overall_state: description: The overall state of the parent suite. example: 0 format: int64 type: integer overall_state_modified: description: Timestamp of when the overall state was last modified. example: "2024-01-01T00:00:00+00:00" type: string public_id: description: The public ID of the parent suite. example: abc-def-123 type: string type: object SyntheticsTestParentSuiteData: description: Data object for a parent suite. properties: attributes: $ref: "#/components/schemas/SyntheticsTestParentSuiteAttributes" id: description: The public ID of the parent suite. example: abc-def-123 type: string type: $ref: "#/components/schemas/SyntheticsTestParentSuiteType" type: object SyntheticsTestParentSuiteType: default: parent_suite description: Type of the parent suite resource. enum: - parent_suite example: parent_suite type: string x-enum-varnames: - PARENT_SUITE SyntheticsTestParentSuitesResponse: description: Response containing the list of parent suites for a Synthetic test. properties: data: description: List of parent suites for the given test. items: $ref: "#/components/schemas/SyntheticsTestParentSuiteData" type: array type: object SyntheticsTestPauseStatus: description: |- Define whether you want to start (`live`) or pause (`paused`) a Synthetic test. enum: - live - paused example: live type: string x-enum-varnames: - LIVE - PAUSED SyntheticsTestResultAssertionResult: description: An individual assertion result from a Synthetic test. properties: actual: description: Actual value observed during the test. Its type depends on the assertion type. example: 200 error_message: description: Error message if the assertion failed. example: "Assertion failed: expected 200 but got 500" type: string expected: description: Expected value for the assertion. Its type depends on the assertion type. example: "200" operator: description: Operator used for the assertion (for example, `is`, `contains`). example: is type: string property: description: Property targeted by the assertion, when applicable. example: content-type type: string target: description: Target value for the assertion. Its type depends on the assertion type. example: 200 target_path: description: JSON path or XPath evaluated for the assertion. example: $.url type: string target_path_operator: description: Operator used for the target path assertion. example: contains type: string type: description: Type of the assertion (for example, `responseTime`, `statusCode`, `body`). example: statusCode type: string valid: description: Whether the assertion passed. example: true type: boolean type: object SyntheticsTestResultAttributes: description: Attributes of a Synthetic test result. properties: batch: $ref: "#/components/schemas/SyntheticsTestResultBatch" ci: $ref: "#/components/schemas/SyntheticsTestResultCI" device: $ref: "#/components/schemas/SyntheticsTestResultDevice" git: $ref: "#/components/schemas/SyntheticsTestResultGit" location: $ref: "#/components/schemas/SyntheticsTestResultLocation" result: $ref: "#/components/schemas/SyntheticsTestResultDetail" test_sub_type: $ref: "#/components/schemas/SyntheticsTestSubType" test_type: $ref: "#/components/schemas/SyntheticsTestType" type: object SyntheticsTestResultBatch: description: Batch information for the test result. properties: id: description: Batch identifier. example: batch-abc-123 type: string type: object SyntheticsTestResultBounds: description: Bounding box of an element on the page. properties: height: description: Height in pixels. example: 37 format: int64 type: integer width: description: Width in pixels. example: 343 format: int64 type: integer x: description: Horizontal position in pixels. example: 16 format: int64 type: integer y: description: Vertical position in pixels. example: 140 format: int64 type: integer type: object SyntheticsTestResultBrowserError: description: A browser error captured during a browser test step. properties: description: description: Error description. example: Failed to fetch resource type: string method: description: HTTP method associated with the error (for network errors). example: GET type: string name: description: Error name. example: NetworkError type: string status: description: HTTP status code associated with the error (for network errors). example: 500 format: int64 type: integer type: description: Type of the browser error. example: network type: string url: additionalProperties: {} description: URL associated with the error. type: object type: object SyntheticsTestResultBucketKeys: description: Storage bucket keys for artifacts produced during a step or test. properties: after_step_screenshot: description: Key for the screenshot captured after the step (goal-based tests). example: screenshots/after-step-1-1.png type: string after_turn_screenshot: description: Key for the screenshot captured after the turn (goal-based tests). example: screenshots/after-turn-1.png type: string artifacts: description: Key for miscellaneous artifacts. example: 2/e2e-tests/equ-jku-twc/results/6989498452827932222/edge.laptop_large/artifacts__1724521416257.json type: string before_step_screenshot: description: Key for the screenshot captured before the step (goal-based tests). example: screenshots/before-step-1-1.png type: string before_turn_screenshot: description: Key for the screenshot captured before the turn (goal-based tests). example: screenshots/before-turn-1.png type: string crash_report: description: Key for a captured crash report. example: 2/e2e-tests/d2z-32s-iax/results/1340718101990858549/synthetics:mobile:device:iphone_se_2020_ios_14/crash_report.log type: string device_logs: description: Key for captured device logs. example: 2/e2e-tests/d2z-32s-iax/results/1340718101990858549/synthetics:mobile:device:iphone_se_2020_ios_14/d2z-32s-iax_1340718101990858549_device_logs.log type: string email_messages: description: Keys for email message payloads captured by the step. items: description: Storage bucket key for a captured email message. type: string type: array screenshot: description: Key for the captured screenshot. example: 2/e2e-tests/equ-jku-twc/results/6989498452827932222/edge.laptop_large/step-0__1724521416269.jpeg type: string snapshot: description: Key for the captured DOM snapshot. example: 2/e2e-tests/equ-jku-twc/results/6989498452827932222/edge.laptop_large/snapshot.html type: string source: description: Key for the page source or element source. example: 2/e2e-tests/d2z-32s-iax/results/1340718101990858549/synthetics:mobile:device:iphone_se_2020_ios_14/step-0__1724445301832.xml type: string type: object SyntheticsTestResultCI: description: CI information associated with the test result. properties: pipeline: $ref: "#/components/schemas/SyntheticsTestResultCIPipeline" provider: $ref: "#/components/schemas/SyntheticsTestResultCIProvider" stage: $ref: "#/components/schemas/SyntheticsTestResultCIStage" workspace_path: description: Path of the workspace that ran the CI job. example: /home/runner/work/example type: string type: object SyntheticsTestResultCIPipeline: description: Details of the CI pipeline. properties: id: description: Pipeline identifier. example: pipeline-abc-123 type: string name: description: Pipeline name. example: build-and-test type: string number: description: Pipeline number. example: 42 format: int64 type: integer url: description: Pipeline URL. example: https://github.com/DataDog/example/actions/runs/42 type: string type: object SyntheticsTestResultCIProvider: description: Details of the CI provider. properties: name: description: Provider name. example: github type: string type: object SyntheticsTestResultCIStage: description: Details of the CI stage. properties: name: description: Stage name. example: test type: string type: object SyntheticsTestResultCdnCacheStatus: description: Cache status reported by the CDN for the response. properties: cached: description: Whether the response was served from the CDN cache. example: true type: boolean status: description: Raw cache status string reported by the CDN. example: HIT type: string type: object SyntheticsTestResultCdnProviderInfo: description: CDN provider details inferred from response headers. properties: cache: $ref: "#/components/schemas/SyntheticsTestResultCdnCacheStatus" provider: description: Name of the CDN provider. example: google_cloud type: string type: object SyntheticsTestResultCdnResource: description: A CDN resource encountered while executing a browser step. properties: cdn: $ref: "#/components/schemas/SyntheticsTestResultCdnProviderInfo" resolved_ip: description: Resolved IP address for the CDN resource. example: 34.95.79.70 type: string timestamp: description: Unix timestamp (ms) of when the resource was fetched. example: 1724521406576 format: int64 type: integer timings: additionalProperties: {} description: Timing breakdown for fetching the CDN resource. example: firstByte: 99.7 tcp: 0.9 type: object type: object SyntheticsTestResultCertificate: description: SSL/TLS certificate information returned from an SSL test. properties: cipher: description: Cipher used for the TLS connection. example: TLS_AES_256_GCM_SHA384 type: string exponent: description: RSA exponent of the certificate. example: 65537 format: int64 type: integer ext_key_usage: description: Extended key usage extensions for the certificate. example: - 1.3.6.1.5.5.7.3.1 items: description: Extended key usage value. type: string type: array fingerprint: description: SHA-1 fingerprint of the certificate. example: D6:03:5A:9F:93:E1:B7:28:EC:90:C5:9F:72:30:55:7C:74:5F:53:92 type: string fingerprint256: description: SHA-256 fingerprint of the certificate. example: 04:45:93:A9:4C:14:70:47:DB:3C:FC:05:F9:5A:50:4E:DA:DB:A1:C6:37:3D:15:C0:B2:7E:5D:93:5F:A2:02:C7 type: string issuer: additionalProperties: type: string description: Certificate issuer details. example: C: US CN: WE2 O: Google Trust Services type: object modulus: description: RSA modulus of the certificate. example: C0FCE9F9... type: string protocol: description: TLS protocol used (for example, `TLSv1.2`). example: TLSv1.3 type: string serial_number: description: Serial number of the certificate. example: 7B584A1A6670A1EB0941A9A121569D60 type: string subject: additionalProperties: type: string description: Certificate subject details. example: CN: "*.google.fr" altName: "DNS:*.google.fr, DNS:google.fr" type: object tls_version: description: TLS protocol version. example: 1.3 format: double type: number valid: $ref: "#/components/schemas/SyntheticsTestResultCertificateValidity" type: object SyntheticsTestResultCertificateValidity: description: Validity window of a certificate. properties: from: description: Unix timestamp (ms) of when the certificate became valid. example: 1742469686000 format: int64 type: integer to: description: Unix timestamp (ms) of when the certificate expires. example: 1749727285000 format: int64 type: integer type: object SyntheticsTestResultData: description: Wrapper object for a Synthetic test result. properties: attributes: $ref: "#/components/schemas/SyntheticsTestResultAttributes" id: description: The result ID. example: "5158904793181869365" type: string relationships: $ref: "#/components/schemas/SyntheticsTestResultRelationships" type: $ref: "#/components/schemas/SyntheticsTestResultType" type: object SyntheticsTestResultDetail: description: Full result details for a Synthetic test execution. properties: assertions: description: Assertion results produced by the test. items: $ref: "#/components/schemas/SyntheticsTestResultAssertionResult" type: array bucket_keys: $ref: "#/components/schemas/SyntheticsTestResultBucketKeys" call_type: description: gRPC call type (for example, `unary`, `healthCheck`, or `reflection`). example: unary type: string cert: $ref: "#/components/schemas/SyntheticsTestResultCertificate" compressed_json_descriptor: description: Compressed JSON descriptor for the test (internal format). example: compressedJsonDescriptorValue type: string compressed_steps: description: Compressed representation of the test steps (internal format). example: eJzLSM3JyQcABiwCFQ== type: string connection_outcome: description: Outcome of the connection attempt (for example, `established`, `refused`). example: established type: string dns_resolution: $ref: "#/components/schemas/SyntheticsTestResultDnsResolution" duration: description: Duration of the test execution (in milliseconds). example: 380.7 format: double type: number exited_on_step_success: description: Whether the test exited early because a step marked with `exitIfSucceed` passed. example: false type: boolean failure: $ref: "#/components/schemas/SyntheticsTestResultFailure" finished_at: description: Timestamp of when the test finished (in milliseconds). example: 1723782422760 format: int64 type: integer handshake: $ref: "#/components/schemas/SyntheticsTestResultHandshake" id: description: The unique identifier for this result. example: "5158904793181869365" type: string initial_id: description: The initial result ID before any retries. example: "5158904793181869365" type: string is_fast_retry: description: Whether this result is from a fast retry. example: true type: boolean is_last_retry: description: Whether this result is from the last retry. example: true type: boolean netpath: $ref: "#/components/schemas/SyntheticsTestResultNetpath" netstats: $ref: "#/components/schemas/SyntheticsTestResultNetstats" ocsp: $ref: "#/components/schemas/SyntheticsTestResultOCSPResponse" ping: $ref: "#/components/schemas/SyntheticsTestResultTracerouteHop" received_email_count: description: Number of emails received during the test (email tests). example: 1 format: int64 type: integer received_message: description: Message received from the target (for WebSocket/TCP/UDP tests). example: "UDP echo: b'Test message'" type: string request: $ref: "#/components/schemas/SyntheticsTestResultRequestInfo" resolved_ip: description: IP address resolved for the target host. example: "54.243.255.141" type: string response: $ref: "#/components/schemas/SyntheticsTestResultResponseInfo" run_type: $ref: "#/components/schemas/SyntheticsTestResultRunType" sent_message: description: Message sent to the target (for WebSocket/TCP/UDP tests). example: udp mess type: string start_url: description: Start URL for the test (browser tests). example: http://34.95.79.70/prototype type: string started_at: description: Timestamp of when the test started (in milliseconds). example: 1723782422750 format: int64 type: integer status: $ref: "#/components/schemas/SyntheticsTestResultStatus" steps: description: Step results (for browser, mobile, and multistep API tests). items: $ref: "#/components/schemas/SyntheticsTestResultStep" type: array time_to_interactive: description: Time to interactive in milliseconds (browser tests). example: 183 format: int64 type: integer timings: additionalProperties: {} description: Timing breakdown of the test request phases (for example, DNS, TCP, TLS, first byte). example: dns: 2.9 download: 2.1 firstByte: 95.2 ssl: 187.9 tcp: 92.6 total: 380.7 type: object trace: $ref: "#/components/schemas/SyntheticsTestResultTrace" traceroute: description: Traceroute hop results (for network tests). items: $ref: "#/components/schemas/SyntheticsTestResultTracerouteHop" type: array triggered_at: description: Timestamp of when the test was triggered (in milliseconds). example: 1723782422715 format: int64 type: integer tunnel: description: Whether the test was executed through a tunnel. example: false type: boolean turns: description: Turns executed by a goal-based browser test. items: $ref: "#/components/schemas/SyntheticsTestResultTurn" type: array unhealthy: description: Whether the test runner was unhealthy at the time of execution. example: false type: boolean variables: $ref: "#/components/schemas/SyntheticsTestResultVariables" type: object SyntheticsTestResultDevice: description: Device information for the test result (browser and mobile tests). properties: browser: $ref: "#/components/schemas/SyntheticsTestResultDeviceBrowser" id: description: Device identifier. example: chrome.laptop_large type: string name: description: Device name. example: "Chrome - Laptop Large" type: string platform: $ref: "#/components/schemas/SyntheticsTestResultDevicePlatform" resolution: $ref: "#/components/schemas/SyntheticsTestResultDeviceResolution" type: description: Device type. example: browser type: string type: object SyntheticsTestResultDeviceBrowser: description: Browser information for the device used to run the test. properties: type: description: Browser type (for example, `chrome`, `firefox`). example: edge type: string user_agent: description: User agent string reported by the browser. example: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/127.0.2651.105 DatadogSynthetics type: string version: description: Browser version. example: 127.0.2651.105 type: string type: object SyntheticsTestResultDevicePlatform: description: Platform information for the device used to run the test. properties: name: description: Platform name (for example, `linux`, `macos`). example: ios type: string version: description: Platform version. example: "14.8" type: string type: object SyntheticsTestResultDeviceResolution: description: Screen resolution of the device used to run the test. properties: height: description: Viewport height in pixels. example: 1100 format: int64 type: integer pixel_ratio: description: Device pixel ratio. example: 2 format: double type: number width: description: Viewport width in pixels. example: 1440 format: int64 type: integer type: object SyntheticsTestResultDnsRecord: description: A DNS record returned in a DNS test response. properties: type: description: DNS record type (for example, `A`, `AAAA`, `CNAME`). example: A type: string values: description: Values associated with the DNS record. example: - 213.186.33.19 items: description: DNS record value. type: string type: array type: object SyntheticsTestResultDnsResolution: description: DNS resolution details recorded during the test execution. properties: attempts: description: DNS resolution attempts made during the test. items: $ref: "#/components/schemas/SyntheticsTestResultDnsResolutionAttempt" type: array resolved_ip: description: Resolved IP address for the target host. example: 54.243.255.141 type: string resolved_port: description: Resolved port for the target service. example: "443" type: string server: description: DNS server used for the resolution. example: 8.8.4.4 type: string type: object SyntheticsTestResultDnsResolutionAttempt: additionalProperties: type: string description: A single DNS resolution attempt. Keys are provider-specific attempt fields. type: object SyntheticsTestResultDuration: description: Total duration of a Synthetic test execution. properties: has_duration: description: Whether a duration was recorded for this execution. example: true type: boolean value: description: Duration value in milliseconds. example: 380 format: int64 type: integer type: object SyntheticsTestResultExecutionInfo: description: Execution details for a Synthetic test result. properties: duration: $ref: "#/components/schemas/SyntheticsTestResultDuration" error_message: description: Error message if the execution encountered an issue. example: Connection timed out type: string is_fast_retry: description: Whether this result is from a fast retry. example: true type: boolean timings: additionalProperties: {} description: Timing breakdown of the test execution in milliseconds. example: dns: 2.9 download: 2.1 firstByte: 95.2 ssl: 187.9 tcp: 92.6 total: 380.7 type: object tunnel: description: Whether the test was executed through a tunnel. example: false type: boolean unhealthy: description: Whether the location was unhealthy during execution. example: false type: boolean type: object SyntheticsTestResultFailure: description: Details about the failure of a Synthetic test. properties: code: description: Error code for the failure. example: TIMEOUT type: string internal_code: description: Internal error code used for debugging. example: INCORRECT_ASSERTION type: string internal_message: description: Internal error message used for debugging. example: Assertion failed on step 2 type: string message: description: Error message for the failure. example: Connection timed out type: string type: object SyntheticsTestResultFileRef: description: Reference to a file attached to a Synthetic test request. properties: bucket_key: description: Storage bucket key where the file is stored. example: api-upload-file/s3v-msw-tp3/2024-08-20T12:18:27.628081_f433c953-a58a-4296-834b-0669e32ba55f.json type: string encoding: description: Encoding of the file contents. example: base64 type: string name: description: File name. example: dd_logo_h_rgb.jpg type: string size: description: File size in bytes. example: 30294 format: int64 type: integer type: description: File MIME type. example: image/jpeg type: string type: object SyntheticsTestResultGit: description: Git information associated with the test result. properties: branch: description: Git branch name. example: main type: string commit: $ref: "#/components/schemas/SyntheticsTestResultGitCommit" repository_url: description: Git repository URL. example: https://github.com/DataDog/example type: string type: object SyntheticsTestResultGitCommit: description: Details of the Git commit associated with the test result. properties: author: $ref: "#/components/schemas/SyntheticsTestResultGitUser" committer: $ref: "#/components/schemas/SyntheticsTestResultGitUser" message: description: Commit message. example: Fix bug in login flow type: string sha: description: Commit SHA. example: 9e107d9d372bb6826bd81d3542a419d6f0e1de56 type: string url: description: URL of the commit. example: https://github.com/DataDog/example/commit/9e107d9d372bb6826bd81d3542a419d6f0e1de56 type: string type: object SyntheticsTestResultGitUser: description: A Git user (author or committer). properties: date: description: Timestamp of the commit action for this user. example: "2024-08-15T14:23:00Z" type: string email: description: Email address of the Git user. example: jane.doe@example.com type: string name: description: Name of the Git user. example: Jane Doe type: string type: object SyntheticsTestResultHandshake: description: Handshake request and response for protocol-level tests. properties: request: $ref: "#/components/schemas/SyntheticsTestResultRequestInfo" response: $ref: "#/components/schemas/SyntheticsTestResultResponseInfo" type: object SyntheticsTestResultHealthCheck: description: Health check information returned from a gRPC health check call. properties: message: additionalProperties: type: string description: Raw health check message payload. type: object status: description: Health check status code. example: 1 format: int64 type: integer type: object SyntheticsTestResultIncludedItem: description: An included related resource. properties: attributes: additionalProperties: {} description: Attributes of the included resource. type: object id: description: ID of the included resource. example: abc-def-123 type: string type: description: Type of the included resource. example: test type: string type: object SyntheticsTestResultLocation: description: Location information for a Synthetic test result. properties: id: description: Identifier of the location. example: aws:us-east-1 type: string name: description: Human-readable name of the location. example: "N. Virginia (AWS)" type: string version: description: Version of the worker that ran the test. example: 1.0.0 type: string worker_id: description: Identifier of the specific worker that ran the test. example: worker-abc-123 type: string type: object SyntheticsTestResultNetpath: description: Network Path test result capturing the path between source and destination. properties: destination: $ref: "#/components/schemas/SyntheticsTestResultNetpathDestination" hops: description: Hops along the network path. items: $ref: "#/components/schemas/SyntheticsTestResultNetpathHop" type: array origin: description: Origin of the network path (for example, probe source). example: synthetics type: string pathtrace_id: description: Identifier of the path trace. example: 5d3cb978-533b-41ce-85a4-3661c8dd6a0b type: string protocol: description: Protocol used for the path trace (for example, `tcp`, `udp`, `icmp`). example: TCP type: string source: $ref: "#/components/schemas/SyntheticsTestResultNetpathEndpoint" tags: description: Tags associated with the network path measurement. example: - synthetics.test_id:nja-epx-mg8 items: description: Tag associated with the network path measurement. type: string type: array timestamp: description: Unix timestamp (ms) of the network path measurement. example: 1744117822266 format: int64 type: integer type: object SyntheticsTestResultNetpathDestination: description: Destination endpoint of a network path measurement. properties: hostname: description: Hostname of the destination. example: 34.95.79.70 type: string ip_address: description: IP address of the destination. example: 34.95.79.70 type: string port: description: Port of the destination service. example: 80 format: int64 type: integer type: object SyntheticsTestResultNetpathEndpoint: description: Source endpoint of a network path measurement. properties: hostname: description: Hostname of the endpoint. example: edge-eu1.staging.dog type: string type: object SyntheticsTestResultNetpathHop: description: A single hop along a network path. properties: hostname: description: Resolved hostname of the hop. example: 70.79.95.34.bc.googleusercontent.com type: string ip_address: description: IP address of the hop. example: 10.240.134.15 type: string reachable: description: Whether this hop was reachable. example: true type: boolean rtt: description: Round-trip time to this hop in milliseconds. example: 0.000346599 format: double type: number ttl: description: Time-to-live value of the probe packet at this hop. example: 2 format: int64 type: integer type: object SyntheticsTestResultNetstats: description: Aggregated network statistics from the test execution. properties: hops: $ref: "#/components/schemas/SyntheticsTestResultNetstatsHops" jitter: description: Network jitter in milliseconds. example: 0.08 format: double type: number latency: $ref: "#/components/schemas/SyntheticsTestResultNetworkLatency" packet_loss_percentage: description: Percentage of probe packets lost. example: 0.0 format: double type: number packets_received: description: Number of probe packets received. example: 4 format: int64 type: integer packets_sent: description: Number of probe packets sent. example: 4 format: int64 type: integer type: object SyntheticsTestResultNetstatsHops: description: Statistics about the number of hops for a network test. properties: avg: description: Average number of hops. example: 11.0 format: double type: number max: description: Maximum number of hops. example: 11 format: int64 type: integer min: description: Minimum number of hops. example: 11 format: int64 type: integer type: object SyntheticsTestResultNetworkLatency: description: Latency statistics for a network probe. properties: avg: description: Average latency in milliseconds. example: 1.8805 format: double type: number max: description: Maximum latency in milliseconds. example: 1.97 format: double type: number min: description: Minimum latency in milliseconds. example: 1.76 format: double type: number type: object SyntheticsTestResultOCSPCertificate: description: Certificate details returned in an OCSP response. properties: revocation_reason: description: Reason code for the revocation, when applicable. example: unspecified type: string revocation_time: description: Unix timestamp (ms) of the revocation. example: 1749727285000 format: int64 type: integer serial_number: description: Serial number of the certificate. example: 7B584A1A6670A1EB0941A9A121569D60 type: string type: object SyntheticsTestResultOCSPResponse: description: OCSP response received while validating a certificate. properties: certificate: $ref: "#/components/schemas/SyntheticsTestResultOCSPCertificate" status: description: OCSP response status (for example, `good`, `revoked`, `unknown`). example: good type: string updates: $ref: "#/components/schemas/SyntheticsTestResultOCSPUpdates" type: object SyntheticsTestResultOCSPUpdates: description: OCSP response update timestamps. properties: next_update: description: Unix timestamp (ms) of the next expected OCSP update. example: 1743074486000 format: int64 type: integer produced_at: description: Unix timestamp (ms) of when the OCSP response was produced. example: 1742469686000 format: int64 type: integer this_update: description: Unix timestamp (ms) of this OCSP update. example: 1742469686000 format: int64 type: integer type: object SyntheticsTestResultParentStep: description: Reference to the parent step of a sub-step. properties: id: description: Identifier of the parent step. example: fkk-j2a-gmw type: string type: object SyntheticsTestResultParentTest: description: Reference to the parent test of a sub-step. properties: id: description: Identifier of the parent test. example: abc-def-123 type: string type: object SyntheticsTestResultRedirect: description: A redirect hop encountered while performing the request. properties: location: description: Target location of the redirect. example: https://example.com/new-location type: string status_code: description: HTTP status code of the redirect response. example: 301 format: int64 type: integer type: object SyntheticsTestResultRelationshipTest: description: Relationship to the Synthetic test. properties: data: $ref: "#/components/schemas/SyntheticsTestResultRelationshipTestData" type: object SyntheticsTestResultRelationshipTestData: description: Data for the test relationship. properties: id: description: The public ID of the test. example: abc-def-123 type: string type: description: Type of the related resource. example: test type: string type: object SyntheticsTestResultRelationships: description: Relationships for a Synthetic test result. properties: test: $ref: "#/components/schemas/SyntheticsTestResultRelationshipTest" type: object SyntheticsTestResultRequestInfo: description: Details of the outgoing request made during the test execution. properties: allow_insecure: description: Whether insecure certificates are allowed for this request. example: false type: boolean body: description: Body sent with the request. example: '{"key":"value"}' type: string call_type: description: gRPC call type (for example, `unary`, `healthCheck`, or `reflection`). example: unary type: string destination_service: description: Destination service for a Network Path test. example: my-service type: string dns_server: description: DNS server used to resolve the target host. example: 8.8.8.8 type: string dns_server_port: description: Port of the DNS server used for resolution. example: 53 format: int64 type: integer e2e_queries: description: Number of end-to-end probe queries issued. example: 4 format: int64 type: integer files: description: Files attached to the request. items: $ref: "#/components/schemas/SyntheticsTestResultFileRef" type: array headers: additionalProperties: {} description: Headers sent with the request. example: content-type: application/json type: object host: description: Host targeted by the request. example: grpcbin.test.k6.io type: string max_ttl: description: Maximum TTL for network probe packets. example: 64 format: int64 type: integer message: description: Message sent with the request (for WebSocket/TCP/UDP tests). example: My message type: string method: description: HTTP method used for the request. example: GET type: string no_saving_response_body: description: Whether the response body was not saved. example: true type: boolean port: description: Port targeted by the request. Can be a number or a string variable reference. example: 9000 service: description: Service name targeted by the request (for gRPC tests). example: addsvc.Add type: string source_service: description: Source service for a Network Path test. example: synthetics type: string timeout: description: Request timeout in milliseconds. example: 60 format: int64 type: integer tool_name: description: Name of the MCP tool called (MCP tests only). example: search type: string traceroute_queries: description: Number of traceroute probe queries issued. example: 2 format: int64 type: integer url: description: URL targeted by the request. example: https://httpbin.org/anything/lol valuehugo type: string type: object SyntheticsTestResultResponse: description: Response object for a Synthetic test result. properties: data: $ref: "#/components/schemas/SyntheticsTestResultData" included: description: Array of included related resources, such as the test definition. items: $ref: "#/components/schemas/SyntheticsTestResultIncludedItem" type: array type: object SyntheticsTestResultResponseInfo: description: Details of the response received during the test execution. properties: body: description: Body of the response. example: '{"status":"ok"}' type: string body_compressed: description: Compressed representation of the response body. example: eJzLSM3JyQcABiwCFQ== type: string body_hashes: description: Hashes computed over the response body. example: 9e107d9d372bb6826bd81d3542a419d6 type: string body_size: description: Size of the response body in bytes. example: 793 format: int64 type: integer cache_headers: additionalProperties: type: string description: Cache-related response headers. example: server: gunicorn/19.9.0 type: object cdn: $ref: "#/components/schemas/SyntheticsTestResultCdnProviderInfo" close: $ref: "#/components/schemas/SyntheticsTestResultWebSocketClose" compressed_message: description: Compressed representation of the response message. example: eJzLSM3JyQcABiwCFQ== type: string headers: additionalProperties: {} description: Response headers. example: content-type: application/json type: object healthcheck: $ref: "#/components/schemas/SyntheticsTestResultHealthCheck" http_version: description: HTTP version of the response. example: "2.0" type: string is_body_truncated: description: Whether the response body was truncated. example: false type: boolean is_message_truncated: description: Whether the response message was truncated. example: false type: boolean message: description: Message received in the response (for WebSocket/TCP/UDP tests). example: '{"f_string":"concat-STATIC_HIDDEN_VALUE"}' type: string metadata: additionalProperties: type: string description: Additional metadata returned with the response. type: object records: description: DNS records returned in the response (DNS tests only). items: $ref: "#/components/schemas/SyntheticsTestResultDnsRecord" type: array redirects: description: Redirect hops encountered while performing the request. items: $ref: "#/components/schemas/SyntheticsTestResultRedirect" type: array status_code: description: HTTP status code of the response. example: 200 format: int64 type: integer type: object SyntheticsTestResultRouter: description: A router along the traceroute path. properties: ip: description: IP address of the router. example: 34.95.79.70 type: string resolved_host: description: Resolved hostname of the router. example: 70.79.95.34.bc.googleusercontent.com type: string type: object SyntheticsTestResultRumContext: description: RUM application context associated with a step or sub-test. properties: application_id: description: RUM application identifier. example: 00000000-0000-0000-0000-000000000000 type: string session_id: description: RUM session identifier. example: 11111111-1111-1111-1111-111111111111 type: string view_id: description: RUM view identifier. example: 22222222-2222-2222-2222-222222222222 type: string type: object SyntheticsTestResultRunType: description: The type of run for a Synthetic test result. enum: - scheduled - fast - ci - triggered example: scheduled type: string x-enum-varnames: - SCHEDULED - FAST - CI - TRIGGERED SyntheticsTestResultStatus: description: Status of a Synthetic test result. enum: - passed - failed - no_data example: passed type: string x-enum-varnames: - PASSED - FAILED - NO_DATA SyntheticsTestResultStep: description: A step result from a browser, mobile, or multistep API test. properties: allow_failure: description: Whether the test continues when this step fails. example: false type: boolean api_test: additionalProperties: {} description: Inner API test definition for browser `runApiTest` steps. type: object assertion_result: $ref: "#/components/schemas/SyntheticsTestResultStepAssertionResult" assertions: description: Assertion results produced by the step. items: $ref: "#/components/schemas/SyntheticsTestResultAssertionResult" type: array blocked_requests_urls: description: URLs of requests blocked during the step. items: description: Blocked request URL. type: string type: array bounds: $ref: "#/components/schemas/SyntheticsTestResultBounds" browser_errors: description: Browser errors captured during the step. items: $ref: "#/components/schemas/SyntheticsTestResultBrowserError" type: array bucket_keys: $ref: "#/components/schemas/SyntheticsTestResultBucketKeys" cdn_resources: description: CDN resources encountered during the step. items: $ref: "#/components/schemas/SyntheticsTestResultCdnResource" type: array click_type: description: Click type performed in a browser step. example: primary type: string compressed_json_descriptor: description: Compressed JSON descriptor for the step (internal format). example: compressedJsonDescriptorValue type: string config: additionalProperties: {} description: Request configuration executed by this step (API test steps). type: object description: description: Human-readable description of the step. example: Navigate to start URL type: string duration: description: Duration of the step in milliseconds. example: 1015.0 format: double type: number element_description: description: Description of the element interacted with by the step. example: '' type: string element_updates: $ref: "#/components/schemas/SyntheticsTestResultStepElementUpdates" extracted_value: $ref: "#/components/schemas/SyntheticsTestResultVariable" failure: $ref: "#/components/schemas/SyntheticsTestResultFailure" http_results: description: HTTP results produced by an MCP step. items: $ref: "#/components/schemas/SyntheticsTestResultAssertionResult" type: array id: description: Identifier of the step. example: fkk-j2a-gmw type: string is_critical: description: Whether this step is critical for the test outcome. example: true type: boolean javascript_custom_assertion_code: description: Whether the step uses a custom JavaScript assertion. example: false type: boolean locate_element_duration: description: Time taken to locate the element in milliseconds. example: 845.0 format: double type: number name: description: Name of the step. example: Extract variable from body type: string request: $ref: "#/components/schemas/SyntheticsTestResultRequestInfo" response: $ref: "#/components/schemas/SyntheticsTestResultResponseInfo" retries: description: Retry results for the step. items: $ref: "#/components/schemas/SyntheticsTestResultStep" type: array retry_count: description: Number of times this step was retried. example: 0 format: int64 type: integer rum_context: $ref: "#/components/schemas/SyntheticsTestResultRumContext" started_at: description: Unix timestamp (ms) of when the step started. example: 1724445283308 format: int64 type: integer status: description: Status of the step (for example, `passed`, `failed`). example: passed type: string sub_step: $ref: "#/components/schemas/SyntheticsTestResultSubStep" sub_test: $ref: "#/components/schemas/SyntheticsTestResultSubTest" subtype: description: Subtype of the step. example: http type: string tabs: description: Browser tabs involved in the step. items: $ref: "#/components/schemas/SyntheticsTestResultTab" type: array timings: additionalProperties: {} description: Timing breakdown of the step execution. type: object tunnel: description: Whether the step was executed through a Synthetics tunnel. example: false type: boolean type: description: Type of the step (for example, `click`, `assertElementContent`, `runApiTest`). example: click type: string url: description: URL associated with the step (for navigation steps). example: http://34.95.79.70/prototype type: string value: description: Step value. Its type depends on the step type. example: http://34.95.79.70/prototype variables: $ref: "#/components/schemas/SyntheticsTestResultVariables" vitals_metrics: description: Web vitals metrics captured during the step. items: $ref: "#/components/schemas/SyntheticsTestResultVitalsMetrics" type: array warnings: description: Warnings emitted during the step. items: $ref: "#/components/schemas/SyntheticsTestResultWarning" type: array type: object SyntheticsTestResultStepAssertionResult: description: Assertion result for a browser or mobile step. properties: actual: description: Actual value observed during the step assertion. Its type depends on the check type. example: "True\ngood\ngood\ngood\ngood\nTrue" check_type: description: Type of the step assertion check. example: contains type: string expected: description: Expected value for the step assertion. Its type depends on the check type. example: True good good good good True has_secure_variables: description: Whether the assertion involves secure variables. example: false type: boolean type: object SyntheticsTestResultStepElementUpdates: description: Element locator updates produced during a step. properties: multi_locator: additionalProperties: type: string description: Updated multi-locator definition. type: object target_outer_html: description: Updated outer HTML of the targeted element. example:

My website - v4

type: string version: description: Version of the element locator definition. example: 3 format: int64 type: integer type: object SyntheticsTestResultStepsInfo: description: Step execution summary for a Synthetic test result. properties: completed: description: Number of completed steps. example: 6 format: int64 type: integer errors: description: Number of steps with errors. example: 0 format: int64 type: integer total: description: Total number of steps. example: 6 format: int64 type: integer type: object SyntheticsTestResultSubStep: description: Information about a sub-step in a nested test execution. properties: level: description: Depth of the sub-step in the execution tree. example: 1 format: int64 type: integer parent_step: $ref: "#/components/schemas/SyntheticsTestResultParentStep" parent_test: $ref: "#/components/schemas/SyntheticsTestResultParentTest" type: object SyntheticsTestResultSubTest: description: Information about a sub-test played from a parent browser test. properties: id: description: Identifier of the sub-test. example: abc-def-123 type: string playing_tab: description: Index of the browser tab playing the sub-test. example: 0 format: int64 type: integer rum_context: $ref: "#/components/schemas/SyntheticsTestResultRumContext" type: object SyntheticsTestResultSummaryAttributes: description: Attributes of a Synthetic test result summary. properties: device: $ref: "#/components/schemas/SyntheticsTestResultDevice" execution_info: $ref: "#/components/schemas/SyntheticsTestResultExecutionInfo" finished_at: description: Timestamp of when the test finished (in milliseconds). format: int64 type: integer location: $ref: "#/components/schemas/SyntheticsTestResultLocation" run_type: $ref: "#/components/schemas/SyntheticsTestResultRunType" started_at: description: Timestamp of when the test started (in milliseconds). format: int64 type: integer status: $ref: "#/components/schemas/SyntheticsTestResultStatus" steps_info: $ref: "#/components/schemas/SyntheticsTestResultStepsInfo" test_sub_type: $ref: "#/components/schemas/SyntheticsTestSubType" test_type: $ref: "#/components/schemas/SyntheticsTestType" type: object SyntheticsTestResultSummaryData: description: Wrapper object for a Synthetic test result summary. properties: attributes: $ref: "#/components/schemas/SyntheticsTestResultSummaryAttributes" id: description: The result ID. example: "5158904793181869365" type: string relationships: $ref: "#/components/schemas/SyntheticsTestResultRelationships" type: $ref: "#/components/schemas/SyntheticsTestResultSummaryType" type: object SyntheticsTestResultSummaryType: default: "result_summary" description: Type of the Synthetic test result summary resource, `result_summary`. enum: - result_summary example: result_summary type: string x-enum-varnames: - RESULT_SUMMARY SyntheticsTestResultTab: description: Information about a browser tab involved in a step. properties: focused: description: Whether the tab was focused during the step. example: true type: boolean title: description: Title of the tab. example: Team Browser mini-websites type: string url: description: URL loaded in the tab. example: http://34.95.79.70/prototype type: string type: object SyntheticsTestResultTrace: description: Trace identifiers associated with a Synthetic test result. properties: id: description: Datadog APM trace identifier. example: "5513046492231128177" type: string otel_id: description: OpenTelemetry trace identifier. example: d8ba00eb1507bdba8643ba8e7a1c022c type: string type: object SyntheticsTestResultTracerouteHop: description: A network probe result, used for traceroute hops and ping summaries. properties: host: description: Target hostname. example: 34.95.79.70 type: string latency: $ref: "#/components/schemas/SyntheticsTestResultNetworkLatency" packet_loss_percentage: description: Percentage of probe packets lost. example: 0.0 format: double type: number packet_size: description: Size of each probe packet in bytes. example: 56 format: int64 type: integer packets_received: description: Number of probe packets received. example: 4 format: int64 type: integer packets_sent: description: Number of probe packets sent. example: 4 format: int64 type: integer resolved_ip: description: Resolved IP address for the target. example: 34.95.79.70 type: string routers: description: List of intermediate routers for the traceroute. items: $ref: "#/components/schemas/SyntheticsTestResultRouter" type: array type: object SyntheticsTestResultTurn: description: A turn in a goal-based browser test, grouping steps and reasoning. properties: bucket_keys: $ref: "#/components/schemas/SyntheticsTestResultBucketKeys" name: description: Name of the turn. example: Turn 1 type: string reasoning: description: Agent reasoning produced for this turn. example: I need to navigate to the chairs section type: string status: description: Status of the turn (for example, `passed`, `failed`). example: passed type: string steps: description: Steps executed during the turn. items: $ref: "#/components/schemas/SyntheticsTestResultTurnStep" type: array turn_finished_at: description: Unix timestamp (ms) of when the turn finished. example: 1724521438800 format: int64 type: integer turn_started_at: description: Unix timestamp (ms) of when the turn started. example: 1724521436800 format: int64 type: integer type: object SyntheticsTestResultTurnStep: description: A step executed during a goal-based browser test turn. properties: bucket_keys: $ref: "#/components/schemas/SyntheticsTestResultBucketKeys" config: additionalProperties: {} description: Browser step configuration for this turn step. example: id: step-1 name: Click on div "Chairs" type: click type: object type: object SyntheticsTestResultType: default: "result" description: Type of the Synthetic test result resource, `result`. enum: - result example: result type: string x-enum-varnames: - RESULT SyntheticsTestResultVariable: description: A variable used or extracted during a test. properties: err: description: Error encountered when evaluating the variable. example: LOCAL_VARIABLE_UNKNOWN type: string error_message: description: Human-readable error message for variable evaluation. example: Unknown variable name undefined. type: string example: description: Example value for the variable. example: lol value type: string id: description: Variable identifier. example: c896702c-1e34-4e62-a67b-432e8092d062 type: string name: description: Variable name. example: HEADER_VALUE type: string pattern: description: Pattern used to extract the variable. example: lol value type: string secure: description: Whether the variable holds a secure value. example: false type: boolean type: description: Variable type. example: text type: string val: description: Evaluated value of the variable. example: value-to-extract type: string value: description: Current value of the variable. example: lol value type: string type: object SyntheticsTestResultVariables: description: Variables captured during a test step. properties: config: description: Variables defined in the test configuration. items: $ref: "#/components/schemas/SyntheticsTestResultVariable" type: array extracted: description: Variables extracted during the test execution. items: $ref: "#/components/schemas/SyntheticsTestResultVariable" type: array type: object SyntheticsTestResultVitalsMetrics: description: Web vitals metrics captured during a browser test step. properties: cls: description: Cumulative Layout Shift score. example: 0.0 format: double type: number fcp: description: First Contentful Paint in milliseconds. example: 120.3 format: double type: number inp: description: Interaction to Next Paint in milliseconds. example: 85.0 format: double type: number lcp: description: Largest Contentful Paint in milliseconds. example: 210.5 format: double type: number ttfb: description: Time To First Byte in milliseconds. example: 95.2 format: double type: number url: description: URL that produced the metrics. example: http://34.95.79.70/prototype type: string type: object SyntheticsTestResultWarning: description: A warning captured during a browser test step. properties: element_bounds: description: Bounds of elements related to the warning. items: $ref: "#/components/schemas/SyntheticsTestResultBounds" type: array message: description: Warning message. example: Element is not visible in the viewport type: string type: description: Type of the warning. example: visibility type: string type: object SyntheticsTestResultWebSocketClose: description: WebSocket close frame information for WebSocket test responses. properties: reason: description: Reason string received in the close frame. example: Normal closure type: string status_code: description: Status code received in the close frame. example: 1000 format: int64 type: integer type: object SyntheticsTestSubType: description: Subtype of the Synthetic test that produced this result. enum: - dns - grpc - http - icmp - mcp - multi - ssl - tcp - udp - websocket example: http type: string x-enum-varnames: - DNS - GRPC - HTTP - ICMP - MCP - MULTI - SSL - TCP - UDP - WEBSOCKET SyntheticsTestType: description: Type of the Synthetic test that produced this result. enum: - api - browser - mobile - network example: api type: string x-enum-varnames: - API - BROWSER - MOBILE - NETWORK SyntheticsTestVersionActionMetadata: description: Object containing metadata about a change action. properties: after_value: description: The value of the property after the change. before_value: description: The value of the property before the change. diff_patches: description: List of diff patches for text changes. items: $ref: "#/components/schemas/SyntheticsTestVersionDiffPatches" nullable: true type: array property_path: description: The dot-separated path of the property that was changed. type: string type: object SyntheticsTestVersionAttributes: description: Attributes of a specific Synthetic test version. properties: author: $ref: "#/components/schemas/SyntheticsTestVersionAuthor" change_metadata: description: |- List of metadata describing individual changes in this version. Only returned when the `include_change_metadata` query parameter is `true`. items: $ref: "#/components/schemas/SyntheticsTestVersionChangeMetadataItem" type: array payload: additionalProperties: {} description: The full test configuration at this version. type: object version_payload_created_at: description: Timestamp of when this version was created. example: "2024-01-01T00:00:00+00:00" format: date-time type: string type: object SyntheticsTestVersionAuthor: description: Object describing the author of a test version. properties: email: description: Email address of the author. example: john.doe@example.com type: string handle: description: The author's Datadog handle (login username). example: john.doe type: string id: description: UUID of the author. example: "00000000-0000-0000-0000-000000000000" type: string name: description: Display name of the author. example: John Doe type: string type: object SyntheticsTestVersionChangeAttributes: description: Attributes of a version change record. properties: author_uuid: description: UUID of the user who created this version. example: "00000000-0000-0000-0000-000000000000" type: string change_metadata: description: List of metadata describing individual changes in this version. items: $ref: "#/components/schemas/SyntheticsTestVersionChangeMetadataItem" type: array version_number: description: The sequential version number. example: 5 format: int64 type: integer version_payload_created_at: description: Timestamp of when this version was created. example: "2024-01-01T00:00:00+00:00" format: date-time type: string type: object SyntheticsTestVersionChangeData: description: Data object for a version change record. properties: attributes: $ref: "#/components/schemas/SyntheticsTestVersionChangeAttributes" id: description: UUID of the version change record. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/SyntheticsTestVersionChangeType" type: object SyntheticsTestVersionChangeMetadataItem: description: Object describing a single change within a version. properties: action: description: The action that was performed (for example, `updated` or `created`). type: string action_metadata: $ref: "#/components/schemas/SyntheticsTestVersionActionMetadata" type: object SyntheticsTestVersionChangeType: default: version_metadata description: Type of the version metadata resource. enum: - version_metadata example: version_metadata type: string x-enum-varnames: - VERSION_METADATA SyntheticsTestVersionData: description: Data object for a specific Synthetic test version. properties: attributes: $ref: "#/components/schemas/SyntheticsTestVersionAttributes" id: description: UUID of the version record. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/SyntheticsTestVersionType" type: object SyntheticsTestVersionDiffPatchDiff: description: Object describing a single text diff operation. properties: change_text: description: The text that was changed. type: string operation: description: The diff operation applied. type: string type: object SyntheticsTestVersionDiffPatches: description: Object describing a patch in the diff. properties: diffs: description: List of individual diff operations. items: $ref: "#/components/schemas/SyntheticsTestVersionDiffPatchDiff" type: array length1: description: Length of the original text segment. format: int64 type: integer length2: description: Length of the modified text segment. format: int64 type: integer start1: description: Start position in the original text. format: int64 type: integer start2: description: Start position in the modified text. format: int64 type: integer type: object SyntheticsTestVersionHistoryMeta: description: Pagination metadata for a version history response. properties: next_last_version_number: description: |- The version number to use as the `last_version_number` query parameter to fetch the next page. `null` indicates there are no more pages. example: 3 format: int64 nullable: true type: integer retention_period_in_days: description: The number of days that version history is retained. example: 30 format: int64 type: integer type: object SyntheticsTestVersionHistoryResponse: description: Response containing the paginated version history for a Synthetic test. properties: data: description: List of version change records. items: $ref: "#/components/schemas/SyntheticsTestVersionChangeData" type: array meta: $ref: "#/components/schemas/SyntheticsTestVersionHistoryMeta" type: object SyntheticsTestVersionResponse: description: Response containing a specific version of a Synthetic test. properties: data: $ref: "#/components/schemas/SyntheticsTestVersionData" type: object SyntheticsTestVersionType: default: version description: Type of the version resource. enum: - version example: version type: string x-enum-varnames: - VERSION SyntheticsVariableParser: description: Details of the parser to use for the global variable. example: type: regex value: .* properties: type: $ref: "#/components/schemas/SyntheticsGlobalVariableParserType" value: description: Regex or JSON path used for the parser. Not used with type `raw`. type: string required: - type type: object TableResultV2: description: A reference table resource containing its full configuration and state. example: data: attributes: created_by: 00000000-0000-0000-0000-000000000000 description: example description file_metadata: access_details: aws_detail: aws_account_id: "123456789000" aws_bucket_name: "my-bucket" file_path: "path/to/file.csv" sync_enabled: true last_updated_by: 00000000-0000-0000-0000-000000000000 row_count: 5 schema: fields: - name: id type: INT32 - name: name type: STRING primary_keys: - id source: S3 status: DONE table_name: test_reference_table tags: - tag1 - tag2 updated_at: "2000-01-01T01:00:00+00:00" id: 00000000-0000-0000-0000-000000000000 type: reference_table properties: data: $ref: "#/components/schemas/TableResultV2Data" type: object TableResultV2Array: description: List of reference tables. example: data: - attributes: created_by: 00000000-0000-0000-0000-000000000000 description: example description file_metadata: access_details: {} error_message: "" error_row_count: 0 upload_id: 00000000-0000-0000-0000-000000000000 last_updated_by: "" row_count: 5 schema: fields: - name: id type: INT32 - name: name type: STRING primary_keys: - id source: LOCAL_FILE status: DONE table_name: test_reference_table tags: - tag1 - tag2 updated_at: "2000-01-01T01:00:00+00:00" id: 00000000-0000-0000-0000-000000000000 type: reference_table - attributes: created_by: 00000000-0000-0000-0000-000000000000 description: example description file_metadata: access_details: aws_detail: aws_account_id: test-account-id aws_bucket_name: test-bucket file_path: test_rt.csv error_message: "" error_row_count: 0 sync_enabled: true last_updated_by: 00000000-0000-0000-0000-000000000000 row_count: 5 schema: fields: - name: location type: STRING - name: file_name type: STRING primary_keys: - location source: S3 status: DONE table_name: test_reference_table_2 tags: - test_tag1 - tag2 - "3" updated_at: "2000-01-01T01:00:00+00:00" id: 00000000-0000-0000-0000-000000000000 type: reference_table properties: data: description: The reference tables. items: $ref: "#/components/schemas/TableResultV2Data" type: array required: - data type: object TableResultV2Data: additionalProperties: false description: The data object containing the reference table configuration and state. properties: attributes: $ref: "#/components/schemas/TableResultV2DataAttributes" id: description: Unique identifier for the reference table. type: string type: $ref: "#/components/schemas/TableResultV2DataType" required: - type type: object TableResultV2DataAttributes: description: Attributes that define the reference table's configuration and properties. properties: created_by: description: UUID of the user who created the reference table. example: "00000000-0000-0000-0000-000000000000" type: string description: description: Optional text describing the purpose or contents of this reference table. example: "example description" type: string file_metadata: $ref: "#/components/schemas/TableResultV2DataAttributesFileMetadata" last_updated_by: description: UUID of the user who last updated the reference table. example: "00000000-0000-0000-0000-000000000000" type: string row_count: description: The number of successfully processed rows in the reference table. example: 5 format: int64 type: integer schema: $ref: "#/components/schemas/TableResultV2DataAttributesSchema" source: $ref: "#/components/schemas/ReferenceTableSourceType" status: description: The processing status of the table. example: "DONE" type: string table_name: description: Unique name to identify this reference table. Used in enrichment processors and API calls. example: "table_1" type: string tags: description: Tags for organizing and filtering reference tables. example: - "tag_1" - "tag_2" items: description: A tag associated with the reference table. type: string type: array updated_at: description: When the reference table was last updated, in ISO 8601 format. example: "2000-01-01T01:00:00+00:00" type: string type: object TableResultV2DataAttributesFileMetadata: additionalProperties: false description: |- Metadata specifying where and how to access the reference table's data file. For cloud storage tables (S3/GCS/Azure): - sync_enabled and access_details will always be present - error fields (error_message, error_row_count, error_type) are present only when errors occur For local file tables: - error fields (error_message, error_row_count) are present only when errors occur - sync_enabled, access_details are never present properties: access_details: $ref: "#/components/schemas/TableResultV2DataAttributesFileMetadataOneOfAccessDetails" description: Cloud storage access configuration. Only present for cloud storage sources (S3, GCS, Azure). error_message: description: The error message returned from the last operation (sync for cloud storage, upload for local file). type: string error_row_count: description: The number of rows that failed to process. format: int64 type: integer error_type: $ref: "#/components/schemas/TableResultV2DataAttributesFileMetadataCloudStorageErrorType" description: The type of error that occurred during file processing. Only applicable for cloud storage sources. sync_enabled: description: Whether this table is synced automatically from cloud storage. Only applicable for cloud storage sources. type: boolean title: FileMetadataV2 type: object TableResultV2DataAttributesFileMetadataCloudStorageErrorType: description: The type of error that occurred during file processing. This field provides high-level error categories for easier troubleshooting and is only present when there are errors. enum: - TABLE_SCHEMA_ERROR - FILE_FORMAT_ERROR - CONFIGURATION_ERROR - QUOTA_EXCEEDED - CONFLICT_ERROR - VALIDATION_ERROR - STATE_ERROR - OPERATION_ERROR - SYSTEM_ERROR type: string x-enum-varnames: - TABLE_SCHEMA_ERROR - FILE_FORMAT_ERROR - CONFIGURATION_ERROR - QUOTA_EXCEEDED - CONFLICT_ERROR - VALIDATION_ERROR - STATE_ERROR - OPERATION_ERROR - SYSTEM_ERROR TableResultV2DataAttributesFileMetadataOneOfAccessDetails: description: Cloud storage access configuration for the reference table data file. properties: aws_detail: $ref: "#/components/schemas/TableResultV2DataAttributesFileMetadataOneOfAccessDetailsAwsDetail" azure_detail: $ref: "#/components/schemas/TableResultV2DataAttributesFileMetadataOneOfAccessDetailsAzureDetail" gcp_detail: $ref: "#/components/schemas/TableResultV2DataAttributesFileMetadataOneOfAccessDetailsGcpDetail" type: object TableResultV2DataAttributesFileMetadataOneOfAccessDetailsAwsDetail: description: Amazon Web Services S3 storage access configuration. properties: aws_account_id: description: AWS account ID where the S3 bucket is located. example: "123456789000" type: string aws_bucket_name: description: S3 bucket containing the CSV file. example: "example-data-bucket" type: string file_path: description: The relative file path from the S3 bucket root to the CSV file. example: "reference-tables/users.csv" type: string type: object x-oneOf-parent: - AwsDetail TableResultV2DataAttributesFileMetadataOneOfAccessDetailsAzureDetail: description: Azure Blob Storage access configuration. properties: azure_client_id: description: Azure service principal (application) client ID with permissions to read from the container. example: "aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb" type: string azure_container_name: description: Azure Blob Storage container containing the CSV file. example: "reference-data" type: string azure_storage_account_name: description: Azure storage account where the container is located. example: "examplestorageaccount" type: string azure_tenant_id: description: Azure Active Directory tenant ID. example: "cccccccc-4444-5555-6666-dddddddddddd" type: string file_path: description: The relative file path from the Azure container root to the CSV file. example: "tables/users.csv" type: string type: object x-oneOf-parent: - AzureDetail TableResultV2DataAttributesFileMetadataOneOfAccessDetailsGcpDetail: description: Google Cloud Platform storage access configuration. properties: file_path: description: The relative file path from the GCS bucket root to the CSV file. example: "data/reference_tables/users.csv" type: string gcp_bucket_name: description: GCP bucket containing the CSV file. example: "example-data-bucket" type: string gcp_project_id: description: GCP project ID where the bucket is located. example: "example-gcp-project-12345" type: string gcp_service_account_email: description: Service account email with read permissions for the GCS bucket. example: "example-service@example-gcp-project-12345.iam.gserviceaccount.com" type: string type: object x-oneOf-parent: - GcpDetail TableResultV2DataAttributesSchema: description: Schema defining the structure and columns of the reference table. properties: fields: description: The schema fields. items: $ref: "#/components/schemas/TableResultV2DataAttributesSchemaFieldsItems" type: array primary_keys: description: List of field names that serve as primary keys for the table. Only one primary key is supported, and it is used as an ID to retrieve rows. example: - "field_1" items: description: A field name used as a primary key. type: string type: array required: - fields - primary_keys type: object TableResultV2DataAttributesSchemaFieldsItems: description: A single field (column) in the reference table schema to be returned. properties: name: description: The field name. example: "field_1" type: string type: $ref: "#/components/schemas/ReferenceTableSchemaFieldType" required: - name - type type: object TableResultV2DataType: default: reference_table description: Reference table resource type. enum: - reference_table example: reference_table type: string x-enum-varnames: - REFERENCE_TABLE TableRowResourceArray: description: List of rows from a reference table query. properties: data: description: The rows. items: $ref: "#/components/schemas/TableRowResourceData" type: array required: - data type: object TableRowResourceData: additionalProperties: false description: The data object containing the row column names and values. properties: attributes: $ref: "#/components/schemas/TableRowResourceDataAttributes" id: description: Row identifier, corresponding to the primary key value. type: string type: $ref: "#/components/schemas/TableRowResourceDataType" required: - type type: object TableRowResourceDataAttributes: additionalProperties: false description: Column values for this row in the reference table. properties: values: description: Key-value pairs representing the row data, where keys are field names from the schema. type: object type: object TableRowResourceDataType: default: row description: Row resource type. enum: - row example: row type: string x-enum-varnames: - ROW TableRowResourceIdentifier: description: Row resource containing a single row identifier. properties: id: description: The primary key value that uniquely identifies the row to delete. example: "primary_key_value" type: string type: $ref: "#/components/schemas/TableRowResourceDataType" required: - type - id type: object TagsEventAttribute: description: Array of tags associated with your event. example: ["team:A"] items: description: Tag associated with your event. type: string type: array TargetingRule: description: Targeting rule details. properties: conditions: description: Conditions evaluated by this targeting rule. items: $ref: "#/components/schemas/Condition" type: array created_at: description: The timestamp when the targeting rule was created. example: "2024-01-01T12:00:00Z" format: date-time type: string id: description: The unique identifier of the targeting rule. example: "550e8400-e29b-41d4-a716-446655440060" format: uuid type: string updated_at: description: The timestamp when the targeting rule was last updated. example: "2024-01-01T12:00:00Z" format: date-time type: string required: - id - conditions - created_at - updated_at type: object TargetingRuleRequest: description: Targeting rule request payload. properties: conditions: description: Conditions that must match for this rule. items: $ref: "#/components/schemas/ConditionRequest" minItems: 1 type: array required: - conditions type: object Targets: description: |- List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets. example: ["@john.doe@email.com"] items: description: Recipients to notify. type: string type: array Team: description: A team properties: attributes: $ref: "#/components/schemas/TeamAttributes" id: description: The team's identifier example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string relationships: $ref: "#/components/schemas/TeamRelationships" type: $ref: "#/components/schemas/TeamType" required: - attributes - id - type type: object TeamAttributes: description: Team attributes properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "🥑" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer created_at: description: Creation date of the team format: date-time type: string description: description: Free-form markdown description/content for the team's homepage nullable: true type: string handle: description: The team's identifier example: example-team maxLength: 195 type: string hidden_modules: description: Collection of hidden modules for the team items: description: String identifier of the module type: string nullable: true type: array is_managed: description: Whether the team is managed from an external source type: boolean link_count: description: The number of links belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer modified_at: description: Modification date of the team format: date-time type: string name: description: The name of the team example: Example Team maxLength: 200 type: string summary: description: A brief summary of the team, derived from the `description` maxLength: 120 nullable: true type: string user_count: description: The number of users belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer visible_modules: description: Collection of visible modules for the team items: description: String identifier of the module type: string nullable: true type: array required: - handle - name type: object TeamConnection: description: A relationship between a Datadog team and a team from another external system. properties: attributes: $ref: "#/components/schemas/TeamConnectionAttributes" id: description: The unique identifier of the team connection. example: "12345678-1234-5678-9abc-123456789012" type: string relationships: $ref: "#/components/schemas/TeamConnectionRelationships" type: $ref: "#/components/schemas/TeamConnectionType" required: - id - type type: object TeamConnectionAttributes: description: Attributes of the team connection. properties: managed_by: description: The entity that manages this team connection. example: "github_sync" type: string source: description: The name of the external source. example: "github" type: string type: object TeamConnectionCreateData: description: Data for creating a team connection. properties: attributes: $ref: "#/components/schemas/TeamConnectionAttributes" relationships: $ref: "#/components/schemas/TeamConnectionRelationships" type: $ref: "#/components/schemas/TeamConnectionType" required: - type type: object TeamConnectionCreateRequest: description: Request for creating team connections. properties: data: description: Array of team connections to create. items: $ref: "#/components/schemas/TeamConnectionCreateData" type: array required: - data type: object TeamConnectionDeleteRequest: description: Request for deleting team connections. properties: data: description: Array of team connection IDs to delete. items: $ref: "#/components/schemas/TeamConnectionDeleteRequestDataItem" type: array required: - data type: object TeamConnectionDeleteRequestDataItem: description: A collection of connection ids to delete. properties: id: description: The unique identifier of the team connection to delete. example: "12345678-1234-5678-9abc-123456789012" type: string type: $ref: "#/components/schemas/TeamConnectionType" required: - id - type type: object TeamConnectionRelationships: description: Relationships of the team connection. properties: connected_team: $ref: "#/components/schemas/ConnectedTeamRef" team: $ref: "#/components/schemas/TeamRef" type: object TeamConnectionType: default: "team_connection" description: Team connection resource type. enum: - team_connection example: "team_connection" type: string x-enum-varnames: - TEAM_CONNECTION TeamConnectionsResponse: description: Response containing information about multiple team connections. properties: data: description: Array of team connections. items: $ref: "#/components/schemas/TeamConnection" type: array meta: $ref: "#/components/schemas/ConnectionsResponseMeta" type: object TeamCreate: description: Team create properties: attributes: $ref: "#/components/schemas/TeamCreateAttributes" relationships: $ref: "#/components/schemas/TeamCreateRelationships" type: $ref: "#/components/schemas/TeamType" required: - attributes - type type: object TeamCreateAttributes: description: Team creation attributes properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "🥑" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer description: description: Free-form markdown description/content for the team's homepage type: string handle: description: The team's identifier example: example-team maxLength: 195 type: string hidden_modules: description: Collection of hidden modules for the team items: description: String identifier of the module type: string type: array name: description: The name of the team example: Example Team maxLength: 200 type: string visible_modules: description: Collection of visible modules for the team items: description: String identifier of the module type: string type: array required: - handle - name type: object TeamCreateRelationships: description: Relationships formed with the team on creation properties: users: $ref: "#/components/schemas/RelationshipToUsers" type: object TeamCreateRequest: description: Request to create a team properties: data: $ref: "#/components/schemas/TeamCreate" required: - data type: object TeamHierarchyLink: description: Team hierarchy link properties: attributes: $ref: "#/components/schemas/TeamHierarchyLinkAttributes" id: description: The team hierarchy link's identifier example: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: string relationships: $ref: "#/components/schemas/TeamHierarchyLinkRelationships" type: $ref: "#/components/schemas/TeamHierarchyLinkType" required: - attributes - id - type type: object TeamHierarchyLinkAttributes: description: Team hierarchy link attributes properties: created_at: description: Timestamp when the team hierarchy link was created example: "" format: date-time type: string provisioned_by: description: The provisioner of the team hierarchy link example: "system" type: string required: - provisioned_by - created_at type: object TeamHierarchyLinkCreate: description: Data provided when creating a team hierarchy link properties: relationships: $ref: "#/components/schemas/TeamHierarchyLinkCreateRelationships" type: $ref: "#/components/schemas/TeamHierarchyLinkType" required: - relationships - type type: object TeamHierarchyLinkCreateRelationships: description: The related teams that will be connected by the team hierarchy link properties: parent_team: $ref: "#/components/schemas/TeamHierarchyLinkCreateTeamRelationship" sub_team: $ref: "#/components/schemas/TeamHierarchyLinkCreateTeamRelationship" required: - parent_team - sub_team type: object TeamHierarchyLinkCreateRequest: description: Request to create a team hierarchy link properties: data: $ref: "#/components/schemas/TeamHierarchyLinkCreate" required: - data type: object TeamHierarchyLinkCreateTeam: description: This schema defines the attributes about each team that has to be provided when creating a team hierarchy link properties: id: description: The team's identifier example: 692e8073-12c4-4c71-8408-5090bd44c9c8 type: string type: $ref: "#/components/schemas/TeamType" required: - id - type type: object TeamHierarchyLinkCreateTeamRelationship: description: Data about each team that will be connected by the team hierarchy link properties: data: $ref: "#/components/schemas/TeamHierarchyLinkCreateTeam" required: - data type: object TeamHierarchyLinkRelationships: description: Team hierarchy link relationships properties: parent_team: $ref: "#/components/schemas/TeamHierarchyLinkTeamRelationship" sub_team: $ref: "#/components/schemas/TeamHierarchyLinkTeamRelationship" required: - parent_team - sub_team type: object TeamHierarchyLinkResponse: description: Team hierarchy link response properties: data: $ref: "#/components/schemas/TeamHierarchyLink" included: description: Included teams items: $ref: "#/components/schemas/TeamHierarchyLinkTeam" type: array links: $ref: "#/components/schemas/TeamsHierarchyLinksResponseLinks" type: object TeamHierarchyLinkTeam: description: Team hierarchy links connect different teams. This represents team objects that are connected by the team hierarchy link. properties: attributes: $ref: "#/components/schemas/TeamHierarchyLinkTeamAttributes" id: description: The team's identifier example: 692e8073-12c4-4c71-8408-5090bd44c9c8 type: string type: $ref: "#/components/schemas/TeamType" required: - id - type type: object TeamHierarchyLinkTeamAttributes: description: Team hierarchy links connect different teams. This represents attributes from teams that are connected by the team hierarchy link. properties: avatar: description: The team's avatar nullable: true type: string banner: description: The team's banner format: int64 type: integer handle: description: The team's handle example: team-handle type: string is_managed: description: Whether the team is managed type: boolean is_open_membership: description: Whether the team has open membership type: boolean link_count: description: The number of links for the team format: int64 type: integer name: description: The team's name example: Team Name type: string summary: description: The team's summary nullable: true type: string user_count: description: The number of users in the team format: int64 type: integer required: - handle - name type: object TeamHierarchyLinkTeamRelationship: description: Team hierarchy link team relationship properties: data: $ref: "#/components/schemas/TeamHierarchyLinkTeam" required: - data type: object TeamHierarchyLinkType: default: team_hierarchy_links description: Team hierarchy link type enum: - team_hierarchy_links example: team_hierarchy_links type: string x-enum-varnames: - TEAM_HIERARCHY_LINKS TeamHierarchyLinksResponse: description: Team hierarchy links response properties: data: description: Team hierarchy links response data items: $ref: "#/components/schemas/TeamHierarchyLink" type: array included: description: Included teams items: $ref: "#/components/schemas/TeamHierarchyLinkTeam" type: array links: $ref: "#/components/schemas/TeamsHierarchyLinksResponseLinks" meta: $ref: "#/components/schemas/TeamsHierarchyLinksResponseMeta" type: object TeamIncluded: description: Included resources related to the team oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/TeamLink" - $ref: "#/components/schemas/UserTeamPermission" TeamLink: description: Team link properties: attributes: $ref: "#/components/schemas/TeamLinkAttributes" id: description: The team link's identifier example: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: string type: $ref: "#/components/schemas/TeamLinkType" required: - attributes - id - type type: object TeamLinkAttributes: description: Team link attributes properties: label: description: The link's label example: Link label maxLength: 256 type: string position: description: The link's position, used to sort links for the team format: int32 maximum: 2147483647 type: integer team_id: description: ID of the team the link is associated with readOnly: true type: string url: description: The URL for the link example: "https://example.com" type: string required: - label - url type: object TeamLinkCreate: description: Team link create properties: attributes: $ref: "#/components/schemas/TeamLinkAttributes" type: $ref: "#/components/schemas/TeamLinkType" required: - attributes - type type: object TeamLinkCreateRequest: description: Team link create request properties: data: $ref: "#/components/schemas/TeamLinkCreate" required: - data type: object TeamLinkResponse: description: Team link response properties: data: $ref: "#/components/schemas/TeamLink" type: object TeamLinkType: default: team_links description: Team link type enum: - team_links example: team_links type: string x-enum-varnames: - TEAM_LINKS TeamLinksResponse: description: Team links response properties: data: description: Team links response data items: $ref: "#/components/schemas/TeamLink" type: array type: object TeamNotificationRule: description: Team notification rule properties: attributes: $ref: "#/components/schemas/TeamNotificationRuleAttributes" id: description: The identifier of the team notification rule example: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: string type: $ref: "#/components/schemas/TeamNotificationRuleType" required: - attributes - type type: object TeamNotificationRuleAttributes: description: Team notification rule attributes properties: email: $ref: "#/components/schemas/TeamNotificationRuleAttributesEmail" ms_teams: $ref: "#/components/schemas/TeamNotificationRuleAttributesMsTeams" pagerduty: $ref: "#/components/schemas/TeamNotificationRuleAttributesPagerduty" slack: $ref: "#/components/schemas/TeamNotificationRuleAttributesSlack" type: object TeamNotificationRuleAttributesEmail: description: Email notification settings for the team properties: enabled: description: Flag indicating email notification type: boolean type: object TeamNotificationRuleAttributesMsTeams: description: MS Teams notification settings for the team properties: connector_name: description: Handle for MS Teams type: string type: object TeamNotificationRuleAttributesPagerduty: description: PagerDuty notification settings for the team properties: service_name: description: Service name for PagerDuty type: string type: object TeamNotificationRuleAttributesSlack: description: Slack notification settings for the team properties: channel: description: Channel for Slack notification type: string workspace: description: Workspace for Slack notification type: string type: object TeamNotificationRuleRequest: description: Request to create or update a team notification rule properties: data: $ref: "#/components/schemas/TeamNotificationRule" required: - data type: object TeamNotificationRuleResponse: description: Team notification rule response properties: data: $ref: "#/components/schemas/TeamNotificationRule" type: object TeamNotificationRuleType: default: team_notification_rules description: Team notification rule type enum: - team_notification_rules example: team_notification_rules type: string x-enum-varnames: - TEAM_NOTIFICATION_RULES TeamNotificationRulesResponse: description: Team notification rules response properties: data: description: Team notification rules response data items: $ref: "#/components/schemas/TeamNotificationRule" type: array meta: $ref: "#/components/schemas/TeamNotificationRulesResponseMeta" type: object TeamNotificationRulesResponseMeta: description: Metadata that is included in the response when querying the team notification rules properties: page: $ref: "#/components/schemas/TeamNotificationRulesResponseMetaPage" type: object TeamNotificationRulesResponseMetaPage: description: |- Metadata related to paging information that is included in the response when querying the team notification rules properties: first_offset: description: The first offset. format: int64 type: integer last_offset: description: The last offset. format: int64 type: integer limit: description: Pagination limit. format: int64 type: integer next_offset: description: The next offset. format: int64 nullable: true type: integer offset: description: The offset. format: int64 type: integer prev_offset: description: The previous offset. format: int64 nullable: true type: integer total: description: Total results. format: int64 type: integer type: description: Offset type. type: string type: object TeamOnCallResponders: description: Root object representing a team's on-call responder configuration. example: data: id: "111ee23r-aaaaa-aaaa-aaww-1234wertsd23" relationships: escalations: data: - id: "111ee23r-aaaaa-aaaa-aaww-1234wertsd23" type: escalation_policy_steps responders: data: - id: "111ee23r-aaaaa-aaaa-aaww-1234wertsd23" type: users type: team_oncall_responders included: - attributes: email: test@test.com name: Test User status: active id: "111ee23r-aaaaa-aaaa-aaww-1234wertsd23" type: users - id: "111ee23r-aaaaa-aaaa-aaww-1234wertsd23" relationships: responders: data: - id: "111ee23r-aaaaa-aaaa-aaww-1234wertsd23" type: users type: escalation_policy_steps properties: data: $ref: "#/components/schemas/TeamOnCallRespondersData" included: description: The `TeamOnCallResponders` `included`. items: $ref: "#/components/schemas/TeamOnCallRespondersIncluded" type: array type: object TeamOnCallRespondersData: description: Defines the main on-call responder object for a team, including relationships and metadata. properties: id: description: Unique identifier of the on-call responder configuration. type: string relationships: $ref: "#/components/schemas/TeamOnCallRespondersDataRelationships" type: $ref: "#/components/schemas/TeamOnCallRespondersDataType" required: - type type: object TeamOnCallRespondersDataRelationships: description: Relationship objects linked to a team's on-call responder configuration, including escalations and responders. properties: escalations: $ref: "#/components/schemas/TeamOnCallRespondersDataRelationshipsEscalations" responders: $ref: "#/components/schemas/TeamOnCallRespondersDataRelationshipsResponders" type: object TeamOnCallRespondersDataRelationshipsEscalations: description: Defines the escalation policy steps linked to the team's on-call configuration. properties: data: description: Array of escalation step references. items: $ref: "#/components/schemas/TeamOnCallRespondersDataRelationshipsEscalationsDataItems" type: array type: object TeamOnCallRespondersDataRelationshipsEscalationsDataItems: description: Represents a link to a specific escalation policy step associated with the on-call team. properties: id: description: Unique identifier of the escalation step. example: "" type: string type: $ref: "#/components/schemas/TeamOnCallRespondersDataRelationshipsEscalationsDataItemsType" required: - type - id type: object TeamOnCallRespondersDataRelationshipsEscalationsDataItemsType: default: escalation_policy_steps description: Identifies the resource type for escalation policy steps linked to a team's on-call configuration. enum: - escalation_policy_steps example: escalation_policy_steps type: string x-enum-varnames: - ESCALATION_POLICY_STEPS TeamOnCallRespondersDataRelationshipsResponders: description: Defines the list of users assigned as on-call responders for the team. properties: data: description: Array of user references associated as responders. items: $ref: "#/components/schemas/TeamOnCallRespondersDataRelationshipsRespondersDataItems" type: array type: object TeamOnCallRespondersDataRelationshipsRespondersDataItems: description: Represents a user responder associated with the on-call team. properties: id: description: Unique identifier of the responder. example: "" type: string type: $ref: "#/components/schemas/TeamOnCallRespondersDataRelationshipsRespondersDataItemsType" required: - type - id type: object TeamOnCallRespondersDataRelationshipsRespondersDataItemsType: default: users description: Identifies the resource type for individual user entities associated with on-call response. enum: - users example: users type: string x-enum-varnames: - USERS TeamOnCallRespondersDataType: default: team_oncall_responders description: Represents the resource type for a group of users assigned to handle on-call duties within a team. enum: - team_oncall_responders example: team_oncall_responders type: string x-enum-varnames: - TEAM_ONCALL_RESPONDERS TeamOnCallRespondersIncluded: description: Represents an union of related resources included in the response, such as users and escalation steps. oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/Escalation" TeamPermissionSetting: description: Team permission setting properties: attributes: $ref: "#/components/schemas/TeamPermissionSettingAttributes" id: description: The team permission setting's identifier example: TeamPermission-aeadc05e-98a8-11ec-ac2c-da7ad0900001-edit type: string type: $ref: "#/components/schemas/TeamPermissionSettingType" required: - id - type type: object TeamPermissionSettingAttributes: description: Team permission setting attributes properties: action: $ref: "#/components/schemas/TeamPermissionSettingSerializerAction" editable: description: Whether or not the permission setting is editable by the current user readOnly: true type: boolean options: $ref: "#/components/schemas/TeamPermissionSettingValues" title: description: The team permission name readOnly: true type: string value: $ref: "#/components/schemas/TeamPermissionSettingValue" type: object TeamPermissionSettingResponse: description: Team permission setting response properties: data: $ref: "#/components/schemas/TeamPermissionSetting" type: object TeamPermissionSettingSerializerAction: description: The identifier for the action enum: - manage_membership - edit readOnly: true type: string x-enum-varnames: - MANAGE_MEMBERSHIP - EDIT TeamPermissionSettingType: default: team_permission_settings description: Team permission setting type enum: - team_permission_settings example: team_permission_settings type: string x-enum-varnames: - TEAM_PERMISSION_SETTINGS TeamPermissionSettingUpdate: description: Team permission setting update properties: attributes: $ref: "#/components/schemas/TeamPermissionSettingUpdateAttributes" type: $ref: "#/components/schemas/TeamPermissionSettingType" required: - type type: object TeamPermissionSettingUpdateAttributes: description: Team permission setting update attributes properties: value: $ref: "#/components/schemas/TeamPermissionSettingValue" type: object TeamPermissionSettingUpdateRequest: description: Team permission setting update request properties: data: $ref: "#/components/schemas/TeamPermissionSettingUpdate" required: - data type: object TeamPermissionSettingValue: description: What type of user is allowed to perform the specified action enum: - admins - members - organization - user_access_manage - teams_manage type: string x-enum-varnames: - ADMINS - MEMBERS - ORGANIZATION - USER_ACCESS_MANAGE - TEAMS_MANAGE TeamPermissionSettingValues: description: Possible values for action items: $ref: "#/components/schemas/TeamPermissionSettingValue" readOnly: true type: array TeamPermissionSettingsResponse: description: Team permission settings response properties: data: description: Team permission settings response data items: $ref: "#/components/schemas/TeamPermissionSetting" type: array type: object TeamRef: description: Reference to a Datadog team. properties: data: $ref: "#/components/schemas/TeamRefData" type: object TeamRefData: description: Reference to a Datadog team. properties: id: description: The Datadog team ID. example: "87654321-4321-8765-dcba-210987654321" type: string type: $ref: "#/components/schemas/TeamRefDataType" required: - id - type type: object TeamRefDataType: default: "team" description: Datadog team resource type. enum: - team example: "team" type: string x-enum-varnames: - TEAM TeamReference: description: Provides a reference to a team, including ID, type, and basic attributes/relationships. properties: attributes: $ref: "#/components/schemas/TeamReferenceAttributes" id: description: The team's unique identifier. type: string type: $ref: "#/components/schemas/TeamReferenceType" required: - type type: object TeamReferenceAttributes: description: Encapsulates the basic attributes of a Team reference, such as name, handle, and an optional avatar or description. properties: avatar: description: URL or reference for the team's avatar (if available). type: string description: description: A short text describing the team. type: string handle: description: A unique handle/slug for the team. type: string name: description: The full, human-readable name of the team. type: string type: object TeamReferenceType: default: teams description: |- Teams resource type. enum: - teams example: teams type: string x-enum-varnames: - TEAMS TeamRelationships: description: Resources related to a team properties: team_links: $ref: "#/components/schemas/RelationshipToTeamLinks" user_team_permissions: $ref: "#/components/schemas/RelationshipToUserTeamPermission" type: object TeamRelationshipsLinks: description: Links attributes. properties: related: description: Related link. example: "/api/v2/team/c75a4a8e-20c7-11ee-a3a5-da7ad0900002/links" type: string type: object TeamResponse: description: Response with a team properties: data: $ref: "#/components/schemas/Team" type: object TeamRoutingRules: description: Represents a complete set of team routing rules, including data and optionally included related resources. example: data: id: 27590dae-47be-4a7d-9abf-8f4e45124020 relationships: rules: data: - id: 03aff2d6-6cbf-496c-997f-a857bbe9a94a type: team_routing_rules - id: 03aff2d6-6cbf-496c-997f-a857bbe9a94a type: team_routing_rules type: team_routing_rules included: - attributes: actions: query: tags.service:test time_restriction: restrictions: - end_day: monday end_time: "17:00:00" start_day: monday start_time: "09:00:00" - end_day: tuesday end_time: "17:00:00" start_day: tuesday start_time: "09:00:00" time_zone: "" urgency: high id: 03aff2d6-6cbf-496c-997f-a857bbe9a94a relationships: policy: data: type: team_routing_rules properties: data: $ref: "#/components/schemas/TeamRoutingRulesData" included: description: Provides related routing rules or other included resources. items: $ref: "#/components/schemas/TeamRoutingRulesIncluded" type: array type: object TeamRoutingRulesData: description: Represents the top-level data object for team routing rules, containing the ID, relationships, and resource type. properties: id: description: Specifies the unique identifier of this team routing rules record. type: string relationships: $ref: "#/components/schemas/TeamRoutingRulesDataRelationships" type: $ref: "#/components/schemas/TeamRoutingRulesDataType" required: - type type: object TeamRoutingRulesDataRelationships: description: Specifies relationships for team routing rules, including rule references. properties: rules: $ref: "#/components/schemas/TeamRoutingRulesDataRelationshipsRules" type: object TeamRoutingRulesDataRelationshipsRules: description: Holds references to a set of routing rules in a relationship. properties: data: description: An array of references to the routing rules associated with this team. items: $ref: "#/components/schemas/TeamRoutingRulesDataRelationshipsRulesDataItems" type: array type: object TeamRoutingRulesDataRelationshipsRulesDataItems: description: "Defines a relationship item to link a routing rule by its ID and type." properties: id: description: Specifies the unique identifier for the related routing rule. example: "" type: string type: $ref: "#/components/schemas/TeamRoutingRulesDataRelationshipsRulesDataItemsType" required: - type - id type: object TeamRoutingRulesDataRelationshipsRulesDataItemsType: default: team_routing_rules description: "Indicates that the resource is of type 'team_routing_rules'." enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES TeamRoutingRulesDataType: default: team_routing_rules description: Team routing rules resource type. enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES TeamRoutingRulesIncluded: description: Represents additional included resources for team routing rules, such as associated routing rules. oneOf: - $ref: "#/components/schemas/RoutingRule" TeamRoutingRulesRequest: description: Represents a request to create or update team routing rules, including the data payload. example: data: attributes: rules: - actions: policy_id: "" query: tags.service:test time_restriction: restrictions: - end_day: monday end_time: "17:00:00" start_day: monday start_time: "09:00:00" - end_day: tuesday end_time: "17:00:00" start_day: tuesday start_time: "09:00:00" time_zone: "" urgency: high - actions: - channel: channel type: send_slack_message workspace: workspace policy_id: fad4eee1-13f5-40d8-886b-4e56d8d5d1c6 query: "" time_restriction: urgency: low id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: team_routing_rules properties: data: $ref: "#/components/schemas/TeamRoutingRulesRequestData" type: object TeamRoutingRulesRequestData: description: Holds the data necessary to create or update team routing rules, including attributes, ID, and resource type. properties: attributes: $ref: "#/components/schemas/TeamRoutingRulesRequestDataAttributes" id: description: Specifies the unique identifier for this set of team routing rules. type: string type: $ref: "#/components/schemas/TeamRoutingRulesRequestDataType" required: - type type: object TeamRoutingRulesRequestDataAttributes: description: Represents the attributes of a request to update or create team routing rules. properties: rules: description: A list of routing rule items that define how incoming pages should be handled. items: $ref: "#/components/schemas/TeamRoutingRulesRequestRule" type: array type: object TeamRoutingRulesRequestDataType: default: team_routing_rules description: Team routing rules resource type. enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES TeamRoutingRulesRequestRule: description: Defines an individual routing rule item that contains the rule data for the request. properties: actions: description: Specifies the list of actions to perform when the routing rule is matched. items: $ref: "#/components/schemas/RoutingRuleAction" type: array policy_id: description: Identifies the policy to be applied when this routing rule matches. type: string query: description: Defines the query or condition that triggers this routing rule. type: string time_restriction: $ref: "#/components/schemas/TimeRestrictions" urgency: $ref: "#/components/schemas/Urgency" type: object TeamSyncAttributes: description: Team sync attributes. properties: frequency: $ref: "#/components/schemas/TeamSyncAttributesFrequency" selection_state: $ref: "#/components/schemas/TeamSyncAttributesSelectionState" source: $ref: "#/components/schemas/TeamSyncAttributesSource" sync_membership: $ref: "#/components/schemas/TeamSyncAttributesSyncMembership" type: $ref: "#/components/schemas/TeamSyncAttributesType" required: - source - type type: object TeamSyncAttributesFrequency: description: How often the sync process should be run. Defaults to `once` when not provided. enum: - once - continuously - paused example: once type: string x-enum-varnames: - ONCE - CONTINUOUSLY - PAUSED TeamSyncAttributesSelectionState: description: |- Specifies which teams or organizations to sync. When provided, synchronization is limited to the specified items and their subtrees. items: $ref: "#/components/schemas/TeamSyncSelectionStateItem" type: array TeamSyncAttributesSource: description: The external source platform for team synchronization. Only "github" is supported. enum: - github example: github type: string x-enum-varnames: - GITHUB TeamSyncAttributesSyncMembership: default: false description: Whether to sync members from the external team to the Datadog team. Defaults to `false` when not provided. example: true type: boolean TeamSyncAttributesType: description: The type of synchronization operation. "link" connects teams by matching names. "provision" creates new teams when no match is found. enum: - link - provision example: link type: string x-enum-varnames: - LINK - PROVISION TeamSyncBulkType: description: Team sync bulk type. enum: - team_sync_bulk example: team_sync_bulk type: string x-enum-varnames: - TEAM_SYNC_BULK TeamSyncData: description: A configuration governing syncing between Datadog teams and teams from an external system. properties: attributes: $ref: "#/components/schemas/TeamSyncAttributes" id: description: The sync's identifier example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string type: $ref: "#/components/schemas/TeamSyncBulkType" required: - attributes - type type: object TeamSyncRequest: description: Team sync request. example: data: attributes: source: github type: link type: team_sync_bulk properties: data: $ref: "#/components/schemas/TeamSyncData" required: - data type: object TeamSyncResponse: description: Team sync configurations response. properties: data: description: List of team sync configurations items: $ref: "#/components/schemas/TeamSyncData" type: array type: object TeamSyncSelectionStateExternalId: description: The external identifier for a team or organization in the source platform. properties: type: $ref: "#/components/schemas/TeamSyncSelectionStateExternalIdType" value: $ref: "#/components/schemas/TeamSyncSelectionStateExternalIdValue" required: - type - value type: object TeamSyncSelectionStateExternalIdType: description: |- The type of external identifier for the selection state item. For GitHub synchronization, the allowed values are `team` and `organization`. enum: - team - organization example: team type: string x-enum-varnames: - TEAM - ORGANIZATION TeamSyncSelectionStateExternalIdValue: description: |- The external identifier value from the source platform. For GitHub, this is the string representation of a GitHub organization ID or team ID. example: "1" type: string TeamSyncSelectionStateItem: description: Identifies a team or organization hierarchy to include in synchronization. properties: external_id: $ref: "#/components/schemas/TeamSyncSelectionStateExternalId" operation: $ref: "#/components/schemas/TeamSyncSelectionStateOperation" scope: $ref: "#/components/schemas/TeamSyncSelectionStateScope" required: - external_id type: object TeamSyncSelectionStateOperation: description: |- The operation to perform on the selected hierarchy. When set to `include`, synchronization covers the referenced teams or organizations. enum: - include example: include type: string x-enum-varnames: - INCLUDE TeamSyncSelectionStateScope: description: |- The scope of the selection. When set to `subtree`, synchronization includes the referenced team or organization and everything nested under it. enum: - subtree example: subtree type: string x-enum-varnames: - SUBTREE TeamTarget: description: "Represents a team target for an escalation policy step, including the team's ID and resource type." properties: id: description: "Specifies the unique identifier of the team resource." example: "00000000-aba1-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/TeamTargetType" required: - type - id type: object TeamTargetType: default: teams description: "Indicates that the resource is of type `teams`." enum: - teams example: teams type: string x-enum-varnames: - TEAMS TeamType: default: team description: Team type enum: - team example: team type: string x-enum-varnames: - TEAM TeamUpdate: description: Team update request properties: attributes: $ref: "#/components/schemas/TeamUpdateAttributes" relationships: $ref: "#/components/schemas/TeamUpdateRelationships" type: $ref: "#/components/schemas/TeamType" required: - attributes - type type: object TeamUpdateAttributes: description: Team update attributes properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "🥑" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer description: description: Free-form markdown description/content for the team's homepage type: string handle: description: The team's identifier example: example-team maxLength: 195 type: string hidden_modules: description: Collection of hidden modules for the team items: description: String identifier of the module type: string type: array name: description: The name of the team example: Example Team maxLength: 200 type: string visible_modules: description: Collection of visible modules for the team items: description: String identifier of the module type: string type: array required: - handle - name type: object TeamUpdateRelationships: description: Team update relationships properties: team_links: $ref: "#/components/schemas/RelationshipToTeamLinks" type: object TeamUpdateRequest: description: Team update request properties: data: $ref: "#/components/schemas/TeamUpdate" required: - data type: object TeamsField: description: Supported teams field. enum: - id - name - handle - summary - description - avatar - banner - visible_modules - hidden_modules - created_at - modified_at - user_count - link_count - team_links - user_team_permissions type: string x-enum-varnames: - ID - NAME - HANDLE - SUMMARY - DESCRIPTION - AVATAR - BANNER - VISIBLE_MODULES - HIDDEN_MODULES - CREATED_AT - MODIFIED_AT - USER_COUNT - LINK_COUNT - TEAM_LINKS - USER_TEAM_PERMISSIONS TeamsHierarchyLinksResponseLinks: description: When querying team hierarchy links, a set of links for navigation between different pages is included properties: first: description: Link to the first page. nullable: true type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to the previous page. nullable: true type: string self: description: Link to the current object. type: string type: object TeamsHierarchyLinksResponseMeta: description: Metadata that is included in the response when querying the team hierarchy links properties: page: $ref: "#/components/schemas/TeamsHierarchyLinksResponseMetaPage" type: object TeamsHierarchyLinksResponseMetaPage: description: Metadata related to paging information that is included in the response when querying the team hierarchy links properties: first_number: description: First page number. format: int64 type: integer last_number: description: Last page number. format: int64 type: integer next_number: description: Next page number. format: int64 nullable: true type: integer number: description: Page number. format: int64 type: integer prev_number: description: Previous page number. format: int64 nullable: true type: integer size: description: Page size. format: int64 type: integer total: description: Total number of results. format: int64 type: integer type: description: Pagination type. example: "number_size" type: string type: object TeamsResponse: description: Response with multiple teams properties: data: description: Teams response data items: $ref: "#/components/schemas/Team" type: array included: description: Resources related to the team items: $ref: "#/components/schemas/TeamIncluded" type: array links: $ref: "#/components/schemas/TeamsResponseLinks" meta: $ref: "#/components/schemas/TeamsResponseMeta" type: object TeamsResponseLinks: description: Teams response links. properties: first: description: First link. type: string last: description: Last link. nullable: true type: string next: description: Next link. type: string prev: description: Previous link. nullable: true type: string self: description: Current link. type: string type: object TeamsResponseMeta: description: Teams response metadata. properties: pagination: $ref: "#/components/schemas/TeamsResponseMetaPagination" type: object TeamsResponseMetaPagination: description: Teams response metadata. properties: first_offset: description: The first offset. format: int64 type: integer last_offset: description: The last offset. format: int64 type: integer limit: description: Pagination limit. format: int64 type: integer next_offset: description: The next offset. format: int64 type: integer offset: description: The offset. format: int64 type: integer prev_offset: description: The previous offset. format: int64 type: integer total: description: Total results. format: int64 type: integer type: description: Offset type. type: string type: object TenancyConfig: description: Response containing a single OCI tenancy integration configuration. example: data: attributes: config_version: 2 cost_collection_enabled: true dd_compartment_id: ocid.compartment.test dd_stack_id: ocid.stack.test home_region: us-ashburn-1 logs_config: compartment_tag_filters: - compartment.test enabled: true enabled_services: - compute metrics_config: compartment_tag_filters: - compartment.test enabled: true excluded_services: - compute regions_config: available: - us-ashburn-1 - us-phoenix-1 disabled: - us-phoenix-1 enabled: - us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy properties: data: $ref: "#/components/schemas/TenancyConfigData" type: object TenancyConfigData: description: A single OCI tenancy integration configuration resource object containing the tenancy ID, type, and configuration attributes. properties: attributes: $ref: "#/components/schemas/TenancyConfigDataAttributes" id: description: The OCID of the OCI tenancy. type: string type: $ref: "#/components/schemas/UpdateTenancyConfigDataType" required: - type type: object TenancyConfigDataAttributes: description: Attributes of an OCI tenancy integration configuration, including authentication details, region settings, and collection options. properties: billing_plan_id: description: The identifier of the billing plan associated with the OCI tenancy. format: int32 maximum: 2147483647 type: integer config_version: description: Version number of the integration the tenancy is integrated with format: int64 type: integer cost_collection_enabled: description: Whether cost data collection from OCI is enabled for the tenancy. type: boolean dd_compartment_id: description: The OCID of the OCI compartment used by the Datadog integration stack. type: string dd_stack_id: description: The OCID of the OCI Resource Manager stack used by the Datadog integration. type: string home_region: description: The home region of the OCI tenancy (for example, us-ashburn-1). type: string logs_config: $ref: "#/components/schemas/TenancyConfigDataAttributesLogsConfig" metrics_config: $ref: "#/components/schemas/TenancyConfigDataAttributesMetricsConfig" parent_tenancy_name: description: The name of the parent OCI tenancy, if applicable. type: string regions_config: $ref: "#/components/schemas/TenancyConfigDataAttributesRegionsConfig" resource_collection_enabled: description: Whether resource collection from OCI is enabled for the tenancy. type: boolean tenancy_name: description: The human-readable name of the OCI tenancy. type: string user_ocid: description: The OCID of the OCI user used by the Datadog integration for authentication. type: string type: object TenancyConfigDataAttributesLogsConfig: description: Log collection configuration for an OCI tenancy, indicating which compartments and services have log collection enabled. properties: compartment_tag_filters: description: List of compartment tag filters scoping log collection to specific compartments. items: description: A compartment tag filter in key:value format (for example, datadog:true). type: string type: array enabled: description: Whether log collection is enabled for the tenancy. type: boolean enabled_services: description: List of OCI service names for which log collection is enabled. items: description: An OCI service name for which log collection is enabled (for example, compute). type: string type: array type: object TenancyConfigDataAttributesMetricsConfig: description: Metrics collection configuration for an OCI tenancy, indicating which compartments and services are included or excluded. properties: compartment_tag_filters: description: List of compartment tag filters scoping metrics collection to specific compartments. items: description: A compartment tag filter in key:value format (for example, datadog:true). type: string type: array enabled: description: Whether metrics collection is enabled for the tenancy. type: boolean excluded_services: description: List of OCI service names excluded from metrics collection. items: description: An OCI service name excluded from metrics collection (for example, compute). type: string type: array type: object TenancyConfigDataAttributesRegionsConfig: description: Region configuration for an OCI tenancy, indicating which regions are available, enabled, or disabled for data collection. properties: available: description: List of OCI regions available for data collection in the tenancy. items: description: An OCI region identifier (for example, us-ashburn-1). type: string type: array disabled: description: List of OCI regions explicitly disabled for data collection. items: description: An OCI region identifier (for example, us-phoenix-1). type: string type: array enabled: description: List of OCI regions enabled for data collection. items: description: An OCI region identifier (for example, us-ashburn-1). type: string type: array type: object TenancyConfigList: description: Response containing a list of OCI tenancy integration configurations. example: data: - attributes: config_version: 2 cost_collection_enabled: true dd_compartment_id: ocid.compartment.test dd_stack_id: ocid.stack.test home_region: us-ashburn-1 logs_config: compartment_tag_filters: - compartment.test enabled: true enabled_services: - compute metrics_config: compartment_tag_filters: - compartment.test enabled: true excluded_services: - compute regions_config: available: - us-ashburn-1 - us-phoenix-1 disabled: - us-phoenix-1 enabled: - us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy properties: data: description: List of OCI tenancy integration configuration objects. items: $ref: "#/components/schemas/TenancyConfigData" type: array required: - data type: object TenancyProductsData: description: A single OCI tenancy product resource object containing the tenancy ID, type, and product attributes. properties: attributes: $ref: "#/components/schemas/TenancyProductsDataAttributes" id: description: The OCID of the OCI tenancy. type: string type: $ref: "#/components/schemas/TenancyProductsDataType" required: - type type: object TenancyProductsDataAttributes: description: Attributes of an OCI tenancy product resource, containing the list of available products and their enablement status. properties: products: description: List of Datadog products and their enablement status for the tenancy. items: $ref: "#/components/schemas/TenancyProductsDataAttributesProductsItems" type: array type: object TenancyProductsDataAttributesProductsItems: description: An individual Datadog product with its enablement status for a tenancy. properties: enabled: description: Indicates whether the product is enabled for the tenancy. type: boolean product_key: description: The unique key identifying the Datadog product (for example, CLOUD_SECURITY_POSTURE_MANAGEMENT). type: string type: object TenancyProductsDataType: default: oci_tenancy_product description: OCI tenancy product resource type. enum: - oci_tenancy_product example: oci_tenancy_product type: string x-enum-varnames: - OCI_TENANCY_PRODUCT TenancyProductsList: description: Response containing a list of OCI tenancy product resources with their product enablement status. example: data: - attributes: products: - enabled: true product_key: CLOUD_SECURITY_POSTURE_MANAGEMENT id: ocid.tenancy.test type: oci_tenancy_product properties: data: description: List of OCI tenancy product resource objects. items: $ref: "#/components/schemas/TenancyProductsData" type: array required: - data type: object TestOptimizationDeleteServiceSettingsRequest: description: Request object for deleting Test Optimization service settings. properties: data: $ref: "#/components/schemas/TestOptimizationDeleteServiceSettingsRequestData" required: - data type: object TestOptimizationDeleteServiceSettingsRequestAttributes: description: Attributes for deleting Test Optimization service settings. properties: env: description: The environment name. If omitted, defaults to `none`. example: prod type: string repository_id: description: The repository identifier. example: github.com/datadog/shopist minLength: 1 type: string service_name: description: The service name. example: shopist minLength: 1 type: string required: - repository_id - service_name type: object TestOptimizationDeleteServiceSettingsRequestData: description: Data object for delete service settings request. properties: attributes: $ref: "#/components/schemas/TestOptimizationDeleteServiceSettingsRequestAttributes" type: $ref: "#/components/schemas/TestOptimizationDeleteServiceSettingsRequestDataType" required: - type - attributes type: object TestOptimizationDeleteServiceSettingsRequestDataType: description: |- JSON:API type for delete service settings request. The value must always be `test_optimization_delete_service_settings_request`. enum: - test_optimization_delete_service_settings_request example: test_optimization_delete_service_settings_request type: string x-enum-varnames: - TEST_OPTIMIZATION_DELETE_SERVICE_SETTINGS_REQUEST TestOptimizationFlakyTestsManagementPoliciesAttemptToFix: description: Configuration for the attempt-to-fix Flaky Tests Management policy. properties: retries: description: Number of retries when attempting to fix a flaky test. Must be greater than 0. example: 3 format: int64 type: integer type: object TestOptimizationFlakyTestsManagementPoliciesAttributes: description: Attributes of the Flaky Tests Management policies for a repository. properties: attempt_to_fix: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesAttemptToFix" disabled: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesDisabled" quarantined: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesQuarantined" repository_id: description: The repository identifier. example: github.com/datadog/shopist type: string type: object TestOptimizationFlakyTestsManagementPoliciesAutoDisableRule: description: Automatic disable triggering rule based on a time window and test status. properties: enabled: description: Whether this auto-disable rule is enabled. example: false type: boolean status: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesDisabledStatus" window_seconds: description: Time window in seconds over which flakiness is evaluated. Must be greater than 0. example: 3600 format: int64 type: integer type: object TestOptimizationFlakyTestsManagementPoliciesAutoQuarantineRule: description: Automatic quarantine triggering rule based on a time window. properties: enabled: description: Whether this auto-quarantine rule is enabled. example: true type: boolean window_seconds: description: Time window in seconds over which flakiness is evaluated. Must be greater than 0. example: 3600 format: int64 type: integer type: object TestOptimizationFlakyTestsManagementPoliciesBranchRule: description: Branch filtering rule for a Flaky Tests Management policy. properties: branches: description: List of branches to which the policy applies. example: - main items: description: A branch name. type: string type: array enabled: description: Whether this branch rule is enabled. example: true type: boolean excluded_branches: description: List of branches excluded from the policy. example: [] items: description: A branch name. type: string type: array excluded_test_services: description: List of test services excluded from the policy. example: [] items: description: A test service name. type: string type: array type: object TestOptimizationFlakyTestsManagementPoliciesData: description: Data object for Flaky Tests Management policies response. properties: attributes: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesAttributes" id: description: The repository identifier used as the resource ID. example: github.com/datadog/shopist type: string type: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesType" type: object TestOptimizationFlakyTestsManagementPoliciesDisabled: description: Configuration for the disabled Flaky Tests Management policy. properties: auto_disable_rule: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesAutoDisableRule" branch_rule: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesBranchRule" enabled: description: Whether the disabled policy is enabled. example: false type: boolean failure_rate_rule: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesDisabledFailureRateRule" type: object TestOptimizationFlakyTestsManagementPoliciesDisabledFailureRateRule: description: Failure-rate-based rule for the disabled policy. properties: branches: description: List of branches to which this rule applies. example: [] items: description: A branch name. type: string type: array enabled: description: Whether this failure rate rule is enabled. example: false type: boolean min_runs: description: Minimum number of runs required before the rule is evaluated. Must be greater than or equal to 0. example: 10 format: int64 type: integer status: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesDisabledStatus" threshold: description: Failure rate threshold (0.0–1.0) above which the rule triggers. example: 0.5 format: double type: number type: object TestOptimizationFlakyTestsManagementPoliciesDisabledStatus: description: |- Test status that the disable policy applies to. Must be either `active` or `quarantined`. enum: - active - quarantined example: active type: string x-enum-varnames: - ACTIVE - QUARANTINED TestOptimizationFlakyTestsManagementPoliciesGetRequest: description: Request object for getting Flaky Tests Management policies. properties: data: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesGetRequestData" required: - data type: object TestOptimizationFlakyTestsManagementPoliciesGetRequestAttributes: description: Attributes for requesting Flaky Tests Management policies. properties: repository_id: description: The repository identifier. example: github.com/datadog/shopist minLength: 1 type: string required: - repository_id type: object TestOptimizationFlakyTestsManagementPoliciesGetRequestData: description: Data object for get Flaky Tests Management policies request. properties: attributes: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesGetRequestAttributes" type: $ref: "#/components/schemas/TestOptimizationGetFlakyTestsManagementPoliciesRequestDataType" required: - type - attributes type: object TestOptimizationFlakyTestsManagementPoliciesQuarantined: description: Configuration for the quarantined Flaky Tests Management policy. properties: auto_quarantine_rule: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesAutoQuarantineRule" branch_rule: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesBranchRule" enabled: description: Whether the quarantined policy is enabled. example: true type: boolean failure_rate_rule: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesQuarantinedFailureRateRule" type: object TestOptimizationFlakyTestsManagementPoliciesQuarantinedFailureRateRule: description: Failure-rate-based rule for the quarantined policy. properties: branches: description: List of branches to which this rule applies. example: - main items: description: A branch name. type: string type: array enabled: description: Whether this failure rate rule is enabled. example: true type: boolean min_runs: description: Minimum number of runs required before the rule is evaluated. Must be greater than or equal to 0. example: 10 format: int64 type: integer threshold: description: Failure rate threshold (0.0–1.0) above which the rule triggers. example: 0.5 format: double type: number type: object TestOptimizationFlakyTestsManagementPoliciesResponse: description: Response object containing Flaky Tests Management policies for a repository. properties: data: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesData" type: object TestOptimizationFlakyTestsManagementPoliciesType: description: |- JSON:API type for Flaky Tests Management policies response. The value must always be `test_optimization_flaky_tests_management_policies`. enum: - test_optimization_flaky_tests_management_policies example: test_optimization_flaky_tests_management_policies type: string x-enum-varnames: - TEST_OPTIMIZATION_FLAKY_TESTS_MANAGEMENT_POLICIES TestOptimizationFlakyTestsManagementPoliciesUpdateRequest: description: Request object for updating Flaky Tests Management policies. properties: data: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesUpdateRequestData" required: - data type: object TestOptimizationFlakyTestsManagementPoliciesUpdateRequestAttributes: description: |- Attributes for updating Flaky Tests Management policies. Only provided policy blocks are updated; omitted blocks are left unchanged. properties: attempt_to_fix: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesAttemptToFix" disabled: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesDisabled" quarantined: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesQuarantined" repository_id: description: The repository identifier. example: github.com/datadog/shopist minLength: 1 type: string required: - repository_id type: object TestOptimizationFlakyTestsManagementPoliciesUpdateRequestData: description: Data object for update Flaky Tests Management policies request. properties: attributes: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesUpdateRequestAttributes" type: $ref: "#/components/schemas/TestOptimizationUpdateFlakyTestsManagementPoliciesRequestDataType" required: - type - attributes type: object TestOptimizationGetFlakyTestsManagementPoliciesRequestDataType: description: |- JSON:API type for get Flaky Tests Management policies request. The value must always be `test_optimization_get_flaky_tests_management_policies_request`. enum: - test_optimization_get_flaky_tests_management_policies_request example: test_optimization_get_flaky_tests_management_policies_request type: string x-enum-varnames: - TEST_OPTIMIZATION_GET_FLAKY_TESTS_MANAGEMENT_POLICIES_REQUEST TestOptimizationGetServiceSettingsRequest: description: Request object for getting Test Optimization service settings. properties: data: $ref: "#/components/schemas/TestOptimizationGetServiceSettingsRequestData" required: - data type: object TestOptimizationGetServiceSettingsRequestAttributes: description: Attributes for requesting Test Optimization service settings. properties: env: description: The environment name. If omitted, defaults to `none`. example: prod type: string repository_id: description: The repository identifier. example: github.com/datadog/shopist minLength: 1 type: string service_name: description: The service name. example: shopist minLength: 1 type: string required: - repository_id - service_name type: object TestOptimizationGetServiceSettingsRequestData: description: Data object for get service settings request. properties: attributes: $ref: "#/components/schemas/TestOptimizationGetServiceSettingsRequestAttributes" type: $ref: "#/components/schemas/TestOptimizationGetServiceSettingsRequestDataType" required: - type - attributes type: object TestOptimizationGetServiceSettingsRequestDataType: description: |- JSON:API type for get service settings request. The value must always be `test_optimization_get_service_settings_request`. enum: - test_optimization_get_service_settings_request example: test_optimization_get_service_settings_request type: string x-enum-varnames: - TEST_OPTIMIZATION_GET_SERVICE_SETTINGS_REQUEST TestOptimizationServiceSettingsAttributes: description: Attributes for Test Optimization service settings. properties: auto_test_retries_enabled: description: Whether Auto Test Retries are enabled for this service. example: false type: boolean code_coverage_enabled: description: Whether Code Coverage is enabled for this service. example: false type: boolean early_flake_detection_enabled: description: Whether Early Flake Detection is enabled for this service. example: false type: boolean env: description: The environment name. example: prod type: string failed_test_replay_enabled: description: Whether Failed Test Replay is enabled for this service. example: false type: boolean pr_comments_enabled: description: Whether PR Comments are enabled for this service. example: true type: boolean repository_id: description: The repository identifier. example: github.com/datadog/shopist type: string service_name: description: The service name. example: shopist type: string test_impact_analysis_enabled: description: Whether Test Impact Analysis is enabled for this service. example: false type: boolean type: object TestOptimizationServiceSettingsData: description: Data object for Test Optimization service settings response. properties: attributes: $ref: "#/components/schemas/TestOptimizationServiceSettingsAttributes" id: description: Unique identifier for the service settings. example: github.com/datadog/shopist::shopist::prod type: string type: $ref: "#/components/schemas/TestOptimizationServiceSettingsType" type: object TestOptimizationServiceSettingsResponse: description: Response object containing Test Optimization service settings. properties: data: $ref: "#/components/schemas/TestOptimizationServiceSettingsData" type: object TestOptimizationServiceSettingsType: description: |- JSON:API type for service settings response. The value must always be `test_optimization_service_settings`. enum: - test_optimization_service_settings example: test_optimization_service_settings type: string x-enum-varnames: - TEST_OPTIMIZATION_SERVICE_SETTINGS TestOptimizationUpdateFlakyTestsManagementPoliciesRequestDataType: description: |- JSON:API type for update Flaky Tests Management policies request. The value must always be `test_optimization_update_flaky_tests_management_policies_request`. enum: - test_optimization_update_flaky_tests_management_policies_request example: test_optimization_update_flaky_tests_management_policies_request type: string x-enum-varnames: - TEST_OPTIMIZATION_UPDATE_FLAKY_TESTS_MANAGEMENT_POLICIES_REQUEST TestOptimizationUpdateServiceSettingsRequest: description: Request object for updating Test Optimization service settings. properties: data: $ref: "#/components/schemas/TestOptimizationUpdateServiceSettingsRequestData" required: - data type: object TestOptimizationUpdateServiceSettingsRequestAttributes: description: |- Attributes for updating Test Optimization service settings. All non-required fields are optional; only provided fields will be updated. properties: auto_test_retries_enabled: description: Whether Auto Test Retries are enabled for this service. example: false type: boolean code_coverage_enabled: description: Whether Code Coverage is enabled for this service. example: false type: boolean early_flake_detection_enabled: description: Whether Early Flake Detection is enabled for this service. example: false type: boolean env: description: The environment name. If omitted, defaults to `none`. example: prod type: string failed_test_replay_enabled: description: Whether Failed Test Replay is enabled for this service. example: false type: boolean pr_comments_enabled: description: Whether PR Comments are enabled for this service. example: true type: boolean repository_id: description: The repository identifier. example: github.com/datadog/shopist minLength: 1 type: string service_name: description: The service name. example: shopist minLength: 1 type: string test_impact_analysis_enabled: description: Whether Test Impact Analysis is enabled for this service. example: false type: boolean required: - repository_id - service_name type: object TestOptimizationUpdateServiceSettingsRequestData: description: Data object for update service settings request. properties: attributes: $ref: "#/components/schemas/TestOptimizationUpdateServiceSettingsRequestAttributes" type: $ref: "#/components/schemas/TestOptimizationUpdateServiceSettingsRequestDataType" required: - type - attributes type: object TestOptimizationUpdateServiceSettingsRequestDataType: description: |- JSON:API type for update service settings request. The value must always be `test_optimization_update_service_settings_request`. enum: - test_optimization_update_service_settings_request example: test_optimization_update_service_settings_request type: string x-enum-varnames: - TEST_OPTIMIZATION_UPDATE_SERVICE_SETTINGS_REQUEST TimeAggregation: description: |- Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done. example: 86400 format: int64 type: integer TimeRestriction: description: Defines a single time restriction rule with start and end times and the applicable weekdays. properties: end_day: $ref: "#/components/schemas/Weekday" end_time: description: Specifies the ending time for this restriction. type: string start_day: $ref: "#/components/schemas/Weekday" start_time: description: Specifies the starting time for this restriction. type: string type: object TimeRestrictions: description: Holds time zone information and a list of time restrictions for a routing rule. properties: restrictions: description: Defines the list of time-based restrictions. items: $ref: "#/components/schemas/TimeRestriction" type: array time_zone: description: Specifies the time zone applicable to the restrictions. example: "" type: string required: - time_zone - restrictions type: object TimelineCell: description: timeline cell properties: author: $ref: "#/components/schemas/TimelineCellAuthor" cell_content: $ref: "#/components/schemas/TimelineCellContent" created_at: description: Timestamp of when the cell was created format: date-time readOnly: true type: string deleted_at: description: Timestamp of when the cell was deleted format: date-time readOnly: true type: string modified_at: description: Timestamp of when the cell was last modified format: date-time readOnly: true type: string type: $ref: "#/components/schemas/TimelineCellType" type: object TimelineCellAuthor: description: author of the timeline cell oneOf: - $ref: "#/components/schemas/TimelineCellAuthorUser" TimelineCellAuthorUser: description: timeline cell user author properties: content: $ref: "#/components/schemas/TimelineCellAuthorUserContent" type: $ref: "#/components/schemas/TimelineCellAuthorUserType" type: object TimelineCellAuthorUserContent: description: user author content. properties: email: description: user email type: string handle: description: user handle type: string id: description: user UUID type: string name: description: user name type: string type: object TimelineCellAuthorUserType: description: user author type. enum: - USER example: USER type: string x-enum-varnames: - USER TimelineCellContent: description: timeline cell content oneOf: - $ref: "#/components/schemas/TimelineCellContentComment" TimelineCellContentComment: description: comment content properties: message: description: comment message type: string type: object TimelineCellResource: description: Timeline cell JSON:API resource properties: attributes: $ref: "#/components/schemas/TimelineCell" id: description: Timeline cell's identifier example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string type: $ref: "#/components/schemas/TimelineCellResourceType" required: - id - type - attributes type: object TimelineCellResourceType: default: timeline_cell description: Timeline cell JSON:API resource type enum: - timeline_cell example: timeline_cell type: string x-enum-varnames: - TIMELINE_CELL TimelineCellType: description: Timeline cell content type enum: - COMMENT example: COMMENT type: string x-enum-varnames: - COMMENT TimelineResponse: description: Timeline response properties: data: description: The `TimelineResponse` `data`. items: $ref: "#/components/schemas/TimelineCellResource" type: array type: object TimeseriesFormulaQueryRequest: description: A request wrapper around a single timeseries query to be executed. properties: data: $ref: "#/components/schemas/TimeseriesFormulaRequest" required: - data type: object TimeseriesFormulaQueryResponse: description: A message containing one response to a timeseries query made with timeseries formula query request. properties: data: $ref: "#/components/schemas/TimeseriesResponse" errors: description: The error generated by the request. type: string type: object TimeseriesFormulaRequest: description: A single timeseries query to be executed. properties: attributes: $ref: "#/components/schemas/TimeseriesFormulaRequestAttributes" type: $ref: "#/components/schemas/TimeseriesFormulaRequestType" required: - type - attributes type: object TimeseriesFormulaRequestAttributes: description: The object describing a timeseries formula request. properties: formulas: description: List of formulas to be calculated and returned as responses. items: $ref: "#/components/schemas/QueryFormula" type: array from: description: Start date (inclusive) of the query in milliseconds since the Unix epoch. example: 1568899800000 format: int64 type: integer interval: description: |- A time interval in milliseconds. May be overridden by a larger interval if the query would result in too many points for the specified timeframe. Defaults to a reasonable interval for the given timeframe. example: 5000 format: int64 type: integer queries: $ref: "#/components/schemas/TimeseriesFormulaRequestQueries" to: description: End date (exclusive) of the query in milliseconds since the Unix epoch. example: 1568923200000 format: int64 type: integer required: - to - from - queries type: object TimeseriesFormulaRequestQueries: description: List of queries to be run and used as inputs to the formulas. example: - data_source: metrics query: "avg:system.cpu.user{*} by {env}" items: $ref: "#/components/schemas/TimeseriesQuery" type: array TimeseriesFormulaRequestType: default: "timeseries_request" description: The type of the resource. The value should always be timeseries_request. enum: ["timeseries_request"] example: "timeseries_request" type: string x-enum-varnames: ["TIMESERIES_REQUEST"] TimeseriesFormulaResponseType: default: "timeseries_response" description: The type of the resource. The value should always be timeseries_response. enum: ["timeseries_response"] example: "timeseries_response" type: string x-enum-varnames: ["TIMESERIES_RESPONSE"] TimeseriesQuery: description: An individual timeseries query to one of the basic Datadog data sources. example: data_source: metrics query: "avg:system.cpu.user{*} by {env}" oneOf: - $ref: "#/components/schemas/MetricsTimeseriesQuery" - $ref: "#/components/schemas/EventsTimeseriesQuery" - $ref: "#/components/schemas/ApmResourceStatsQuery" - $ref: "#/components/schemas/ApmMetricsQuery" - $ref: "#/components/schemas/ApmDependencyStatsQuery" - $ref: "#/components/schemas/SloQuery" - $ref: "#/components/schemas/ProcessTimeseriesQuery" - $ref: "#/components/schemas/ContainerTimeseriesQuery" TimeseriesResponse: description: A message containing the response to a timeseries query. properties: attributes: $ref: "#/components/schemas/TimeseriesResponseAttributes" type: $ref: "#/components/schemas/TimeseriesFormulaResponseType" type: object TimeseriesResponseAttributes: description: The object describing a timeseries response. properties: series: $ref: "#/components/schemas/TimeseriesResponseSeriesList" times: $ref: "#/components/schemas/TimeseriesResponseTimes" values: $ref: "#/components/schemas/TimeseriesResponseValuesList" type: object TimeseriesResponseSeries: description: A single series in a timeseries query response, containing the query index, unit information, and group tags. properties: group_tags: $ref: "#/components/schemas/GroupTags" query_index: description: The index of the query in the "formulas" array (or "queries" array if no "formulas" was specified). example: 0 format: int32 maximum: 2147483647 type: integer unit: description: |- Detailed information about the unit. The first element describes the "primary unit" (for example, `bytes` in `bytes per second`). The second element describes the "per unit" (for example, `second` in `bytes per second`). If the second element is not present, the API returns null. items: $ref: "#/components/schemas/Unit" nullable: true type: array type: object TimeseriesResponseSeriesList: description: Array of response series. The index here corresponds to the index in the `formulas` or `queries` array from the request. items: $ref: "#/components/schemas/TimeseriesResponseSeries" type: array TimeseriesResponseTimes: description: Array of times, 1-1 match with individual values arrays. items: description: Start date (inclusive) of the query in seconds since the Unix epoch. example: 1568899800000 format: int64 type: integer type: array TimeseriesResponseValues: description: Array of values for an individual formula or query. example: [1575317847.0, 0.5] items: description: An individual value for a given time. format: double nullable: true type: number type: array TimeseriesResponseValuesList: description: Array of value-arrays. The index here corresponds to the index in the `formulas` or `queries` array from the request. items: $ref: "#/components/schemas/TimeseriesResponseValues" type: array TokenName: description: Name for tokens. example: MyTokenName pattern: ^[A-Za-z][A-Za-z\\d]*$ type: string TokenType: description: The definition of `TokenType` object. enum: - SECRET example: SECRET type: string x-enum-varnames: - SECRET TransportWebhookLog: description: A single email transport webhook log event. properties: attributes: $ref: "#/components/schemas/TransportWebhookLogAttributes" date: description: The ISO 8601 timestamp of the event. example: "2024-01-15T10:30:00Z" format: date-time type: string log_id: description: The unique log event identifier. example: "AQAAAZPHnBT0TwJAdgAAAABBWlBIblVlNEFBQ0dFMmVkYTFDSnRR" type: string source: description: The email transport provider. example: "sendgrid" type: string status: description: The log status level. example: "info" type: string tags: description: A list of tags associated with the event. example: ["env:production"] items: description: A tag in key:value or key-only form (for example, env:production). type: string type: array required: - date - log_id - source - status - tags - attributes type: object TransportWebhookLogAttributes: description: Top-level attributes for the webhook log event, including delivery status, recipient details, and provider metadata. properties: category: description: The event categories. example: ["transactional"] items: description: An event category assigned by the transport provider. type: string type: array email: $ref: "#/components/schemas/TransportWebhookLogEmail" email_id: description: The unique email identifier. example: "abc123-def456" type: string email_type_display_name: description: The human-readable email type name. example: "Monitor Alert" type: string message: $ref: "#/components/schemas/TransportWebhookLogMessage" network: $ref: "#/components/schemas/TransportWebhookLogNetwork" org: description: The numeric organization identifier. example: 1234 format: int64 type: integer org_metadata: $ref: "#/components/schemas/TransportWebhookLogOrgMetadata" org_uuid: description: The organization UUID. example: "8dee7c38-00cb-11ea-a77b-8b5a08d3b091" type: string queue_time: description: The timestamp when the email was queued. example: "2024-01-15T10:29:00Z" type: string sg_machine_open: description: Indicates whether the open event was triggered by automated machine activity rather than a human recipient (SendGrid-specific). type: boolean subject: description: The email subject line. example: "[Monitor Alert] CPU usage is high" type: string useragent: description: The user agent string for open events. example: "Mozilla/5.0" type: string type: object TransportWebhookLogBatchRequest: description: A batch of email transport webhook log events. items: $ref: "#/components/schemas/TransportWebhookLog" type: array TransportWebhookLogEmail: description: The email address details. properties: address: description: The recipient email address. example: "user@example.com" type: string domain: description: The recipient domain. example: "example.com" type: string subject: description: The email subject line. example: "[Monitor Alert] CPU usage is high" type: string type: description: Email categorization tags applied by the transport provider (for example, "transactional", "marketing"). example: ["transactional"] items: description: An email type classification (for example, "transactional", "user"). type: string type: array type: object TransportWebhookLogIpAttribute: description: An IP attribute with its sources. properties: ip: description: The IP address. example: "192.168.1.1" type: string source: description: The transport providers or systems that reported this IP address. example: ["sendgrid"] items: description: A transport provider or system that reported this IP address. type: string type: array type: object TransportWebhookLogMessage: description: The message delivery event details. properties: auth: $ref: "#/components/schemas/TransportWebhookLogMessageAuth" custom_args: $ref: "#/components/schemas/TransportWebhookLogMessageCustomArgs" id: $ref: "#/components/schemas/TransportWebhookLogMessageId" name: description: The delivery event type emitted by the transport provider (for example, "delivered", "dropped", "bounced"). example: "delivered" type: string response: $ref: "#/components/schemas/TransportWebhookLogMessageResponse" sender_ip: description: The IP address of the sending server. example: "192.168.1.1" type: string timestamp: $ref: "#/components/schemas/TransportWebhookLogMessageTimestamp" type: object TransportWebhookLogMessageAuth: description: The message authentication details. properties: delivered_with_tls: description: The TLS version or negotiation information. example: "TLSv1.2" type: string type: object TransportWebhookLogMessageCustomArgs: description: Custom arguments passed through the email transport provider for tracking. properties: email_id: description: The unique email identifier. example: "abc123-def456" type: string email_type_display_name: description: The human-readable email type name. example: "Monitor Alert" type: string org_uuid: description: The organization UUID. example: "8dee7c38-00cb-11ea-a77b-8b5a08d3b091" type: string queue_time: description: The timestamp when the email was queued. example: "2024-01-15T10:29:00Z" type: string subject: description: The email subject line. example: "[Monitor Alert] CPU usage is high" type: string type: object TransportWebhookLogMessageId: description: The message identifiers. properties: message_id: description: The RFC 5322 Message-ID. example: "" type: string smtp_id: description: The SMTP transaction identifier. example: "" type: string transport_event_id: description: The transport provider event identifier. example: "evt_abc123" type: string type: object TransportWebhookLogMessageResponse: description: The SMTP response information. properties: enhanced_smtp_code: description: The enhanced SMTP status code. example: "2.0.0" type: string reason: description: The SMTP response message. example: "250 2.0.0 OK" type: string smtp_code: description: The SMTP status code. example: "250" type: string type: object TransportWebhookLogMessageTimestamp: description: The message delivery timing information. properties: event_timestamp: description: The Unix timestamp of the event. example: 1705312200.0 format: double type: number lifetime: description: The total delivery time in seconds. example: 3.2 format: double type: number queue_time: description: Number of seconds the message spent in the delivery queue. example: 1.5 format: double type: number scheduled_time: description: The scheduled delivery time as a Unix timestamp. example: 1705312190.0 format: double type: number type: object TransportWebhookLogNetwork: description: The network information for the event. properties: ip: $ref: "#/components/schemas/TransportWebhookLogNetworkIp" type: object TransportWebhookLogNetworkIp: description: The IP address information. properties: attributes: description: Per-IP attribute records, each pairing an IP address with the providers that observed it. items: $ref: "#/components/schemas/TransportWebhookLogIpAttribute" type: array list: description: The list of IP addresses. example: ["192.168.1.1"] items: description: An IP address observed during message delivery. type: string type: array type: object TransportWebhookLogOrgMetadata: description: Metadata about the organization that sent the email. properties: billing_country: description: Country code or name used for billing purposes. type: string billing_plan: description: The Datadog billing plan for the organization (for example, "pro", "enterprise"). type: string customer_tier: description: Support or account tier assigned to the organization (for example, "tier-1"). type: string domain: description: Primary email domain associated with the organization (for example, "example.com"). type: string industry: description: Industry classification of the organization (for example, "technology", "finance"). type: string is_bugbounty: description: Whether the organization is enrolled in the Datadog bug bounty program. type: string is_msp: description: Whether the organization operates as a Managed Service Provider managing child orgs. type: string name: description: Display name of the organization as configured in Datadog account settings. type: string org_uuid: description: Globally unique identifier for the Datadog organization (UUID v1 format). type: string parent_org_id: description: Identifier of the immediate parent organization, if this is a child org. type: string premium_support: description: Whether the organization has a premium support plan with Datadog. type: string root_org_id: description: Identifier of the top-level parent organization in a multi-org account hierarchy. type: string root_org_name: description: Display name of the top-level parent organization in a multi-org account hierarchy. type: string shipping_country: description: Country code or name used for shipping or regional assignment. type: string website: description: Website URL provided during organization registration. type: string when_created: description: ISO 8601 timestamp of when the Datadog organization was created. type: string type: object Trigger: description: "One of the triggers that can start the execution of a workflow." oneOf: - $ref: "#/components/schemas/APITriggerWrapper" - $ref: "#/components/schemas/AppTriggerWrapper" - $ref: "#/components/schemas/CaseTriggerWrapper" - $ref: "#/components/schemas/ChangeEventTriggerWrapper" - $ref: "#/components/schemas/DatabaseMonitoringTriggerWrapper" - $ref: "#/components/schemas/DatastoreTriggerWrapper" - $ref: "#/components/schemas/DashboardTriggerWrapper" - $ref: "#/components/schemas/FormTriggerWrapper" - $ref: "#/components/schemas/GithubWebhookTriggerWrapper" - $ref: "#/components/schemas/IncidentTriggerWrapper" - $ref: "#/components/schemas/MonitorTriggerWrapper" - $ref: "#/components/schemas/NotebookTriggerWrapper" - $ref: "#/components/schemas/OnCallTriggerWrapper" - $ref: "#/components/schemas/ScheduleTriggerWrapper" - $ref: "#/components/schemas/SecurityTriggerWrapper" - $ref: "#/components/schemas/SelfServiceTriggerWrapper" - $ref: "#/components/schemas/SlackTriggerWrapper" - $ref: "#/components/schemas/SoftwareCatalogTriggerWrapper" - $ref: "#/components/schemas/WorkflowTriggerWrapper" TriggerAttributes: description: The trigger definition for starting an investigation. properties: monitor_alert_trigger: $ref: "#/components/schemas/MonitorAlertTriggerAttributes" type: $ref: "#/components/schemas/TriggerType" required: - type - monitor_alert_trigger type: object TriggerInvestigationRequest: description: Request to trigger a new investigation. properties: data: $ref: "#/components/schemas/TriggerInvestigationRequestData" required: - data type: object TriggerInvestigationRequestData: description: Data for the trigger investigation request. properties: attributes: $ref: "#/components/schemas/TriggerInvestigationRequestDataAttributes" type: $ref: "#/components/schemas/TriggerInvestigationRequestType" required: - type - attributes type: object TriggerInvestigationRequestDataAttributes: description: Attributes for the trigger investigation request. properties: trigger: $ref: "#/components/schemas/TriggerAttributes" required: - trigger type: object TriggerInvestigationRequestType: description: The resource type for trigger investigation requests. enum: - trigger_investigation_request example: trigger_investigation_request type: string x-enum-varnames: - TRIGGER_INVESTIGATION_REQUEST TriggerInvestigationResponse: description: Response after triggering an investigation. properties: data: $ref: "#/components/schemas/TriggerInvestigationResponseData" required: - data type: object TriggerInvestigationResponseData: description: Data for the trigger investigation response. properties: attributes: $ref: "#/components/schemas/TriggerInvestigationResponseDataAttributes" id: description: Unique identifier for the trigger response. example: "f5e6a7b8-c9d0-1e2f-3a4b-5c6d7e8f9a0b" type: string type: $ref: "#/components/schemas/TriggerInvestigationResponseType" required: - id - type - attributes type: object TriggerInvestigationResponseDataAttributes: description: Attributes for the trigger investigation response. properties: investigation_id: description: The ID of the investigation that was created. example: "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" type: string required: - investigation_id type: object TriggerInvestigationResponseType: description: The resource type for trigger investigation responses. enum: - trigger_investigation_response example: trigger_investigation_response type: string x-enum-varnames: - TRIGGER_INVESTIGATION_RESPONSE TriggerRateLimit: description: Defines a rate limit for a trigger. properties: count: description: The `TriggerRateLimit` `count`. format: int64 type: integer interval: description: The `TriggerRateLimit` `interval`. The expected format is the number of seconds ending with an s. For example, 1 day is 86400s type: string type: object TriggerSource: description: |- The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". enum: - security_findings - security_signals example: security_findings type: string x-enum-varnames: - SECURITY_FINDINGS - SECURITY_SIGNALS TriggerType: description: The type of trigger for the investigation. enum: - monitor_alert_trigger example: monitor_alert_trigger type: string x-enum-varnames: - MONITOR_ALERT_TRIGGER TriggerWorkflowAutomationAction: description: "Triggers a Workflow Automation." properties: handle: description: "The handle of the Workflow Automation to trigger." example: my-workflow-handle type: string type: $ref: "#/components/schemas/TriggerWorkflowAutomationActionType" required: - type - handle type: object TriggerWorkflowAutomationActionType: default: workflow description: "Indicates that the action triggers a Workflow Automation." enum: - workflow example: workflow type: string x-enum-varnames: - TRIGGER_WORKFLOW_AUTOMATION UCConfigPair: description: The definition of `UCConfigPair` object. example: data: attributes: configs: - account_id: 1234abcd-1234-abcd-1234-1234abcd1234 client_id: 1234abcd-1234-abcd-1234-1234abcd1234 created_at: "2023-01-01T12:00:00.000000" dataset_type: actual error_messages: [] export_name: dd-actual-export export_path: dd-export-path id: "123456789123" months: 36 scope: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 status: active status_updated_at: "2023-01-01T12:00:00.000000" storage_account: dd-storage-account storage_container: dd-storage-container updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: azure_uc_configs properties: data: $ref: "#/components/schemas/UCConfigPairData" type: object UCConfigPairData: description: The definition of `UCConfigPairData` object. properties: attributes: $ref: "#/components/schemas/UCConfigPairDataAttributes" id: description: The `UCConfigPairData` `id`. type: string type: $ref: "#/components/schemas/UCConfigPairDataType" required: - type type: object UCConfigPairDataAttributes: description: The definition of `UCConfigPairDataAttributes` object. properties: configs: description: The `attributes` `configs`. items: $ref: "#/components/schemas/UCConfigPairDataAttributesConfigsItems" type: array type: object UCConfigPairDataAttributesConfigsItems: description: The definition of `UCConfigPairDataAttributesConfigsItems` object. properties: account_id: description: The `items` `account_id`. type: string client_id: description: The `items` `client_id`. type: string created_at: description: The `items` `created_at`. type: string dataset_type: description: The `items` `dataset_type`. type: string error_messages: description: The `items` `error_messages`. items: description: An error message string. type: string nullable: true type: array export_name: description: The `items` `export_name`. type: string export_path: description: The `items` `export_path`. type: string id: description: The `items` `id`. type: string months: description: The `items` `months`. format: int64 type: integer scope: description: The `items` `scope`. type: string status: description: The `items` `status`. type: string status_updated_at: description: The `items` `status_updated_at`. type: string storage_account: description: The `items` `storage_account`. type: string storage_container: description: The `items` `storage_container`. type: string updated_at: description: The `items` `updated_at`. type: string type: object UCConfigPairDataType: default: azure_uc_configs description: Azure UC configs resource type. enum: - azure_uc_configs example: azure_uc_configs type: string x-enum-varnames: - AZURE_UC_CONFIGS UnassignSeatsUserRequest: description: The request body for unassigning seats from users for a product code. properties: data: $ref: "#/components/schemas/UnassignSeatsUserRequestData" description: The data for the unassign seats user request. type: object UnassignSeatsUserRequestData: description: The request data object containing attributes for unassigning seats from users. properties: attributes: $ref: "#/components/schemas/UnassignSeatsUserRequestDataAttributes" description: The attributes of the unassign seats user request. id: description: The ID of the unassign seats user request. type: string type: $ref: "#/components/schemas/SeatAssignmentsDataType" description: The type of the unassign seats user request. required: - type - attributes type: object UnassignSeatsUserRequestDataAttributes: description: Attributes specifying the product and users from whom seats will be unassigned. properties: product_code: description: The product code for which to unassign seats. example: "" type: string user_uuids: description: The list of user IDs to unassign seats from. example: - "" items: description: A user UUID identifying a user to unassign seats from. type: string type: array required: - product_code - user_uuids type: object Unit: description: Object containing the metric unit family, scale factor, name, and short name. nullable: true properties: family: description: Unit family, allows for conversion between units of the same family, for scaling. example: time type: string name: description: Unit name example: minute type: string plural: description: Plural form of the unit name. example: minutes type: string scale_factor: description: Factor for scaling between units of the same family. example: 60.0 format: double type: number short_name: description: Abbreviation of the unit. example: min type: string type: object UnpublishAppResponse: description: The response object after an app is successfully unpublished. properties: data: $ref: "#/components/schemas/Deployment" type: object UpdateActionConnectionRequest: description: Request used to update an action connection. properties: data: $ref: "#/components/schemas/ActionConnectionDataUpdate" required: - data type: object UpdateActionConnectionResponse: description: The response for an updated connection. properties: data: $ref: "#/components/schemas/ActionConnectionData" type: object UpdateAppRequest: description: A request object for updating an existing app. example: data: attributes: components: - events: [] name: grid0 properties: children: - events: [] name: gridCell0 properties: children: - events: [] name: calloutValue0 properties: isDisabled: false isLoading: false isVisible: true label: CPU Usage size: sm style: vivid_yellow unit: kB value: "42" type: calloutValue isVisible: "true" layout: default: height: 8 width: 2 x: 0 "y": 0 type: gridCell type: grid description: "This is a simple example app" name: "Example App" queries: [] rootInstanceName: grid0 id: "9e20cbaf-68da-45a6-9ccf-54193ac29fa5" type: appDefinitions properties: data: $ref: "#/components/schemas/UpdateAppRequestData" type: object UpdateAppRequestData: description: The data object containing the new app definition. Any fields not included in the request remain unchanged. properties: attributes: $ref: "#/components/schemas/UpdateAppRequestDataAttributes" id: description: The ID of the app to update. The app ID must match the ID in the URL path. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDefinitionType" required: - type type: object UpdateAppRequestDataAttributes: description: App definition attributes to be updated, such as name, description, and components. properties: components: description: The new UI components that make up the app. If this field is set, all existing components are replaced with the new components under this field. items: $ref: "#/components/schemas/ComponentGrid" type: array description: description: The new human-readable description for the app. type: string name: description: The new name of the app. type: string queries: description: The new array of queries, such as external actions and state variables, that the app uses. If this field is set, all existing queries are replaced with the new queries under this field. items: $ref: "#/components/schemas/Query" type: array rootInstanceName: description: The new name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: The new list of tags for the app, which can be used to filter apps. If this field is set, any existing tags not included in the request are removed. example: - "service:webshop-backend" - "team:webshop" items: description: An individual tag for the app. type: string type: array type: object UpdateAppResponse: description: The response object after an app is successfully updated. properties: data: $ref: "#/components/schemas/UpdateAppResponseData" included: description: Data on the version of the app that was published. items: $ref: "#/components/schemas/Deployment" type: array meta: $ref: "#/components/schemas/AppMeta" relationship: $ref: "#/components/schemas/AppRelationship" type: object UpdateAppResponseData: description: The data object containing the updated app definition. properties: attributes: $ref: "#/components/schemas/UpdateAppResponseDataAttributes" id: description: The ID of the updated app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: "#/components/schemas/AppDefinitionType" required: - id - type - attributes type: object UpdateAppResponseDataAttributes: description: The updated app definition attributes, such as name, description, and components. properties: components: description: The UI components that make up the app. items: $ref: "#/components/schemas/ComponentGrid" type: array description: description: The human-readable description for the app. type: string favorite: description: Whether the app is marked as a favorite by the current user. type: boolean name: description: The name of the app. type: string queries: description: An array of queries, such as external actions and state variables, that the app uses. items: $ref: "#/components/schemas/Query" type: array rootInstanceName: description: The name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: A list of tags for the app, which can be used to filter apps. example: - "service:webshop-backend" - "team:webshop" items: description: An individual tag for the app. type: string type: array type: object UpdateAppsDatastoreItemRequest: description: Request to update specific fields on an existing datastore item. properties: data: $ref: "#/components/schemas/UpdateAppsDatastoreItemRequestData" type: object UpdateAppsDatastoreItemRequestData: description: Data wrapper containing the item identifier and the changes to apply during the update operation. properties: attributes: $ref: "#/components/schemas/UpdateAppsDatastoreItemRequestDataAttributes" id: description: The unique identifier of the datastore item. type: string type: $ref: "#/components/schemas/UpdateAppsDatastoreItemRequestDataType" required: - type type: object UpdateAppsDatastoreItemRequestDataAttributes: description: Attributes for updating a datastore item, including the item key and changes to apply. properties: id: description: The unique identifier of the item being updated. type: string item_changes: $ref: "#/components/schemas/UpdateAppsDatastoreItemRequestDataAttributesItemChanges" item_key: description: The primary key that identifies the item to update. Cannot exceed 256 characters. example: "" maxLength: 256 type: string required: - item_changes - item_key type: object UpdateAppsDatastoreItemRequestDataAttributesItemChanges: description: Changes to apply to a datastore item using set operations. properties: ops_set: additionalProperties: {} description: Set operation that contains key-value pairs to set on the datastore item. type: object type: object UpdateAppsDatastoreItemRequestDataType: default: items description: The resource type for datastore items. enum: - items example: items type: string x-enum-varnames: - ITEMS UpdateAppsDatastoreRequest: description: Request to update a datastore's configuration such as its name or description. properties: data: $ref: "#/components/schemas/UpdateAppsDatastoreRequestData" type: object UpdateAppsDatastoreRequestData: description: Data wrapper containing the datastore identifier and the attributes to update. properties: attributes: $ref: "#/components/schemas/UpdateAppsDatastoreRequestDataAttributes" id: description: The unique identifier of the datastore to update. type: string type: $ref: "#/components/schemas/DatastoreDataType" required: - type type: object UpdateAppsDatastoreRequestDataAttributes: description: Attributes that can be updated on a datastore. properties: description: description: A human-readable description about the datastore. type: string name: description: The display name of the datastore. type: string type: object UpdateCampaignRequest: description: Request to update a campaign. properties: data: $ref: "#/components/schemas/UpdateCampaignRequestData" required: - data type: object UpdateCampaignRequestAttributes: description: Attributes for updating a campaign. properties: description: description: The description of the campaign. example: Campaign to improve security posture for Q1 2024. type: string due_date: description: The due date of the campaign. example: "2024-03-31T23:59:59Z" format: date-time type: string entity_scope: description: Entity scope query to filter entities for this campaign. example: kind:service AND team:platform type: string guidance: description: Guidance for the campaign. example: Please ensure all services pass the security requirements. type: string key: description: The unique key for the campaign. example: q1-security-2024 type: string name: description: The name of the campaign. example: Q1 Security Campaign type: string owner_id: description: The UUID of the campaign owner. example: 550e8400-e29b-41d4-a716-446655440000 type: string rule_ids: description: Array of rule IDs associated with this campaign. example: ["q8MQxk8TCqrHnWkx", "r9NRyl9UDrsIoXly"] items: description: The unique ID of a scorecard rule. type: string type: array start_date: description: The start date of the campaign. example: "2024-01-01T00:00:00Z" format: date-time type: string status: description: The status of the campaign. example: in_progress type: string required: - name - owner_id - status - start_date - rule_ids type: object UpdateCampaignRequestData: description: Data for updating a campaign. properties: attributes: $ref: "#/components/schemas/UpdateCampaignRequestAttributes" type: $ref: "#/components/schemas/CampaignType" required: - type - attributes type: object UpdateConnectionRequest: description: Request body for updating an existing data source connection by adding, modifying, or removing fields. example: data: attributes: fields_to_add: - description: Net Promoter Score from customer surveys display_name: NPS Score groups: - Satisfaction - Metrics id: nps_score source_name: net_promoter_score type: number fields_to_delete: - old_revenue_field fields_to_update: - field_id: lifetime_value updated_display_name: Customer Lifetime Value (`USD`) updated_groups: - Financial - Metrics id: crm-integration type: connection_id properties: data: $ref: "#/components/schemas/UpdateConnectionRequestData" type: object UpdateConnectionRequestData: description: The data object containing the resource identifier and attributes for updating an existing connection. properties: attributes: $ref: "#/components/schemas/UpdateConnectionRequestDataAttributes" id: description: The unique identifier of the connection to update. example: "" type: string type: $ref: "#/components/schemas/UpdateConnectionRequestDataType" required: - type - id type: object UpdateConnectionRequestDataAttributes: description: Attributes specifying the field modifications to apply to an existing connection. properties: fields_to_add: description: New fields to add to the connection from the data source. items: $ref: "#/components/schemas/CreateConnectionRequestDataAttributesFieldsItems" type: array fields_to_delete: description: Identifiers of existing fields to remove from the connection. items: description: The identifier of a field to delete from the connection. type: string type: array fields_to_update: description: Existing fields with updated metadata to apply to the connection. items: $ref: "#/components/schemas/UpdateConnectionRequestDataAttributesFieldsToUpdateItems" type: array type: object UpdateConnectionRequestDataAttributesFieldsToUpdateItems: description: Specification for updating an existing field in a connection, including which field to modify and the new values. properties: field_id: description: The identifier of the existing field to update. example: "" type: string updated_description: description: The new description to set for the field. type: string updated_display_name: description: The new human-readable display name to set for the field. type: string updated_field_id: description: The new identifier to assign to the field, if renaming it. type: string updated_groups: description: The updated list of group labels to associate with the field. items: description: A group label name for categorizing the field. type: string type: array required: - field_id type: object UpdateConnectionRequestDataType: default: connection_id description: Connection id resource type. enum: - connection_id example: connection_id type: string x-enum-varnames: - CONNECTION_ID UpdateCustomFrameworkRequest: description: Request object to update a custom framework. properties: data: $ref: "#/components/schemas/CustomFrameworkData" required: - data type: object UpdateCustomFrameworkResponse: description: Response object to update a custom framework. properties: data: $ref: "#/components/schemas/FrameworkHandleAndVersionResponseData" required: - data type: object UpdateDeploymentGateParams: description: Parameters for updating a deployment gate. properties: data: $ref: "#/components/schemas/UpdateDeploymentGateParamsData" required: - data type: object UpdateDeploymentGateParamsData: description: Parameters for updating a deployment gate. properties: attributes: $ref: "#/components/schemas/UpdateDeploymentGateParamsDataAttributes" id: description: Unique identifier of the deployment gate. example: "12345678-1234-1234-1234-123456789012" type: string type: $ref: "#/components/schemas/DeploymentGateDataType" required: - type - id - attributes type: object UpdateDeploymentGateParamsDataAttributes: description: Attributes for updating a deployment gate. properties: dry_run: description: Whether to run in dry-run mode. example: false type: boolean required: - dry_run type: object UpdateDeploymentRuleParams: description: Parameters for updating a deployment rule. properties: data: $ref: "#/components/schemas/UpdateDeploymentRuleParamsData" required: - data type: object UpdateDeploymentRuleParamsData: description: Parameters for updating a deployment rule. properties: attributes: $ref: "#/components/schemas/UpdateDeploymentRuleParamsDataAttributes" type: $ref: "#/components/schemas/DeploymentRuleDataType" required: - type - attributes type: object UpdateDeploymentRuleParamsDataAttributes: description: Parameters for updating a deployment rule. properties: dry_run: description: Whether to run this rule in dry-run mode. example: false type: boolean name: description: The name of the deployment rule. example: "Updated deployment rule" type: string options: $ref: "#/components/schemas/DeploymentRulesOptions" required: - dry_run - name - options type: object UpdateEnvironmentAttributes: description: Attributes for updating an environment. properties: is_production: description: Indicates whether this is a production environment. example: false type: boolean name: description: The name of the environment. example: "Environment XYZ789" type: string queries: description: List of queries to define the environment scope. example: ["staging", "test"] items: description: A query string used to match the environment scope. type: string minItems: 1 type: array require_feature_flag_approval: description: Indicates whether feature flag changes require approval in this environment. example: true type: boolean type: object UpdateEnvironmentData: description: Data for updating an environment. properties: attributes: $ref: "#/components/schemas/UpdateEnvironmentAttributes" type: $ref: "#/components/schemas/UpdateEnvironmentDataType" required: - type - attributes type: object UpdateEnvironmentDataType: description: The resource type. enum: - "environments" example: "environments" type: string x-enum-varnames: - ENVIRONMENTS UpdateEnvironmentRequest: description: Request to update an environment. properties: data: $ref: "#/components/schemas/UpdateEnvironmentData" required: - data type: object UpdateFeatureFlagAttributes: description: Attributes for updating a feature flag. properties: description: description: The description of the feature flag. example: "Updated description for feature flag XYZ789" type: string json_schema: description: JSON schema for validation when value_type is JSON. example: '{"type": "object", "properties": {"enabled": {"type": "boolean"}}}' nullable: true type: string name: description: The name of the feature flag. example: "Updated Feature Flag XYZ789" type: string type: object UpdateFeatureFlagData: description: Data for updating a feature flag. properties: attributes: $ref: "#/components/schemas/UpdateFeatureFlagAttributes" type: $ref: "#/components/schemas/UpdateFeatureFlagDataType" required: - type - attributes type: object UpdateFeatureFlagDataType: description: The resource type. enum: - "feature-flags" example: "feature-flags" type: string x-enum-varnames: - FEATURE_FLAGS UpdateFeatureFlagRequest: description: Request to update a feature flag. properties: data: $ref: "#/components/schemas/UpdateFeatureFlagData" required: - data type: object UpdateFlakyTestsRequest: description: Request to update the state of multiple flaky tests. properties: data: $ref: "#/components/schemas/UpdateFlakyTestsRequestData" required: - data type: object UpdateFlakyTestsRequestAttributes: description: Attributes for updating flaky test states. properties: tests: description: List of flaky tests to update. items: $ref: "#/components/schemas/UpdateFlakyTestsRequestTest" type: array required: - tests type: object UpdateFlakyTestsRequestData: description: The JSON:API data for updating flaky test states. properties: attributes: $ref: "#/components/schemas/UpdateFlakyTestsRequestAttributes" type: $ref: "#/components/schemas/UpdateFlakyTestsRequestDataType" required: - type - attributes type: object UpdateFlakyTestsRequestDataType: description: The definition of `UpdateFlakyTestsRequestDataType` object. enum: - update_flaky_test_state_request example: update_flaky_test_state_request type: string x-enum-varnames: - UPDATE_FLAKY_TEST_STATE_REQUEST UpdateFlakyTestsRequestTest: description: Details of what tests to update and their new attributes. properties: id: description: The ID of the flaky test. This is the same ID returned by the Search flaky tests endpoint and corresponds to the test_fingerprint_fqn field in test run events. example: 4eb1887a8adb1847 type: string new_state: $ref: "#/components/schemas/UpdateFlakyTestsRequestTestNewState" required: - id - new_state type: object UpdateFlakyTestsRequestTestNewState: description: The new state to set for the flaky test. enum: - active - quarantined - disabled - fixed example: active type: string x-enum-varnames: - ACTIVE - QUARANTINED - DISABLED - FIXED UpdateFlakyTestsResponse: description: Response object for updating flaky test states. properties: data: $ref: "#/components/schemas/UpdateFlakyTestsResponseData" type: object UpdateFlakyTestsResponseAttributes: description: Attributes for the update flaky test state response. properties: has_errors: description: "`True` if any errors occurred during the update operations. `False` if all tests succeeded to be updated." example: true type: boolean results: description: Results of the update operation for each test. items: $ref: "#/components/schemas/UpdateFlakyTestsResponseResult" type: array required: - has_errors - results type: object UpdateFlakyTestsResponseData: description: Summary of the update operations. Tells whether a test succeeded or failed to be updated. properties: attributes: $ref: "#/components/schemas/UpdateFlakyTestsResponseAttributes" id: description: The ID of the response. type: string type: $ref: "#/components/schemas/UpdateFlakyTestsResponseDataType" type: object UpdateFlakyTestsResponseDataType: description: The definition of `UpdateFlakyTestsResponseDataType` object. enum: - update_flaky_test_state_response type: string x-enum-varnames: - UPDATE_FLAKY_TEST_STATE_RESPONSE UpdateFlakyTestsResponseResult: description: Result of updating a single flaky test state. properties: error: description: Error message if the update failed. type: string id: description: The ID of the flaky test from the request. This is the same ID returned by the Search flaky tests endpoint and corresponds to the test_fingerprint_fqn field in test run events. example: 4eb1887a8adb1847 type: string success: description: "`True` if the update was successful, `False` if there were any errors." example: false type: boolean required: - id - success type: object UpdateOnCallNotificationRuleRequest: description: A top-level wrapper for updating a notification rule for a user example: data: attributes: "category": "high_urgency" channel_settings: method: "sms" type: "phone" "delay_minutes": 1 id: 2462ace1-49e2-aab1-xc4f-29cc4ae1105n7 relationships: channel: data: id: 1562fab3-a8c2-49e2-8f3a-28dcda2405e2 type: notification_channels type: notification_rules properties: data: $ref: "#/components/schemas/UpdateOnCallNotificationRuleRequestData" required: - data type: object UpdateOnCallNotificationRuleRequestAttributes: description: Attributes for creating or modifying an on-call notification rule. properties: category: $ref: "#/components/schemas/OnCallNotificationRuleCategory" channel_settings: $ref: "#/components/schemas/OnCallNotificationRuleChannelSettings" description: Configuration for the associated channel, if necessary nullable: true delay_minutes: description: The number of minutes that will elapse before this rule is evaluated. 0 indicates immediate evaluation format: int64 type: integer type: object UpdateOnCallNotificationRuleRequestData: description: Data for updating an on-call notification rule properties: attributes: $ref: "#/components/schemas/UpdateOnCallNotificationRuleRequestAttributes" id: description: Unique identifier for the rule type: string relationships: $ref: "#/components/schemas/OnCallNotificationRuleRelationships" type: $ref: "#/components/schemas/OnCallNotificationRuleType" required: - type type: object UpdateOpenAPIResponse: description: Response for `UpdateOpenAPI`. properties: data: $ref: "#/components/schemas/UpdateOpenAPIResponseData" type: object UpdateOpenAPIResponseAttributes: description: Attributes for `UpdateOpenAPI`. properties: failed_endpoints: description: List of endpoints which couldn't be parsed. items: $ref: "#/components/schemas/OpenAPIEndpoint" type: array type: object UpdateOpenAPIResponseData: description: Data envelope for `UpdateOpenAPIResponse`. properties: attributes: $ref: "#/components/schemas/UpdateOpenAPIResponseAttributes" id: $ref: "#/components/schemas/ApiID" type: object UpdateOutcomesAsyncAttributes: description: The JSON:API attributes for a batched set of scorecard outcomes. properties: results: description: Set of scorecard outcomes to update asynchronously. items: $ref: "#/components/schemas/UpdateOutcomesAsyncRequestItem" type: array type: object UpdateOutcomesAsyncRequest: description: Scorecard outcomes batch request. properties: data: $ref: "#/components/schemas/UpdateOutcomesAsyncRequestData" type: object UpdateOutcomesAsyncRequestData: description: Scorecard outcomes batch request data. properties: attributes: $ref: "#/components/schemas/UpdateOutcomesAsyncAttributes" type: $ref: "#/components/schemas/UpdateOutcomesAsyncType" type: object UpdateOutcomesAsyncRequestItem: description: Scorecard outcome for a single entity and rule. properties: entity_reference: $ref: "#/components/schemas/EntityReference" remarks: description: >- Any remarks regarding the scorecard rule's evaluation. Supports HTML hyperlinks. example: 'See: Services' type: string rule_id: $ref: "#/components/schemas/RuleId" state: $ref: "#/components/schemas/State" required: - rule_id - entity_reference - state type: object UpdateOutcomesAsyncType: default: batched-outcome description: The JSON:API type for scorecard outcomes. enum: [batched-outcome] example: batched-outcome type: string x-enum-varnames: [BATCHED_OUTCOME] UpdateResourceEvaluationFiltersRequest: description: Request object to update a resource filter. properties: data: $ref: "#/components/schemas/UpdateResourceEvaluationFiltersRequestData" required: - data type: object UpdateResourceEvaluationFiltersRequestData: description: The definition of `UpdateResourceFilterRequestData` object. properties: attributes: $ref: "#/components/schemas/ResourceFilterAttributes" id: description: The `UpdateResourceEvaluationFiltersRequestData` `id`. example: csm_resource_filter type: string type: $ref: "#/components/schemas/ResourceFilterRequestType" required: - attributes - type type: object UpdateResourceEvaluationFiltersResponse: description: The definition of `UpdateResourceEvaluationFiltersResponse` object. properties: data: $ref: "#/components/schemas/UpdateResourceEvaluationFiltersResponseData" required: - data type: object UpdateResourceEvaluationFiltersResponseData: description: The definition of `UpdateResourceFilterResponseData` object. properties: attributes: $ref: "#/components/schemas/ResourceFilterAttributes" id: description: The `data` `id`. example: csm_resource_filter type: string type: $ref: "#/components/schemas/ResourceFilterRequestType" required: - attributes - type type: object UpdateRuleRequest: description: Request to update a scorecard rule. properties: data: $ref: "#/components/schemas/UpdateRuleRequestData" type: object UpdateRuleRequestData: description: Data for the request to update a scorecard rule. properties: attributes: $ref: "#/components/schemas/RuleAttributesRequest" type: $ref: "#/components/schemas/RuleType" type: object UpdateRuleResponse: description: The response from a rule update request. properties: data: $ref: "#/components/schemas/UpdateRuleResponseData" type: object UpdateRuleResponseData: description: The data for a rule update response. properties: attributes: $ref: "#/components/schemas/RuleAttributes" id: $ref: "#/components/schemas/RuleId" relationships: $ref: "#/components/schemas/RelationshipToRule" type: $ref: "#/components/schemas/RuleType" type: object UpdateRulesetRequest: description: The definition of `UpdateRulesetRequest` object. example: data: attributes: enabled: true last_version: 1 name: Updated Ruleset rules: - enabled: true mapping: metadata: name: Add Cost Center Tag query: addition: key: cost_center value: engineering case_insensitivity: false if_tag_exists: do_not_apply query: account_id:"123456789" AND service:"web-api" reference_table: - enabled: true mapping: destination_key: team_owner if_tag_exists: do_not_apply source_keys: - account_name - account_id metadata: name: Account Name Mapping query: reference_table: - enabled: true mapping: metadata: name: New table rule with new UI query: reference_table: case_insensitivity: true field_pairs: - input_column: status_type output_key: status - input_column: status_description output_key: dess if_tag_exists: append source_keys: - http_status - status_description table_name: http_status_codes type: update_ruleset properties: data: $ref: "#/components/schemas/UpdateRulesetRequestData" type: object UpdateRulesetRequestData: description: The definition of `UpdateRulesetRequestData` object. properties: attributes: $ref: "#/components/schemas/UpdateRulesetRequestDataAttributes" id: description: The `UpdateRulesetRequestData` `id`. type: string type: $ref: "#/components/schemas/UpdateRulesetRequestDataType" required: - type type: object UpdateRulesetRequestDataAttributes: description: The definition of `UpdateRulesetRequestDataAttributes` object. properties: enabled: description: The `attributes` `enabled`. example: false type: boolean last_version: description: The `attributes` `last_version`. format: int64 type: integer rules: description: The `attributes` `rules`. items: $ref: "#/components/schemas/UpdateRulesetRequestDataAttributesRulesItems" type: array required: - enabled - rules type: object UpdateRulesetRequestDataAttributesRulesItems: description: The definition of `UpdateRulesetRequestDataAttributesRulesItems` object. properties: enabled: description: The `items` `enabled`. example: false type: boolean mapping: $ref: "#/components/schemas/DataAttributesRulesItemsMapping" metadata: $ref: "#/components/schemas/RulesetItemMetadata" name: description: The `items` `name`. example: "" type: string query: $ref: "#/components/schemas/UpdateRulesetRequestDataAttributesRulesItemsQuery" reference_table: $ref: "#/components/schemas/UpdateRulesetRequestDataAttributesRulesItemsReferenceTable" required: - enabled - name type: object UpdateRulesetRequestDataAttributesRulesItemsQuery: description: The definition of `UpdateRulesetRequestDataAttributesRulesItemsQuery` object. nullable: true properties: addition: $ref: "#/components/schemas/UpdateRulesetRequestDataAttributesRulesItemsQueryAddition" case_insensitivity: description: The `query` `case_insensitivity`. type: boolean if_not_exists: deprecated: true description: Deprecated. Use `if_tag_exists` instead. The `query` `if_not_exists`. type: boolean if_tag_exists: $ref: "#/components/schemas/DataAttributesRulesItemsIfTagExists" query: description: The `query` `query`. example: "" type: string required: - addition - query type: object UpdateRulesetRequestDataAttributesRulesItemsQueryAddition: description: The definition of `UpdateRulesetRequestDataAttributesRulesItemsQueryAddition` object. nullable: true properties: key: description: The `addition` `key`. example: "" type: string value: description: The `addition` `value`. example: "" type: string required: - key - value type: object UpdateRulesetRequestDataAttributesRulesItemsReferenceTable: description: The definition of `UpdateRulesetRequestDataAttributesRulesItemsReferenceTable` object. nullable: true properties: case_insensitivity: description: The `reference_table` `case_insensitivity`. type: boolean field_pairs: description: The `reference_table` `field_pairs`. items: $ref: "#/components/schemas/UpdateRulesetRequestDataAttributesRulesItemsReferenceTableFieldPairsItems" type: array if_not_exists: deprecated: true description: Deprecated. Use `if_tag_exists` instead. The `reference_table` `if_not_exists`. type: boolean if_tag_exists: $ref: "#/components/schemas/DataAttributesRulesItemsIfTagExists" source_keys: description: The `reference_table` `source_keys`. example: - "" items: description: A source key for the reference table lookup. type: string type: array table_name: description: The `reference_table` `table_name`. example: "" type: string required: - field_pairs - source_keys - table_name type: object UpdateRulesetRequestDataAttributesRulesItemsReferenceTableFieldPairsItems: description: The definition of `UpdateRulesetRequestDataAttributesRulesItemsReferenceTableFieldPairsItems` object. properties: input_column: description: The `items` `input_column`. example: "" type: string output_key: description: The `items` `output_key`. example: "" type: string required: - input_column - output_key type: object UpdateRulesetRequestDataType: default: update_ruleset description: Update ruleset resource type. enum: - update_ruleset example: update_ruleset type: string x-enum-varnames: - UPDATE_RULESET UpdateTenancyConfigData: description: The data object for updating an existing OCI tenancy integration configuration, including the tenancy ID, type, and updated attributes. properties: attributes: $ref: "#/components/schemas/UpdateTenancyConfigDataAttributes" id: description: The OCID of the OCI tenancy to update. example: "" type: string type: $ref: "#/components/schemas/UpdateTenancyConfigDataType" required: - type - id type: object UpdateTenancyConfigDataAttributes: description: Attributes for updating an existing OCI tenancy integration configuration, including optional credentials, region settings, and collection options. properties: auth_credentials: $ref: "#/components/schemas/UpdateTenancyConfigDataAttributesAuthCredentials" cost_collection_enabled: description: Whether cost data collection from OCI is enabled for the tenancy. type: boolean home_region: description: The home region of the OCI tenancy (for example, us-ashburn-1). type: string logs_config: $ref: "#/components/schemas/UpdateTenancyConfigDataAttributesLogsConfig" metrics_config: $ref: "#/components/schemas/UpdateTenancyConfigDataAttributesMetricsConfig" regions_config: $ref: "#/components/schemas/UpdateTenancyConfigDataAttributesRegionsConfig" resource_collection_enabled: description: Whether resource collection from OCI is enabled for the tenancy. type: boolean user_ocid: description: The OCID of the OCI user used by the Datadog integration for authentication. type: string type: object UpdateTenancyConfigDataAttributesAuthCredentials: description: OCI API signing key credentials used to update the Datadog integration's authentication with the OCI tenancy. properties: fingerprint: description: The fingerprint of the OCI API signing key used for authentication. type: string private_key: description: The PEM-encoded private key corresponding to the OCI API signing key fingerprint. example: "" type: string required: - private_key type: object UpdateTenancyConfigDataAttributesLogsConfig: description: Log collection configuration for updating an OCI tenancy, controlling which compartments and services have log collection enabled. properties: compartment_tag_filters: description: List of compartment tag filters to scope log collection to specific compartments. items: description: A compartment tag filter in key:value format (for example, datadog:true). type: string type: array enabled: description: Whether log collection is enabled for the tenancy. type: boolean enabled_services: description: List of OCI service names for which log collection is enabled. items: description: An OCI service name for which log collection is enabled (for example, compute). type: string type: array type: object UpdateTenancyConfigDataAttributesMetricsConfig: description: Metrics collection configuration for updating an OCI tenancy, controlling which compartments and services are included or excluded. properties: compartment_tag_filters: description: List of compartment tag filters to scope metrics collection to specific compartments. items: description: A compartment tag filter in key:value format (for example, datadog:true). type: string type: array enabled: description: Whether metrics collection is enabled for the tenancy. type: boolean excluded_services: description: List of OCI service names to exclude from metrics collection. items: description: An OCI service name to exclude from metrics collection (for example, compute). type: string type: array type: object UpdateTenancyConfigDataAttributesRegionsConfig: description: Region configuration for updating an OCI tenancy, specifying which regions are available, enabled, or disabled for data collection. properties: available: description: List of OCI regions available for data collection in the tenancy. items: description: An OCI region identifier (for example, us-ashburn-1). type: string type: array disabled: description: List of OCI regions explicitly disabled for data collection. items: description: An OCI region identifier (for example, us-phoenix-1). type: string type: array enabled: description: List of OCI regions enabled for data collection. items: description: An OCI region identifier (for example, us-ashburn-1). type: string type: array type: object UpdateTenancyConfigDataType: default: oci_tenancy description: OCI tenancy resource type. enum: - oci_tenancy example: oci_tenancy type: string x-enum-varnames: - OCI_TENANCY UpdateTenancyConfigRequest: description: Request body for updating an existing OCI tenancy integration configuration. example: data: attributes: auth_credentials: fingerprint: "" private_key: |- ----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdvSMmlfLyeD4M QsA3WlrWBqKdWa5eVV3/uODyqT3wWMEMIJHcG3/quNs8nh9xrK1/JkQT2qoKEHqR C5k59jN6Vp8em8ARJthMgam9K37ELt+IQ/G8ySTSuqZG8T4cHp/cs3fAclNqttOl YnGr4RbVAgMBAAECggEAGZNLGbyCUbIRTW6Kh4d8ZVC+eZtJMqGmGJ3KfVaW8Pjn QGWfSuJCEe2o2Y8G3phlidFauICnZ44enXA17Rhi+I/whnr7FIyQk2bR7rv+1Uhc mOJygWX5eFFMsledgVAdIAl9Luk2nykx7Un3g6rtbl/Vs+5k4m7ITLFMpCHzsJLU nm8kBzDOqY2JUkMd08nL88KL6QywWtal05UESzQpNFXd0e5kxYfexeMCsLsWP0mc quMLRbn7NuBjCbe9VU2kmIvcfDDaWjurT7d5m1OXx1cc8p6P4PFZTVyCjdhiWOr3 LQXZ4/vdZNR3zgEHypRoM6D9Yq99LWUOUEMrdiSLQQKBgQDQkh7C1OtAXnpy7F6R W+/I3zBHici2p7A57UT7VECQ1IVGg37/uus83DkuOtdZ33JmHLAVrwLFJvUlbyjx l6dc/1ms40L5HFdLgaVtd4k0rSPFeOSDr6evz0lX4yBuzlP0fEh+o3XHW7mwe2G+ rWCULF/Uqza66fjbCSKMNgLIXQKBgQDBm9nZg/s4S0THWCFNWcB1tXBG0p/sH5eY PC1H/VmTEINIixStrS4ufczf31X8rcoSjSbO7+vZDTTATdk7OLn1I2uGFVYl8M59 86BYT2Hi7cwp7YVzOc/cJigVeBAqSRW/iYYyWBEUTiW1gbkV0sRWwhPp67m+c0sP XpY/iEZA2QKBgB1w8tynt4l/jKNaUEMOijt9ndALWATIiOy0XG9pxi9rgGCiwTOS DBCsOXoYHjv2eayGUijNaoOv6xzcoxfvQ1WySdNIxTRq1ru20kYwgHKqGgmO9hrM mcwMY5r/WZ2qjFlPjeAqbL62aPDLidGjoaVo2iIoBPK/gjxQ/5f0MS4N/YQ0zWoYBueSQ0DGs -----END PRIVATE KEY----- cost_collection_enabled: true home_region: us-ashburn-1 logs_config: compartment_tag_filters: - datadog:true - env:prod enabled: true enabled_services: - service_1 - service_2 metrics_config: compartment_tag_filters: - datadog:true - env:prod enabled: true excluded_services: - service_1 - service_2 regions_config: available: - us-ashburn-1 - us-phoenix-1 disabled: - us-phoenix-1 enabled: - us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy properties: data: $ref: "#/components/schemas/UpdateTenancyConfigData" required: - data type: object UpdateWorkflowRequest: description: A request object for updating an existing workflow. example: data: attributes: description: "A sample workflow." name: "Example Workflow" published: true spec: annotations: - display: bounds: height: 150 width: 300 x: -375 y: -0.5 id: 99999999-9999-9999-9999-999999999999 markdownTextAnnotation: text: "Example annotation." connectionEnvs: - connections: - connectionId: "11111111-1111-1111-1111-111111111111" label: "INTEGRATION_DATADOG" env: "default" handle: "my-handle" inputSchema: parameters: - defaultValue: "default" name: "input" type: "STRING" outputSchema: parameters: - name: "output" type: "ARRAY_OBJECT" value: "{{ Steps.Step1 }}" steps: - actionId: "com.datadoghq.dd.monitor.listMonitors" connectionLabel: "INTEGRATION_DATADOG" name: "Step1" outboundEdges: - branchName: "main" nextStepName: "Step2" parameters: - name: "tags" value: "service:monitoring" - actionId: "com.datadoghq.core.noop" name: "Step2" triggers: - monitorTrigger: rateLimit: count: 1 interval: "3600s" startStepNames: ["Step1"] - githubWebhookTrigger: {} startStepNames: ["Step1"] tags: - "team:infra" - "service:monitoring" - "foo:bar" id: "22222222-2222-2222-2222-222222222222" type: "workflows" properties: data: $ref: "#/components/schemas/WorkflowDataUpdate" required: - data type: object UpdateWorkflowResponse: description: The response object after updating a workflow. properties: data: $ref: "#/components/schemas/WorkflowDataUpdate" type: object UpsertAllocationRequest: description: Request to create or update a targeting rule (allocation) for a feature flag environment. properties: experiment_id: description: The experiment ID for experiment-linked allocations. example: "550e8400-e29b-41d4-a716-446655440030" nullable: true type: string exposure_schedule: $ref: "#/components/schemas/ExposureScheduleRequest" guardrail_metrics: description: Guardrail metrics used to monitor and auto-pause or abort. items: $ref: "#/components/schemas/GuardrailMetricRequest" type: array id: description: The unique identifier of the targeting rule allocation. example: "550e8400-e29b-41d4-a716-446655440020" format: uuid type: string key: description: The unique key of the targeting rule allocation. example: "prod-rollout" type: string name: description: The display name of the targeting rule. example: "Production Rollout" type: string targeting_rules: description: Targeting rules that determine audience eligibility. items: $ref: "#/components/schemas/TargetingRuleRequest" type: array type: $ref: "#/components/schemas/AllocationType" variant_weights: description: Variant distribution weights. items: $ref: "#/components/schemas/VariantWeightRequest" type: array required: - name - key - type type: object UpsertCatalogEntityRequest: description: Create or update entity request. oneOf: - $ref: "#/components/schemas/EntityV3" - $ref: "#/components/schemas/EntityRaw" UpsertCatalogEntityResponse: description: Upsert entity response. properties: data: $ref: "#/components/schemas/EntityResponseData" included: $ref: "#/components/schemas/UpsertCatalogEntityResponseIncluded" meta: $ref: "#/components/schemas/EntityResponseMeta" type: object UpsertCatalogEntityResponseIncluded: description: Upsert entity response included. items: $ref: "#/components/schemas/UpsertCatalogEntityResponseIncludedItem" type: array UpsertCatalogEntityResponseIncludedItem: description: Upsert entity response included item. oneOf: - $ref: "#/components/schemas/EntityResponseIncludedSchema" UpsertCatalogKindRequest: description: Create or update kind request. oneOf: - $ref: "#/components/schemas/KindObj" - $ref: "#/components/schemas/KindRaw" UpsertCatalogKindResponse: description: Upsert kind response. properties: data: $ref: "#/components/schemas/KindResponseData" meta: $ref: "#/components/schemas/KindResponseMeta" type: object UpsertCloudInventorySyncConfigRequest: description: Request body for creating or updating a cloud inventory sync configuration. properties: data: $ref: "#/components/schemas/UpsertCloudInventorySyncConfigRequestData" required: - data type: object UpsertCloudInventorySyncConfigRequestAttributes: description: |- Settings for the cloud provider specified in `data.id`. Include only the matching provider object (`aws`, `gcp`, or `azure`). properties: aws: $ref: "#/components/schemas/CloudInventorySyncConfigAWSRequestAttributes" azure: $ref: "#/components/schemas/CloudInventorySyncConfigAzureRequestAttributes" gcp: $ref: "#/components/schemas/CloudInventorySyncConfigGCPRequestAttributes" type: object UpsertCloudInventorySyncConfigRequestData: description: Storage Management configuration data for the create or update request. properties: attributes: $ref: "#/components/schemas/UpsertCloudInventorySyncConfigRequestAttributes" id: $ref: "#/components/schemas/CloudInventoryCloudProviderId" type: $ref: "#/components/schemas/CloudInventoryCloudProviderRequestType" required: - type - id - attributes type: object Urgency: description: Specifies the level of urgency for a routing rule (low, high, or dynamic). enum: - low - high - dynamic example: low type: string x-enum-varnames: - LOW - HIGH - DYNAMIC UrlParam: description: The definition of `UrlParam` object. properties: name: $ref: "#/components/schemas/TokenName" example: MyUrlParameter value: description: The `UrlParam` `value`. example: Some Url Parameter value type: string required: - name - value type: object UrlParamUpdate: description: The definition of `UrlParamUpdate` object. properties: deleted: description: Should the header be deleted. type: boolean name: $ref: "#/components/schemas/TokenName" example: MyUrlParameter value: description: The `UrlParamUpdate` `value`. example: Some Url Parameter value type: string required: - name type: object UsageApplicationSecurityMonitoringResponse: description: Application Security Monitoring usage response. properties: data: description: Response containing Application Security Monitoring usage. items: $ref: "#/components/schemas/UsageDataObject" type: array type: object UsageAttributesObject: description: Usage attributes data. properties: org_name: description: The organization name. type: string product_family: description: The product for which usage is being reported. type: string public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string timeseries: description: List of usage data reported for each requested hour. items: $ref: "#/components/schemas/UsageTimeSeriesObject" type: array usage_type: $ref: "#/components/schemas/HourlyUsageType" type: object UsageAttributionTypesAttributes: description: List of usage attribution types. properties: values: description: "List of usage attribution types." items: description: A given usage type in a list. example: "infra_host" type: string type: array type: object UsageAttributionTypesBody: description: Usage attribution types data. properties: attributes: $ref: "#/components/schemas/UsageAttributionTypesAttributes" id: description: Unique ID of the response. type: string type: $ref: "#/components/schemas/UsageAttributionTypesType" type: object UsageAttributionTypesResponse: description: Usage attribution types response. properties: data: $ref: "#/components/schemas/UsageAttributionTypesBody" type: object UsageAttributionTypesType: default: usage_attribution_types description: Type of usage attribution types data. enum: - usage_attribution_types type: string x-enum-varnames: - USAGE_ATTRIBUTION_TYPES UsageDataObject: description: Usage data. properties: attributes: $ref: "#/components/schemas/UsageAttributesObject" id: description: Unique ID of the response. type: string type: $ref: "#/components/schemas/UsageTimeSeriesType" type: object UsageLambdaTracedInvocationsResponse: description: Lambda Traced Invocations usage response. properties: data: description: Response containing Lambda Traced Invocations usage. items: $ref: "#/components/schemas/UsageDataObject" type: array type: object UsageObservabilityPipelinesResponse: description: Observability Pipelines usage response. properties: data: description: Response containing Observability Pipelines usage. items: $ref: "#/components/schemas/UsageDataObject" type: array type: object UsageTimeSeriesObject: description: Usage timeseries data. properties: timestamp: description: Datetime in ISO-8601 format, UTC. The hour for the usage. format: date-time type: string value: description: Contains the number measured for the given usage_type during the hour. format: int64 nullable: true type: integer type: object UsageTimeSeriesType: default: usage_timeseries description: Type of usage data. enum: - usage_timeseries example: usage_timeseries type: string x-enum-varnames: - USAGE_TIMESERIES User: description: User object returned by the API. properties: attributes: $ref: "#/components/schemas/UserAttributes" id: description: ID of the user. type: string relationships: $ref: "#/components/schemas/UserResponseRelationships" type: $ref: "#/components/schemas/UsersType" type: object UserAttributes: description: Attributes of user object returned by the API. properties: created_at: description: The ISO 8601 timestamp of when the user account was created. format: date-time type: string disabled: description: Whether the user account is deactivated. Disabled users cannot log in. type: boolean email: description: The email address of the user, used for login and notifications. type: string handle: description: The unique handle (username) of the user, typically matching their email prefix. type: string icon: description: URL of the user's profile icon, typically a Gravatar URL derived from the email address. type: string last_login_time: description: The ISO 8601 timestamp of the user's most recent login, or null if the user has never logged in. format: date-time nullable: true readOnly: true type: string mfa_enabled: description: Whether multi-factor authentication (MFA) is enabled for the user's account. readOnly: true type: boolean modified_at: description: The ISO 8601 timestamp of when the user account was last modified. format: date-time type: string name: description: The full display name of the user as shown in the Datadog UI. nullable: true type: string service_account: description: |- Whether this is a service account rather than a human user. Service accounts are used for programmatic API access. type: boolean status: description: The current status of the user account (for example, `Active`, `Pending`, or `Disabled`). type: string title: description: The job title of the user (for example, "Senior Engineer" or "Product Manager"). nullable: true type: string uuid: description: The globally unique identifier (UUID) of the user. readOnly: true type: string verified: description: Whether the user's email address has been verified. type: boolean type: object UserAttributesStatus: description: The user's status. enum: - active - deactivated - pending type: string x-enum-varnames: - ACTIVE - DEACTIVATED - PENDING UserCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: "jane.doe@example.com" type: string name: description: The name of the user. type: string title: description: The title of the user. type: string required: - email type: object UserCreateData: description: Object to create a user. properties: attributes: $ref: "#/components/schemas/UserCreateAttributes" relationships: $ref: "#/components/schemas/UserRelationships" type: $ref: "#/components/schemas/UsersType" required: - attributes - type type: object UserCreateRequest: description: Create a user. properties: data: $ref: "#/components/schemas/UserCreateData" required: - data type: object UserInvitationData: description: Object to create a user invitation. properties: relationships: $ref: "#/components/schemas/UserInvitationRelationships" type: $ref: "#/components/schemas/UserInvitationsType" required: - type - relationships type: object UserInvitationDataAttributes: description: Attributes of a user invitation. properties: created_at: description: Creation time of the user invitation. format: date-time type: string expires_at: description: Time of invitation expiration. format: date-time type: string invite_type: description: Type of invitation. type: string uuid: description: UUID of the user invitation. type: string type: object UserInvitationRelationships: description: Relationships data for user invitation. properties: user: $ref: "#/components/schemas/RelationshipToUser" required: - user type: object UserInvitationResponse: description: User invitation as returned by the API. properties: data: $ref: "#/components/schemas/UserInvitationResponseData" type: object UserInvitationResponseData: description: Object of a user invitation returned by the API. properties: attributes: $ref: "#/components/schemas/UserInvitationDataAttributes" id: description: ID of the user invitation. type: string relationships: $ref: "#/components/schemas/UserInvitationRelationships" type: $ref: "#/components/schemas/UserInvitationsType" type: object UserInvitationsRequest: description: Object to invite users to join the organization. properties: data: description: "List of user invitations." example: [] items: $ref: "#/components/schemas/UserInvitationData" type: array required: - data type: object UserInvitationsResponse: description: User invitations as returned by the API. properties: data: description: Array of user invitations. items: $ref: "#/components/schemas/UserInvitationResponseData" type: array type: object UserInvitationsType: default: user_invitations description: User invitations type. enum: - user_invitations example: user_invitations type: string x-enum-varnames: - USER_INVITATIONS UserRelationshipData: description: Relationship to user object. properties: id: description: A unique identifier that represents the user. example: "00000000-0000-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/UserResourceType" required: - id - type type: object UserRelationships: description: Relationships of the user object. properties: roles: $ref: "#/components/schemas/RelationshipToRoles" type: object UserResourceType: default: user description: User resource type. enum: - user example: user type: string x-enum-varnames: - USER UserResponse: description: Response containing information about a single user. properties: data: $ref: "#/components/schemas/User" included: description: Array of objects related to the user. items: $ref: "#/components/schemas/UserResponseIncludedItem" type: array type: object UserResponseIncludedItem: description: An object related to a user. oneOf: - $ref: "#/components/schemas/Organization" - $ref: "#/components/schemas/Permission" - $ref: "#/components/schemas/Role" UserResponseRelationships: description: Relationships of the user object returned by the API. properties: org: $ref: "#/components/schemas/RelationshipToOrganization" other_orgs: $ref: "#/components/schemas/RelationshipToOrganizations" other_users: $ref: "#/components/schemas/RelationshipToUsers" roles: $ref: "#/components/schemas/RelationshipToRoles" type: object UserTarget: description: "Represents a user target for an escalation policy step, including the user's ID and resource type." properties: id: description: "Specifies the unique identifier of the user resource." example: "00000000-aba1-0000-0000-000000000000" type: string type: $ref: "#/components/schemas/UserTargetType" required: - type - id type: object UserTargetType: default: users description: "Indicates that the resource is of type `users`." enum: - users example: users type: string x-enum-varnames: - USERS UserTeam: description: A user's relationship with a team properties: attributes: $ref: "#/components/schemas/UserTeamAttributes" id: description: The ID of a user's relationship with a team example: TeamMembership-aeadc05e-98a8-11ec-ac2c-da7ad0900001-38835 type: string relationships: $ref: "#/components/schemas/UserTeamRelationships" type: $ref: "#/components/schemas/UserTeamType" required: - id - type type: object UserTeamAttributes: description: Team membership attributes properties: provisioned_by: description: |- The mechanism responsible for provisioning the team relationship. Possible values: null for added by a user, "service_account" if added by a service account, and "saml_mapping" if provisioned via SAML mapping. nullable: true readOnly: true type: string provisioned_by_id: description: UUID of the User or Service Account who provisioned this team membership, or null if provisioned via SAML mapping. nullable: true readOnly: true type: string role: $ref: "#/components/schemas/UserTeamRole" type: object UserTeamCreate: description: A user's relationship with a team properties: attributes: $ref: "#/components/schemas/UserTeamAttributes" relationships: $ref: "#/components/schemas/UserTeamRelationships" type: $ref: "#/components/schemas/UserTeamType" required: - type type: object UserTeamIncluded: description: Included resources related to the team membership oneOf: - $ref: "#/components/schemas/User" - $ref: "#/components/schemas/Team" UserTeamPermission: description: A user's permissions for a given team properties: attributes: $ref: "#/components/schemas/UserTeamPermissionAttributes" id: description: The user team permission's identifier example: UserTeamPermissions-aeadc05e-98a8-11ec-ac2c-da7ad0900001-416595 type: string type: $ref: "#/components/schemas/UserTeamPermissionType" required: - id - type type: object UserTeamPermissionAttributes: description: User team permission attributes properties: permissions: description: Object of team permission actions and boolean values that a logged in user can perform on this team. readOnly: true type: object type: object UserTeamPermissionType: default: user_team_permissions description: User team permission type enum: - user_team_permissions example: user_team_permissions type: string x-enum-varnames: - USER_TEAM_PERMISSIONS UserTeamRelationships: description: Relationship between membership and a user properties: team: $ref: "#/components/schemas/RelationshipToUserTeamTeam" user: $ref: "#/components/schemas/RelationshipToUserTeamUser" type: object UserTeamRequest: description: Team membership request properties: data: $ref: "#/components/schemas/UserTeamCreate" required: - data type: object UserTeamResponse: description: Team membership response properties: data: $ref: "#/components/schemas/UserTeam" included: description: Resources related to the team memberships items: $ref: "#/components/schemas/UserTeamIncluded" type: array type: object UserTeamRole: description: The user's role within the team enum: - admin nullable: true type: string x-enum-varnames: - ADMIN UserTeamTeamType: default: team description: User team team type enum: - team example: team type: string x-enum-varnames: - TEAM UserTeamType: default: team_memberships description: Team membership type enum: - team_memberships example: team_memberships type: string x-enum-varnames: - TEAM_MEMBERSHIPS UserTeamUpdate: description: A user's relationship with a team properties: attributes: $ref: "#/components/schemas/UserTeamAttributes" type: $ref: "#/components/schemas/UserTeamType" required: - type type: object UserTeamUpdateRequest: description: Team membership request properties: data: $ref: "#/components/schemas/UserTeamUpdate" required: - data type: object UserTeamUserType: default: users description: User team user type enum: - users example: users type: string x-enum-varnames: - USERS UserTeamsResponse: description: Team memberships response properties: data: description: Team memberships response data items: $ref: "#/components/schemas/UserTeam" type: array included: description: Resources related to the team memberships items: $ref: "#/components/schemas/UserTeamIncluded" type: array links: $ref: "#/components/schemas/TeamsResponseLinks" meta: $ref: "#/components/schemas/TeamsResponseMeta" type: object UserUpdateAttributes: description: Attributes of the edited user. properties: disabled: description: |- When set to `true`, the user is deactivated and can no longer log in. When `false`, the user is active. type: boolean email: description: |- The email address of the user, used for login and notifications. Must be a valid email format. type: string name: description: |- The full display name of the user as shown in the Datadog UI. Maximum 55 characters, cannot contain `<` or `>`. type: string title: description: The job title of the user (for example, "Senior Engineer" or "Product Manager"). nullable: true type: string type: object UserUpdateData: description: Object to update a user. properties: attributes: $ref: "#/components/schemas/UserUpdateAttributes" id: description: ID of the user. example: "00000000-0000-feed-0000-000000000000" type: string type: $ref: "#/components/schemas/UsersType" required: - attributes - type - id type: object UserUpdateRequest: description: Update a user. properties: data: $ref: "#/components/schemas/UserUpdateData" required: - data type: object UsersRelationship: description: Relationship to users. properties: data: description: Relationships to user objects. example: [] items: $ref: "#/components/schemas/UserRelationshipData" type: array required: - data type: object UsersResponse: description: Response containing information about multiple users. properties: data: description: Array of returned users. items: $ref: "#/components/schemas/User" type: array included: description: Array of objects related to the users. items: $ref: "#/components/schemas/UserResponseIncludedItem" type: array meta: $ref: "#/components/schemas/ResponseMetaAttributes" readOnly: true type: object UsersType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS V2Event: description: An event object. properties: attributes: $ref: "#/components/schemas/V2EventAttributes" id: description: The event's ID. example: "" type: string type: description: Entity type. example: "event" type: string type: object V2EventAggregationKey: description: Aggregation key of the event. example: "aggregation-key" type: string V2EventAttributes: description: Event attributes. properties: attributes: $ref: "#/components/schemas/V2EventAttributesAttributes" message: description: Free-form text associated with the event. example: "The event message" type: string tags: description: A list of tags associated with the event. example: ["env:api_client_test"] items: description: A tag. type: string type: array timestamp: description: Timestamp when the event occurred. example: "2017-01-15T01:30:15.010000Z" type: string type: object V2EventAttributesAttributes: description: JSON object for category-specific attributes. oneOf: - $ref: "#/components/schemas/ChangeEventAttributes" - $ref: "#/components/schemas/AlertEventAttributes" V2EventResponse: description: Get an event response. properties: data: $ref: "#/components/schemas/V2Event" type: object V2EventService: description: Service that triggered the event. example: "service-name" type: string V2EventTimestamp: description: POSIX timestamp of the event. example: 175019386627 format: int64 type: integer V2EventTitle: description: The title of the event. example: "The event title" type: string ValidateAPIKeyResponse: description: Response object for the API and application key validation status check. properties: status: $ref: "#/components/schemas/ValidateAPIKeyStatus" required: - status type: object ValidateAPIKeyStatus: description: Status of the validation. Always `ok` when both the API key and the application key are valid. enum: - ok example: ok type: string x-enum-varnames: - OK ValidateV2Attributes: description: Attributes of the API key validation response. properties: api_key_id: description: The UUID of the API key. example: "a1b2c3d4-e5f6-47a8-b9c0-d1e2f3a4b5c6" type: string api_key_scopes: description: List of scope names associated with the API key. example: - "remote_config_read" items: type: string type: array valid: description: Whether the API key is valid. example: true type: boolean required: - valid - api_key_scopes - api_key_id type: object ValidateV2Data: description: Data object containing the API key validation result. properties: attributes: $ref: "#/components/schemas/ValidateV2Attributes" id: description: The UUID of the organization associated with the API key. example: "550e8400-e29b-41d4-a716-446655440000" type: string type: $ref: "#/components/schemas/ValidateV2Type" required: - id - type - attributes type: object ValidateV2Response: description: Response for the API key validation endpoint. properties: data: $ref: "#/components/schemas/ValidateV2Data" required: - data type: object ValidateV2Type: description: Resource type for the API key validation response. enum: - validate_v2 example: validate_v2 type: string x-enum-varnames: - ValidateV2 ValidationError: description: Represents a single validation error, including a human-readable title and metadata. properties: meta: $ref: "#/components/schemas/ValidationErrorMeta" title: description: A short, human-readable summary of the error. example: Field 'region' is required type: string required: - title - meta type: object ValidationErrorMeta: description: Describes additional metadata for validation errors, including field names and error messages. properties: field: description: The field name that caused the error. example: region type: string id: description: The ID of the component in which the error occurred. example: datadog-agent-source type: string message: description: The detailed error message. example: Field 'region' is required type: string required: - message type: object ValidationResponse: description: Response containing validation errors. example: errors: - meta: field: "region" id: "datadog-agent-source" message: "Field 'region' is required" title: "Field 'region' is required" properties: errors: description: The `ValidationResponse` `errors`. items: $ref: "#/components/schemas/ValidationError" type: array type: object ValueType: description: The type of values for the feature flag variants. enum: - BOOLEAN - INTEGER - NUMERIC - STRING - JSON example: "BOOLEAN" type: string x-enum-varnames: - BOOLEAN - INTEGER - NUMERIC - STRING - JSON Variant: description: A variant of a feature flag. properties: created_at: description: The timestamp when the variant was created. example: "2023-01-01T00:00:00Z" format: date-time type: string id: description: The unique identifier of the variant. example: "550e8400-e29b-41d4-a716-446655440002" format: uuid type: string key: description: The unique key of the variant. example: "variant-abc123" type: string name: description: The name of the variant. example: "Variant ABC123" type: string updated_at: description: The timestamp when the variant was last updated. example: "2023-01-01T00:00:00Z" format: date-time type: string value: description: The value of the variant as a string. example: "true" type: string required: - id - key - name - value type: object VariantWeight: description: Variant weight details. properties: created_at: description: The timestamp when the variant weight was created. example: "2024-01-01T12:00:00Z" format: date-time type: string id: description: Unique identifier of the variant weight assignment. example: "59061199-e2ff-46e9-8b40-2193e3b21687" format: uuid type: string updated_at: description: The timestamp when the variant weight was last updated. example: "2024-01-01T12:00:00Z" format: date-time type: string value: description: The percentage weight for the variant. example: 50 format: double type: number variant: $ref: "#/components/schemas/Variant" variant_id: description: The variant ID. example: "550e8400-e29b-41d4-a716-446655440001" format: uuid type: string required: - variant_id - value type: object VariantWeightRequest: description: Variant weight request payload. properties: value: description: The percentage weight for this variant. example: 50 format: double type: number variant_id: description: The variant ID to assign weight to. example: "550e8400-e29b-41d4-a716-446655440001" format: uuid type: string variant_key: description: The variant key to assign weight to. example: "control" type: string required: - value type: object Version: description: Version of the notification rule. It is updated when the rule is modified. example: 1 format: int64 type: integer VersionHistoryUpdate: description: A change in a rule version. properties: change: description: The new value of the field. example: cloud_provider:aws type: string field: description: The field that was changed. example: Tags type: string type: $ref: "#/components/schemas/VersionHistoryUpdateType" type: object VersionHistoryUpdateType: description: The type of change. enum: - create - update - delete type: string x-enum-varnames: - CREATE - UPDATE - DELETE ViewershipHistorySessionArray: description: A list of RUM replay sessions from a user's viewership history. properties: data: description: Array of viewership history session data objects. items: $ref: "#/components/schemas/ViewershipHistorySessionData" type: array required: - data type: object ViewershipHistorySessionData: description: Data object representing a session in the viewership history, including its identifier, type, and attributes. properties: attributes: $ref: "#/components/schemas/ViewershipHistorySessionDataAttributes" id: description: Unique identifier of the RUM replay session. type: string type: $ref: "#/components/schemas/ViewershipHistorySessionDataType" required: - type type: object ViewershipHistorySessionDataAttributes: description: Attributes of a viewership history session entry, capturing when it was last watched and the associated event data. properties: event_id: description: Unique identifier of the RUM event associated with the watched session. type: string last_watched_at: description: Timestamp when the session was last watched by the user. example: "2026-01-13T17:15:53.208340Z" format: date-time type: string session_event: additionalProperties: {} description: Raw event data associated with the replay session. type: object track: description: Replay track identifier indicating which recording track the session belongs to. type: string required: - last_watched_at type: object ViewershipHistorySessionDataType: default: rum_replay_session description: Rum replay session resource type. enum: - rum_replay_session example: rum_replay_session type: string x-enum-varnames: - RUM_REPLAY_SESSION VirusTotalAPIKey: description: The definition of the `VirusTotalAPIKey` object. properties: api_key: description: The `VirusTotalAPIKey` `api_key`. example: "" type: string type: $ref: "#/components/schemas/VirusTotalAPIKeyType" required: - type - api_key type: object VirusTotalAPIKeyType: description: The definition of the `VirusTotalAPIKey` object. enum: - VirusTotalAPIKey example: VirusTotalAPIKey type: string x-enum-varnames: - VIRUSTOTALAPIKEY VirusTotalAPIKeyUpdate: description: The definition of the `VirusTotalAPIKey` object. properties: api_key: description: The `VirusTotalAPIKeyUpdate` `api_key`. type: string type: $ref: "#/components/schemas/VirusTotalAPIKeyType" required: - type type: object VirusTotalCredentials: description: The definition of the `VirusTotalCredentials` object. oneOf: - $ref: "#/components/schemas/VirusTotalAPIKey" VirusTotalCredentialsUpdate: description: The definition of the `VirusTotalCredentialsUpdate` object. oneOf: - $ref: "#/components/schemas/VirusTotalAPIKeyUpdate" VirusTotalIntegration: description: The definition of the `VirusTotalIntegration` object. properties: credentials: $ref: "#/components/schemas/VirusTotalCredentials" type: $ref: "#/components/schemas/VirusTotalIntegrationType" required: - type - credentials type: object VirusTotalIntegrationType: description: The definition of the `VirusTotalIntegrationType` object. enum: - VirusTotal example: VirusTotal type: string x-enum-varnames: - VIRUSTOTAL VirusTotalIntegrationUpdate: description: The definition of the `VirusTotalIntegrationUpdate` object. properties: credentials: $ref: "#/components/schemas/VirusTotalCredentialsUpdate" type: $ref: "#/components/schemas/VirusTotalIntegrationType" required: - type type: object VulnerabilitiesType: description: The JSON:API type. enum: - vulnerabilities example: vulnerabilities type: string x-enum-varnames: - VULNERABILITIES Vulnerability: description: A single vulnerability properties: attributes: $ref: "#/components/schemas/VulnerabilityAttributes" id: description: The unique ID for this vulnerability. example: 3ecdfea798f2ce8f6e964805a344945f type: string relationships: $ref: "#/components/schemas/VulnerabilityRelationships" type: $ref: "#/components/schemas/VulnerabilitiesType" required: - id - type - attributes - relationships type: object VulnerabilityAdvisory: description: Advisory associated with the vulnerability. properties: id: description: Vulnerability advisory ID. example: TRIVY-CVE-2023-0615 type: string last_modification_date: description: Vulnerability advisory last modification date. example: 2024-09-19 21:23:08+00:00 type: string publish_date: description: Vulnerability advisory publish date. example: 2024-09-19 21:23:08+00:00 type: string required: - id type: object VulnerabilityAttributes: description: The JSON:API attributes of the vulnerability. properties: advisory: $ref: "#/components/schemas/VulnerabilityAdvisory" advisory_id: description: Vulnerability advisory ID. example: TRIVY-CVE-2023-0615 type: string code_location: $ref: "#/components/schemas/CodeLocation" cve_list: description: Vulnerability CVE list. example: - CVE-2023-0615 items: description: A CVE identifier associated with the vulnerability. example: CVE-2023-0615 type: string type: array cvss: $ref: "#/components/schemas/VulnerabilityCvss" dependency_locations: $ref: "#/components/schemas/VulnerabilityDependencyLocations" description: description: Vulnerability description. example: "LDAP Injection is a security vulnerability that occurs when untrusted user input is improperly handled and directly incorporated into LDAP queries without appropriate sanitization or validation. This vulnerability enables attackers to manipulate LDAP queries and potentially gain unauthorized access, modify data, or extract sensitive information from the directory server. By exploiting the LDAP injection vulnerability, attackers can execute malicious commands, bypass authentication mechanisms, and perform unauthorized actions within the directory service." type: string ecosystem: $ref: "#/components/schemas/VulnerabilityEcosystem" exposure_time: description: Vulnerability exposure time in seconds. example: 5618604 format: int64 type: integer first_detection: description: "First detection of the vulnerability in [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format" example: 2024-09-19 21:23:08+00:00 type: string fix_available: description: Whether the vulnerability has a remediation or not. example: false type: boolean language: description: Vulnerability language. example: ubuntu type: string last_detection: description: "Last detection of the vulnerability in [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format" example: 2024-09-01 21:23:08+00:00 type: string library: $ref: "#/components/schemas/Library" origin: description: Vulnerability origin. example: - agentless-scanner items: description: The detection origin of the vulnerability (for example, the scanner type). example: agentless-scanner type: string type: array remediations: description: List of remediations. items: $ref: "#/components/schemas/Remediation" type: array repo_digests: description: Vulnerability `repo_digest` list (when the vulnerability is related to `Image` asset). items: description: A container image repository digest identifying the affected image. example: sha256:0ae7da091191787229d321e3638e39c319a97d6e20f927d465b519d699215bf7 type: string type: array risks: $ref: "#/components/schemas/VulnerabilityRisks" running_kernel: description: True if the vulnerability affects a package in the host’s running kernel, false if it affects a non-running kernel, and omit if it is not kernel-related. example: true type: boolean status: $ref: "#/components/schemas/VulnerabilityStatus" title: description: Vulnerability title. example: "LDAP Injection" type: string tool: $ref: "#/components/schemas/VulnerabilityTool" type: $ref: "#/components/schemas/VulnerabilityType" required: - type - cvss - status - tool - title - description - cve_list - risks - language - first_detection - last_detection - exposure_time - remediations - fix_available - origin type: object VulnerabilityCvss: description: Vulnerability severities. properties: base: $ref: "#/components/schemas/CVSS" datadog: $ref: "#/components/schemas/CVSS" required: - base - datadog type: object VulnerabilityDependencyLocations: description: Static library vulnerability location. properties: block: $ref: "#/components/schemas/DependencyLocation" name: $ref: "#/components/schemas/DependencyLocation" version: $ref: "#/components/schemas/DependencyLocation" required: - block type: object VulnerabilityEcosystem: description: The related vulnerability asset ecosystem. enum: - PyPI - Maven - NuGet - Npm - RubyGems - Go - Packagist - Deb - Rpm - Apk - Windows - Generic - MacOs - Oci - BottleRocket - None type: string x-enum-varnames: - PYPI - MAVEN - NUGET - NPM - RUBY_GEMS - GO - PACKAGIST - DEB - RPM - APK - WINDOWS - GENERIC - MAC_OS - OCI - BOTTLE_ROCKET - NONE VulnerabilityRelationships: description: Related entities object. properties: affects: $ref: "#/components/schemas/VulnerabilityRelationshipsAffects" required: - affects type: object VulnerabilityRelationshipsAffects: description: Relationship type. properties: data: $ref: "#/components/schemas/VulnerabilityRelationshipsAffectsData" required: - data type: object VulnerabilityRelationshipsAffectsData: description: Asset affected by this vulnerability. properties: id: description: The unique ID for this related asset. example: Repository|github.com/DataDog/datadog-agent.git type: string type: $ref: "#/components/schemas/AssetEntityType" required: - id - type type: object VulnerabilityRisks: description: Vulnerability risks. properties: epss: $ref: "#/components/schemas/EPSS" exploit_available: description: Vulnerability public exploit availability. example: false type: boolean exploit_sources: description: Vulnerability exploit sources. example: - NIST items: description: An exploit source reporting this vulnerability. example: NIST type: string type: array exploitation_probability: description: Vulnerability exploitation probability. example: false type: boolean poc_exploit_available: description: Vulnerability POC exploit availability. example: false type: boolean required: - exploitation_probability - poc_exploit_available - exploit_available - exploit_sources type: object VulnerabilitySeverity: description: The vulnerability severity. enum: - Unknown - None - Low - Medium - High - Critical example: Medium type: string x-enum-varnames: - UNKNOWN - NONE - LOW - MEDIUM - HIGH - CRITICAL VulnerabilityStatus: description: The vulnerability status. enum: - Open - Muted - Remediated - InProgress - AutoClosed example: Open type: string x-enum-varnames: - OPEN - MUTED - REMEDIATED - INPROGRESS - AUTOCLOSED VulnerabilityTool: description: The vulnerability tool. enum: - IAST - SCA - Infra - SAST example: SCA type: string x-enum-varnames: - IAST - SCA - INFRA - SAST VulnerabilityType: description: The vulnerability type. enum: - AdminConsoleActive - CodeInjection - CommandInjection - ComponentWithKnownVulnerability - DangerousWorkflows - DefaultAppDeployed - DefaultHtmlEscapeInvalid - DirectoryListingLeak - EmailHtmlInjection - EndOfLife - HardcodedPassword - HardcodedSecret - HeaderInjection - HstsHeaderMissing - InsecureAuthProtocol - InsecureCookie - InsecureJspLayout - LdapInjection - MaliciousPackage - MandatoryRemediation - NoHttpOnlyCookie - NoSameSiteCookie - NoSqlMongoDbInjection - PathTraversal - ReflectionInjection - RiskyLicense - SessionRewriting - SessionTimeout - SqlInjection - Ssrf - StackTraceLeak - TrustBoundaryViolation - Unmaintained - UntrustedDeserialization - UnvalidatedRedirect - VerbTampering - WeakCipher - WeakHash - WeakRandomness - XContentTypeHeaderMissing - XPathInjection - Xss example: WeakCipher type: string x-enum-varnames: - ADMIN_CONSOLE_ACTIVE - CODE_INJECTION - COMMAND_INJECTION - COMPONENT_WITH_KNOWN_VULNERABILITY - DANGEROUS_WORKFLOWS - DEFAULT_APP_DEPLOYED - DEFAULT_HTML_ESCAPE_INVALID - DIRECTORY_LISTING_LEAK - EMAIL_HTML_INJECTION - END_OF_LIFE - HARDCODED_PASSWORD - HARDCODED_SECRET - HEADER_INJECTION - HSTS_HEADER_MISSING - INSECURE_AUTH_PROTOCOL - INSECURE_COOKIE - INSECURE_JSP_LAYOUT - LDAP_INJECTION - MALICIOUS_PACKAGE - MANDATORY_REMEDIATION - NO_HTTP_ONLY_COOKIE - NO_SAME_SITE_COOKIE - NO_SQL_MONGO_DB_INJECTION - PATH_TRAVERSAL - REFLECTION_INJECTION - RISKY_LICENSE - SESSION_REWRITING - SESSION_TIMEOUT - SQL_INJECTION - SSRF - STACK_TRACE_LEAK - TRUST_BOUNDARY_VIOLATION - UNMAINTAINED - UNTRUSTED_DESERIALIZATION - UNVALIDATED_REDIRECT - VERB_TAMPERING - WEAK_CIPHER - WEAK_HASH - WEAK_RANDOMNESS - X_CONTENT_TYPE_HEADER_MISSING - X_PATH_INJECTION - XSS Watch: description: A single RUM replay session watch resource returned by create operations. properties: data: $ref: "#/components/schemas/WatchData" required: - data type: object WatchData: description: Data object representing a session watch record, including its identifier, type, and attributes. properties: attributes: $ref: "#/components/schemas/WatchDataAttributes" id: description: Unique identifier of the watch record. type: string type: $ref: "#/components/schemas/WatchDataType" required: - type type: object WatchDataAttributes: description: Attributes for recording a session watch event, including the application, event reference, and timestamp. properties: application_id: description: Unique identifier of the RUM application containing the session. example: aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb type: string data_source: description: Data source type indicating the origin of the session data (e.g., rum or product_analytics). type: string event_id: description: Unique identifier of the RUM event that was watched. example: 11111111-2222-3333-4444-555555555555 type: string timestamp: description: Timestamp when the session was watched. example: "2026-01-13T17:15:53.208340Z" format: date-time type: string required: - application_id - event_id - timestamp type: object WatchDataType: default: rum_replay_watch description: Rum replay watch resource type. enum: - rum_replay_watch example: rum_replay_watch type: string x-enum-varnames: - RUM_REPLAY_WATCH WatcherArray: description: A list of users who have watched a RUM replay session. properties: data: description: Array of watcher data objects. items: $ref: "#/components/schemas/WatcherData" type: array required: - data type: object WatcherData: description: Data object representing a session watcher, including their identifier, type, and attributes. properties: attributes: $ref: "#/components/schemas/WatcherDataAttributes" id: description: Unique identifier of the watcher user. type: string type: $ref: "#/components/schemas/WatcherDataType" required: - type type: object WatcherDataAttributes: description: Attributes of a user who has watched a RUM replay session, including contact information and watch statistics. properties: handle: description: Email handle of the user who watched the session. example: john.doe@example.com type: string icon: description: URL or identifier of the watcher's avatar icon. type: string last_watched_at: description: Timestamp when the watcher last viewed the session. example: "2026-01-13T17:15:53.208340Z" format: date-time type: string name: description: Display name of the user who watched the session. type: string watch_count: description: Total number of times the user has watched the session. example: 0 format: int32 maximum: 2147483647 type: integer required: - handle - last_watched_at - watch_count type: object WatcherDataType: default: rum_replay_watcher description: Rum replay watcher resource type. enum: - rum_replay_watcher example: rum_replay_watcher type: string x-enum-varnames: - RUM_REPLAY_WATCHER WebIntegrationAccountCreateRequest: description: Payload schema when adding a web integration account. properties: data: $ref: "#/components/schemas/WebIntegrationAccountCreateRequestData" required: - data type: object WebIntegrationAccountCreateRequestAttributes: description: Attributes object for creating a web integration account. properties: name: description: A human-readable name for the account. Must be unique among accounts of the same integration. example: my-databricks-account type: string secrets: $ref: "#/components/schemas/WebIntegrationAccountSecrets" settings: $ref: "#/components/schemas/WebIntegrationAccountSettings" required: - name - settings - secrets type: object WebIntegrationAccountCreateRequestData: description: Data object for creating a web integration account. properties: attributes: $ref: "#/components/schemas/WebIntegrationAccountCreateRequestAttributes" type: $ref: "#/components/schemas/WebIntegrationAccountType" required: - attributes - type type: object WebIntegrationAccountResponse: description: The expected response schema when getting a single web integration account. properties: data: $ref: "#/components/schemas/WebIntegrationAccountResponseData" type: object WebIntegrationAccountResponseAttributes: description: Attributes object of a web integration account. Secrets are never returned. properties: name: description: A human-readable name for the account. example: my-databricks-account type: string settings: $ref: "#/components/schemas/WebIntegrationAccountSettings" required: - name type: object WebIntegrationAccountResponseData: description: Data object of a web integration account. properties: attributes: $ref: "#/components/schemas/WebIntegrationAccountResponseAttributes" id: description: The unique identifier of the web integration account. example: "abc123def456" type: string type: $ref: "#/components/schemas/WebIntegrationAccountType" required: - attributes - id - type type: object WebIntegrationAccountSecrets: additionalProperties: {} description: |- Integration-specific secrets. The shape of this object varies by integration. Secrets are write-only and never returned by the API. example: client_secret: my-client-secret type: object WebIntegrationAccountSettings: additionalProperties: {} description: |- Integration-specific settings. The shape of this object varies by integration. example: workspace_url: https://example.azuredatabricks.net type: object WebIntegrationAccountType: default: Account description: Account resource type. enum: - Account example: Account type: string x-enum-varnames: - ACCOUNT WebIntegrationAccountUpdateRequest: description: Payload schema when updating a web integration account. properties: data: $ref: "#/components/schemas/WebIntegrationAccountUpdateRequestData" required: - data type: object WebIntegrationAccountUpdateRequestAttributes: description: Attributes object for updating a web integration account. properties: name: description: A human-readable name for the account. example: my-databricks-account type: string secrets: $ref: "#/components/schemas/WebIntegrationAccountSecrets" settings: $ref: "#/components/schemas/WebIntegrationAccountSettings" type: object WebIntegrationAccountUpdateRequestData: description: Data object for updating a web integration account. properties: attributes: $ref: "#/components/schemas/WebIntegrationAccountUpdateRequestAttributes" type: $ref: "#/components/schemas/WebIntegrationAccountType" required: - attributes - type type: object WebIntegrationAccountsResponse: description: The expected response schema when listing web integration accounts. properties: data: description: The JSON:API data array. items: $ref: "#/components/schemas/WebIntegrationAccountResponseData" type: array type: object Weekday: description: A day of the week. enum: - monday - tuesday - wednesday - thursday - friday - saturday - sunday type: string x-enum-varnames: - MONDAY - TUESDAY - WEDNESDAY - THURSDAY - FRIDAY - SATURDAY - SUNDAY WidgetAttributes: description: Attributes of a widget resource. properties: created_at: description: ISO 8601 timestamp of when the widget was created. example: "2024-01-15T00:00:00.000Z" type: string definition: $ref: "#/components/schemas/WidgetDefinition" is_favorited: description: |- Whether the current user has favorited this widget. Populated on get, batch_get, update, and search responses; create responses always return `false` because a widget can only be favorited after it exists. Favoriting itself is performed through the shared favorites API, not this service. example: false type: boolean modified_at: description: ISO 8601 timestamp of when the widget was last modified. example: "2024-01-15T00:00:00.000Z" type: string tags: description: User-defined tags for organizing widgets. example: - "team:my-team" items: description: A single user-defined tag. type: string nullable: true type: array required: - definition - tags - is_favorited - created_at - modified_at type: object WidgetData: description: A widget resource object. properties: attributes: $ref: "#/components/schemas/WidgetAttributes" id: description: The unique identifier of the widget. example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" type: string relationships: $ref: "#/components/schemas/WidgetRelationships" type: description: Widgets resource type. example: widgets type: string required: - id - type - attributes type: object WidgetDefinition: additionalProperties: {} description: The definition of a widget, including its type and configuration. properties: title: description: The display title of the widget. example: My Widget maxLength: 100 minLength: 1 type: string type: $ref: "#/components/schemas/WidgetType" required: - type - title type: object WidgetExperienceType: description: Widget experience types that differentiate between the products using the specific widget. enum: - ccm_reports - logs_reports - csv_reports - product_analytics example: ccm_reports type: string x-enum-varnames: - CCM_REPORTS - LOGS_REPORTS - CSV_REPORTS - PRODUCT_ANALYTICS WidgetIncludedUser: description: A user resource included in the response. properties: attributes: $ref: "#/components/schemas/WidgetIncludedUserAttributes" id: description: The unique identifier of the user. example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" type: string type: description: Users resource type. example: users type: string required: - id - type type: object WidgetIncludedUserAttributes: description: Attributes of an included user resource. properties: handle: description: The email handle of the user. example: "john.doe@example.com" type: string name: description: The display name of the user. example: "John Doe" nullable: true type: string type: object WidgetListResponse: description: Response containing a list of widgets. properties: data: description: List of widget resources. items: $ref: "#/components/schemas/WidgetData" type: array included: description: Array of user resources related to the widgets. items: $ref: "#/components/schemas/WidgetIncludedUser" type: array meta: $ref: "#/components/schemas/WidgetSearchMeta" required: - data type: object WidgetLiveSpan: description: The available timeframes depend on the widget you are using. enum: - 1m - 5m - 10m - 15m - 30m - 1h - 4h - 1d - 2d - 1w - 1mo - 3mo - 6mo - 1y - alert example: 5m type: string x-enum-varnames: - PAST_ONE_MINUTE - PAST_FIVE_MINUTES - PAST_TEN_MINUTES - PAST_FIFTEEN_MINUTES - PAST_THIRTY_MINUTES - PAST_ONE_HOUR - PAST_FOUR_HOURS - PAST_ONE_DAY - PAST_TWO_DAYS - PAST_ONE_WEEK - PAST_ONE_MONTH - PAST_THREE_MONTHS - PAST_SIX_MONTHS - PAST_ONE_YEAR - ALERT WidgetRelationshipData: description: Relationship data referencing a user resource. properties: id: description: The unique identifier of the user. example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" type: string type: description: Users resource type. example: users type: string required: - id - type type: object WidgetRelationshipItem: description: A JSON:API relationship to a user. properties: data: $ref: "#/components/schemas/WidgetRelationshipData" type: object WidgetRelationships: description: Relationships of the widget resource. properties: created_by: $ref: "#/components/schemas/WidgetRelationshipItem" description: The user who created the widget. modified_by: $ref: "#/components/schemas/WidgetRelationshipItem" description: The user who last modified the widget. type: object WidgetResponse: description: Response containing a single widget. properties: data: $ref: "#/components/schemas/WidgetData" included: description: Array of user resources related to the widget. items: $ref: "#/components/schemas/WidgetIncludedUser" type: array required: - data type: object WidgetSearchMeta: description: Metadata about the search results. properties: created_by_anyone_total: description: Total number of widgets created by anyone. format: int64 type: integer created_by_you_total: description: Total number of widgets created by the current user. format: int64 type: integer favorited_by_you_total: description: Total number of widgets favorited by the current user. format: int64 type: integer filtered_total: description: Total number of widgets matching the current filter criteria. format: int64 type: integer type: object WidgetType: description: |- Widget types that are allowed to be stored as individual records. This is not a complete list of dashboard and notebook widget types. enum: - bar_chart - change - cloud_cost_summary - cohort - funnel - geomap - list_stream - query_table - query_value - retention_curve - sankey - sunburst - timeseries - toplist - treemap example: bar_chart type: string x-enum-varnames: - BAR_CHART - CHANGE - CLOUD_COST_SUMMARY - COHORT - FUNNEL - GEOMAP - LIST_STREAM - QUERY_TABLE - QUERY_VALUE - RETENTION_CURVE - SANKEY - SUNBURST - TIMESERIES - TOPLIST - TREEMAP WorkflowData: description: Data related to the workflow. properties: attributes: $ref: "#/components/schemas/WorkflowDataAttributes" id: description: The workflow identifier readOnly: true type: string relationships: $ref: "#/components/schemas/WorkflowDataRelationships" type: $ref: "#/components/schemas/WorkflowDataType" required: - type - attributes type: object WorkflowDataAttributes: description: The definition of `WorkflowDataAttributes` object. properties: createdAt: description: When the workflow was created. format: date-time readOnly: true type: string description: description: Description of the workflow. type: string name: description: Name of the workflow. example: "" type: string published: description: Set the workflow to published or unpublished. Workflows in an unpublished state will only be executable via manual runs. Automatic triggers such as Schedule will not execute the workflow until it is published. type: boolean spec: $ref: "#/components/schemas/Spec" tags: description: Tags of the workflow. items: description: A tag string in `key:value` format. type: string type: array updatedAt: description: When the workflow was last updated. format: date-time readOnly: true type: string webhookSecret: description: If a Webhook trigger is defined on this workflow, a webhookSecret is required and should be provided here. type: string writeOnly: true required: - name - spec type: object WorkflowDataRelationships: description: The definition of `WorkflowDataRelationships` object. properties: creator: $ref: "#/components/schemas/WorkflowUserRelationship" owner: $ref: "#/components/schemas/WorkflowUserRelationship" readOnly: true type: object WorkflowDataType: description: The definition of `WorkflowDataType` object. enum: - workflows example: workflows type: string x-enum-varnames: - WORKFLOWS WorkflowDataUpdate: description: Data related to the workflow being updated. properties: attributes: $ref: "#/components/schemas/WorkflowDataUpdateAttributes" id: description: The workflow identifier type: string relationships: $ref: "#/components/schemas/WorkflowDataRelationships" type: $ref: "#/components/schemas/WorkflowDataType" required: - type - attributes type: object WorkflowDataUpdateAttributes: description: The definition of `WorkflowDataUpdateAttributes` object. properties: createdAt: description: When the workflow was created. format: date-time readOnly: true type: string description: description: Description of the workflow. type: string name: description: Name of the workflow. type: string published: description: Set the workflow to published or unpublished. Workflows in an unpublished state will only be executable via manual runs. Automatic triggers such as Schedule will not execute the workflow until it is published. type: boolean spec: $ref: "#/components/schemas/Spec" tags: description: Tags of the workflow. items: description: A tag string in `key:value` format. type: string type: array updatedAt: description: When the workflow was last updated. format: date-time readOnly: true type: string webhookSecret: description: If a Webhook trigger is defined on this workflow, a webhookSecret is required and should be provided here. type: string writeOnly: true type: object WorkflowInstanceCreateMeta: description: Additional information for creating a workflow instance. properties: payload: additionalProperties: {} description: The input parameters to the workflow. type: object type: object WorkflowInstanceCreateRequest: description: Request used to create a workflow instance. properties: meta: $ref: "#/components/schemas/WorkflowInstanceCreateMeta" type: object WorkflowInstanceCreateResponse: additionalProperties: {} description: Response returned upon successful workflow instance creation. properties: data: $ref: "#/components/schemas/WorkflowInstanceCreateResponseData" type: object WorkflowInstanceCreateResponseData: additionalProperties: {} description: Data about the created workflow instance. properties: id: description: The ID of the workflow execution. It can be used to fetch the execution status. type: string type: object WorkflowInstanceListItem: additionalProperties: {} description: An item in the workflow instances list. properties: id: description: The ID of the workflow instance type: string type: object WorkflowListInstancesResponse: additionalProperties: {} description: Response returned when listing workflow instances. properties: data: description: A list of workflow instances. items: $ref: "#/components/schemas/WorkflowInstanceListItem" type: array meta: $ref: "#/components/schemas/WorkflowListInstancesResponseMeta" type: object WorkflowListInstancesResponseMeta: additionalProperties: {} description: Metadata about the instances list properties: page: $ref: "#/components/schemas/WorkflowListInstancesResponseMetaPage" type: object WorkflowListInstancesResponseMetaPage: additionalProperties: {} description: Page information for the list instances response. properties: totalCount: description: The total count of items. format: int64 type: integer type: object WorkflowTriggerWrapper: description: "Schema for a Workflow-based trigger." properties: startStepNames: $ref: "#/components/schemas/StartStepNames" workflowTrigger: description: "Trigger a workflow from the Datadog UI. Only required if no other trigger exists." type: object required: - workflowTrigger type: object WorkflowUserRelationship: description: The definition of `WorkflowUserRelationship` object. properties: data: $ref: "#/components/schemas/WorkflowUserRelationshipData" type: object WorkflowUserRelationshipData: description: The definition of `WorkflowUserRelationshipData` object. properties: id: description: The user identifier example: "" type: string type: $ref: "#/components/schemas/WorkflowUserRelationshipType" required: - type - id type: object WorkflowUserRelationshipType: description: The definition of `WorkflowUserRelationshipType` object. enum: - users example: users type: string x-enum-varnames: - USERS WorklflowCancelInstanceResponse: description: Information about the canceled instance. properties: data: $ref: "#/components/schemas/WorklflowCancelInstanceResponseData" type: object WorklflowCancelInstanceResponseData: description: Data about the canceled instance. properties: id: description: The id of the canceled instance type: string type: object WorklflowGetInstanceResponse: additionalProperties: {} description: The state of the given workflow instance. properties: data: $ref: "#/components/schemas/WorklflowGetInstanceResponseData" type: object WorklflowGetInstanceResponseData: additionalProperties: {} description: The data of the instance response. properties: attributes: $ref: "#/components/schemas/WorklflowGetInstanceResponseDataAttributes" type: object WorklflowGetInstanceResponseDataAttributes: additionalProperties: {} description: The attributes of the instance response data. properties: id: description: The id of the instance. type: string type: object XRayServicesIncludeAll: description: Include all services. properties: include_all: description: Include all services. example: false type: boolean required: - include_all type: object XRayServicesIncludeOnly: description: Include only these services. Defaults to `[]`. nullable: true properties: include_only: description: Include only these services. example: - "AWS/AppSync" items: description: An AWS X-Ray service name to include in traces collection. example: "AWS/AppSync" type: string type: array required: - include_only type: object XRayServicesList: description: AWS X-Ray services to collect traces from. Defaults to `include_only`. oneOf: - $ref: "#/components/schemas/XRayServicesIncludeAll" - $ref: "#/components/schemas/XRayServicesIncludeOnly" ZoomConfigurationReference: description: A reference to a Zoom configuration resource. nullable: true properties: data: $ref: "#/components/schemas/ZoomConfigurationReferenceData" required: - data type: object ZoomConfigurationReferenceData: description: The Zoom configuration relationship data object. nullable: true properties: id: description: The unique identifier of the Zoom configuration. example: "00000000-0000-0000-0000-000000000000" type: string type: description: The type of the Zoom configuration. example: "zoom_configurations" type: string required: - id - type type: object securitySchemes: AuthZ: description: This API uses OAuth 2 with the implicit grant flow. flows: authorizationCode: authorizationUrl: /oauth2/v1/authorize scopes: apm_api_catalog_read: View API catalog and API definitions. apm_api_catalog_write: Add, modify, and delete API catalog definitions. apm_read: Read and query APM and Trace Analytics. apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. appsec_vm_read: View infrastructure, application code, and library vulnerability findings. aws_configurations_manage: Manage AWS integration account configurations and related integration settings. billing_read: View your organization's billing information. bits_investigations_read: View Bits AI investigations. bits_investigations_write: Create and manage Bits AI investigations. cases_read: View Cases. cases_write: Create and update cases. ci_visibility_pipelines_write: Create CI Visibility pipeline spans using the API. ci_visibility_read: View CI Visibility. cloud_cost_management_read: View Cloud Cost pages and the cloud cost data source in dashboards and notebooks. For more details, see the Cloud Cost Management docs. cloud_cost_management_write: Configure cloud cost accounts and global customizations. For more details, see the Cloud Cost Management docs. code_analysis_read: View Code Analysis. code_coverage_read: View Code Coverage. continuous_profiler_pgo_read: Read and query Continuous Profiler data for Profile-Guided Optimization (PGO). coterm_read: Read terminal recordings. coterm_write: Write terminal recordings. create_webhooks: Create webhooks integrations. dashboards_embed_share: Create, modify, and delete shared dashboards with share type 'embed'. dashboards_invite_share: Create, modify, and delete shared dashboards with share type 'invite'. dashboards_public_share: Generate public and authenticated links to share dashboards or embeddable graphs externally. dashboards_read: View dashboards. dashboards_write: Create and change dashboards. data_scanner_read: View Data Scanner configurations. data_scanner_write: Edit Data Scanner configurations. embeddable_graphs_share: Generate public links to share embeddable graphs externally. error_tracking_read: Read Error Tracking data. error_tracking_write: Edit Error Tracking issues. events_read: Read Events data. hosts_read: List hosts and their attributes. incident_notification_settings_read: View Incident Notification Rule Settings. incident_notification_settings_write: Configure Incidents Notification Rule settings. incident_read: View incidents in Datadog. incident_settings_read: View Incident Settings. incident_settings_write: Configure Incident Settings. incident_write: Create, view, and manage incidents in Datadog. metrics_read: View custom metrics. monitors_downtime: Set downtimes to suppress alerts from any monitor in an organization. Mute and unmute monitors. The ability to write monitors is not required to set downtimes. monitors_read: View monitors. monitors_write: Edit, delete, and resolve individual monitors. org_connections_read: Read cross organization connections. org_connections_write: Create, edit, and delete cross organization connections. org_management: Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization. security_comments_read: Read comments of vulnerabilities. security_monitoring_critical_assets_read: Read Critical Assets. security_monitoring_critical_assets_write: Write Critical Assets. security_monitoring_filters_read: Read Security Filters. security_monitoring_filters_write: Create, edit, and delete Security Filters. security_monitoring_findings_read: View a list of findings that include both misconfigurations and identity risks. security_monitoring_rules_read: Read Detection Rules. security_monitoring_rules_write: Create and edit Detection Rules. security_monitoring_signals_read: View Security Signals. security_monitoring_suppressions_read: Read Rule Suppressions. security_monitoring_suppressions_write: Write Rule Suppressions. security_pipelines_read: View Security Pipelines. security_pipelines_write: Create, edit, and delete CSM Security Pipelines. slos_corrections: Apply, edit, and delete SLO status corrections. A user with this permission can make status corrections, even if they do not have permission to edit those SLOs. slos_read: View SLOs and status corrections. slos_write: Create, edit, and delete SLOs. synthetics_global_variable_read: View, search, and use Synthetics global variables. synthetics_global_variable_write: Create, edit, and delete global variables for Synthetics. synthetics_private_location_read: View, search, and use Synthetics private locations. synthetics_private_location_write: Create and delete private locations in addition to having access to the associated installation guidelines. synthetics_read: List and view configured Synthetic tests and test results. synthetics_write: Create, edit, and delete Synthetic tests. teams_manage: Manage Teams. Create, delete, rename, and edit metadata of all Teams. To control Team membership across all Teams, use the User Access Manage permission. teams_read: Read Teams data. A User with this permission can view Team names, metadata, and which Users are on each Team. test_optimization_read: View Test Optimization. test_optimization_settings_write: Update service settings in Test Optimization. test_optimization_write: Update flaky tests from Flaky Tests Management of Test Optimization. timeseries_query: Query Timeseries data. usage_read: View your organization's usage and usage attribution. user_access_invite: Invite other users to your organization. user_access_manage: Disable users, manage user roles, manage SAML-to-role mappings, and configure logs restriction queries. user_access_read: View users and their roles and settings. workflows_read: View workflows. workflows_run: Run workflows. workflows_write: Create, edit, and delete workflows. tokenUrl: /oauth2/v1/token type: oauth2 apiKeyAuth: description: Your Datadog API Key. in: header name: DD-API-KEY type: apiKey x-env-name: DD_API_KEY appKeyAuth: description: Your Datadog APP Key. in: header name: DD-APPLICATION-KEY type: apiKey x-env-name: DD_APP_KEY bearerAuth: scheme: bearer type: http x-env-name: DD_BEARER_TOKEN info: contact: email: support@datadoghq.com name: Datadog Support url: https://www.datadoghq.com/support/ description: Collection of all Datadog Public endpoints. title: Datadog API V2 Collection version: "1.0" openapi: 3.0.0 paths: /api/unstable/fleet/agent_versions: get: description: |- Retrieve a list of all available Datadog Agent versions. This endpoint returns the available Agent versions that can be deployed to your fleet. These versions are used when creating deployments or configuring schedules for automated Agent upgrades. operationId: ListFleetAgentVersions responses: "200": content: application/json: examples: default: value: data: - attributes: version: "7.50.0" id: "7.50.0" type: agent_version schema: $ref: "#/components/schemas/FleetAgentVersionsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List all available Agent versions tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/agents: get: description: |- Retrieve a paginated list of all Datadog Agents. This endpoint returns a paginated list of all Datadog Agents with support for pagination, sorting, and filtering. Use the `page_number` and `page_size` query parameters to paginate through results. operationId: ListFleetAgents parameters: - description: Page number for pagination (starts at 0). in: query name: page_number required: false schema: default: 0 format: int64 minimum: 0 type: integer - description: Number of results per page (must be greater than 0 and less than or equal to 100). in: query name: page_size required: false schema: default: 10 format: int64 maximum: 100 minimum: 1 type: integer - description: Attribute to sort by. in: query name: sort_attribute required: false schema: type: string - description: Sort order (true for descending, false for ascending). in: query name: sort_descending required: false schema: type: boolean - description: Comma-separated list of tags to filter agents. in: query name: tags required: false schema: type: string - description: Filter string for narrowing down agent results. example: "hostname:my-hostname OR env:dev" in: query name: filter required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: agents: - agent_version: "7.50.0" datadog_agent_key: my-agent-hostname hostname: my-hostname os: linux id: done type: status meta: total_filtered_count: 1 schema: $ref: "#/components/schemas/FleetAgentsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List all Datadog Agents tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/agents/{agent_key}: get: description: |- Retrieve detailed information about a specific Datadog Agent. This endpoint returns comprehensive information about an agent including: - Agent details and metadata - Configured integrations organized by status (working, warning, error, missing) - Detected integrations - Configuration files and layers operationId: GetFleetAgentInfo parameters: - description: The unique identifier (agent key) for the Datadog Agent. in: path name: agent_key required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: agent_infos: agent_version: "7.50.0" datadog_agent_key: my-agent-hostname hostname: my-hostname os: linux id: my-agent-hostname type: datadog_agent_key schema: $ref: "#/components/schemas/FleetAgentInfoResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get detailed information about an agent tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/agents/{agent_key}/tracers: get: description: |- Retrieve a paginated list of tracers for a specific agent. This endpoint returns tracers associated with a given agent key, identified by the agent's hostname. Use this to discover telemetry-derived service names for a particular host. operationId: ListFleetAgentTracers parameters: - description: The unique identifier (agent key) for the Datadog Agent. in: path name: agent_key required: true schema: type: string - description: Page number for pagination (starts at 0). in: query name: page_number required: false schema: default: 0 format: int64 minimum: 0 type: integer - description: Number of results per page (must be greater than 0 and less than or equal to 100). in: query name: page_size required: false schema: default: 10 format: int64 maximum: 100 minimum: 1 type: integer - description: Attribute to sort by. in: query name: sort_attribute required: false schema: type: string - description: Sort order (true for descending, false for ascending). in: query name: sort_descending required: false schema: default: true type: boolean responses: "200": content: application/json: examples: default: value: data: attributes: tracers: - env: production hostname: my-hostname language: java service: test-service tracer_version: "1.32.0" id: done type: status meta: total_filtered_count: 1 schema: $ref: "#/components/schemas/FleetTracersResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List tracers for a specific agent tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/clusters: get: description: |- Retrieve a paginated list of Kubernetes clusters in the fleet. This endpoint returns clusters with metadata including node counts, agent versions, enabled products, and associated services. Use the `page_number` and `page_size` query parameters to paginate through results. operationId: ListFleetClusters parameters: - description: Page number for pagination (starts at 0). in: query name: page_number required: false schema: default: 0 format: int64 minimum: 0 type: integer - description: Number of results per page (must be greater than 0 and less than or equal to 100). in: query name: page_size required: false schema: default: 10 format: int64 maximum: 100 minimum: 1 type: integer - description: Attribute to sort by. in: query name: sort_attribute required: false schema: type: string - description: Sort order (true for descending, false for ascending). in: query name: sort_descending required: false schema: type: boolean - description: Filter string for narrowing down cluster results. example: "cluster_name:production" in: query name: filter required: false schema: type: string - description: Comma-separated list of tags to filter clusters. in: query name: tags required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: clusters: - agent_versions: - "7.50.0" cluster_name: production-us-east-1 enabled_products: - apm node_count: 25 id: done type: status meta: total_filtered_count: 1 schema: $ref: "#/components/schemas/FleetClustersResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List all fleet clusters tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/clusters/{cluster_name}/instrumented_pods: get: description: |- Retrieve the list of pods targeted for Single Step Instrumentation (SSI) injection in a specific Kubernetes cluster. This endpoint returns pod groups organized by owner reference (deployment, statefulset, etc.) with their injection annotations and applied targets. Use the clusters list endpoint to discover available cluster names. operationId: ListFleetInstrumentedPods parameters: - description: The name of the Kubernetes cluster. in: path name: cluster_name required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: groups: - kube_ownerref_kind: Deployment kube_ownerref_name: inventory-service namespace: default pod_count: 3 id: production-us-east-1 type: cluster_name schema: $ref: "#/components/schemas/FleetInstrumentedPodsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List instrumented pods for a cluster tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/deployments: get: description: |- Retrieve a list of all deployments for fleet automation. Use the `page_size` and `page_offset` parameters to paginate results. operationId: ListFleetDeployments parameters: - description: Number of deployments to return per page. Maximum value is 100. in: query name: page_size required: false schema: default: 10 format: int64 maximum: 100 type: integer - description: Index of the first deployment to return. Use this with `page_size` to paginate through results. in: query name: page_offset required: false schema: default: 0 format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: filter_query: "env:prod AND service:web" high_level_status: running total_hosts: 10 id: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: deployment meta: page: total_count: 1 schema: $ref: "#/components/schemas/FleetDeploymentsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List all deployments tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/deployments/configure: post: description: |- Create a new deployment to apply configuration changes to a fleet of hosts matching the specified filter query. This endpoint supports two types of configuration operations: - `merge-patch`: Merges the provided patch data with the existing configuration file, creating the file if it doesn't exist - `delete`: Removes the specified configuration file from the target hosts The deployment is created and started automatically. You can specify multiple configuration operations that will be executed in order on each target host. Use the filter query to target specific hosts using the Datadog query syntax. operationId: CreateFleetDeploymentConfigure requestBody: content: application/json: examples: add_log_integration: summary: Add log integrations for multiple services value: data: attributes: config_operations: - file_op: "merge-patch" file_path: "/conf.d/postgres.d/logs.yaml" patch: logs: - path: "/var/log/postgres.log" service: "postgres1" source: "postgres" type: file - file_op: "merge-patch" file_path: "/conf.d/kafka.d/logs.yaml" patch: logs: - path: "/var/log/kafka.log" service: "kafka1" source: "kafka" type: file filter_query: "env:prod" type: deployment comprehensive_configuration: summary: Comprehensive example with multiple configuration file types value: data: attributes: config_operations: - file_op: "merge-patch" file_path: "/datadog.yaml" patch: apm_config: apm_dd_url: "https://trace.agent.datadoghq.com" enabled: true log_level: "info" logs_enabled: true process_config: enabled: true - file_op: "merge-patch" file_path: "/security-agent.yaml" patch: runtime_security_config: enabled: true fim_enabled: true - file_op: "merge-patch" file_path: "/system-probe.yaml" patch: network_config: enabled: true service_monitoring_config: enabled: true - file_op: "merge-patch" file_path: "/application_monitoring.yaml" patch: enabled: true server: host: "0.0.0.0" port: 8126 - file_op: "merge-patch" file_path: "/conf.d/logs.d/custom-app.yaml" patch: logs: - path: "/var/log/custom-app/*.log" service: "custom-app" source: "custom" type: file - file_op: "merge-patch" file_path: "/conf.d/docker.d/docker-logs.yaml" patch: logs: - service: "docker" source: "docker" type: docker - file_op: "merge-patch" file_path: "/conf.d/snmp.d/network-devices.yaml" patch: init_config: loader: core instances: - community_string: "public" ip_address: "192.168.1.1" - file_op: "merge-patch" file_path: "/conf.d/postgres.d/conf.yaml" patch: instances: - dbname: "postgres" host: "localhost" port: 5432 username: "datadog" - file_op: "delete" file_path: "/conf.d/deprecated-integration.yaml" filter_query: "env:prod AND datacenter:us-east-1" type: deployment default: value: data: attributes: config_operations: - file_op: merge-patch file_path: /datadog.yaml patch: apm_config: apm_dd_url: https://trace.agent.datadoghq.com enabled: true log_level: info logs_enabled: true process_config: enabled: true - file_op: merge-patch file_path: /security-agent.yaml patch: runtime_security_config: enabled: true fim_enabled: true - file_op: merge-patch file_path: /system-probe.yaml patch: network_config: enabled: true service_monitoring_config: enabled: true - file_op: merge-patch file_path: /application_monitoring.yaml patch: enabled: true server: host: 0.0.0.0 port: 8126 - file_op: merge-patch file_path: /conf.d/logs.d/custom-app.yaml patch: logs: - path: /var/log/custom-app/*.log service: custom-app source: custom type: file - file_op: merge-patch file_path: /conf.d/docker.d/docker-logs.yaml patch: logs: - service: docker source: docker type: docker - file_op: merge-patch file_path: /conf.d/snmp.d/network-devices.yaml patch: init_config: loader: core instances: - community_string: public ip_address: 192.168.1.1 - file_op: merge-patch file_path: /conf.d/postgres.d/conf.yaml patch: instances: - dbname: postgres host: localhost port: 5432 username: datadog - file_op: delete file_path: /conf.d/deprecated-integration.yaml filter_query: env:prod AND datacenter:us-east-1 type: deployment delete_config_file: summary: Delete a configuration file value: data: attributes: config_operations: - file_op: "delete" file_path: "/conf.d/old-integration.yaml" filter_query: "env:dev" type: deployment enable_apm_and_logs: summary: Enable APM and Logs products value: data: attributes: config_operations: - file_op: "merge-patch" file_path: "/datadog.yaml" patch: apm_config: enabled: true log_level: "debug" logs_enabled: true filter_query: "env:prod AND service:web" type: deployment simple_log_level: summary: Set log level to info value: data: attributes: config_operations: - file_op: "merge-patch" file_path: "/datadog.yaml" patch: log_level: "info" filter_query: "env:staging" type: deployment schema: $ref: "#/components/schemas/FleetDeploymentConfigureCreateRequest" description: Request payload containing the deployment details. required: true responses: "201": content: application/json: examples: default: value: data: attributes: config_operations: - file_op: merge-patch file_path: /datadog.yaml patch: log_level: info filter_query: env:prod AND service:web high_level_status: pending total_hosts: 42 id: abc-123 type: deployment schema: $ref: "#/components/schemas/FleetDeploymentResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create a configuration deployment tags: - Fleet Automation "x-permission": operator: AND permissions: - agent_upgrade_write - fleet_policies_write x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/deployments/upgrade: post: description: |- Create and immediately start a new package upgrade on hosts matching the specified filter query. This endpoint allows you to upgrade the Datadog Agent to a specific version on hosts matching the specified filter query. The deployment is created and started automatically. The system will: 1. Identify all hosts matching the filter query 2. Validate that the specified version is available 3. Begin rolling out the package upgrade to the target hosts operationId: CreateFleetDeploymentUpgrade requestBody: content: application/json: examples: default: value: data: attributes: filter_query: env:prod AND service:web target_packages: - name: datadog-agent version: 7.52.0 type: deployment upgrade_agent: summary: Upgrade Datadog Agent to version 7.52.0 value: data: attributes: filter_query: "env:prod AND service:web" target_packages: - name: "datadog-agent" version: "7.52.0" type: deployment upgrade_multiple_packages: summary: Upgrade multiple packages value: data: attributes: filter_query: "env:staging" target_packages: - name: "datadog-agent" version: "7.52.0-1" - name: "datadog-apm-inject" version: "0.10.0" type: deployment schema: $ref: "#/components/schemas/FleetDeploymentPackageUpgradeCreateRequest" description: Request payload containing the package upgrade details. required: true responses: "201": content: application/json: examples: default: value: data: attributes: filter_query: "env:prod AND service:web" high_level_status: pending total_hosts: 0 id: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: deployment schema: $ref: "#/components/schemas/FleetDeploymentResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Upgrade hosts tags: - Fleet Automation "x-permission": operator: AND permissions: - agent_upgrade_write - fleet_policies_write x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/deployments/{deployment_id}: get: description: |- Retrieve detailed information about a specific deployment using its unique identifier. This endpoint returns comprehensive information about a deployment, including: - Deployment metadata (ID, type, filter query) - Total number of target hosts - Current high-level status (pending, running, succeeded, failed) - Estimated completion time - Configuration operations that were or are being applied - Detailed host list: A paginated array of hosts included in this deployment with individual host status, current package versions, and any errors The host list provides visibility into the per-host execution status, allowing you to: - Monitor which hosts have completed successfully - Identify hosts that are still in progress - Investigate failures on specific hosts - View current package versions installed on each host (including initial, target, and current versions for each package) Pagination: Use the `limit` and `page` query parameters to paginate through hosts. The response includes pagination metadata in the `meta.hosts` field with information about the current page, total pages, and total host count. The default page size is 50 hosts, with a maximum of 100. operationId: GetFleetDeployment parameters: - description: The unique identifier of the deployment to retrieve. example: "abc-def-ghi" in: path name: deployment_id required: true schema: type: string - description: Maximum number of hosts to return per page. Default is 50, maximum is 100. in: query name: limit required: false schema: default: 50 format: int64 maximum: 100 type: integer - description: Page index for pagination (zero-based). Use this to retrieve subsequent pages of hosts. in: query name: page required: false schema: default: 0 format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: filter_query: "env:prod AND service:web" high_level_status: running total_hosts: 10 id: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: deployment schema: $ref: "#/components/schemas/FleetDeploymentResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a configuration deployment by ID tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/deployments/{deployment_id}/cancel: post: description: |- Cancel an active deployment and stop all pending operations. When you cancel a deployment: - All pending operations on hosts that haven't started yet are stopped - Operations currently in progress on hosts may complete or be interrupted, depending on their current state - Configuration changes or package upgrades already applied to hosts are not rolled back After cancellation, you can view the final state of the deployment using the GET endpoint to see which hosts were successfully updated before the cancellation. operationId: CancelFleetDeployment parameters: - description: The unique identifier of the deployment to cancel. example: "abc-def-ghi" in: path name: deployment_id required: true schema: type: string responses: "204": description: Deployment successfully canceled. "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Cancel a deployment tags: - Fleet Automation "x-permission": operator: AND permissions: - agent_upgrade_write - fleet_policies_write x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/schedules: get: description: |- Retrieve a list of all schedules for automated fleet deployments. Schedules allow you to automate package upgrades by defining maintenance windows and recurrence rules. Each schedule automatically creates deployments based on its configuration. operationId: ListFleetSchedules responses: "200": content: application/json: examples: default: value: data: - attributes: created_at_unix: 1699999999 created_by: test@example.com name: Weekly Production Agent Updates query: env:prod AND service:web rule: days_of_week: - Mon - Wed maintenance_window_duration: 120 start_maintenance_window: "02:00" timezone: America/New_York status: active updated_at_unix: 1699999999 updated_by: test@example.com version_to_latest: 0 id: abc-def-ghi-123 type: schedule schema: $ref: "#/components/schemas/FleetSchedulesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List all schedules tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Create a new schedule for automated package upgrades. Schedules define when and how often to automatically deploy package upgrades to a fleet of hosts. Each schedule includes: - A filter query to select target hosts - A recurrence rule defining maintenance windows - A version strategy (e.g., always latest, or N versions behind latest) When the schedule triggers during a maintenance window, it automatically creates a deployment that upgrades the Datadog Agent to the specified version on all matching hosts. operationId: CreateFleetSchedule requestBody: content: application/json: examples: conservative_staging: summary: Conservative staging updates (N-1 version) value: data: attributes: name: "Staging Environment - Conservative Updates" query: "env:staging" rule: days_of_week: ["Fri"] maintenance_window_duration: 240 start_maintenance_window: "22:00" timezone: "UTC" status: "active" version_to_latest: 1 type: schedule default: value: data: attributes: name: Weekly Production Agent Updates query: env:prod rule: days_of_week: - Mon - Wed maintenance_window_duration: 180 start_maintenance_window: 02:00 timezone: America/New_York status: active version_to_latest: 0 type: schedule weekly_production_update: summary: Weekly production agent updates value: data: attributes: name: "Weekly Production Agent Updates" query: "env:prod" rule: days_of_week: ["Mon", "Wed"] maintenance_window_duration: 180 start_maintenance_window: "02:00" timezone: "America/New_York" status: "active" version_to_latest: 0 type: schedule schema: $ref: "#/components/schemas/FleetScheduleCreateRequest" description: Request payload containing the schedule details. required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: Weekly Production Agent Updates query: env:prod rule: days_of_week: - Mon - Wed maintenance_window_duration: 180 start_maintenance_window: "02:00" timezone: America/New_York status: active version_to_latest: 0 id: abc-123 type: schedule schema: $ref: "#/components/schemas/FleetScheduleResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create a schedule tags: - Fleet Automation "x-permission": operator: AND permissions: - agent_upgrade_write x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/schedules/{id}: delete: description: |- Delete a schedule permanently. When you delete a schedule: - The schedule is permanently removed and will no longer create deployments - Any deployments already created by this schedule are not affected - This action cannot be undone If you want to temporarily stop a schedule from creating deployments, consider updating its status to "inactive" instead of deleting it. operationId: DeleteFleetSchedule parameters: - description: The unique identifier of the schedule to delete. example: "abc-def-ghi-123" in: path name: id required: true schema: type: string responses: "204": description: Schedule successfully deleted. "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete a schedule tags: - Fleet Automation "x-permission": operator: AND permissions: - agent_upgrade_write x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: |- Retrieve detailed information about a specific schedule using its unique identifier. This endpoint returns comprehensive information about a schedule, including: - Schedule metadata (ID, name, creation/update timestamps) - Filter query for selecting target hosts - Recurrence rule defining when deployments are triggered - Version strategy for package upgrades - Current status (active or inactive) operationId: GetFleetSchedule parameters: - description: The unique identifier of the schedule to retrieve. example: "abc-def-ghi-123" in: path name: id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at_unix: 1699999999 created_by: test@example.com name: Weekly Production Agent Updates query: env:prod AND service:web rule: days_of_week: - Mon - Wed maintenance_window_duration: 120 start_maintenance_window: "02:00" timezone: America/New_York status: active updated_at_unix: 1699999999 updated_by: test@example.com version_to_latest: 0 id: abc-def-ghi-123 type: schedule schema: $ref: "#/components/schemas/FleetScheduleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a schedule by ID tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: |- Partially update a schedule by providing only the fields you want to change. This endpoint allows you to modify specific attributes of a schedule without affecting other fields. Common use cases include: - Changing the schedule status between active and inactive - Updating the maintenance window times - Modifying the filter query to target different hosts - Adjusting the version strategy Only include the fields you want to update in the request body. All fields are optional in a PATCH request. operationId: UpdateFleetSchedule parameters: - description: The unique identifier of the schedule to update. example: "abc-def-ghi-123" in: path name: id required: true schema: type: string requestBody: content: application/json: examples: change_maintenance_window: summary: Change maintenance window time value: data: attributes: rule: days_of_week: ["Mon", "Wed", "Fri"] maintenance_window_duration: 240 start_maintenance_window: "03:00" timezone: "America/New_York" type: schedule default: value: data: attributes: status: inactive type: schedule pause_schedule: summary: Pause a schedule value: data: attributes: status: "inactive" type: schedule update_query: summary: Update target hosts query value: data: attributes: query: "env:prod AND service:api" type: schedule schema: $ref: "#/components/schemas/FleetSchedulePatchRequest" description: Request payload containing the fields to update. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at_unix: 1699999999 created_by: test@example.com name: Weekly Production Agent Updates query: env:prod AND service:web rule: days_of_week: - Mon - Wed maintenance_window_duration: 120 start_maintenance_window: "02:00" timezone: America/New_York status: inactive updated_at_unix: 1699999999 updated_by: test@example.com version_to_latest: 0 id: abc-def-ghi-123 type: schedule schema: $ref: "#/components/schemas/FleetScheduleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update a schedule tags: - Fleet Automation "x-permission": operator: AND permissions: - agent_upgrade_write x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/schedules/{id}/trigger: post: description: |- Manually trigger a schedule to immediately create and start a deployment. This endpoint allows you to manually initiate a deployment using the schedule's configuration, without waiting for the next scheduled maintenance window. This is useful for: - Testing a schedule before it runs automatically - Performing an emergency update outside the regular maintenance window - Creating an ad-hoc deployment with the same settings as a schedule The deployment is created immediately with: - The same filter query as the schedule - The package version determined by the schedule's version strategy - All matching hosts as targets The manually triggered deployment is independent of the schedule and does not affect the schedule's normal recurrence pattern. operationId: TriggerFleetSchedule parameters: - description: The unique identifier of the schedule to trigger. example: "abc-def-ghi-123" in: path name: id required: true schema: type: string responses: "201": content: application/json: examples: default: value: data: attributes: filter_query: env:prod AND service:web high_level_status: pending packages: - name: datadog-agent version: 7.52.0 total_hosts: 10 id: abc-123 type: deployment schema: $ref: "#/components/schemas/FleetDeploymentResponse" description: CREATED - Deployment successfully created and started. "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Trigger a schedule deployment tags: - Fleet Automation "x-permission": operator: AND permissions: - agent_upgrade_write x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/fleet/tracers: get: description: |- Retrieve a paginated list of all fleet tracers. This endpoint returns telemetry-derived service names from the SDK telemetry pipeline. These names may differ from span-derived names in APM and are useful for querying service library configurations. Use the `page_number` and `page_size` query parameters to paginate through results. operationId: ListFleetTracers parameters: - description: Page number for pagination (starts at 0). in: query name: page_number required: false schema: default: 0 format: int64 minimum: 0 type: integer - description: Number of results per page (must be greater than 0 and less than or equal to 100). in: query name: page_size required: false schema: default: 10 format: int64 maximum: 100 minimum: 1 type: integer - description: Attribute to sort by. in: query name: sort_attribute required: false schema: type: string - description: Sort order (true for descending, false for ascending). in: query name: sort_descending required: false schema: default: true type: boolean - description: Filter string for narrowing down tracer results. example: "hostname:my-host OR env:prod" in: query name: filter required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: tracers: - env: production hostname: my-hostname language: java service: test-service tracer_version: "1.32.0" id: done type: status meta: total_filtered_count: 1 schema: $ref: "#/components/schemas/FleetTracersResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List all fleet tracers tags: - Fleet Automation "x-permission": operator: AND permissions: - hosts_read x-unstable: |- This endpoint is in Preview and may introduce breaking changes. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/unstable/llm-obs/config/evaluators/custom/{eval_name}: delete: description: Delete a custom LLM Observability evaluator configuration by its name. operationId: DeleteLLMObsCustomEvalConfig parameters: - $ref: "#/components/parameters/LLMObsEvalNamePathParameter" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete a custom evaluator configuration tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Retrieve a custom LLM Observability evaluator configuration by its name. operationId: GetLLMObsCustomEvalConfig parameters: - $ref: "#/components/parameters/LLMObsEvalNamePathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: category: "Custom" created_at: "2024-01-15T10:30:00Z" created_by: email: "user@example.com" eval_name: "my-custom-evaluator" last_updated_by: email: "user@example.com" llm_judge_config: inference_params: max_tokens: 1024 temperature: 0.7 parsing_type: "structured_output" llm_provider: integration_provider: "openai" model_name: "gpt-4o" target: application_name: "my-llm-app" enabled: true sampling_percentage: 50.0 updated_at: "2024-01-15T10:30:00Z" id: "my-custom-evaluator" type: "evaluator_config" schema: $ref: "#/components/schemas/LLMObsCustomEvalConfigResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a custom evaluator configuration tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: Create or update a custom LLM Observability evaluator configuration by its name. operationId: UpdateLLMObsCustomEvalConfig parameters: - $ref: "#/components/parameters/LLMObsEvalNamePathParameter" requestBody: content: application/json: examples: default: value: data: attributes: llm_judge_config: inference_params: max_tokens: 1024 temperature: 0.7 parsing_type: "structured_output" llm_provider: integration_provider: "openai" model_name: "gpt-4o" target: application_name: "my-llm-app" enabled: true sampling_percentage: 50.0 id: "my-custom-evaluator" type: "evaluator_config" full: summary: Full example with prompt template, output schema, and assessment criteria value: data: attributes: category: "Custom" eval_name: "my-custom-evaluator" llm_judge_config: assessment_criteria: pass_when: false inference_params: frequency_penalty: 0 max_tokens: 4096 presence_penalty: 0 temperature: 1 top_p: 1 output_schema: name: "boolean_eval" strict: true parsing_type: "structured_output" prompt_template: - content: "You are a judge LLM." role: "system" - content: "{{span_output}}" role: "user" llm_provider: integration_account_id: "your-account-uuid" integration_provider: "openai" model_name: "gpt-4o" target: application_name: "my-llm-app" enabled: true eval_scope: "span" filter: "@meta.span.kind:llm" root_spans_only: false sampling_percentage: 100 id: "my-custom-evaluator" type: "evaluator_config" schema: $ref: "#/components/schemas/LLMObsCustomEvalConfigUpdateRequest" description: Custom evaluator configuration payload. required: true responses: "200": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "422": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create or update a custom evaluator configuration tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/actions-datastores: get: description: Lists all datastores for the organization. operationId: ListDatastores responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" description: A sample datastore modified_at: "2024-01-01T00:00:00+00:00" name: Example Datastore org_id: 123 primary_column_name: id primary_key_generation_strategy: none id: 00000000-0000-0000-0000-000000000001 type: datastores schema: $ref: "#/components/schemas/DatastoreArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List datastores tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_read post: description: Creates a new datastore. operationId: CreateDatastore requestBody: content: application/json: examples: default: value: data: attributes: name: datastore-name org_access: contributor primary_column_name: primaryKey primary_key_generation_strategy: none type: datastores schema: $ref: "#/components/schemas/CreateAppsDatastoreRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000002 type: datastores schema: $ref: "#/components/schemas/CreateAppsDatastoreResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create datastore tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_manage "/api/v2/actions-datastores/{datastore_id}": delete: description: Deletes a datastore by its unique identifier. operationId: DeleteDatastore parameters: - description: The unique identifier of the datastore to retrieve. in: path name: datastore_id required: true schema: type: string responses: "200": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete datastore tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_manage get: description: Retrieves a specific datastore by its ID. operationId: GetDatastore parameters: - description: The unique identifier of the datastore to retrieve. in: path name: datastore_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: A sample datastore modified_at: "2024-01-01T00:00:00+00:00" name: Example Datastore org_id: 123 primary_column_name: id primary_key_generation_strategy: none id: 00000000-0000-0000-0000-000000000003 type: datastores schema: $ref: "#/components/schemas/Datastore" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get datastore tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_read patch: description: Updates an existing datastore's attributes. operationId: UpdateDatastore parameters: - description: The unique identifier of the datastore to retrieve. in: path name: datastore_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: type: datastores schema: $ref: "#/components/schemas/UpdateAppsDatastoreRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: An updated datastore modified_at: "2024-01-01T00:00:00+00:00" name: Updated Datastore org_id: 123 primary_column_name: id primary_key_generation_strategy: none id: 00000000-0000-0000-0000-000000000004 type: datastores schema: $ref: "#/components/schemas/Datastore" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update datastore tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_manage "/api/v2/actions-datastores/{datastore_id}/items": delete: description: Deletes an item from a datastore by its key. operationId: DeleteDatastoreItem parameters: - description: The unique identifier of the datastore to retrieve. in: path name: datastore_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: id: a7656bcc-51d4-4884-adf7-4d0d9a3e0633 item_key: primaryKey type: items schema: $ref: "#/components/schemas/DeleteAppsDatastoreItemRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000007 type: items schema: $ref: "#/components/schemas/DeleteAppsDatastoreItemResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete datastore item tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_write get: description: >- Lists items from a datastore. You can filter the results by specifying either an item key or a filter query parameter, but not both at the same time. Supports server-side pagination for large datasets. operationId: ListDatastoreItems parameters: - description: The unique identifier of the datastore to retrieve. in: path name: datastore_id required: true schema: type: string - description: Optional query filter to search items using the [logs search syntax](https://docs.datadoghq.com/logs/explorer/search_syntax/). in: query name: filter schema: type: string - description: Optional primary key value to retrieve a specific item. Cannot be used together with the filter parameter. in: query name: item_key schema: maxLength: 256 type: string - description: Optional field to limit the number of items to return per page for pagination. Up to 100 items can be returned per page. in: query name: "page[limit]" schema: format: int64 maximum: 100 minimum: 1 type: integer - description: Optional field to offset the number of items to skip from the beginning of the result set for pagination. in: query name: "page[offset]" schema: format: int64 type: integer - description: Optional field to sort results by. Prefix with '-' for descending order (e.g., '-created_at'). in: query name: sort schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" modified_at: "2024-01-01T00:00:00+00:00" org_id: 123 primary_column_name: id store_id: 00000000-0000-0000-0000-000000000006 value: key: example-value id: 00000000-0000-0000-0000-000000000005 type: items schema: $ref: "#/components/schemas/ItemApiPayloadArray" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List datastore items tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_read patch: description: Partially updates an item in a datastore by its key. operationId: UpdateDatastoreItem parameters: - description: The unique identifier of the datastore to retrieve. in: path name: datastore_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: item_changes: ops_set: count: 42 status: active item_key: my-item-key type: items schema: $ref: "#/components/schemas/UpdateAppsDatastoreItemRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" modified_at: "2024-01-01T00:00:00+00:00" org_id: 123 primary_column_name: id store_id: 00000000-0000-0000-0000-000000000009 value: count: 42 status: active id: 00000000-0000-0000-0000-000000000008 type: items schema: $ref: "#/components/schemas/ItemApiPayload" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update datastore item tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_write "/api/v2/actions-datastores/{datastore_id}/items/bulk": delete: description: >- Deletes multiple items from a datastore by their keys in a single operation. operationId: BulkDeleteDatastoreItems parameters: - description: The ID of the datastore. in: path name: datastore_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: type: items schema: $ref: "#/components/schemas/BulkDeleteAppsDatastoreItemsRequest" required: true responses: "200": content: application/json: examples: default: value: data: - id: 00000000-0000-0000-0000-000000000010 type: items schema: $ref: "#/components/schemas/DeleteAppsDatastoreItemResponseArray" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Internal Server Error summary: Bulk delete datastore items tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_write post: description: >- Creates or replaces multiple items in a datastore by their keys in a single operation. operationId: BulkWriteDatastoreItems parameters: - description: The unique identifier of the datastore to retrieve. in: path name: datastore_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: conflict_mode: overwrite_on_conflict values: - data: example data key: value - data: example data2 key: value2 type: items schema: $ref: "#/components/schemas/BulkPutAppsDatastoreItemsRequest" required: true responses: "200": content: application/json: examples: default: value: data: - id: 00000000-0000-0000-0000-000000000011 type: items schema: $ref: "#/components/schemas/PutAppsDatastoreItemResponseArray" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Bulk write datastore items tags: - Actions Datastores x-permission: operator: OR permissions: - apps_datastore_write /api/v2/actions/app_key_registrations: get: description: List App Key Registrations operationId: ListAppKeyRegistrations parameters: - description: The number of App Key Registrations to return per page. in: query name: page[size] required: false schema: format: int64 type: integer - description: The page number to return. in: query name: page[number] required: false schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - id: 00000000-0000-0000-0000-000000000001 type: app_key_registration meta: total: 1 total_filtered: 1 schema: $ref: "#/components/schemas/ListAppKeyRegistrationsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: List App Key Registrations tags: - Action Connection x-permission: operator: OR permissions: - org_app_keys_read /api/v2/actions/app_key_registrations/{app_key_id}: delete: description: Unregister an App Key operationId: UnregisterAppKey parameters: - $ref: "#/components/parameters/ApplicationKeyId" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: Unregister an App Key tags: - Action Connection x-permission: operator: OR permissions: - user_access_manage - user_app_keys - service_account_write get: description: Get an existing App Key Registration operationId: GetAppKeyRegistration parameters: - $ref: "#/components/parameters/ApplicationKeyId" responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 type: app_key_registration schema: $ref: "#/components/schemas/GetAppKeyRegistrationResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: Get an existing App Key Registration tags: - Action Connection x-permission: operator: OR permissions: - org_app_keys_read put: description: Register a new App Key operationId: RegisterAppKey parameters: - $ref: "#/components/parameters/ApplicationKeyId" responses: "201": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 type: app_key_registration schema: $ref: "#/components/schemas/RegisterAppKeyResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: Register a new App Key tags: - Action Connection x-permission: operator: OR permissions: - user_access_manage - user_app_keys - service_account_write /api/v2/actions/connections: post: description: Create a new Action Connection. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). operationId: CreateActionConnection requestBody: content: application/json: examples: default: value: data: attributes: integration: credentials: account_id: "123456789123" role: MyRoleUpdated type: AWSAssumeRole type: AWS name: My AWS Connection type: action_connection schema: $ref: "#/components/schemas/CreateActionConnectionRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: integration: type: AWS name: My AWS Connection id: 00000000-0000-0000-0000-000000000001 type: action_connection schema: $ref: "#/components/schemas/CreateActionConnectionResponse" description: Successfully created Action Connection "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too Many Request summary: Create a new Action Connection tags: - Action Connection /api/v2/actions/connections/{connection_id}: delete: description: Delete an existing Action Connection. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: DeleteActionConnection parameters: - $ref: "#/components/parameters/ConnectionId" responses: "204": description: The resource was deleted successfully. "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too Many Request summary: Delete an existing Action Connection tags: - Action Connection x-permission: operator: OR permissions: - connection_write get: description: Get an existing Action Connection. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). operationId: GetActionConnection parameters: - $ref: "#/components/parameters/ConnectionId" responses: "200": content: application/json: examples: default: value: data: attributes: integration: type: AWS name: My AWS Connection id: 00000000-0000-0000-0000-000000000002 type: action_connection schema: $ref: "#/components/schemas/GetActionConnectionResponse" description: Successfully get Action Connection "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too Many Request summary: Get an existing Action Connection tags: - Action Connection patch: description: Update an existing Action Connection. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). operationId: UpdateActionConnection parameters: - $ref: "#/components/parameters/ConnectionId" requestBody: content: application/json: examples: default: value: data: attributes: integration: type: AWS name: My AWS Connection type: action_connection schema: $ref: "#/components/schemas/UpdateActionConnectionRequest" description: Update an existing Action Connection request body required: true responses: "200": content: application/json: examples: default: value: data: attributes: integration: type: AWS name: My AWS Connection id: 00000000-0000-0000-0000-000000000003 type: action_connection schema: $ref: "#/components/schemas/UpdateActionConnectionResponse" description: Successfully updated Action Connection "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too Many Request summary: Update an existing Action Connection tags: - Action Connection /api/v2/agentless_scanning/accounts/aws: get: description: Fetches the scan options configured for AWS accounts. operationId: ListAwsScanOptions responses: "200": content: application/json: examples: default: value: data: - attributes: lambda: true sensitive_data: false vuln_containers_os: true vuln_host_os: true id: "123456789012" type: aws_scan_options schema: $ref: "#/components/schemas/AwsScanOptionsListResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: List AWS scan options tags: ["Agentless Scanning"] post: description: Activate Agentless scan options for an AWS account. operationId: CreateAwsScanOptions requestBody: content: application/json: examples: default: value: data: attributes: compliance_host: false lambda: true sensitive_data: false vuln_containers_os: true vuln_host_os: true id: "123456789012" type: aws_scan_options schema: $ref: "#/components/schemas/AwsScanOptionsCreateRequest" description: The definition of the new scan options. required: true responses: "201": content: "application/json": examples: default: value: data: attributes: lambda: true sensitive_data: false vuln_containers_os: true vuln_host_os: true id: "123456789012" type: aws_scan_options schema: $ref: "#/components/schemas/AwsScanOptionsResponse" description: Agentless scan options enabled successfully. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Create AWS scan options tags: ["Agentless Scanning"] x-codegen-request-body-name: body /api/v2/agentless_scanning/accounts/aws/{account_id}: delete: description: Delete Agentless scan options for an AWS account. operationId: DeleteAwsScanOptions parameters: - $ref: "#/components/parameters/AwsAccountId" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Delete AWS scan options tags: ["Agentless Scanning"] get: description: Fetches the Agentless scan options for an activated account. operationId: GetAwsScanOptions parameters: - $ref: "#/components/parameters/AwsAccountId" responses: "200": content: application/json: examples: default: value: data: attributes: lambda: true sensitive_data: false vuln_containers_os: true vuln_host_os: true id: "123456789012" type: aws_scan_options schema: $ref: "#/components/schemas/AwsScanOptionsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: Get AWS scan options tags: ["Agentless Scanning"] patch: description: Update the Agentless scan options for an activated account. operationId: UpdateAwsScanOptions parameters: - $ref: "#/components/parameters/AwsAccountId" requestBody: content: application/json: examples: default: value: data: attributes: compliance_host: false lambda: true sensitive_data: false vuln_containers_os: true vuln_host_os: true id: "123456789012" type: aws_scan_options schema: $ref: "#/components/schemas/AwsScanOptionsUpdateRequest" description: New definition of the scan options. required: true responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Update AWS scan options tags: ["Agentless Scanning"] x-codegen-request-body-name: body /api/v2/agentless_scanning/accounts/azure: get: description: Fetches the scan options configured for Azure accounts. operationId: ListAzureScanOptions responses: "200": content: application/json: examples: default: value: data: - attributes: vuln_containers_os: true vuln_host_os: true id: 00000000-0000-0000-0000-000000000001 type: azure_scan_options schema: $ref: "#/components/schemas/AzureScanOptionsArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: List Azure scan options tags: - Agentless Scanning post: description: Activate Agentless scan options for an Azure subscription. operationId: CreateAzureScanOptions requestBody: content: application/json: examples: default: value: data: attributes: compliance_host: false vuln_containers_os: true vuln_host_os: true id: 12345678-90ab-cdef-1234-567890abcdef type: azure_scan_options schema: $ref: "#/components/schemas/AzureScanOptions" required: true responses: "201": content: application/json: examples: default: value: data: attributes: vuln_containers_os: true vuln_host_os: true id: 00000000-0000-0000-0000-000000000001 type: azure_scan_options schema: $ref: "#/components/schemas/AzureScanOptions" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Create Azure scan options tags: - Agentless Scanning /api/v2/agentless_scanning/accounts/azure/{subscription_id}: delete: description: Delete Agentless scan options for an Azure subscription. operationId: DeleteAzureScanOptions parameters: - description: The Azure subscription ID. in: path name: subscription_id required: true schema: example: 12345678-90ab-cdef-1234-567890abcdef type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Delete Azure scan options tags: - Agentless Scanning get: description: Fetches the Agentless scan options for an activated subscription. operationId: GetAzureScanOptions parameters: - description: The Azure subscription ID. in: path name: subscription_id required: true schema: example: 12345678-90ab-cdef-1234-567890abcdef type: string responses: "200": content: application/json: examples: default: value: data: attributes: vuln_containers_os: true vuln_host_os: true id: 00000000-0000-0000-0000-000000000001 type: azure_scan_options schema: $ref: "#/components/schemas/AzureScanOptions" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: Get Azure scan options tags: ["Agentless Scanning"] patch: description: Update the Agentless scan options for an activated subscription. operationId: UpdateAzureScanOptions parameters: - description: The Azure subscription ID. in: path name: subscription_id required: true schema: example: 12345678-90ab-cdef-1234-567890abcdef type: string requestBody: content: application/json: examples: default: value: data: attributes: vuln_containers_os: false id: 12345678-90ab-cdef-1234-567890abcdef type: azure_scan_options schema: $ref: "#/components/schemas/AzureScanOptionsInputUpdate" required: true responses: "200": content: application/json: examples: default: value: data: attributes: vuln_containers_os: false vuln_host_os: true id: 00000000-0000-0000-0000-000000000001 type: azure_scan_options schema: $ref: "#/components/schemas/AzureScanOptions" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Update Azure scan options tags: - Agentless Scanning /api/v2/agentless_scanning/accounts/gcp: get: description: Fetches the scan options configured for all GCP projects. operationId: ListGcpScanOptions responses: "200": content: application/json: examples: default: value: data: - attributes: vuln_containers_os: true vuln_host_os: true id: abc-123 type: gcp_scan_options schema: $ref: "#/components/schemas/GcpScanOptionsArray" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: List GCP scan options tags: - Agentless Scanning post: description: Activate Agentless scan options for a GCP project. operationId: CreateGcpScanOptions requestBody: content: application/json: examples: default: value: data: attributes: compliance_host: false vuln_containers_os: true vuln_host_os: true id: company-project-id type: gcp_scan_options schema: $ref: "#/components/schemas/GcpScanOptions" description: The definition of the new scan options. required: true responses: "201": content: application/json: examples: default: value: data: attributes: vuln_containers_os: true vuln_host_os: true id: abc-123 type: gcp_scan_options schema: $ref: "#/components/schemas/GcpScanOptions" description: Agentless scan options enabled successfully. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Create GCP scan options tags: - Agentless Scanning x-codegen-request-body-name: body /api/v2/agentless_scanning/accounts/gcp/{project_id}: delete: description: Delete Agentless scan options for a GCP project. operationId: DeleteGcpScanOptions parameters: - description: The GCP project ID. in: path name: project_id required: true schema: example: company-project-id type: string responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Delete GCP scan options tags: - Agentless Scanning get: description: Fetches the Agentless scan options for an activated GCP project. operationId: GetGcpScanOptions parameters: - description: The GCP project ID. in: path name: project_id required: true schema: example: company-project-id type: string responses: "200": content: application/json: examples: default: value: data: attributes: vuln_containers_os: true vuln_host_os: true id: abc-123 type: gcp_scan_options schema: $ref: "#/components/schemas/GcpScanOptions" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: Get GCP scan options tags: - Agentless Scanning patch: description: Update the Agentless scan options for an activated GCP project. operationId: UpdateGcpScanOptions parameters: - description: The GCP project ID. in: path name: project_id required: true schema: example: company-project-id type: string requestBody: content: application/json: examples: default: value: data: attributes: vuln_containers_os: false id: company-project-id type: gcp_scan_options schema: $ref: "#/components/schemas/GcpScanOptionsInputUpdate" description: New definition of the scan options. required: true responses: "200": content: application/json: examples: default: value: data: attributes: vuln_containers_os: true vuln_host_os: true id: abc-123 type: gcp_scan_options schema: $ref: "#/components/schemas/GcpScanOptions" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Update GCP scan options tags: - Agentless Scanning x-codegen-request-body-name: body /api/v2/agentless_scanning/ondemand/aws: get: description: Fetches the most recent 1000 AWS on demand tasks. operationId: ListAwsOnDemandTasks responses: "200": content: application/json: examples: default: value: data: - attributes: arn: "arn:aws:ec2:us-east-1:123456789012:instance/i-0eabb50529b67a1ba" assigned_at: "2024-01-01T00:00:00+00:00" created_at: "2024-01-01T00:00:00+00:00" status: QUEUED id: abc-123 type: aws_resource schema: $ref: "#/components/schemas/AwsOnDemandListResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: List AWS on demand tasks tags: ["Agentless Scanning"] "x-permission": operator: OR permissions: - security_monitoring_findings_read post: description: Trigger the scan of an AWS resource with a high priority. Agentless scanning must be activated for the AWS account containing the resource to scan. operationId: CreateAwsOnDemandTask requestBody: content: application/json: examples: default: value: data: attributes: arn: arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba type: aws_resource schema: $ref: "#/components/schemas/AwsOnDemandCreateRequest" description: The definition of the on demand task. required: true responses: "201": content: "application/json": examples: default: value: data: attributes: arn: "arn:aws:ec2:us-east-1:123456789012:instance/i-0eabb50529b67a1ba" created_at: "2024-01-01T00:00:00+00:00" status: QUEUED id: abc-123 type: aws_resource schema: $ref: "#/components/schemas/AwsOnDemandResponse" description: AWS on demand task created successfully. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Create AWS on demand task tags: ["Agentless Scanning"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write /api/v2/agentless_scanning/ondemand/aws/{task_id}: get: description: Fetch the data of a specific on demand task. operationId: GetAwsOnDemandTask parameters: - $ref: "#/components/parameters/OnDemandTaskId" responses: "200": content: "application/json": examples: default: value: data: attributes: arn: "arn:aws:ec2:us-east-1:123456789012:instance/i-0eabb50529b67a1ba" assigned_at: "2024-01-01T00:00:00+00:00" created_at: "2024-01-01T00:00:00+00:00" status: ASSIGNED id: abc-123 type: aws_resource schema: $ref: "#/components/schemas/AwsOnDemandResponse" description: OK. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: Get AWS on demand task tags: ["Agentless Scanning"] "x-permission": operator: OR permissions: - security_monitoring_findings_read /api/v2/anonymize_users: put: description: |- Anonymize a list of users, removing their personal data. This operation is irreversible. Requires the `user_access_manage` permission. operationId: AnonymizeUsers requestBody: content: application/json: examples: default: value: data: attributes: user_ids: - "00000000-0000-0000-0000-000000000000" type: anonymize_users_request schema: $ref: "#/components/schemas/AnonymizeUsersRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: abc-123 type: anonymize_users_response schema: $ref: "#/components/schemas/AnonymizeUsersResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Anonymize users tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage x-unstable: "**Note**: This endpoint is in Preview and may be subject to changes." /api/v2/api_keys: get: description: List all API keys available for your account. operationId: ListAPIKeys parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/APIKeysSortParameter" - $ref: "#/components/parameters/APIKeyFilterParameter" - $ref: "#/components/parameters/APIKeyFilterCreatedAtStartParameter" - $ref: "#/components/parameters/APIKeyFilterCreatedAtEndParameter" - $ref: "#/components/parameters/APIKeyFilterModifiedAtStartParameter" - $ref: "#/components/parameters/APIKeyFilterModifiedAtEndParameter" - $ref: "#/components/parameters/APIKeyIncludeParameter" - $ref: "#/components/parameters/APIKeyReadConfigReadEnabledParameter" - $ref: "#/components/parameters/APIKeyCategoryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" last4: abcd modified_at: "2024-01-01T00:00:00+00:00" name: API Key for submitting metrics id: 00000000-0000-0000-0000-000000000001 type: api_keys schema: $ref: "#/components/schemas/APIKeysResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all API keys tags: - Key Management "x-permission": operator: OR permissions: - api_keys_read post: description: Create an API key. operationId: CreateAPIKey requestBody: content: application/json: examples: default: value: data: attributes: name: API Key for submitting metrics type: api_keys schema: $ref: "#/components/schemas/APIKeyCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" last4: abcd modified_at: "2024-01-01T00:00:00+00:00" name: API Key for submitting metrics id: 00000000-0000-0000-0000-000000000002 type: api_keys schema: $ref: "#/components/schemas/APIKeyResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an API key tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - api_keys_write /api/v2/api_keys/{api_key_id}: delete: description: Delete an API key. operationId: DeleteAPIKey parameters: - $ref: "#/components/parameters/APIKeyId" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an API key tags: - Key Management "x-permission": operator: OR permissions: - api_keys_delete get: description: Get an API key. operationId: GetAPIKey parameters: - $ref: "#/components/parameters/APIKeyId" - $ref: "#/components/parameters/APIKeyIncludeParameter" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" last4: abcd modified_at: "2024-01-01T00:00:00+00:00" name: API Key for submitting metrics id: 00000000-0000-0000-0000-000000000003 type: api_keys schema: $ref: "#/components/schemas/APIKeyResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get API key tags: - Key Management "x-permission": operator: OR permissions: - api_keys_read patch: description: Update an API key. operationId: UpdateAPIKey parameters: - $ref: "#/components/parameters/APIKeyId" requestBody: content: application/json: examples: default: value: data: attributes: name: API Key for submitting metrics id: 00112233-4455-6677-8899-aabbccddeeff type: api_keys schema: $ref: "#/components/schemas/APIKeyUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" last4: abcd modified_at: "2024-01-01T00:00:00+00:00" name: API Key for submitting metrics id: 00000000-0000-0000-0000-000000000004 type: api_keys schema: $ref: "#/components/schemas/APIKeyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Edit an API key tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - api_keys_write /api/v2/apicatalog/api: get: deprecated: true description: List APIs and their IDs. operationId: ListAPIs parameters: - description: Filter APIs by name in: query name: query required: false schema: example: "payments" type: string - description: Number of items per page. in: query name: page[limit] required: false schema: default: 20 format: int64 minimum: 1 type: integer - description: Offset for pagination. in: query name: page[offset] required: false schema: default: 0 format: int64 minimum: 0 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: name: Payments API id: abc-123 meta: pagination: limit: 20 offset: 0 total_count: 1 schema: $ref: "#/components/schemas/ListAPIsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_read summary: List APIs tags: ["API Management"] "x-permission": operator: OR permissions: - apm_api_catalog_read x-unstable: |- **Note**: This endpoint is deprecated. /api/v2/apicatalog/api/{id}: delete: deprecated: true description: Delete a specific API by ID. operationId: DeleteOpenAPI parameters: - description: ID of the API to delete in: path name: id required: true schema: $ref: "#/components/schemas/ApiID" responses: "204": description: API deleted successfully "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: API not found error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_write summary: Delete an API tags: ["API Management"] "x-permission": operator: OR permissions: - apm_api_catalog_write x-unstable: |- **Note**: This endpoint is deprecated. /api/v2/apicatalog/api/{id}/openapi: get: deprecated: true description: Retrieve information about a specific API in [OpenAPI](https://spec.openapis.org/oas/latest.html) format file. operationId: GetOpenAPI parameters: - description: ID of the API to retrieve in: path name: id required: true schema: $ref: "#/components/schemas/ApiID" responses: "200": content: multipart/form-data: examples: default: value: openapi-spec.yaml schema: format: binary type: string description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: API not found error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_read summary: Get an API tags: ["API Management"] "x-permission": operator: OR permissions: - apm_api_catalog_read x-unstable: |- **Note**: This endpoint is deprecated. put: deprecated: true description: |- Update information about a specific API. The given content will replace all API content of the given ID. The ID is returned by the create API, or can be found in the URL in the API catalog UI. operationId: UpdateOpenAPI parameters: - description: ID of the API to modify in: path name: id required: true schema: $ref: "#/components/schemas/ApiID" requestBody: content: multipart/form-data: examples: default: value: openapi_spec_file: openapi-spec.yaml schema: $ref: "#/components/schemas/OpenAPIFile" required: true responses: "200": content: application/json: examples: default: value: data: attributes: failed_endpoints: [] id: abc-123 schema: $ref: "#/components/schemas/UpdateOpenAPIResponse" description: API updated successfully "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: API not found error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_write summary: Update an API tags: ["API Management"] "x-permission": operator: OR permissions: - apm_api_catalog_write x-unstable: |- **Note**: This endpoint is deprecated. /api/v2/apicatalog/openapi: post: deprecated: true description: |- Create a new API from the [OpenAPI](https://spec.openapis.org/oas/latest.html) specification given. See the [API Catalog documentation](https://docs.datadoghq.com/api_catalog/add_metadata/) for additional information about the possible metadata. It returns the created API ID. operationId: CreateOpenAPI requestBody: content: multipart/form-data: examples: default: value: openapi_spec_file: openapi-spec.yaml schema: $ref: "#/components/schemas/OpenAPIFile" required: true responses: "201": content: application/json: examples: default: value: data: attributes: failed_endpoints: [] id: abc-123 schema: $ref: "#/components/schemas/CreateOpenAPIResponse" description: API created successfully "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_write summary: Create a new API tags: ["API Management"] "x-permission": operator: OR permissions: - apm_api_catalog_write x-unstable: |- **Note**: This endpoint is deprecated. /api/v2/apm/config/metrics: get: description: Get the list of configured span-based metrics with their definitions. operationId: ListSpansMetrics responses: "200": content: application/json: examples: default: value: data: - attributes: compute: aggregation_type: distribution include_percentiles: false path: "@duration" filter: query: "@http.status_code:200 service:my-service" group_by: - path: resource_name tag_name: resource_name id: my.metric type: spans_metrics schema: $ref: "#/components/schemas/SpansMetricsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all span-based metrics tags: - Spans Metrics "x-permission": operator: OR permissions: - apm_read post: description: |- Create a metric based on your ingested spans in your organization. Returns the span-based metric object from the request body when the request is successful. operationId: CreateSpansMetric requestBody: content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: false path: "@duration" filter: query: "@http.status_code:200 service:my-service" group_by: - path: resource_name tag_name: resource_name id: my.metric type: spans_metrics schema: $ref: "#/components/schemas/SpansMetricCreateRequest" description: The definition of the new span-based metric. required: true responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: false path: "@duration" filter: query: "@http.status_code:200 service:my-service" group_by: - path: resource_name tag_name: resource_name id: my.metric type: spans_metrics schema: $ref: "#/components/schemas/SpansMetricResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a span-based metric tags: - Spans Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - apm_generate_metrics /api/v2/apm/config/metrics/{metric_id}: delete: description: Delete a specific span-based metric from your organization. operationId: DeleteSpansMetric parameters: - $ref: "#/components/parameters/SpansMetricIDParameter" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a span-based metric tags: - Spans Metrics "x-permission": operator: OR permissions: - apm_generate_metrics get: description: Get a specific span-based metric from your organization. operationId: GetSpansMetric parameters: - $ref: "#/components/parameters/SpansMetricIDParameter" responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: false path: "@duration" filter: query: "@http.status_code:200 service:my-service" group_by: - path: resource_name tag_name: resource_name id: my.metric type: spans_metrics schema: $ref: "#/components/schemas/SpansMetricResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a span-based metric tags: - Spans Metrics "x-permission": operator: OR permissions: - apm_read patch: description: |- Update a specific span-based metric from your organization. Returns the span-based metric object from the request body when the request is successful. operationId: UpdateSpansMetric parameters: - $ref: "#/components/parameters/SpansMetricIDParameter" requestBody: content: application/json: examples: default: value: data: attributes: compute: include_percentiles: false filter: query: "@http.status_code:200 service:my-service" group_by: - path: resource_name tag_name: resource_name type: spans_metrics schema: $ref: "#/components/schemas/SpansMetricUpdateRequest" description: New definition of the span-based metric. required: true responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: false path: "@duration" filter: query: "@http.status_code:200 service:my-service" group_by: - path: resource_name tag_name: resource_name id: my.metric type: spans_metrics schema: $ref: "#/components/schemas/SpansMetricResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a span-based metric tags: - Spans Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - apm_generate_metrics /api/v2/apm/config/retention-filters: get: description: Get the list of APM retention filters. operationId: ListApmRetentionFilters responses: "200": content: application/json: examples: default: value: data: - attributes: enabled: true filter: query: "@http.status_code:200 service:my-service" filter_type: spans-sampling-processor name: my retention filter rate: 1.0 id: abc-123 type: apm_retention_filter schema: $ref: "#/components/schemas/RetentionFiltersResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List all APM retention filters tags: - APM Retention Filters "x-permission": operator: OR permissions: - apm_retention_filter_read post: description: |- Create a retention filter to index spans in your organization. Returns the retention filter definition when the request is successful. Default filters with types spans-errors-sampling-processor and spans-appsec-sampling-processor cannot be created. operationId: CreateApmRetentionFilter requestBody: content: application/json: examples: default: value: data: attributes: enabled: true filter: query: "@http.status_code:200 service:my-service" filter_type: spans-sampling-processor name: my retention filter rate: 1.0 trace_rate: 1.0 type: apm_retention_filter schema: $ref: "#/components/schemas/RetentionFilterCreateRequest" description: The definition of the new retention filter. required: true responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true filter: query: "@http.status_code:200 service:my-service" filter_type: spans-sampling-processor name: my retention filter rate: 1.0 id: abc-123 type: apm_retention_filter schema: $ref: "#/components/schemas/RetentionFilterCreateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a retention filter tags: - APM Retention Filters x-codegen-request-body-name: body "x-permission": operator: OR permissions: - apm_retention_filter_write /api/v2/apm/config/retention-filters-execution-order: put: description: Re-order the execution order of retention filters. operationId: ReorderApmRetentionFilters requestBody: content: application/json: examples: default: value: data: - id: 7RBOb7dLSYWI01yc3pIH8w type: apm_retention_filter schema: $ref: "#/components/schemas/ReorderRetentionFiltersRequest" description: The list of retention filters in the new order. required: true responses: "200": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Re-order retention filters tags: - APM Retention Filters x-codegen-request-body-name: body "x-permission": operator: OR permissions: - apm_retention_filter_write /api/v2/apm/config/retention-filters/{filter_id}: delete: description: |- Delete a specific retention filter from your organization. Default filters with types spans-errors-sampling-processor and spans-appsec-sampling-processor cannot be deleted. operationId: DeleteApmRetentionFilter parameters: - $ref: "#/components/parameters/RetentionFilterIdParam" responses: "200": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a retention filter tags: - APM Retention Filters "x-permission": operator: OR permissions: - apm_retention_filter_write get: description: Get an APM retention filter. operationId: GetApmRetentionFilter parameters: - $ref: "#/components/parameters/RetentionFilterIdParam" responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true filter: query: "@http.status_code:200 service:my-service" filter_type: spans-sampling-processor name: my retention filter rate: 1.0 id: abc-123 type: apm_retention_filter schema: $ref: "#/components/schemas/RetentionFilterResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a given APM retention filter tags: - APM Retention Filters "x-permission": operator: OR permissions: - apm_retention_filter_read put: description: |- Update a retention filter from your organization. Default filters (filters with types spans-errors-sampling-processor and spans-appsec-sampling-processor) cannot be renamed or removed. operationId: UpdateApmRetentionFilter parameters: - $ref: "#/components/parameters/RetentionFilterIdParam" requestBody: content: application/json: examples: default: value: data: attributes: enabled: true filter: query: "@http.status_code:200 service:my-service" filter_type: spans-sampling-processor name: my retention filter rate: 1.0 trace_rate: 1.0 id: retention-filter-id type: apm_retention_filter schema: $ref: "#/components/schemas/RetentionFilterUpdateRequest" description: The updated definition of the retention filter. required: true responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true filter: query: "@http.status_code:200 service:my-service" filter_type: spans-sampling-processor name: my retention filter rate: 1.0 id: abc-123 type: apm_retention_filter schema: $ref: "#/components/schemas/RetentionFilterResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a retention filter tags: - APM Retention Filters x-codegen-request-body-name: body "x-permission": operator: OR permissions: - apm_retention_filter_write /api/v2/apm/services: get: operationId: GetServiceList parameters: - description: Filter services by environment. Can be set to `*` to return all services across all environments. in: query name: filter[env] required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: metadata: - isTraced: true isUsm: false services: - test-service id: abc-123 type: services_list schema: $ref: "#/components/schemas/ServiceList" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_read summary: Get service list tags: - APM /api/v2/app-builder/apps: delete: description: Delete multiple apps in a single request from a list of app IDs. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: DeleteApps requestBody: content: application/json: examples: default: value: data: - id: aea2ed17-b45f-40d0-ba59-c86b7972c901 type: appDefinitions - id: f69bb8be-6168-4fe7-a30d-370256b6504a type: appDefinitions - id: ab1ed73e-13ad-4426-b0df-a0ff8876a088 type: appDefinitions schema: $ref: "#/components/schemas/DeleteAppsRequest" required: true responses: "200": content: application/json: examples: default: value: data: - id: 00000000-0000-0000-0000-000000000001 type: appDefinitions schema: $ref: "#/components/schemas/DeleteAppsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Multiple Apps tags: - App Builder "x-permission": operator: OR permissions: - apps_write get: description: List all apps, with optional filters and sorting. This endpoint is paginated. Only basic app information such as the app ID, name, and description is returned by this endpoint. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: ListApps parameters: - description: The number of apps to return per page. in: query name: limit required: false schema: format: int64 type: integer - description: The page number to return. in: query name: page required: false schema: format: int64 type: integer - description: Filter apps by the app creator. Usually the user's email. in: query name: filter[user_name] required: false schema: type: string - description: Filter apps by the app creator's UUID. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: query name: filter[user_uuid] required: false schema: format: uuid type: string - description: Filter by app name. in: query name: filter[name] required: false schema: type: string - description: Filter apps by the app name or the app creator. in: query name: filter[query] required: false schema: type: string - description: Filter apps by whether they are published. in: query name: filter[deployed] required: false schema: type: boolean - description: Filter apps by tags. in: query name: filter[tags] required: false schema: type: string - description: Filter apps by whether you have added them to your favorites. in: query name: filter[favorite] required: false schema: type: boolean - description: Filter apps by whether they are enabled for self-service. in: query name: filter[self_service] required: false schema: type: boolean - description: The fields and direction to sort apps by. explode: false in: query name: sort required: false schema: items: $ref: "#/components/schemas/AppsSortField" type: array style: form responses: "200": content: application/json: examples: default: value: data: - attributes: description: A sample app favorite: false name: My App selfService: false tags: - "team:webshop" id: 00000000-0000-0000-0000-000000000001 type: appDefinitions meta: page: totalCount: 1 totalFilteredCount: 1 schema: $ref: "#/components/schemas/ListAppsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Apps tags: - App Builder "x-permission": operator: OR permissions: - apps_run post: description: Create a new app, returning the app ID. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: CreateApp requestBody: content: application/json: examples: default: value: data: attributes: components: [] description: This is a simple example app name: Example App queries: [] rootInstanceName: grid0 type: appDefinitions schema: $ref: "#/components/schemas/CreateAppRequest" required: true responses: "201": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 type: appDefinitions schema: $ref: "#/components/schemas/CreateAppResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create App tags: - App Builder "x-permission": operator: AND permissions: - apps_write - connections_resolve - workflows_run "/api/v2/app-builder/apps/{app_id}": delete: description: Delete a single app. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: DeleteApp parameters: - description: The ID of the app to delete. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000002 type: appDefinitions schema: $ref: "#/components/schemas/DeleteAppResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "410": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Gone "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete App tags: - App Builder "x-permission": operator: OR permissions: - apps_write get: description: Get the full definition of an app. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: GetApp parameters: - description: The ID of the app to retrieve. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string - description: The version number of the app to retrieve. If not specified, the latest version is returned. Version numbers start at 1 and increment with each update. The special values `latest` and `deployed` can be used to retrieve the latest version or the published version, respectively. in: query name: version required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: components: [] description: A sample app name: Example App queries: [] rootInstanceName: grid0 id: 00000000-0000-0000-0000-000000000001 type: appDefinitions schema: $ref: "#/components/schemas/GetAppResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "410": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Gone "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get App tags: - App Builder "x-permission": operator: AND permissions: - apps_run - connections_read patch: description: Update an existing app. This creates a new version of the app. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: UpdateApp parameters: - description: The ID of the app to update. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string requestBody: content: application/json: examples: default: value: data: attributes: components: [] description: This is a simple example app name: Example App queries: [] rootInstanceName: grid0 id: 9e20cbaf-68da-45a6-9ccf-54193ac29fa5 type: appDefinitions schema: $ref: "#/components/schemas/UpdateAppRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: components: [] description: This is a simple example app name: Example App queries: [] rootInstanceName: grid0 id: 00000000-0000-0000-0000-000000000001 type: appDefinitions schema: $ref: "#/components/schemas/UpdateAppResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update App tags: - App Builder "x-permission": operator: AND permissions: - apps_write - connections_resolve - workflows_run "/api/v2/app-builder/apps/{app_id}/deployment": delete: description: Unpublish an app, removing the live version of the app. Unpublishing creates a new instance of a `deployment` object on the app, with a nil `app_version_id` (`00000000-0000-0000-0000-000000000000`). The app can still be updated and published again in the future. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: UnpublishApp parameters: - description: The ID of the app to unpublish. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: attributes: app_version_id: 00000000-0000-0000-0000-000000000000 id: 00000000-0000-0000-0000-000000000001 type: deployment schema: $ref: "#/components/schemas/UnpublishAppResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Unpublish App tags: - App Builder "x-permission": operator: OR permissions: - apps_write post: description: Publish an app for use by other users. To ensure the app is accessible to the correct users, you also need to set a [Restriction Policy](https://docs.datadoghq.com/api/latest/restriction-policies/) on the app if a policy does not yet exist. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: PublishApp parameters: - description: The ID of the app to publish. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string responses: "201": content: application/json: examples: default: value: data: attributes: app_version_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000001 type: deployment schema: $ref: "#/components/schemas/PublishAppResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Publish App tags: - App Builder "x-permission": operator: OR permissions: - apps_write /api/v2/application_keys: get: description: List all application keys available for your org operationId: ListApplicationKeys parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/ApplicationKeysSortParameter" - $ref: "#/components/parameters/ApplicationKeyFilterParameter" - $ref: "#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter" - $ref: "#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter" - $ref: "#/components/parameters/ApplicationKeyIncludeParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2020-11-23T10:00:00.000Z" last4: abcd name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000001 type: application_keys schema: $ref: "#/components/schemas/ListApplicationKeysResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all application keys tags: - Key Management "x-permission": operator: OR permissions: - org_app_keys_read /api/v2/application_keys/{app_key_id}: delete: description: Delete an application key operationId: DeleteApplicationKey parameters: - $ref: "#/components/parameters/ApplicationKeyID" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an application key tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - org_app_keys_write get: description: Get an application key for your org. operationId: GetApplicationKey parameters: - $ref: "#/components/parameters/ApplicationKeyID" - $ref: "#/components/parameters/ApplicationKeyIncludeParameter" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2020-11-23T10:00:00.000Z" last4: abcd name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000002 type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an application key tags: - Key Management "x-permission": operator: OR permissions: - org_app_keys_read patch: description: Edit an application key operationId: UpdateApplicationKey parameters: - $ref: "#/components/parameters/ApplicationKeyID" requestBody: content: application/json: examples: default: value: data: attributes: name: Application Key for managing dashboards scopes: - dashboards_read - dashboards_write - dashboards_public_share id: 00112233-4455-6677-8899-aabbccddeeff type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2020-11-23T10:00:00.000Z" last4: abcd name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000003 type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Edit an application key tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - org_app_keys_write /api/v2/audit/events: get: description: |- List endpoint returns events that match a Audit Logs search query. [Results are paginated][1]. Use this endpoint to see your latest Audit Logs events. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination operationId: ListAuditLogs parameters: - description: Search query following Audit Logs syntax. example: "@type:session @application_id:xxxx" in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: "2019-01-02T09:42:36.320Z" in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: "2019-01-03T09:42:36.320Z" in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: "#/components/schemas/AuditLogsSort" - description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: message: "User logged in" service: web-app tags: - "team:A" timestamp: "2024-01-01T00:00:00+00:00" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: audit meta: elapsed: 132 request_id: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR status: done schema: $ref: "#/components/schemas/AuditLogsEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a list of Audit Logs events tags: ["Audit"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - audit_logs_read /api/v2/audit/events/search: post: description: |- List endpoint returns Audit Logs events that match an Audit search query. [Results are paginated][1]. Use this endpoint to build complex Audit Logs events filtering and search. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination operationId: SearchAuditLogs requestBody: content: "application/json": examples: default: value: filter: from: now-15m query: "@type:session AND @session.type:user" to: now options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp schema: $ref: "#/components/schemas/AuditLogsSearchEventsRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: message: "User logged in" service: web-app tags: - team:A timestamp: "2019-01-02T09:42:36.320Z" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: audit links: next: "https://app.datadoghq.com/api/v2/audit/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" meta: elapsed: 132 request_id: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR status: done schema: $ref: "#/components/schemas/AuditLogsEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Search Audit Logs events tags: ["Audit"] x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data "x-permission": operator: OR permissions: - audit_logs_read /api/v2/authn_mappings: get: description: List all AuthN Mappings in the org. operationId: ListAuthNMappings parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: Sort AuthN Mappings depending on the given field. in: query name: sort required: false schema: $ref: "#/components/schemas/AuthNMappingsSort" - description: Filter all mappings by the given string. in: query name: filter required: false schema: type: string - description: Filter by mapping resource type. Defaults to "role" if not specified. in: query name: resource_type schema: $ref: "#/components/schemas/AuthNMappingResourceType" responses: "200": content: application/json: examples: default: value: data: - attributes: attribute_key: member-of attribute_value: Development id: 00000000-0000-0000-0000-000000000003 type: authn_mappings schema: $ref: "#/components/schemas/AuthNMappingsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List all AuthN Mappings tags: - AuthN Mappings "x-permission": operator: OR permissions: - user_access_read post: description: Create an AuthN Mapping. operationId: CreateAuthNMapping requestBody: content: application/json: examples: default: value: data: attributes: attribute_key: member-of attribute_value: Development type: authn_mappings schema: $ref: "#/components/schemas/AuthNMappingCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: attribute_key: member-of attribute_value: Development id: 00000000-0000-0000-0000-000000000004 type: authn_mappings schema: $ref: "#/components/schemas/AuthNMappingResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an AuthN Mapping tags: - AuthN Mappings x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage /api/v2/authn_mappings/{authn_mapping_id}: delete: description: Delete an AuthN Mapping specified by AuthN Mapping UUID. operationId: DeleteAuthNMapping parameters: - $ref: "#/components/parameters/AuthNMappingID" responses: "204": description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an AuthN Mapping tags: - AuthN Mappings "x-permission": operator: OR permissions: - user_access_manage get: description: Get an AuthN Mapping specified by the AuthN Mapping UUID. operationId: GetAuthNMapping parameters: - $ref: "#/components/parameters/AuthNMappingID" responses: "200": content: application/json: examples: default: value: data: attributes: attribute_key: member-of attribute_value: Development id: 00000000-0000-0000-0000-000000000001 type: authn_mappings schema: $ref: "#/components/schemas/AuthNMappingResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an AuthN Mapping by UUID tags: - AuthN Mappings "x-permission": operator: OR permissions: - user_access_read patch: description: Edit an AuthN Mapping. operationId: UpdateAuthNMapping parameters: - $ref: "#/components/parameters/AuthNMappingID" requestBody: content: application/json: examples: default: value: data: attributes: attribute_key: member-of attribute_value: Development id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: authn_mappings schema: $ref: "#/components/schemas/AuthNMappingUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: attribute_key: member-of attribute_value: Development id: 00000000-0000-0000-0000-000000000002 type: authn_mappings schema: $ref: "#/components/schemas/AuthNMappingResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Edit an AuthN Mapping tags: - AuthN Mappings x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage /api/v2/bits-ai/investigations: get: description: List all Bits AI investigations for the organization. operationId: ListInvestigations parameters: - description: Offset for pagination. example: 0 in: query name: page[offset] required: false schema: format: int64 type: integer - description: Maximum number of investigations to return. example: 25 in: query name: page[limit] required: false schema: default: 25 format: int64 maximum: 100 type: integer - description: Filter investigations by monitor ID. example: 12345678 in: query name: filter[monitor_id] required: false schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: status: "conclusive" title: "Monitor alert investigation for web-server-01" id: "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" type: investigation links: first: "https://api.datadoghq.com/api/v2/bits-ai/investigations?page[offset]=0&page[limit]=10" next: "https://api.datadoghq.com/api/v2/bits-ai/investigations?page[offset]=10&page[limit]=10" self: "https://api.datadoghq.com/api/v2/bits-ai/investigations?page[offset]=0&page[limit]=10" meta: page: limit: 10 offset: 0 total: 50 schema: $ref: "#/components/schemas/ListInvestigationsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - bits_investigations_read summary: List Bits AI investigations tags: - Bits AI x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data "x-permission": operator: OR permissions: - bits_investigations_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Trigger a new Bits AI investigation based on a monitor alert. operationId: TriggerInvestigation requestBody: content: application/json: examples: default: value: data: attributes: trigger: monitor_alert_trigger: event_id: "1234567890123456789" event_ts: 1700000000000 monitor_id: 12345678 type: monitor_alert_trigger type: trigger_investigation_request schema: $ref: "#/components/schemas/TriggerInvestigationRequest" description: Trigger investigation request body. required: true responses: "200": content: application/json: examples: default: value: data: attributes: investigation_id: "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" id: "f5e6a7b8-c9d0-1e2f-3a4b-5c6d7e8f9a0b" type: trigger_investigation_response schema: $ref: "#/components/schemas/TriggerInvestigationResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - bits_investigations_write summary: Trigger a Bits AI investigation tags: - Bits AI x-codegen-request-body-name: body "x-permission": operator: OR permissions: - bits_investigations_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/bits-ai/investigations/{id}: get: description: Get a specific Bits AI investigation by ID. operationId: GetInvestigation parameters: - description: The ID of the investigation. example: "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" in: path name: id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: conclusions: - description: "The investigation found that a memory leak in payments-service caused CPU usage to spike above 95% starting at 14:32 UTC." summary: "CPU usage exceeded 95% for over 10 minutes on web-server-01." title: "High CPU usage detected on web-server-01" status: "conclusive" title: "Monitor alert investigation for web-server-01" id: "a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" type: investigation links: self: "https://app.datadoghq.com/bits-ai/investigations/a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d" schema: $ref: "#/components/schemas/GetInvestigationResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - bits_investigations_read summary: Get a Bits AI investigation tags: - Bits AI "x-permission": operator: OR permissions: - bits_investigations_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cases: get: description: >- Search cases. operationId: SearchCases parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/CaseSortableFieldParameter" - description: Search query in: query name: filter required: false schema: example: "status:open (team:case-management OR team:event-management)" type: string - description: Specify if order is ascending or not in: query name: sort[asc] required: false schema: default: false type: boolean responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case meta: page: current: 1 size: 10 total: 1 schema: $ref: "#/components/schemas/CasesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Search cases tags: - Case Management x-pagination: limitParam: page[size] pageParam: page[number] pageStart: 1 resultsPath: data post: description: Create a Case operationId: CreateCase requestBody: content: application/json: examples: default: value: data: attributes: priority: NOT_DEFINED status_name: Open title: Security breach investigation type_id: 3b010bde-09ce-4449-b745-71dd5f861963 relationships: assignee: data: id: 00000000-0000-0000-0000-000000000000 type: user project: data: id: e555e290-ed65-49bd-ae18-8acbfcf18db7 type: project type: case schema: $ref: "#/components/schemas/CaseCreateRequest" description: Case payload required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create a case tags: - Case Management /api/v2/cases/projects: get: description: >- Get all projects. operationId: GetProjects responses: "200": content: application/json: examples: default: value: data: - attributes: key: SEC name: Security Investigation id: 00000000-0000-0000-0000-000000000002 type: project schema: $ref: "#/components/schemas/ProjectsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get all projects tags: - Case Management post: description: Create a project. operationId: CreateProject requestBody: content: application/json: examples: default: value: data: attributes: key: SEC name: Security Investigation type: project schema: $ref: "#/components/schemas/ProjectCreateRequest" description: Project payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: key: SEC name: Security Investigation id: 00000000-0000-0000-0000-000000000001 type: project schema: $ref: "#/components/schemas/ProjectResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create a project tags: - Case Management /api/v2/cases/projects/{project_id}: delete: description: Remove a project using the project's `id`. operationId: DeleteProject parameters: - $ref: "#/components/parameters/ProjectIDPathParameter" responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Remove a project tags: - Case Management get: description: >- Get the details of a project by `project_id`. operationId: GetProject parameters: - $ref: "#/components/parameters/ProjectIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: key: SEC name: Security Investigation id: 00000000-0000-0000-0000-000000000003 type: project schema: $ref: "#/components/schemas/ProjectResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get the details of a project tags: - Case Management patch: description: >- Update a project. operationId: UpdateProject parameters: - $ref: "#/components/parameters/ProjectIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: project schema: $ref: "#/components/schemas/ProjectUpdateRequest" description: Project payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: key: SEC name: Security Investigation id: 00000000-0000-0000-0000-000000000004 type: project schema: $ref: "#/components/schemas/ProjectResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update a project tags: - Case Management /api/v2/cases/projects/{project_id}/notification_rules: get: description: >- Get all notification rules for a project. operationId: GetProjectNotificationRules parameters: - description: Project UUID example: "e555e290-ed65-49bd-ae18-8acbfcf18db7" in: path name: project_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: is_enabled: true query: "" recipients: - data: email: test@example.com type: EMAIL triggers: - data: {} type: CASE_CREATED id: 00000000-0000-0000-0000-000000000001 type: notification_rule schema: $ref: "#/components/schemas/CaseNotificationRulesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get notification rules tags: - Case Management post: description: Create a notification rule for a project. operationId: CreateProjectNotificationRule parameters: - description: Project UUID example: "e555e290-ed65-49bd-ae18-8acbfcf18db7" in: path name: project_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: recipients: - type: EMAIL triggers: - type: CASE_CREATED type: notification_rule schema: $ref: "#/components/schemas/CaseNotificationRuleCreateRequest" description: Notification rule payload required: true responses: "201": content: application/json: examples: default: value: data: attributes: is_enabled: true query: "" recipients: - data: email: test@example.com type: EMAIL triggers: - data: {} type: CASE_CREATED id: 00000000-0000-0000-0000-000000000002 type: notification_rule schema: $ref: "#/components/schemas/CaseNotificationRuleResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create a notification rule tags: - Case Management /api/v2/cases/projects/{project_id}/notification_rules/{notification_rule_id}: delete: description: Delete a notification rule using the notification rule's `id`. operationId: DeleteProjectNotificationRule parameters: - description: Project UUID example: "e555e290-ed65-49bd-ae18-8acbfcf18db7" in: path name: project_id required: true schema: type: string - $ref: "#/components/parameters/NotificationRuleIDPathParameter" responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Delete a notification rule tags: - Case Management put: description: >- Update a notification rule. operationId: UpdateProjectNotificationRule parameters: - description: Project UUID example: "e555e290-ed65-49bd-ae18-8acbfcf18db7" in: path name: project_id required: true schema: type: string - $ref: "#/components/parameters/NotificationRuleIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: recipients: - type: EMAIL triggers: - type: CASE_CREATED type: notification_rule schema: $ref: "#/components/schemas/CaseNotificationRuleUpdateRequest" description: Notification rule payload required: true responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update a notification rule tags: - Case Management /api/v2/cases/types: get: description: Get all case types operationId: GetAllCaseTypes responses: "200": content: application/json: examples: default: value: data: - attributes: description: Investigations done in case management emoji: "🕵🏻‍♂️" name: Investigation id: 00000000-0000-0000-0000-000000000001 type: case_type schema: $ref: "#/components/schemas/CaseTypesResponse" description: OK "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all case types tags: - Case Management Type post: description: Create a Case Type operationId: CreateCaseType requestBody: content: application/json: examples: default: value: data: attributes: description: Investigations done in case management emoji: 🕵🏻‍♂️ name: Investigation type: case_type schema: $ref: "#/components/schemas/CaseTypeCreateRequest" description: Case type payload required: true responses: "201": content: application/json: examples: default: value: data: attributes: description: Investigations done in case management emoji: "🕵🏻‍♂️" name: Investigation id: 00000000-0000-0000-0000-000000000001 type: case_type schema: $ref: "#/components/schemas/CaseTypeResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a case type tags: - Case Management Type /api/v2/cases/types/custom_attributes: get: description: Get all custom attributes operationId: GetAllCustomAttributes responses: "200": content: application/json: examples: default: value: data: - attributes: case_type_id: 00000000-0000-0000-0000-000000000002 description: "AWS Region, must be a valid region supported by AWS" display_name: AWS Region is_multi: true key: aws_region type: TEXT id: 00000000-0000-0000-0000-000000000001 type: custom_attribute schema: $ref: "#/components/schemas/CustomAttributeConfigsResponse" description: OK "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all custom attributes tags: - Case Management Attribute /api/v2/cases/types/{case_type_id}: delete: description: Delete a case type operationId: DeleteCaseType parameters: - $ref: "#/components/parameters/CaseTypeIDPathParameter" responses: "204": description: No Content "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a case type tags: - Case Management Type /api/v2/cases/types/{case_type_id}/custom_attributes: get: description: Get all custom attribute config of case type operationId: GetAllCustomAttributeConfigsByCaseType parameters: - $ref: "#/components/parameters/CaseTypeIDPathParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: case_type_id: 00000000-0000-0000-0000-000000000004 description: "AWS Region, must be a valid region supported by AWS" display_name: AWS Region is_multi: true key: aws_region type: TEXT id: 00000000-0000-0000-0000-000000000003 type: custom_attribute schema: $ref: "#/components/schemas/CustomAttributeConfigsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all custom attributes config of case type tags: - Case Management Attribute post: description: Create custom attribute config for a case type operationId: CreateCustomAttributeConfig parameters: - $ref: "#/components/parameters/CaseTypeIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: description: AWS Region, must be a valid region supported by AWS display_name: AWS Region is_multi: true key: aws_region type: NUMBER type: custom_attribute schema: $ref: "#/components/schemas/CustomAttributeConfigCreateRequest" description: Custom attribute config payload required: true responses: "201": content: application/json: examples: default: value: data: attributes: case_type_id: 00000000-0000-0000-0000-000000000006 description: "AWS Region, must be a valid region supported by AWS" display_name: AWS Region is_multi: true key: aws_region type: TEXT id: 00000000-0000-0000-0000-000000000005 type: custom_attribute schema: $ref: "#/components/schemas/CustomAttributeConfigResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create custom attribute config for a case type tags: - Case Management Attribute /api/v2/cases/types/{case_type_id}/custom_attributes/{custom_attribute_id}: delete: description: Delete custom attribute config operationId: DeleteCustomAttributeConfig parameters: - $ref: "#/components/parameters/CaseTypeIDPathParameter" - $ref: "#/components/parameters/CaseCustomAttributeIDPathParameter" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete custom attributes config tags: - Case Management Attribute /api/v2/cases/{case_id}: get: description: >- Get the details of case by `case_id` operationId: GetCase parameters: - $ref: "#/components/parameters/CaseIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get the details of a case tags: - Case Management /api/v2/cases/{case_id}/archive: post: description: Archive case operationId: ArchiveCase parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: case schema: $ref: "#/components/schemas/CaseEmptyRequest" description: Archive case payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Archive case tags: - Case Management /api/v2/cases/{case_id}/assign: post: description: Assign case to a user operationId: AssignCase parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: assignee_id: f98a5a5b-e0ff-45d4-b2f5-afe6e74de504 type: case schema: $ref: "#/components/schemas/CaseAssignRequest" description: Assign case payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Assign case tags: - Case Management /api/v2/cases/{case_id}/attributes: post: description: Update case attributes operationId: UpdateAttributes parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: attributes: env: - prod service: - web-store - web-api team: - engineering type: case schema: $ref: "#/components/schemas/CaseUpdateAttributesRequest" description: Case attributes update payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case attributes tags: - Case Management /api/v2/cases/{case_id}/comment: post: description: Comment case operationId: CommentCase parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: comment: This is my comment ! type: case schema: $ref: "#/components/schemas/CaseCommentRequest" description: Case comment payload required: true responses: "200": content: application/json: examples: default: value: data: - attributes: cell_content: message: This is my comment ! created_at: "2024-01-01T00:00:00+00:00" type: COMMENT id: 00000000-0000-0000-0000-000000000001 type: timeline_cell schema: $ref: "#/components/schemas/TimelineResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Comment case tags: - Case Management /api/v2/cases/{case_id}/comment/{cell_id}: delete: description: Delete case comment operationId: DeleteCaseComment parameters: - $ref: "#/components/parameters/CaseIDPathParameter" - $ref: "#/components/parameters/CellIDPathParameter" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete case comment tags: - Case Management /api/v2/cases/{case_id}/custom_attributes/{custom_attribute_key}: delete: description: Delete custom attribute from case operationId: DeleteCaseCustomAttribute parameters: - $ref: "#/components/parameters/CaseIDPathParameter" - $ref: "#/components/parameters/CaseCustomAttributeKeyPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Delete custom attribute from case tags: - Case Management post: description: Update case custom attribute operationId: UpdateCaseCustomAttribute parameters: - $ref: "#/components/parameters/CaseIDPathParameter" - $ref: "#/components/parameters/CaseCustomAttributeKeyPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: is_multi: false type: NUMBER value: 42 type: case schema: $ref: "#/components/schemas/CaseUpdateCustomAttributeRequest" description: Update case custom attribute payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case custom attribute tags: - Case Management /api/v2/cases/{case_id}/description: post: description: Update case description operationId: UpdateCaseDescription parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: description: Seeing some weird memory increase... We shouldn't ignore this type: case schema: $ref: "#/components/schemas/CaseUpdateDescriptionRequest" description: Case description update payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case description tags: - Case Management /api/v2/cases/{case_id}/priority: post: description: Update case priority operationId: UpdatePriority parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: priority: NOT_DEFINED type: case schema: $ref: "#/components/schemas/CaseUpdatePriorityRequest" description: Case priority update payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case priority tags: - Case Management /api/v2/cases/{case_id}/relationships/incidents: post: description: Link an incident to a case operationId: LinkIncident parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000000 type: incidents schema: $ref: "#/components/schemas/RelationshipToIncidentRequest" description: Incident link request required: true responses: "201": content: application/json: examples: default: value: data: attributes: key: CASEM-4523 priority: NOT_DEFINED status: OPEN title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000002 type: case schema: $ref: "#/components/schemas/CaseResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Link incident to case tags: - Case Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cases/{case_id}/relationships/jira_issues: delete: description: Remove the link between a Jira issue and a case operationId: UnlinkJiraIssue parameters: - $ref: "#/components/parameters/CaseIDPathParameter" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Remove Jira issue link from case tags: - Case Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Link an existing Jira issue to a case operationId: LinkJiraIssueToCase parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: jira_issue_url: https://jira.example.com/browse/PROJ-123 type: issues schema: $ref: "#/components/schemas/JiraIssueLinkRequest" description: Jira issue link request required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Link existing Jira issue to case tags: - Case Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new Jira issue and link it to a case operationId: CreateCaseJiraIssue parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: fields: {} issue_type_id: "10001" jira_account_id: "1234" project_id: "5678" type: issues schema: $ref: "#/components/schemas/JiraIssueCreateRequest" description: Jira issue creation request required: true responses: "202": description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create Jira issue for case tags: - Case Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cases/{case_id}/relationships/notebook: post: description: Create a new investigation notebook and link it to a case operationId: CreateCaseNotebook parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: notebook schema: $ref: "#/components/schemas/NotebookCreateRequest" description: Notebook creation request required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create investigation notebook for case tags: - Case Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cases/{case_id}/relationships/project: patch: description: Update the project associated with a case operationId: MoveCaseToProject parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: id: e555e290-ed65-49bd-ae18-8acbfcf18db7 type: project schema: $ref: "#/components/schemas/ProjectRelationship" description: Project update request required: true responses: "200": content: application/json: examples: default: value: data: attributes: key: CASEM-4523 priority: NOT_DEFINED status: OPEN title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case project tags: - Case Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cases/{case_id}/relationships/servicenow_tickets: post: description: Create a new ServiceNow incident ticket and link it to a case operationId: CreateCaseServiceNowTicket parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: assignment_group: IT Support instance_name: my-instance type: tickets schema: $ref: "#/components/schemas/ServiceNowTicketCreateRequest" description: ServiceNow ticket creation request required: true responses: "202": description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create ServiceNow ticket for case tags: - Case Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cases/{case_id}/status: post: description: Update case status operationId: UpdateStatus parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: status: OPEN status_name: Open type: case schema: $ref: "#/components/schemas/CaseUpdateStatusRequest" description: Case status update payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case status tags: - Case Management /api/v2/cases/{case_id}/title: post: description: Update case title operationId: UpdateCaseTitle parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: title: Memory leak investigation on API type: case schema: $ref: "#/components/schemas/CaseUpdateTitleRequest" description: Case title update payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case title tags: - Case Management /api/v2/cases/{case_id}/unarchive: post: description: Unarchive case operationId: UnarchiveCase parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: case schema: $ref: "#/components/schemas/CaseEmptyRequest" description: Unarchive case payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Unarchive case tags: - Case Management /api/v2/cases/{case_id}/unassign: post: description: Unassign case operationId: UnassignCase parameters: - $ref: "#/components/parameters/CaseIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: case schema: $ref: "#/components/schemas/CaseEmptyRequest" description: Unassign case payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" key: CASEM-1234 priority: NOT_DEFINED status: OPEN status_name: Open title: Memory leak investigation on API id: 00000000-0000-0000-0000-000000000001 relationships: project: data: id: 00000000-0000-0000-0000-000000000002 type: project type: case schema: $ref: "#/components/schemas/CaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Unassign case tags: - Case Management /api/v2/catalog/entity: get: description: Get a list of entities from Software Catalog. operationId: ListCatalogEntity parameters: - $ref: "#/components/parameters/PageOffset" - description: Maximum number of entities in the response. example: 100 in: query name: page[limit] required: false schema: default: 100 format: int64 type: integer - $ref: "#/components/parameters/FilterByID" - $ref: "#/components/parameters/FilterByRef" - $ref: "#/components/parameters/FilterByName" - $ref: "#/components/parameters/FilterByKind" - $ref: "#/components/parameters/FilterByOwner" - $ref: "#/components/parameters/FilterByRelationType" - $ref: "#/components/parameters/FilterByExcludeSnapshot" - $ref: "#/components/parameters/Include" - description: If true, includes discovered services from APM and USM that do not have entity definitions. in: query name: includeDiscovered required: false schema: default: false type: boolean responses: "200": content: application/json: examples: default: value: data: - attributes: apiVersion: v3 kind: service name: myService namespace: default id: 4b163705-23c0-4573-b2fb-f6cea2163fcb type: entity meta: count: 1 includeCount: 0 schema: $ref: "#/components/schemas/ListEntityCatalogResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a list of entities tags: - Software Catalog x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data post: description: Create or update entities in Software Catalog. operationId: UpsertCatalogEntity requestBody: content: application/json: examples: default: value: apiVersion: v3 integrations: opsgenie: serviceURL: https://www.opsgenie.com/service/shopping-cart pagerduty: serviceURL: https://www.pagerduty.com/service-directory/Pshopping-cart kind: service metadata: additionalOwners: - name: "" contacts: - contact: https://slack/ type: slack id: 4b163705-23c0-4573-b2fb-f6cea2163fcb inheritFrom: application:default/myapp links: - name: mylink type: link url: https://mylink name: myService namespace: default tags: - this:tag - that:tag schema: $ref: "#/components/schemas/UpsertCatalogEntityRequest" description: Entity YAML or JSON. required: true responses: "202": content: application/json: examples: default: value: data: - attributes: apiVersion: v3 kind: service name: myService namespace: default id: 4b163705-23c0-4573-b2fb-f6cea2163fcb type: entity meta: count: 1 includeCount: 0 schema: $ref: "#/components/schemas/UpsertCatalogEntityResponse" description: ACCEPTED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create or update entities tags: - Software Catalog x-codegen-request-body-name: body /api/v2/catalog/entity/preview: post: operationId: PreviewCatalogEntities responses: "202": content: application/json: examples: default: value: data: - id: 4b163705-23c0-4573-b2fb-f6cea2163fcb type: entity schema: $ref: "#/components/schemas/EntityResponseArray" description: Accepted "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Preview catalog entities tags: - Software Catalog /api/v2/catalog/entity/{entity_id}: delete: description: Delete a single entity in Software Catalog. operationId: DeleteCatalogEntity parameters: - $ref: "#/components/parameters/EntityID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a single entity tags: - Software Catalog /api/v2/catalog/kind: get: description: Get a list of entity kinds from Software Catalog. operationId: ListCatalogKind parameters: - $ref: "#/components/parameters/PageOffset" - description: Maximum number of kinds in the response. example: 100 in: query name: page[limit] required: false schema: default: 100 format: int64 type: integer - $ref: "#/components/parameters/FilterByID" - $ref: "#/components/parameters/FilterByName" responses: "200": content: application/json: examples: default: value: data: - attributes: description: A job entity in the catalog. displayName: My Job name: my-job id: 4b163705-23c0-4573-b2fb-f6cea2163fcb type: kind meta: count: 1 schema: $ref: "#/components/schemas/ListKindCatalogResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a list of entity kinds tags: - Software Catalog x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data post: description: Create or update kinds in Software Catalog. operationId: UpsertCatalogKind requestBody: content: application/json: examples: default: value: kind: my-job schema: $ref: "#/components/schemas/UpsertCatalogKindRequest" description: Kind YAML or JSON. required: true responses: "202": content: application/json: examples: default: value: data: - attributes: description: A job entity in the catalog. displayName: My Job name: my-job id: 4b163705-23c0-4573-b2fb-f6cea2163fcb type: kind meta: count: 1 schema: $ref: "#/components/schemas/UpsertCatalogKindResponse" description: ACCEPTED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create or update kinds tags: - Software Catalog x-codegen-request-body-name: body /api/v2/catalog/kind/{kind_id}: delete: description: Delete a single kind in Software Catalog. operationId: DeleteCatalogKind parameters: - $ref: "#/components/parameters/KindID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a single kind tags: - Software Catalog /api/v2/catalog/relation: get: description: Get a list of entity relations from Software Catalog. operationId: ListCatalogRelation parameters: - $ref: "#/components/parameters/PageOffset" - description: Maximum number of relations in the response. example: 100 in: query name: page[limit] required: false schema: default: 100 format: int64 type: integer - $ref: "#/components/parameters/FilterRelationByType" - $ref: "#/components/parameters/FilterRelationByFromRef" - $ref: "#/components/parameters/FilterRelationByToRef" - $ref: "#/components/parameters/RelationInclude" - description: If true, includes relationships discovered by APM and USM. in: query name: includeDiscovered required: false schema: default: false type: boolean responses: "200": content: application/json: examples: default: value: data: - attributes: from: kind: service name: test-service to: kind: service name: other-service type: RelationTypeOwns id: abc-123 type: relation meta: count: 1 schema: $ref: "#/components/schemas/ListRelationCatalogResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a list of entity relations tags: - Software Catalog x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data /api/v2/change-management/change-request: post: description: Create a new change request. operationId: CreateChangeRequest requestBody: content: application/json: examples: default: value: data: attributes: change_request_linked_incident_uuid: 00000000-0000-0000-0000-000000000000 change_request_maintenance_window_query: "" change_request_plan: 1. Deploy to staging 2. Run tests 3. Deploy to production change_request_risk: LOW change_request_type: NORMAL description: Deploying new payment service v2.1 end_date: "2024-01-02T15:00:00Z" project_id: d4bbe1af-f36e-42f1-87c1-493ca35c320e requested_teams: - team-handle-1 start_date: "2024-01-01T03:00:00Z" title: Deploy new payment service type: change_request schema: $ref: "#/components/schemas/ChangeRequestCreateRequest" description: Change request payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: attributes: {} change_request_linked_incident_uuid: "" change_request_maintenance_window_query: "" change_request_plan: "" change_request_risk: LOW change_request_type: NORMAL created_at: "2024-01-01T00:00:00+00:00" creation_source: CS_MANUAL description: Deploying new payment service v2.1 end_date: "2024-01-02T00:00:00+00:00" key: CHM-1234 modified_at: "2024-01-01T00:00:00+00:00" plan_notebook_id: 0 priority: NOT_DEFINED project_id: 00000000-0000-0000-0000-000000000001 start_date: "2024-01-01T00:00:00+00:00" status: OPEN title: Deploy new payment service type: CHANGE_REQUEST id: CHM-1234 relationships: change_request_decisions: data: [] created_by: data: id: 00000000-0000-0000-0000-000000000001 type: user modified_by: data: id: 00000000-0000-0000-0000-000000000001 type: user type: change_request schema: $ref: "#/components/schemas/ChangeRequestResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create a change request tags: - Change Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/change-management/change-request/{change_request_id}: get: description: Get the details of a change request by its ID. operationId: GetChangeRequest parameters: - $ref: "#/components/parameters/ChangeRequestIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: attributes: {} change_request_linked_incident_uuid: "" change_request_maintenance_window_query: "" change_request_plan: "" change_request_risk: LOW change_request_type: NORMAL created_at: "2024-01-01T00:00:00+00:00" creation_source: CS_MANUAL description: Deploying new payment service v2.1 end_date: "2024-01-02T00:00:00+00:00" key: CHM-1234 modified_at: "2024-01-01T00:00:00+00:00" plan_notebook_id: 0 priority: NOT_DEFINED project_id: 00000000-0000-0000-0000-000000000001 start_date: "2024-01-01T00:00:00+00:00" status: OPEN title: Deploy new payment service type: CHANGE_REQUEST id: CHM-1234 relationships: change_request_decisions: data: [] created_by: data: id: 00000000-0000-0000-0000-000000000001 type: user modified_by: data: id: 00000000-0000-0000-0000-000000000001 type: user type: change_request schema: $ref: "#/components/schemas/ChangeRequestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get a change request tags: - Change Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update the properties of a change request. operationId: UpdateChangeRequest parameters: - $ref: "#/components/parameters/ChangeRequestIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: change_request_plan: Updated deployment plan change_request_risk: LOW change_request_type: NORMAL end_date: "2024-01-02T15:00:00Z" id: CHM-1234 start_date: "2024-01-01T03:00:00Z" relationships: change_request_decisions: data: - id: decision-id-0 type: change_request included: - attributes: change_request_status: REQUESTED request_reason: Please review and approve this change id: decision-id-0 type: change_request_decision schema: $ref: "#/components/schemas/ChangeRequestUpdateRequest" description: Change request update payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: attributes: {} change_request_linked_incident_uuid: "" change_request_maintenance_window_query: "" change_request_plan: "" change_request_risk: LOW change_request_type: NORMAL created_at: "2024-01-01T00:00:00+00:00" creation_source: CS_MANUAL description: Deploying new payment service v2.1 end_date: "2024-01-02T00:00:00+00:00" key: CHM-1234 modified_at: "2024-01-01T00:00:00+00:00" plan_notebook_id: 0 priority: NOT_DEFINED project_id: 00000000-0000-0000-0000-000000000001 start_date: "2024-01-01T00:00:00+00:00" status: OPEN title: Deploy new payment service type: CHANGE_REQUEST id: CHM-1234 relationships: change_request_decisions: data: [] created_by: data: id: 00000000-0000-0000-0000-000000000001 type: user modified_by: data: id: 00000000-0000-0000-0000-000000000001 type: user type: change_request schema: $ref: "#/components/schemas/ChangeRequestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update a change request tags: - Change Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/change-management/change-request/{change_request_id}/branch: post: description: Create a new branch in a repository for a change request. operationId: CreateChangeRequestBranch parameters: - $ref: "#/components/parameters/ChangeRequestIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: branch_name: chm/CHM-1234 repo_id: DataDog/test-repo type: change_request_branch schema: $ref: "#/components/schemas/ChangeRequestBranchCreateRequest" description: Branch creation payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: attributes: {} change_request_linked_incident_uuid: "" change_request_maintenance_window_query: "" change_request_plan: "" change_request_risk: LOW change_request_type: NORMAL created_at: "2024-01-01T00:00:00+00:00" creation_source: CS_MANUAL description: Deploying new payment service v2.1 end_date: "2024-01-02T00:00:00+00:00" key: CHM-1234 modified_at: "2024-01-01T00:00:00+00:00" plan_notebook_id: 0 priority: NOT_DEFINED project_id: 00000000-0000-0000-0000-000000000001 start_date: "2024-01-01T00:00:00+00:00" status: OPEN title: Deploy new payment service type: CHANGE_REQUEST id: CHM-1234 relationships: change_request_decisions: data: [] created_by: data: id: 00000000-0000-0000-0000-000000000001 type: user modified_by: data: id: 00000000-0000-0000-0000-000000000001 type: user type: change_request schema: $ref: "#/components/schemas/ChangeRequestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create a change request branch tags: - Change Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/change-management/change-request/{change_request_id}/decisions/{decision_id}: delete: description: Delete a decision from a change request. operationId: DeleteChangeRequestDecision parameters: - $ref: "#/components/parameters/ChangeRequestIDPathParameter" - $ref: "#/components/parameters/ChangeRequestDecisionIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: attributes: {} change_request_linked_incident_uuid: "" change_request_maintenance_window_query: "" change_request_plan: "" change_request_risk: LOW change_request_type: NORMAL created_at: "2024-01-01T00:00:00+00:00" creation_source: CS_MANUAL description: Deploying new payment service v2.1 end_date: "2024-01-02T00:00:00+00:00" key: CHM-1234 modified_at: "2024-01-01T00:00:00+00:00" plan_notebook_id: 0 priority: NOT_DEFINED project_id: 00000000-0000-0000-0000-000000000001 start_date: "2024-01-01T00:00:00+00:00" status: OPEN title: Deploy new payment service type: CHANGE_REQUEST id: CHM-1234 relationships: change_request_decisions: data: [] created_by: data: id: 00000000-0000-0000-0000-000000000001 type: user modified_by: data: id: 00000000-0000-0000-0000-000000000001 type: user type: change_request schema: $ref: "#/components/schemas/ChangeRequestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Delete a change request decision tags: - Change Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update a decision on a change request, such as approving or declining it. operationId: UpdateChangeRequestDecision parameters: - $ref: "#/components/parameters/ChangeRequestIDPathParameter" - $ref: "#/components/parameters/ChangeRequestDecisionIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: id: CHM-1234 relationships: change_request_decisions: data: - id: decision-id-0 type: change_request included: - attributes: change_request_status: REQUESTED request_reason: Please review and approve this change id: decision-id-0 type: change_request_decision schema: $ref: "#/components/schemas/ChangeRequestDecisionUpdateRequest" description: Decision update payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: attributes: {} change_request_linked_incident_uuid: "" change_request_maintenance_window_query: "" change_request_plan: "" change_request_risk: LOW change_request_type: NORMAL created_at: "2024-01-01T00:00:00+00:00" creation_source: CS_MANUAL description: Deploying new payment service v2.1 end_date: "2024-01-02T00:00:00+00:00" key: CHM-1234 modified_at: "2024-01-01T00:00:00+00:00" plan_notebook_id: 0 priority: NOT_DEFINED project_id: 00000000-0000-0000-0000-000000000001 start_date: "2024-01-01T00:00:00+00:00" status: OPEN title: Deploy new payment service type: CHANGE_REQUEST id: CHM-1234 relationships: change_request_decisions: data: [] created_by: data: id: 00000000-0000-0000-0000-000000000001 type: user modified_by: data: id: 00000000-0000-0000-0000-000000000001 type: user type: change_request schema: $ref: "#/components/schemas/ChangeRequestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update a change request decision tags: - Change Management x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/ci/pipeline: post: description: |- Send your pipeline event to your Datadog platform over HTTP. For details about how pipeline executions are modeled and what execution types we support, see [Pipeline Data Model And Execution Types](https://docs.datadoghq.com/continuous_integration/guides/pipeline_data_model/). Multiple events can be sent in an array (up to 1000). Pipeline events can be submitted with a timestamp that is up to 18 hours in the past. The duration between the event start and end times cannot exceed 1 year. operationId: CreateCIAppPipelineEvent requestBody: content: application/json: examples: default: value: data: attributes: resource: end: "2024-11-25T20:08:11.018Z" git: author_email: john.doe@email.com repository_url: https://github.com/organization/example-repository sha: 7f263865994b76066c4612fd1965215e7dcb4cd2 level: pipeline name: Deploy to AWS partial_retry: false start: "2024-11-25T20:06:41.018Z" status: success unique_id: 3eacb6f3-ff04-4e10-8a9c-46e6d054024a url: https://my-ci-provider.example/pipelines/my-pipeline/run/1 type: cipipeline_resource_request schema: $ref: "#/components/schemas/CIAppCreatePipelineEventRequest" required: true responses: "202": content: application/json: examples: default: value: {} schema: type: object description: Request accepted for processing "400": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Forbidden "408": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Request Timeout "413": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Payload Too Large "429": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Too Many Requests "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error "503": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Service Unavailable security: - apiKeyAuth: [] summary: Send pipeline event tags: ["CI Visibility Pipelines"] x-codegen-request-body-name: body /api/v2/ci/pipelines/analytics/aggregate: post: description: |- Use this API endpoint to aggregate CI Visibility pipeline events into buckets of computed metrics and timeseries. operationId: AggregateCIAppPipelineEvents requestBody: content: "application/json": examples: default: value: compute: - aggregation: pc90 interval: 5m metric: "@duration" type: timeseries filter: from: now-15m query: "@ci.provider.name:github AND @ci.status:error" to: now group_by: - facet: "@ci.status" histogram: interval: 10 max: 100 min: 50 sort: aggregation: count order: asc options: timezone: GMT schema: $ref: "#/components/schemas/CIAppPipelinesAggregateRequest" required: true responses: "200": content: application/json: examples: default: value: data: buckets: - by: "@ci.status": error computes: pc90: - time: "2020-06-08T11:55:00.123Z" value: 2345 schema: $ref: "#/components/schemas/CIAppPipelinesAnalyticsAggregateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Aggregate pipelines events tags: ["CI Visibility Pipelines"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - ci_visibility_read /api/v2/ci/pipelines/events: get: description: |- List endpoint returns CI Visibility pipeline events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to see your latest pipeline events. operationId: ListCIAppPipelineEvents parameters: - description: Search query following log syntax. example: "@ci.provider.name:github @ci.pipeline.name:Pull Request Labeler" in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: "2019-01-02T09:42:36.320Z" in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: "2019-01-03T09:42:36.320Z" in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: "#/components/schemas/CIAppSort" - description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: "200": content: application/json: examples: default: value: data: [] meta: page: {} schema: $ref: "#/components/schemas/CIAppPipelineEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Get a list of pipelines events tags: ["CI Visibility Pipelines"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - ci_visibility_read /api/v2/ci/pipelines/events/search: post: description: |- List endpoint returns CI Visibility pipeline events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to build complex events filtering and search. operationId: SearchCIAppPipelineEvents requestBody: content: "application/json": examples: default: value: filter: from: now-15m query: "@ci.provider.name:github AND @ci.status:error" to: now options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp schema: $ref: "#/components/schemas/CIAppPipelineEventsRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: attributes: duration: 2345 ci_level: pipeline tags: - team:backend id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: cipipeline meta: elapsed: 132 request_id: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR status: done schema: $ref: "#/components/schemas/CIAppPipelineEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Search pipelines events tags: ["CI Visibility Pipelines"] x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data "x-permission": operator: OR permissions: - ci_visibility_read /api/v2/ci/test-optimization/settings/policies: patch: description: |- Partially update Flaky Tests Management repository-level policies for the given repository. Only provided policy blocks are updated; omitted blocks are left unchanged. operationId: UpdateFlakyTestsManagementPolicies requestBody: content: application/json: examples: default: value: data: attributes: attempt_to_fix: retries: 3 disabled: enabled: false quarantined: auto_quarantine_rule: enabled: true window_seconds: 3600 branch_rule: branches: - main enabled: true excluded_branches: [] excluded_test_services: [] enabled: true failure_rate_rule: branches: - main enabled: true min_runs: 10 threshold: 0.5 repository_id: "github.com/example-org/example-repo" type: test_optimization_update_flaky_tests_management_policies_request schema: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: repository_id: github.com/datadog/test-service id: github.com/datadog/test-service type: test_optimization_flaky_tests_management_policies schema: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - test_optimization_settings_write summary: Update Flaky Tests Management policies tags: ["Test Optimization"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - test_optimization_settings_write post: description: |- Retrieve Flaky Tests Management repository-level policies for the given repository. operationId: GetFlakyTestsManagementPolicies requestBody: content: application/json: examples: default: value: data: attributes: repository_id: "github.com/example-org/example-repo" type: test_optimization_get_flaky_tests_management_policies_request schema: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesGetRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: repository_id: github.com/datadog/test-service id: github.com/datadog/test-service type: test_optimization_flaky_tests_management_policies schema: $ref: "#/components/schemas/TestOptimizationFlakyTestsManagementPoliciesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - test_optimization_read summary: Get Flaky Tests Management policies tags: ["Test Optimization"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - test_optimization_read /api/v2/ci/test-optimization/settings/service: delete: description: |- Delete Test Optimization settings for a specific service identified by repository, service name, and environment. operationId: DeleteTestOptimizationServiceSettings requestBody: content: application/json: examples: default: value: data: attributes: env: prod repository_id: github.com/datadog/test-service service_name: test-service type: test_optimization_delete_service_settings_request schema: $ref: "#/components/schemas/TestOptimizationDeleteServiceSettingsRequest" required: true responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - test_optimization_settings_write summary: Delete Test Optimization service settings tags: ["Test Optimization"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - test_optimization_settings_write patch: description: |- Partially update Test Optimization settings for a specific service identified by repository, service name, and environment. Only provided fields are updated; null or omitted fields are left unchanged. operationId: UpdateTestOptimizationServiceSettings requestBody: content: application/json: examples: default: value: data: attributes: auto_test_retries_enabled: false code_coverage_enabled: false early_flake_detection_enabled: false env: prod failed_test_replay_enabled: false pr_comments_enabled: true repository_id: github.com/datadog/test-service service_name: test-service test_impact_analysis_enabled: false type: test_optimization_update_service_settings_request schema: $ref: "#/components/schemas/TestOptimizationUpdateServiceSettingsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: auto_test_retries_enabled: false code_coverage_enabled: false early_flake_detection_enabled: false env: prod failed_test_replay_enabled: false pr_comments_enabled: true repository_id: github.com/datadog/test-service service_name: test-service test_impact_analysis_enabled: false id: github.com/datadog/test-service::test-service::prod type: test_optimization_service_settings schema: $ref: "#/components/schemas/TestOptimizationServiceSettingsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - test_optimization_settings_write summary: Update Test Optimization service settings tags: ["Test Optimization"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - test_optimization_settings_write post: description: |- Retrieve Test Optimization settings for a specific service identified by repository, service name, and environment. operationId: GetTestOptimizationServiceSettings requestBody: content: application/json: examples: default: value: data: attributes: env: prod repository_id: github.com/datadog/test-service service_name: test-service type: test_optimization_get_service_settings_request schema: $ref: "#/components/schemas/TestOptimizationGetServiceSettingsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: auto_test_retries_enabled: false code_coverage_enabled: false early_flake_detection_enabled: false env: prod failed_test_replay_enabled: false pr_comments_enabled: true repository_id: github.com/datadog/test-service service_name: test-service test_impact_analysis_enabled: false id: github.com/datadog/test-service::test-service::prod type: test_optimization_service_settings schema: $ref: "#/components/schemas/TestOptimizationServiceSettingsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - test_optimization_read summary: Get Test Optimization service settings tags: ["Test Optimization"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - test_optimization_read /api/v2/ci/tests/analytics/aggregate: post: description: |- The API endpoint to aggregate CI Visibility test events into buckets of computed metrics and timeseries. operationId: AggregateCIAppTestEvents requestBody: content: "application/json": examples: default: value: compute: - aggregation: pc90 interval: 5m metric: "@duration" type: timeseries filter: from: now-15m query: "@test.service:web-tests AND @test.status:fail" to: now group_by: - facet: "@test.service" histogram: interval: 10 max: 100 min: 50 sort: aggregation: count order: asc options: timezone: GMT schema: $ref: "#/components/schemas/CIAppTestsAggregateRequest" required: true responses: "200": content: application/json: examples: default: value: data: buckets: - by: "@test.service": web-tests computes: pc90: - time: "2020-06-08T11:55:00.123Z" value: 2345 schema: $ref: "#/components/schemas/CIAppTestsAnalyticsAggregateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read - AuthZ: - test_optimization_read summary: Aggregate tests events tags: ["CI Visibility Tests"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - ci_visibility_read - test_optimization_read /api/v2/ci/tests/events: get: description: |- List endpoint returns CI Visibility test events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to see your latest test events. operationId: ListCIAppTestEvents parameters: - description: Search query following log syntax. example: "@test.name:test_foo @test.suite:github.com/DataDog/dd-go/model" in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: "2019-01-02T09:42:36.320Z" in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: "2019-01-03T09:42:36.320Z" in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: "#/components/schemas/CIAppSort" - description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: "200": content: application/json: examples: default: value: data: [] meta: page: {} schema: $ref: "#/components/schemas/CIAppTestEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read - AuthZ: - test_optimization_read summary: Get a list of tests events tags: ["CI Visibility Tests"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - ci_visibility_read - test_optimization_read /api/v2/ci/tests/events/search: post: description: |- List endpoint returns CI Visibility test events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to build complex events filtering and search. operationId: SearchCIAppTestEvents requestBody: content: "application/json": examples: default: value: filter: from: now-15m query: "@test.service:web-tests AND @test.status:fail" to: now options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp schema: $ref: "#/components/schemas/CIAppTestEventsRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: attributes: duration: 2345 tags: - team:backend test_level: test id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: citest links: next: https://app.datadoghq.com/api/v2/ci/tests/events?page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== meta: elapsed: 132 request_id: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR status: done schema: $ref: "#/components/schemas/CIAppTestEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read - AuthZ: - test_optimization_read summary: Search tests events tags: ["CI Visibility Tests"] x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data "x-permission": operator: OR permissions: - ci_visibility_read - test_optimization_read /api/v2/cloud_auth/aws/persona_mapping: get: description: List all AWS cloud authentication persona mappings. This endpoint retrieves all configured persona mappings that associate AWS IAM principals with Datadog users. operationId: ListAWSCloudAuthPersonaMappings responses: "200": content: application/json: examples: default: value: data: - attributes: account_identifier: test@example.com account_uuid: 00000000-0000-0000-0000-000000000001 arn_pattern: "arn:aws:iam::123456789012:user/testuser" id: abc-123 type: aws_cloud_auth_config schema: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List AWS cloud authentication persona mappings tags: - Cloud Authentication x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create an AWS cloud authentication persona mapping. This endpoint associates an AWS IAM principal with a Datadog user. operationId: CreateAWSCloudAuthPersonaMapping requestBody: content: application/json: examples: default: value: data: attributes: account_identifier: test@test.com arn_pattern: arn:aws:iam::123456789012:user/testuser type: aws_cloud_auth_config schema: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: account_identifier: test@example.com account_uuid: 00000000-0000-0000-0000-000000000001 arn_pattern: "arn:aws:iam::123456789012:user/testuser" id: abc-123 type: aws_cloud_auth_config schema: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "409": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an AWS cloud authentication persona mapping tags: - Cloud Authentication x-codegen-request-body-name: body x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cloud_auth/aws/persona_mapping/{persona_mapping_id}: delete: description: Delete an AWS cloud authentication persona mapping by ID. This removes the association between an AWS IAM principal and a Datadog user. operationId: DeleteAWSCloudAuthPersonaMapping parameters: - $ref: "#/components/parameters/PersonaMappingID" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an AWS cloud authentication persona mapping tags: - Cloud Authentication x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get a specific AWS cloud authentication persona mapping by ID. This endpoint retrieves a single configured persona mapping that associates an AWS IAM principal with a Datadog user. operationId: GetAWSCloudAuthPersonaMapping parameters: - $ref: "#/components/parameters/PersonaMappingID" responses: "200": content: application/json: examples: default: value: data: attributes: account_identifier: test@example.com account_uuid: 00000000-0000-0000-0000-000000000001 arn_pattern: "arn:aws:iam::123456789012:user/testuser" id: abc-123 type: aws_cloud_auth_config schema: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an AWS cloud authentication persona mapping tags: - Cloud Authentication x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cloud_security_management/custom_frameworks: post: description: Create a custom framework. operationId: CreateCustomFramework requestBody: content: "application/json": examples: default: value: data: attributes: handle: sec2 name: security-framework requirements: - controls: - name: control rules_id: - def-000-be9 name: criteria version: "2" type: custom_framework schema: $ref: "#/components/schemas/CreateCustomFrameworkRequest" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: handle: sec2 version: "2" id: sec2-2 type: custom_framework schema: $ref: "#/components/schemas/CreateCustomFrameworkResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": $ref: "#/components/responses/BadRequestResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_rules_write summary: Create a custom framework tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: AND permissions: - security_monitoring_rules_read - security_monitoring_rules_write /api/v2/cloud_security_management/custom_frameworks/{handle}/{version}: delete: description: Delete a custom framework. operationId: DeleteCustomFramework parameters: - $ref: "#/components/parameters/CustomFrameworkHandle" - $ref: "#/components/parameters/CustomFrameworkVersion" responses: "200": content: "application/json": examples: default: value: data: attributes: handle: sec2 name: security-framework version: "2" id: sec2-2 type: custom_framework schema: $ref: "#/components/schemas/DeleteCustomFrameworkResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": $ref: "#/components/responses/BadRequestResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_rules_write summary: Delete a custom framework tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: AND permissions: - security_monitoring_rules_read - security_monitoring_rules_write get: description: Get a custom framework. operationId: GetCustomFramework parameters: - $ref: "#/components/parameters/CustomFrameworkHandle" - $ref: "#/components/parameters/CustomFrameworkVersion" responses: "200": content: "application/json": examples: default: value: data: attributes: handle: sec2 name: security-framework requirements: - controls: - name: control rules_id: - def-000-be9 name: criteria version: "2" id: sec2-2 type: custom_framework schema: $ref: "#/components/schemas/GetCustomFrameworkResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": $ref: "#/components/responses/BadRequestResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a custom framework tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_read put: description: Update a custom framework. operationId: UpdateCustomFramework parameters: - $ref: "#/components/parameters/CustomFrameworkHandle" - $ref: "#/components/parameters/CustomFrameworkVersion" requestBody: content: "application/json": examples: default: value: data: attributes: handle: sec2 name: security-framework requirements: - controls: - name: control rules_id: - def-000-be9 name: criteria version: "2" type: custom_framework schema: $ref: "#/components/schemas/UpdateCustomFrameworkRequest" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: handle: sec2 version: "2" id: sec2-2 type: custom_framework schema: $ref: "#/components/schemas/UpdateCustomFrameworkResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": $ref: "#/components/responses/BadRequestResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_rules_write summary: Update a custom framework tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: AND permissions: - security_monitoring_rules_read - security_monitoring_rules_write /api/v2/cloud_security_management/resource_filters: get: description: List resource filters. operationId: GetResourceEvaluationFilters parameters: - $ref: "#/components/parameters/ResourceFilterProvider" - $ref: "#/components/parameters/ResourceFilterAccountID" - $ref: "#/components/parameters/SkipCache" responses: "200": content: "application/json": examples: default: value: data: attributes: cloud_provider: aws: "123456789": - environment:production id: csm_resource_filter type: csm_resource_filter schema: $ref: "#/components/schemas/GetResourceEvaluationFiltersResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: List resource filters tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_filters_read put: description: Update resource filters. operationId: UpdateResourceEvaluationFilters requestBody: content: "application/json": examples: default: value: data: attributes: aws: "123456789": - environment:production - team:devops azure: sub-001: - app:frontend gcp: project-abc: - region:us-central1 id: csm_resource_filter type: csm_resource_filter schema: $ref: "#/components/schemas/UpdateResourceEvaluationFiltersRequest" required: true responses: "201": content: "application/json": examples: default: value: data: attributes: cloud_provider: aws: "123456789": - environment:production id: csm_resource_filter type: csm_resource_filter schema: $ref: "#/components/schemas/UpdateResourceEvaluationFiltersResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Update resource filters tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_filters_write /api/v2/cloudinventoryservice/syncconfigs: put: description: |- Enable Storage Management for an S3 bucket, GCS bucket, or Azure container by registering the destination that holds its inventory reports. Set `data.id` to the cloud provider (`aws`, `gcp`, or `azure`) and provide the matching settings under data.attributes. Calling this endpoint with the same provider replaces the existing configuration. operationId: UpsertSyncConfig requestBody: content: application/json: examples: default: summary: AWS inventory bucket value: data: attributes: aws: aws_account_id: "123456789012" destination_bucket_name: my-inventory-bucket destination_bucket_region: us-east-1 destination_prefix: logs/ id: aws type: cloud_provider schema: $ref: "#/components/schemas/UpsertCloudInventorySyncConfigRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: aws_account_id: "123456789012" aws_bucket_name: my-inventory-bucket aws_region: us-east-1 id: aws type: sync_configs schema: $ref: "#/components/schemas/CloudInventorySyncConfigResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Enable Storage Management for a bucket tags: - Storage Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - aws_configurations_manage /api/v2/code-coverage/branch/summary: post: description: |- Retrieve aggregated code coverage statistics for a specific branch in a repository. This endpoint provides overall coverage metrics as well as breakdowns by service and code owner. operationId: GetCodeCoverageBranchSummary requestBody: content: application/json: examples: default: value: data: attributes: branch: prod repository_id: github.com/datadog/test-service type: ci_app_coverage_branch_summary_request schema: $ref: "#/components/schemas/BranchCoverageSummaryRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: evaluated_flags_count: 8 evaluated_reports_count: 12 patch_coverage: 70.1 total_coverage: 82.4 id: ZGQxMjM0NV9tYWluXzE3MDk1NjQwMDA= type: ci_app_coverage_summary schema: $ref: "#/components/schemas/CoverageSummaryResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - code_coverage_read summary: Get code coverage summary for a branch tags: ["Code Coverage"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - code_coverage_read x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/code-coverage/commit/summary: post: description: |- Retrieve aggregated code coverage statistics for a specific commit in a repository. This endpoint provides overall coverage metrics as well as breakdowns by service and code owner. The commit SHA must be a 40-character hexadecimal string (SHA-1 hash). operationId: GetCodeCoverageCommitSummary requestBody: content: application/json: examples: default: value: data: attributes: commit_sha: 66adc9350f2cc9b250b69abddab733dd55e1a588 repository_id: github.com/datadog/test-service type: ci_app_coverage_commit_summary_request schema: $ref: "#/components/schemas/CommitCoverageSummaryRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: evaluated_flags_count: 8 evaluated_reports_count: 12 patch_coverage: 70.1 total_coverage: 82.4 id: ZGQxMjM0NV9tYWluXzE3MDk1NjQwMDA= type: ci_app_coverage_summary schema: $ref: "#/components/schemas/CoverageSummaryResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - code_coverage_read summary: Get code coverage summary for a commit tags: ["Code Coverage"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - code_coverage_read x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/container_images: get: description: |- Get all Container Images for your organization. **Note**: To enrich the data returned by this endpoint with security scans, see the new [api/v2/security/scanned-assets-metadata](https://docs.datadoghq.com/api/latest/security-monitoring/#list-scanned-assets-metadata) endpoint. operationId: ListContainerImages parameters: - description: Comma-separated list of tags to filter Container Images by. example: short_image:redis,status:running in: query name: filter[tags] required: false schema: type: string - description: Comma-separated list of tags to group Container Images by. example: registry,image_tags in: query name: group_by required: false schema: type: string - description: Attribute to sort Container Images by. example: container_count in: query name: sort required: false schema: type: string - description: Maximum number of results returned. in: query name: page[size] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: |- String to query the next page of results. This key is provided with each valid response from the API in `meta.pagination.next_cursor`. in: query name: page[cursor] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: container_count: 1 image_tags: - latest name: nginx registry: docker.io repository: library/nginx short_image: nginx id: abc-123 type: container_image meta: pagination: limit: 1000 total: 1 type: cursor_limit schema: $ref: "#/components/schemas/ContainerImagesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all Container Images tags: - Container Images x-pagination: cursorParam: page[cursor] cursorPath: meta.pagination.next_cursor limitParam: page[size] resultsPath: data "x-permission": operator: OPEN permissions: [] /api/v2/containers: get: description: Get all containers for your organization. operationId: ListContainers parameters: - description: Comma-separated list of tags to filter containers by. example: env:prod,short_image:cassandra in: query name: filter[tags] required: false schema: type: string - description: Comma-separated list of tags to group containers by. example: datacenter,cluster in: query name: group_by required: false schema: type: string - description: Attribute to sort containers by. example: started_at in: query name: sort required: false schema: type: string - description: Maximum number of results returned. in: query name: page[size] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: |- String to query the next page of results. This key is provided with each valid response from the API in `meta.pagination.next_cursor`. in: query name: page[cursor] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: container_id: abc-123 host: example-host image_name: nginx name: example-container state: running id: abc-123 type: container meta: pagination: limit: 1000 total: 1 type: cursor_limit schema: $ref: "#/components/schemas/ContainersResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get All Containers tags: - Containers x-pagination: cursorParam: page[cursor] cursorPath: meta.pagination.next_cursor limitParam: page[size] resultsPath: data "x-permission": operator: OPEN permissions: [] /api/v2/cost/anomalies: get: description: List detected Cloud Cost Management anomalies for the organization. operationId: ListCostAnomalies parameters: - description: Start time as Unix milliseconds. Defaults to the start of the latest stable seven-day window. in: query name: start required: false schema: example: 1730259950000 format: int64 type: integer - description: End time as Unix milliseconds. Defaults to the end of the latest stable seven-day window. in: query name: end required: false schema: example: 1730429150000 format: int64 type: integer - description: 'Optional JSON object mapping cost tag keys to allowed values, for example `{"team":["payments"],"env":["prod"]}`. Filters match anomaly dimensions or correlated tags.' in: query name: filter required: false schema: example: '{"team":["payments"]}' type: string - description: Minimum absolute anomalous cost change to include. Numeric value; defaults to `1`. in: query name: min_anomalous_threshold required: false schema: example: "1.0" type: string - description: Minimum absolute actual cost to include. Numeric value; defaults to `0`. in: query name: min_cost_threshold required: false schema: example: "0.0" type: string - description: Filter by resolution state. Use `none` for unresolved anomalies, `all` or `*` for resolved anomalies, or a comma-separated list of causes. in: query name: dismissal_cause required: false schema: example: none type: string - description: Sort field. One of `start_date`, `end_date`, `duration`, `max_cost`, `anomalous_cost`, or `dismissal_date`. Defaults to `anomalous_cost`. in: query name: order_by required: false schema: example: anomalous_cost type: string - description: Sort direction. One of `asc` or `desc`. Defaults to `desc`. in: query name: order required: false schema: example: desc type: string - description: Maximum number of anomalies to return. Defaults to `200`. in: query name: limit required: false schema: example: 200 type: integer - description: Pagination offset. Defaults to `0`. in: query name: offset required: false schema: example: 0 type: integer - description: Optional repeated cloud or SaaS provider filters, such as `aws`, `gcp`, `azure`, `Oracle`, `datadog`, `OpenAI`, or `Anthropic`. explode: true in: query name: provider_ids required: false schema: items: example: aws type: string type: array responses: "200": content: application/json: examples: default: value: data: attributes: anomalies: - actual_cost: 3001.24 anomalous_cost_change: 1250.75 anomaly_end: 1730429150000 anomaly_start: 1730259950000 correlated_tags: region: - us-east-1 - us-west-2 dimensions: service: ec2 max_cost: 5000.5 provider: aws query: 'sum:aws.cost.net.amortized{aws_cost_type IN (Usage,DiscountedUsage,SavingsPlanCoveredUsage) AND aws_product NOT IN (supportenterprise) AND service:"ec2"}.rollup(sum, daily)' uuid: b0a6aaa9-3c4c-48cb-9447-a0d1338b3e09 avg_daily_anomalous_cost: 625.375 total_actual_cost: 3001.24 total_anomalous_cost: 1250.75 total_count: 1 id: anomalies type: anomalies schema: $ref: "#/components/schemas/CostAnomaliesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List cost anomalies tags: - Cloud Cost Management x-unstable: |- **Note**: This endpoint is in Preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cost/anomalies/{anomaly_id}: get: description: Get a detected Cloud Cost Management anomaly by UUID. operationId: GetCostAnomaly parameters: - $ref: "#/components/parameters/AnomalyID" responses: "200": content: application/json: examples: default: value: data: attributes: actual_cost: 3001.24 anomalous_cost_change: 1250.75 anomaly_end: 1730429150000 anomaly_start: 1730259950000 correlated_tags: region: - us-east-1 - us-west-2 dimensions: service: ec2 max_cost: 5000.5 provider: aws query: 'sum:aws.cost.net.amortized{aws_cost_type IN (Usage,DiscountedUsage,SavingsPlanCoveredUsage) AND aws_product NOT IN (supportenterprise) AND service:"ec2"}.rollup(sum, daily)' uuid: b0a6aaa9-3c4c-48cb-9447-a0d1338b3e09 id: b0a6aaa9-3c4c-48cb-9447-a0d1338b3e09 type: anomalies schema: $ref: "#/components/schemas/CostAnomalyResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get cost anomaly tags: - Cloud Cost Management x-unstable: |- **Note**: This endpoint is in Preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/cost/arbitrary_rule: get: description: List all custom allocation rules - Retrieve a list of all custom allocation rules for the organization operationId: ListCustomAllocationRules responses: "200": content: application/json: examples: default: value: data: - attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" values: created: "2024-01-01T00:00:00+00:00" enabled: true last_modified_user_uuid: user-example-uuid order_id: 1 processing_status: done provider: - aws rule_name: example-custom-allocation-rule strategy: allocated_by_tag_keys: - team granularity: daily method: proportional type: shared updated: "2024-01-01T00:00:00+00:00" version: 1 id: "123" type: arbitrary_rule schema: $ref: "#/components/schemas/ArbitraryRuleResponseArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List custom allocation rules tags: - Cloud Cost Management post: description: |- Create a new custom allocation rule with the specified filters and allocation strategy. **Strategy Methods:** - **PROPORTIONAL/EVEN**: Allocates costs proportionally/evenly based on existing costs. Requires: granularity, allocated_by_tag_keys. Optional: based_on_costs, allocated_by_filters, evaluate_grouped_by_tag_keys, evaluate_grouped_by_filters. - **PROPORTIONAL_TIMESERIES/EVEN_TIMESERIES**: Allocates based on timeseries data. Requires: granularity, based_on_timeseries. Optional: evaluate_grouped_by_tag_keys. - **PERCENT**: Allocates fixed percentages to specific tags. Requires: allocated_by (array of percentage allocations). **Filter Conditions:** - Use **value** for single-value conditions: "is", "is not", "contains", "=", "!=", "like", "not like" - Use **values** for multi-value conditions: "in", "not in" - Cannot use both value and values simultaneously. **Supported operators**: is, is not, contains, in, not in, =, !=, like, not like operationId: CreateCustomAllocationRule requestBody: content: application/json: examples: default: value: data: attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" - condition: in tag: environment value: "" values: - production - staging enabled: true order_id: 1 provider: - aws - gcp rule_name: example-arbitrary-cost-rule strategy: allocated_by_tag_keys: - team - environment based_on_costs: - condition: is tag: service value: web-api - condition: not in tag: team value: "" values: - legacy - deprecated granularity: daily method: proportional type: shared type: upsert_arbitrary_rule schema: $ref: "#/components/schemas/ArbitraryCostUpsertRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" created: "2024-01-01T00:00:00+00:00" enabled: true order_id: 1 provider: - aws rule_name: example-arbitrary-cost-rule strategy: allocated_by_tag_keys: - team granularity: daily method: proportional type: shared updated: "2024-01-01T00:00:00+00:00" version: 1 id: "123" type: arbitrary_rule schema: $ref: "#/components/schemas/ArbitraryRuleResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create custom allocation rule tags: - Cloud Cost Management /api/v2/cost/arbitrary_rule/reorder: post: description: |- Reorder custom allocation rules - Change the execution order of custom allocation rules. **Important**: You must provide the **complete list** of all rule IDs in the desired execution order. The API will reorder ALL rules according to the provided sequence. Rules are executed in the order specified, with lower indices (earlier in the array) having higher priority. **Example**: If you have rules with IDs [123, 456, 789] and want to change order from 123→456→789 to 456→123→789, send: [{"id": "456"}, {"id": "123"}, {"id": "789"}] operationId: ReorderCustomAllocationRules requestBody: content: application/json: examples: default: value: data: - id: "456" type: arbitrary_rule - id: "123" type: arbitrary_rule - id: "789" type: arbitrary_rule schema: $ref: "#/components/schemas/ReorderRuleResourceArray" required: true responses: "204": description: Successfully reordered rules "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Reorder custom allocation rules tags: - Cloud Cost Management /api/v2/cost/arbitrary_rule/status: get: description: List the processing status of all custom allocation rules. Returns only the ID and processing status for each rule. operationId: ListCustomAllocationRulesStatus responses: "200": content: application/json: examples: default: value: data: - attributes: processing_status: processing id: "123" type: arbitrary_rule_status - attributes: processing_status: done id: "456" type: arbitrary_rule_status schema: $ref: "#/components/schemas/ArbitraryRuleStatusResponseArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List custom allocation rule statuses tags: - Cloud Cost Management /api/v2/cost/arbitrary_rule/{rule_id}: delete: description: Delete a custom allocation rule - Delete an existing custom allocation rule by its ID operationId: DeleteCustomAllocationRule parameters: - description: The unique identifier of the custom allocation rule in: path name: rule_id required: true schema: format: int64 type: integer responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete custom allocation rule tags: - Cloud Cost Management get: description: Get a specific custom allocation rule - Retrieve a specific custom allocation rule by its ID operationId: GetCustomAllocationRule parameters: - description: The unique identifier of the custom allocation rule in: path name: rule_id required: true schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" values: created: "2024-01-01T00:00:00+00:00" enabled: true last_modified_user_uuid: user-example-uuid order_id: 1 provider: - aws rule_name: example-custom-allocation-rule strategy: allocated_by_tag_keys: - team granularity: daily method: proportional type: shared updated: "2024-01-01T00:00:00+00:00" version: 1 id: "123" type: arbitrary_rule schema: $ref: "#/components/schemas/ArbitraryRuleResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get custom allocation rule tags: - Cloud Cost Management patch: description: |- Update an existing custom allocation rule with new filters and allocation strategy. **Strategy Methods:** - **PROPORTIONAL/EVEN**: Allocates costs proportionally/evenly based on existing costs. Requires: granularity, allocated_by_tag_keys. Optional: based_on_costs, allocated_by_filters, evaluate_grouped_by_tag_keys, evaluate_grouped_by_filters. - **PROPORTIONAL_TIMESERIES/EVEN_TIMESERIES**: Allocates based on timeseries data. Requires: granularity, based_on_timeseries. Optional: evaluate_grouped_by_tag_keys. - **PERCENT**: Allocates fixed percentages to specific tags. Requires: allocated_by (array of percentage allocations). - **USAGE_METRIC**: Allocates based on usage metrics (implementation varies). **Filter Conditions:** - Use **value** for single-value conditions: "is", "is not", "contains", "=", "!=", "like", "not like" - Use **values** for multi-value conditions: "in", "not in" - Cannot use both value and values simultaneously. **Supported operators**: is, is not, contains, in, not in, =, !=, like, not like operationId: UpdateCustomAllocationRule parameters: - description: The unique identifier of the custom allocation rule in: path name: rule_id required: true schema: format: int64 type: integer requestBody: content: application/json: examples: default: value: data: attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" - condition: in tag: environment value: "" values: - production - staging enabled: true order_id: 1 provider: - aws - gcp rule_name: example-arbitrary-cost-rule strategy: allocated_by_tag_keys: - team - environment based_on_costs: - condition: is tag: service value: web-api - condition: not in tag: team value: "" values: - legacy - deprecated granularity: daily method: proportional type: shared type: upsert_arbitrary_rule schema: $ref: "#/components/schemas/ArbitraryCostUpsertRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: costs_to_allocate: - condition: is tag: account_id value: "123456789" created: "2024-01-01T00:00:00+00:00" enabled: true order_id: 1 provider: - aws rule_name: example-arbitrary-cost-rule strategy: allocated_by_tag_keys: - team granularity: daily method: proportional type: shared updated: "2024-01-01T00:00:00+00:00" version: 1 id: "123" type: arbitrary_rule schema: $ref: "#/components/schemas/ArbitraryRuleResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Update custom allocation rule tags: - Cloud Cost Management /api/v2/cost/aws_cur_config: get: description: List the AWS CUR configs. operationId: ListCostAWSCURConfigs responses: "200": content: application/json: examples: default: value: data: - attributes: account_id: "123456789123" bucket_name: dd-cost-bucket bucket_region: us-east-1 created_at: "2023-01-01T12:00:00.000000" error_messages: [] months: 36 report_name: dd-report-name report_prefix: dd-report-prefix status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123" type: aws_cur_config schema: $ref: "#/components/schemas/AwsCURConfigsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management AWS CUR configs tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read post: description: Create a Cloud Cost Management account for an AWS CUR config. operationId: CreateCostAWSCURConfig requestBody: content: application/json: examples: default: value: data: attributes: account_filters: excluded_accounts: - "123456789123" - "123456789143" include_new_accounts: true included_accounts: - "123456789123" - "123456789143" account_id: "123456789123" bucket_name: dd-cost-bucket bucket_region: us-east-1 report_name: dd-report-name report_prefix: dd-report-prefix type: aws_cur_config_post_request schema: $ref: "#/components/schemas/AwsCURConfigPostRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: account_filters: excluded_accounts: - "123456789124" - "123456789125" include_new_accounts: true account_id: "123456789123" bucket_name: dd-cost-bucket bucket_region: us-east-1 created_at: "2023-01-01T12:00:00.000000" error_messages: [] months: 36 report_name: dd-report-name report_prefix: dd-report-prefix status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: aws_cur_config schema: $ref: "#/components/schemas/AwsCurConfigResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create Cloud Cost Management AWS CUR config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write /api/v2/cost/aws_cur_config/{cloud_account_id}: delete: description: Archive a Cloud Cost Management Account. operationId: DeleteCostAWSCURConfig parameters: - $ref: "#/components/parameters/CloudAccountID" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete Cloud Cost Management AWS CUR config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write get: description: Get a specific AWS CUR config. operationId: GetCostAWSCURConfig parameters: - description: The unique identifier of the cloud account in: path name: cloud_account_id required: true schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: account_filters: excluded_accounts: - "123456789124" - "123456789125" include_new_accounts: true account_id: "123456789123" bucket_name: dd-cost-bucket bucket_region: us-east-1 created_at: "2023-01-01T12:00:00.000000" error_messages: [] months: 36 report_name: dd-report-name report_prefix: dd-report-prefix status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: aws_cur_config schema: $ref: "#/components/schemas/AwsCurConfigResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get cost AWS CUR config tags: - Cloud Cost Management patch: description: Update the status (active/archived) and/or account filtering configuration of an AWS CUR config. operationId: UpdateCostAWSCURConfig parameters: - $ref: "#/components/parameters/CloudAccountID" requestBody: content: application/json: examples: default: value: data: attributes: account_filters: excluded_accounts: - "123456789123" - "123456789143" include_new_accounts: true included_accounts: - "123456789123" - "123456789143" is_enabled: true type: aws_cur_config_patch_request schema: $ref: "#/components/schemas/AwsCURConfigPatchRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: account_id: "123456789123" bucket_name: dd-cost-bucket bucket_region: us-east-1 created_at: "2023-01-01T12:00:00.000000" error_messages: [] months: 36 report_name: dd-report-name report_prefix: dd-report-prefix status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123" type: aws_cur_config schema: $ref: "#/components/schemas/AwsCURConfigsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Update Cloud Cost Management AWS CUR config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write /api/v2/cost/azure_uc_config: get: description: List the Azure configs. operationId: ListCostAzureUCConfigs responses: "200": content: application/json: examples: default: value: data: - attributes: configs: - account_id: 1234abcd-1234-abcd-1234-1234abcd1234 client_id: 1234abcd-1234-abcd-1234-1234abcd1234 created_at: "2023-01-01T12:00:00.000000" dataset_type: actual error_messages: [] export_name: dd-actual-export export_path: dd-export-path id: "123456789123" months: 36 scope: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 status: active status_updated_at: "2023-01-01T12:00:00.000000" storage_account: dd-storage-account storage_container: dd-storage-container updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: azure_uc_configs schema: $ref: "#/components/schemas/AzureUCConfigsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management Azure configs tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read post: description: Create a Cloud Cost Management account for an Azure config. operationId: CreateCostAzureUCConfigs requestBody: content: application/json: examples: default: value: data: attributes: account_id: 1234abcd-1234-abcd-1234-1234abcd1234 actual_bill_config: export_name: dd-actual-export export_path: dd-export-path storage_account: dd-storage-account storage_container: dd-storage-container amortized_bill_config: export_name: dd-actual-export export_path: dd-export-path storage_account: dd-storage-account storage_container: dd-storage-container client_id: 1234abcd-1234-abcd-1234-1234abcd1234 scope: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 type: azure_uc_config_post_request schema: $ref: "#/components/schemas/AzureUCConfigPostRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: configs: - account_id: 1234abcd-1234-abcd-1234-1234abcd1234 client_id: 1234abcd-1234-abcd-1234-1234abcd1234 created_at: "2023-01-01T12:00:00.000000" dataset_type: actual error_messages: [] export_name: dd-actual-export export_path: dd-export-path id: "123456789123" months: 36 scope: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 status: active status_updated_at: "2023-01-01T12:00:00.000000" storage_account: dd-storage-account storage_container: dd-storage-container updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: azure_uc_configs schema: $ref: "#/components/schemas/AzureUCConfigPairsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create Cloud Cost Management Azure configs tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write /api/v2/cost/azure_uc_config/{cloud_account_id}: delete: description: Archive a Cloud Cost Management Account. operationId: DeleteCostAzureUCConfig parameters: - $ref: "#/components/parameters/CloudAccountID" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete Cloud Cost Management Azure config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write get: description: Get a specific Azure config. operationId: GetCostAzureUCConfig parameters: - description: The unique identifier of the cloud account in: path name: cloud_account_id required: true schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: configs: - account_id: 1234abcd-1234-abcd-1234-1234abcd1234 client_id: 1234abcd-1234-abcd-1234-1234abcd1234 created_at: "2023-01-01T12:00:00.000000" dataset_type: actual error_messages: [] export_name: dd-actual-export export_path: dd-export-path id: "123456789123" months: 36 scope: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 status: active status_updated_at: "2023-01-01T12:00:00.000000" storage_account: dd-storage-account storage_container: dd-storage-container updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: azure_uc_configs schema: $ref: "#/components/schemas/UCConfigPair" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get cost Azure UC config tags: - Cloud Cost Management patch: description: Update the status of an Azure config (active/archived). operationId: UpdateCostAzureUCConfigs parameters: - $ref: "#/components/parameters/CloudAccountID" requestBody: content: application/json: examples: default: value: data: attributes: is_enabled: true type: azure_uc_config_patch_request schema: $ref: "#/components/schemas/AzureUCConfigPatchRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: configs: - account_id: 1234abcd-1234-abcd-1234-1234abcd1234 client_id: 1234abcd-1234-abcd-1234-1234abcd1234 created_at: "2023-01-01T12:00:00.000000" dataset_type: actual error_messages: [] export_name: dd-actual-export export_path: dd-export-path id: "123456789123" months: 36 scope: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 status: active status_updated_at: "2023-01-01T12:00:00.000000" storage_account: dd-storage-account storage_container: dd-storage-container updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: azure_uc_configs schema: $ref: "#/components/schemas/AzureUCConfigPairsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Update Cloud Cost Management Azure config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write /api/v2/cost/budget: put: description: Create a new budget or update an existing one. operationId: UpsertBudget requestBody: content: application/json: examples: default: value: data: attributes: created_at: 1738258683590 created_by: 00000000-0a0a-0a0a-aaa0-00000000000a end_month: 202502 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1738258683590 updated_by: 00000000-0a0a-0a0a-aaa0-00000000000a id: 00000000-0a0a-0a0a-aaa0-00000000000a type: "" schema: $ref: "#/components/schemas/BudgetWithEntries" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: 1738258683590 created_by: 00000000-0a0a-0a0a-aaa0-00000000000a end_month: 202502 entries: - amount: 500 month: 202501 tag_filters: - tag_key: service tag_value: ec2 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1738258683590 updated_by: 00000000-0a0a-0a0a-aaa0-00000000000a id: 00000000-0a0a-0a0a-aaa0-00000000000a type: budget schema: $ref: "#/components/schemas/BudgetWithEntries" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create or update a budget tags: - Cloud Cost Management /api/v2/cost/budget/csv/validate: post: operationId: ValidateCsvBudget responses: "200": content: application/json: examples: default: value: errors: [] schema: $ref: "#/components/schemas/ValidationResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: [] summary: Validate CSV budget tags: - Cloud Cost Management /api/v2/cost/budget/validate: post: description: Validate a budget configuration without creating or modifying it operationId: ValidateBudget requestBody: content: application/json: examples: default: value: data: attributes: created_at: 1738258683590 created_by: 00000000-0a0a-0a0a-aaa0-00000000000a end_month: 202502 entries: - amount: 500 month: 202501 tag_filters: - tag_key: service tag_value: ec2 - amount: 500 month: 202502 tag_filters: - tag_key: service tag_value: ec2 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1738258683590 updated_by: 00000000-0a0a-0a0a-aaa0-00000000000a id: "1" type: budget schema: $ref: "#/components/schemas/BudgetValidationRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: errors: [] valid: true id: budget_validation type: budget_validation schema: $ref: "#/components/schemas/BudgetValidationResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Validate budget tags: - Cloud Cost Management /api/v2/cost/budget/{budget_id}: delete: description: Delete a budget operationId: DeleteBudget parameters: - $ref: "#/components/parameters/BudgetID" responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete budget tags: - Cloud Cost Management get: description: Get a budget operationId: GetBudget parameters: - $ref: "#/components/parameters/BudgetID" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: 1738258683590 created_by: 00000000-0a0a-0a0a-aaa0-00000000000a end_month: 202502 entries: - amount: 500 month: 202501 tag_filters: - tag_key: service tag_value: ec2 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1738258683590 updated_by: 00000000-0a0a-0a0a-aaa0-00000000000a id: 00000000-0a0a-0a0a-aaa0-00000000000a type: budget schema: $ref: "#/components/schemas/BudgetWithEntries" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get budget tags: - Cloud Cost Management /api/v2/cost/budgets: get: description: List budgets. operationId: ListBudgets responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: 1741011342772 created_by: user1 end_month: 202502 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1741011342772 updated_by: user2 id: 00000000-0a0a-0a0a-aaa0-00000000000a type: budget schema: $ref: "#/components/schemas/BudgetArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List budgets tags: - Cloud Cost Management /api/v2/cost/custom_costs: get: description: List the Custom Costs files. operationId: ListCustomCostsFiles parameters: - description: Page number for pagination in: query name: page[number] schema: format: int64 type: integer - description: Page size for pagination in: query name: page[size] schema: default: 100 format: int64 type: integer - description: Filter by file status in: query name: filter[status] schema: type: string - description: Filter files by name with case-insensitive substring matching. in: query name: filter[name] schema: type: string - description: Filter by provider. in: query name: filter[provider] schema: items: type: string type: array - description: Sort key with optional descending prefix in: query name: sort schema: default: created_at type: string responses: "200": content: application/json: examples: default: value: data: - attributes: billed_cost: 100.5 billing_currency: USD charge_period: end: 1706745600000 start: 1704067200000 name: my_file.json provider_names: - my_provider status: active uploaded_at: 1704067200000 id: 00000000-0000-0000-0000-000000000005 type: custom_costs meta: total_filtered_count: 1 version: "1" schema: $ref: "#/components/schemas/CustomCostsFileListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Custom Costs files tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read put: description: Upload a Custom Costs file. operationId: UploadCustomCostsFile requestBody: content: application/json: examples: default: value: - BilledCost: 100.5 BillingCurrency: USD ChargeDescription: Monthly usage charge for my service ChargePeriodEnd: "2023-02-28" ChargePeriodStart: "2023-02-01" schema: $ref: "#/components/schemas/CustomCostsFileUploadRequest" required: true responses: "202": content: application/json: examples: default: value: data: attributes: billed_cost: 100.5 billing_currency: USD charge_period: end: 1706745600000 start: 1704067200000 name: my_file.json provider_names: - my_provider status: pending uploaded_at: 1704067200000 id: 00000000-0000-0000-0000-000000000006 type: custom_costs meta: version: "1" schema: $ref: "#/components/schemas/CustomCostsFileUploadResponse" description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Upload Custom Costs file tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write /api/v2/cost/custom_costs/{file_id}: delete: description: Delete the specified Custom Costs file. operationId: DeleteCustomCostsFile parameters: - $ref: "#/components/parameters/FileID" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete Custom Costs file tags: - Cloud Cost Management get: description: Fetch the specified Custom Costs file. operationId: GetCustomCostsFile parameters: - $ref: "#/components/parameters/FileID" responses: "200": content: application/json: examples: default: value: data: attributes: billed_cost: 100.5 billing_currency: USD charge_period: end: 1706745600000 start: 1704067200000 content: - BilledCost: 100.5 BillingCurrency: USD ChargeDescription: Monthly usage charge for my service ChargePeriodEnd: "2023-02-28" ChargePeriodStart: "2023-02-01" name: my_file.json provider_names: - my_provider status: active uploaded_at: 1704067200000 id: 00000000-0000-0000-0000-000000000007 type: custom_costs meta: version: "1" schema: $ref: "#/components/schemas/CustomCostsFileGetResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get Custom Costs file tags: - Cloud Cost Management /api/v2/cost/gcp_uc_config: get: description: List the Google Cloud Usage Cost configs. operationId: ListCostGCPUsageCostConfigs responses: "200": content: application/json: examples: default: value: data: - attributes: account_id: 123456_A123BC_12AB34 bucket_name: dd-cost-bucket created_at: "2023-01-01T12:00:00.000000" dataset: billing error_messages: [] export_prefix: datadog_cloud_cost_usage_export export_project_name: dd-cloud-cost-report months: 36 project_id: my-project-123 service_account: dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: gcp_uc_config schema: $ref: "#/components/schemas/GCPUsageCostConfigsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Google Cloud Usage Cost configs tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read post: description: Create a Cloud Cost Management account for an Google Cloud Usage Cost config. operationId: CreateCostGCPUsageCostConfig requestBody: content: application/json: examples: default: value: data: attributes: billing_account_id: 123456_A123BC_12AB34 bucket_name: dd-cost-bucket export_dataset_name: billing export_prefix: datadog_cloud_cost_usage_export export_project_name: dd-cloud-cost-report service_account: dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com type: gcp_uc_config_post_request schema: $ref: "#/components/schemas/GCPUsageCostConfigPostRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: account_id: 123456_A123BC_12AB34 bucket_name: dd-cost-bucket created_at: "2023-01-01T12:00:00.000000" dataset: billing error_messages: [] export_prefix: datadog_cloud_cost_usage_export export_project_name: dd-cloud-cost-report months: 36 project_id: my-project-123 service_account: dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: gcp_uc_config schema: $ref: "#/components/schemas/GCPUsageCostConfigResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create Google Cloud Usage Cost config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write /api/v2/cost/gcp_uc_config/{cloud_account_id}: delete: description: Archive a Cloud Cost Management account. operationId: DeleteCostGCPUsageCostConfig parameters: - $ref: "#/components/parameters/CloudAccountID" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete Google Cloud Usage Cost config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write get: description: Get a specific Google Cloud Usage Cost config. operationId: GetCostGCPUsageCostConfig parameters: - description: The unique identifier of the cloud account in: path name: cloud_account_id required: true schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: account_id: 123456_A123BC_12AB34 bucket_name: dd-cost-bucket created_at: "2023-01-01T12:00:00.000000" dataset: billing error_messages: [] export_prefix: datadog_cloud_cost_usage_export export_project_name: dd-cloud-cost-report months: 36 project_id: my-project-123 service_account: dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: gcp_uc_config schema: $ref: "#/components/schemas/GcpUcConfigResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get Google Cloud Usage Cost config tags: - Cloud Cost Management patch: description: Update the status of an Google Cloud Usage Cost config (active/archived). operationId: UpdateCostGCPUsageCostConfig parameters: - $ref: "#/components/parameters/CloudAccountID" requestBody: content: application/json: examples: default: value: data: attributes: is_enabled: true type: gcp_uc_config_patch_request schema: $ref: "#/components/schemas/GCPUsageCostConfigPatchRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: account_id: 123456_A123BC_12AB34 bucket_name: dd-cost-bucket created_at: "2023-01-01T12:00:00.000000" dataset: billing error_messages: [] export_prefix: datadog_cloud_cost_usage_export export_project_name: dd-cloud-cost-report months: 36 project_id: my-project-123 service_account: dd-ccm-gcp-integration@my-environment.iam.gserviceaccount.com status: active status_updated_at: "2023-01-01T12:00:00.000000" updated_at: "2023-01-01T12:00:00.000000" id: "123456789123" type: gcp_uc_config schema: $ref: "#/components/schemas/GCPUsageCostConfigResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Update Google Cloud Usage Cost config tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_write /api/v2/cost/oci_config: get: description: List the OCI configs. operationId: ListCostOCIConfigs responses: "200": content: application/json: examples: default: value: data: - attributes: account_id: "ocid1.tenancy.oc1..example" created_at: "2026-01-01T12:00:00Z" status: active status_updated_at: "2026-01-01T12:00:00Z" updated_at: "2026-01-01T12:00:00Z" id: "1" type: oci_config schema: $ref: "#/components/schemas/OCIConfigsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management OCI configs tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read /api/v2/cost/tag_descriptions: get: description: List Cloud Cost Management tag key descriptions for the organization. Use `filter[cloud]` to scope the result to a single cloud provider; when omitted, both cross-cloud defaults and cloud-specific descriptions are returned. operationId: ListCostTagDescriptions parameters: - description: Filter descriptions to a specific cloud provider (for example, `aws`). Omit to return descriptions across all clouds. in: query name: filter[cloud] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: cloud: aws created_at: "2026-01-01T12:00:00Z" description: AWS account that owns this cost. source: human tag_key: account_id updated_at: "2026-01-01T12:00:00Z" id: account_id type: cost_tag_description schema: $ref: "#/components/schemas/CostTagDescriptionsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management tag descriptions tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read /api/v2/cost/tag_keys: get: description: List Cloud Cost Management tag keys. operationId: ListCostTagKeys parameters: - description: The Cloud Cost Management metric to scope the tag keys to. When omitted, returns tag keys across all metrics. in: query name: filter[metric] schema: type: string - description: |- Filter to return only tag keys that appear with the given `key:value` tag values. For example, `filter[tags]=providername:aws` returns tag keys found on the same cost data, such as `is_aws_ec2_compute` and `aws_instance_type`. in: query name: filter[tags] schema: items: type: string type: array responses: "200": content: application/json: examples: default: value: data: - attributes: sources: - focus value: providername id: providername type: cost_tag_key - attributes: sources: [] value: service id: service type: cost_tag_key schema: $ref: "#/components/schemas/CostTagKeysResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management tag keys tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read /api/v2/cost/tag_keys/{tag_key}: get: description: Get details for a specific Cloud Cost Management tag key, including example tag values and description. operationId: GetCostTagKey parameters: - $ref: "#/components/parameters/TagKey" - description: The Cloud Cost Management metric to scope the tag key details to. When omitted, returns details across all metrics. in: query name: filter[metric] schema: type: string - description: |- Controls the size of the internal tag value search scope. This does **not** restrict the number of example tag values returned in the response. Defaults to 50, maximum 10000. in: query name: page[size] schema: default: 50 format: int32 maximum: 10000 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: details: description: The cloud provider name reported for the cost line item. tag_values: - aws - gcp - azure sources: - focus value: providername id: providername type: cost_tag_key schema: $ref: "#/components/schemas/CostTagKeyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get a Cloud Cost Management tag key tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read /api/v2/cost/tags: get: description: List Cloud Cost Management tags for a given metric. operationId: ListCostTags parameters: - description: The Cloud Cost Management metric to scope the tags to. When omitted, returns tags across all metrics. in: query name: filter[metric] schema: type: string - description: A substring used to filter the returned tags by name. in: query name: filter[match] schema: type: string - description: |- Filter to return only tags that appear with the given `key:value` tag values. For example, `filter[tags]=providername:aws` returns tags found on the same cost data, such as `aws_instance_type:t3.micro` and `aws_instance_type:m5.large`. in: query name: filter[tags] schema: items: type: string type: array - description: Restrict the returned tags to those whose key matches one of the given tag keys. in: query name: filter[tag_keys] schema: items: type: string type: array - description: |- Controls the size of the internal tag search scope. This does **not** restrict the number of tags returned in the response. Defaults to 50, maximum 10000. in: query name: page[size] schema: default: 50 format: int32 maximum: 10000 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: sources: - focus value: providername:aws id: providername:aws type: cost_tag - attributes: sources: - focus value: providername:gcp id: providername:gcp type: cost_tag schema: $ref: "#/components/schemas/CostTagsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management tags tags: - Cloud Cost Management "x-permission": operator: OR permissions: - cloud_cost_management_read /api/v2/cost_by_tag/active_billing_dimensions: get: description: |- Get active billing dimensions for cost attribution. Cost data for a given month becomes available no later than the 19th of the following month. operationId: GetActiveBillingDimensions responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: id: abc-123 type: billing_dimensions schema: $ref: "#/components/schemas/ActiveBillingDimensionsResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get active billing dimensions for cost attribution tags: - Usage Metering "x-permission": operator: OR permissions: - usage_read /api/v2/cost_by_tag/monthly_cost_attribution: get: description: |- Get monthly cost attribution by tag across multi-org and single root-org accounts. Cost Attribution data for a given month becomes available no later than the 19th of the following month. This API endpoint is paginated. To make sure you receive all records, check if the value of `next_record_id` is set in the response. If it is, make another request and pass `next_record_id` as a parameter. Pseudo code example: ``` response := GetMonthlyCostAttribution(start_month, end_month) cursor := response.metadata.pagination.next_record_id WHILE cursor != null BEGIN sleep(5 seconds) # Avoid running into rate limit response := GetMonthlyCostAttribution(start_month, end_month, next_record_id=cursor) cursor := response.metadata.pagination.next_record_id END ``` This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). This endpoint is not available in the Government (US1-FED) site. operationId: GetMonthlyCostAttribution parameters: - description: |- Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning in this month. in: query name: start_month required: true schema: format: date-time type: string - description: "Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month." in: query name: end_month required: false schema: format: date-time type: string - description: |- Comma-separated list specifying cost types (e.g., `_on_demand_cost`, `_committed_cost`, `_total_cost`) and the proportions (`_percentage_in_org`, `_percentage_in_account`). Use `*` to retrieve all fields. Example: `infra_host_on_demand_cost,infra_host_percentage_in_account` To obtain the complete list of active billing dimensions that can be used to replace `` in the field names, make a request to the [Get active billing dimensions API](https://docs.datadoghq.com/api/latest/usage-metering/#get-active-billing-dimensions-for-cost-attribution). in: query name: fields required: true schema: type: string - description: "The direction to sort by: `[desc, asc]`." in: query name: sort_direction required: false schema: $ref: "#/components/schemas/SortDirection" - description: "The billing dimension to sort by. Always sorted by total cost. Example: `infra_host`." in: query name: sort_name required: false schema: type: string - description: |- Comma separated list of tag keys used to group cost. If no value is provided the cost will not be broken down by tags. To see which tags are available, look for the value of `tag_config_source` in the API response. in: query name: tag_breakdown_keys required: false schema: type: string - description: List following results with a next_record_id provided in the previous query. in: query name: next_record_id required: false schema: type: string - description: "Include child org cost in the response. Defaults to `true`." in: query name: include_descendants required: false schema: default: true type: boolean responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: - id: abc-123 type: cost_by_tag schema: $ref: "#/components/schemas/MonthlyCostAttributionResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get Monthly Cost Attribution tags: - Usage Metering "x-permission": operator: AND permissions: - usage_read - billing_read /api/v2/csm/onboarding/agents: get: description: Get the list of all CSM Agents running on your hosts and containers. operationId: ListAllCSMAgents parameters: - description: The page index for pagination (zero-based). in: query name: page required: false schema: example: 2 format: int32 maximum: 1000000 minimum: 0 type: integer - description: The number of items to include in a single page. in: query name: size required: false schema: example: 12 format: int32 maximum: 100 minimum: 0 type: integer - description: A search query string to filter results (for example, `hostname:COMP-T2H4J27423`). in: query name: query required: false schema: example: "hostname:COMP-T2H4J27423" type: string - description: The sort direction for results. Use `asc` for ascending or `desc` for descending. in: query name: order_direction required: false schema: $ref: "#/components/schemas/OrderDirection" responses: "200": content: "application/json": examples: default: value: data: - attributes: agent_version: "7.50.0" hostname: example-host os: linux id: abc-123 type: datadog_agent meta: page_index: 0 page_size: 10 total_filtered: 1 schema: $ref: "#/components/schemas/CsmAgentsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all CSM Agents tags: ["CSM Agents"] /api/v2/csm/onboarding/coverage_analysis/cloud_accounts: get: description: |- Get the CSM Coverage Analysis of your Cloud Accounts. This is calculated based on the number of your Cloud Accounts that are scanned for security issues. operationId: GetCSMCloudAccountsCoverageAnalysis responses: "200": content: application/json: examples: default: value: data: attributes: org_id: 123 total_coverage: configured_resources_count: 8 coverage: 0.8 partially_configured_resources_count: 0 total_resources_count: 10 id: abc-123 type: get_cloud_accounts_coverage_analysis_response_public_v0 schema: $ref: "#/components/schemas/CsmCloudAccountsCoverageAnalysisResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the CSM Cloud Accounts Coverage Analysis tags: ["CSM Coverage Analysis"] /api/v2/csm/onboarding/coverage_analysis/hosts_and_containers: get: description: |- Get the CSM Coverage Analysis of your Hosts and Containers. This is calculated based on the number of agents running on your Hosts and Containers with CSM feature(s) enabled. operationId: GetCSMHostsAndContainersCoverageAnalysis responses: "200": content: application/json: examples: default: value: data: attributes: org_id: 123 total_coverage: configured_resources_count: 8 coverage: 0.8 partially_configured_resources_count: 0 total_resources_count: 10 id: abc-123 type: get_hosts_and_containers_coverage_analysis_response_public_v0 schema: $ref: "#/components/schemas/CsmHostsAndContainersCoverageAnalysisResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the CSM Hosts and Containers Coverage Analysis tags: ["CSM Coverage Analysis"] /api/v2/csm/onboarding/coverage_analysis/serverless: get: description: |- Get the CSM Coverage Analysis of your Serverless Resources. This is calculated based on the number of agents running on your Serverless Resources with CSM feature(s) enabled. operationId: GetCSMServerlessCoverageAnalysis responses: "200": content: application/json: examples: default: value: data: attributes: org_id: 123 total_coverage: configured_resources_count: 8 coverage: 0.8 partially_configured_resources_count: 0 total_resources_count: 10 id: abc-123 type: get_serverless_coverage_analysis_response_public_v0 schema: $ref: "#/components/schemas/CsmServerlessCoverageAnalysisResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the CSM Serverless Coverage Analysis tags: ["CSM Coverage Analysis"] /api/v2/csm/onboarding/serverless/agents: get: description: Get the list of all CSM Serverless Agents running on your hosts and containers. operationId: ListAllCSMServerlessAgents parameters: - description: The page index for pagination (zero-based). in: query name: page required: false schema: example: 2 format: int32 maximum: 1000000 minimum: 0 type: integer - description: The number of items to include in a single page. in: query name: size required: false schema: example: 12 format: int32 maximum: 100 minimum: 0 type: integer - description: A search query string to filter results (for example, `hostname:COMP-T2H4J27423`). in: query name: query required: false schema: example: "hostname:COMP-T2H4J27423" type: string - description: The sort direction for results. Use `asc` for ascending or `desc` for descending. in: query name: order_direction required: false schema: $ref: "#/components/schemas/OrderDirection" responses: "200": content: "application/json": examples: default: value: data: - attributes: agent_version: "7.50.0" hostname: example-host os: linux id: abc-123 type: datadog_agent meta: page_index: 0 page_size: 10 total_filtered: 1 schema: $ref: "#/components/schemas/CsmAgentsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all CSM Serverless Agents tags: ["CSM Agents"] /api/v2/current_user: get: description: |- Get the user associated with the current authentication context. The response includes the user's profile attributes (name, email, handle, status, MFA state), along with related resources: the user's organization, assigned roles with their granted permissions, and team-scoped roles. No additional permissions are required beyond valid authentication. operationId: GetCurrentUser responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00+00:00" disabled: false email: jane.doe@example.com handle: jane.doe icon: "https://secure.gravatar.com/avatar/abc123" mfa_enabled: true modified_at: "2024-06-01T12:00:00+00:00" name: Jane Doe service_account: false status: Active title: Senior Engineer verified: true id: 00000000-0000-9999-0000-000000000000 type: users included: [] schema: $ref: "#/components/schemas/UserResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get current user tags: - Users patch: description: |- Edit the profile of the currently authenticated user. Updatable fields include `name`, `title`, `email`, and `disabled` status. The `id` field in the request body must match the authenticated user's UUID; a mismatch returns a 422 error. Email address changes are recorded in the audit trail. Requires the `user_self_profile_write` permission. operationId: UpdateCurrentUser requestBody: content: application/json: examples: default: value: data: attributes: email: jane.doe@example.com name: Jane Doe title: Staff Engineer id: 00000000-0000-9999-0000-000000000000 type: users schema: $ref: "#/components/schemas/UserUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00+00:00" disabled: false email: jane.doe@example.com handle: jane.doe icon: "https://secure.gravatar.com/avatar/abc123" mfa_enabled: true modified_at: "2024-06-01T12:00:00+00:00" name: Jane Doe service_account: false status: Active title: Staff Engineer verified: true id: 00000000-0000-9999-0000-000000000000 type: users included: [] schema: $ref: "#/components/schemas/UserResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update current user tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_self_profile_write /api/v2/current_user/application_keys: get: description: List all application keys available for current user operationId: ListCurrentUserApplicationKeys parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/ApplicationKeysSortParameter" - $ref: "#/components/parameters/ApplicationKeyFilterParameter" - $ref: "#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter" - $ref: "#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter" - $ref: "#/components/parameters/ApplicationKeyIncludeParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2020-11-23T10:00:00.000Z" last4: abcd name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000004 type: application_keys schema: $ref: "#/components/schemas/ListApplicationKeysResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all application keys owned by current user tags: - Key Management "x-permission": operator: OR permissions: - user_app_keys post: description: Create an application key for current user operationId: CreateCurrentUserApplicationKey requestBody: content: application/json: examples: default: value: data: attributes: name: Application Key for managing dashboards scopes: - dashboards_read - dashboards_write - dashboards_public_share type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2020-11-23T10:00:00.000Z" last4: abcd name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000005 type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an application key for current user tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_app_keys /api/v2/current_user/application_keys/{app_key_id}: delete: description: Delete an application key owned by current user operationId: DeleteCurrentUserApplicationKey parameters: - $ref: "#/components/parameters/ApplicationKeyID" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an application key owned by current user tags: - Key Management "x-permission": operator: OR permissions: - user_app_keys get: description: |- Get an application key owned by current user. The `key` field is not returned for organizations in [One-Time Read mode](https://docs.datadoghq.com/account_management/api-app-keys/#one-time-read-mode). operationId: GetCurrentUserApplicationKey parameters: - $ref: "#/components/parameters/ApplicationKeyID" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2020-11-23T10:00:00.000Z" last4: abcd name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000006 type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get one application key owned by current user tags: - Key Management "x-permission": operator: OR permissions: - user_app_keys patch: description: |- Edit an application key owned by current user. The `key` field is not returned for organizations in [One-Time Read mode](https://docs.datadoghq.com/account_management/api-app-keys/#one-time-read-mode). operationId: UpdateCurrentUserApplicationKey parameters: - $ref: "#/components/parameters/ApplicationKeyID" requestBody: content: application/json: examples: default: value: data: attributes: name: Application Key for managing dashboards scopes: - dashboards_read - dashboards_write - dashboards_public_share id: 00112233-4455-6677-8899-aabbccddeeff type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2020-11-23T10:00:00.000Z" last4: abcd name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000007 type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Edit an application key owned by current user tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_app_keys /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards: delete: description: Delete dashboards from an existing dashboard list. operationId: DeleteDashboardListItems parameters: - description: ID of the dashboard list to delete items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: examples: default: value: dashboards: - id: q5j-nti-fv6 type: host_timeboard schema: $ref: "#/components/schemas/DashboardListDeleteItemsRequest" description: Dashboards to delete from the dashboard list. required: true responses: "200": content: application/json: examples: default: value: deleted_dashboards_from_list: - id: q5j-nti-fv6 type: host_timeboard schema: $ref: "#/components/schemas/DashboardListDeleteItemsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete items from a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body get: description: Fetch the dashboard list’s dashboard definitions. operationId: GetDashboardListItems parameters: - description: ID of the dashboard list to get items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: dashboards: - id: q5j-nti-fv6 type: host_timeboard total: 1 schema: $ref: "#/components/schemas/DashboardListItems" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get items of a Dashboard List tags: - Dashboard Lists "x-permission": operator: OR permissions: - dashboards_read post: description: Add dashboards to an existing dashboard list. operationId: CreateDashboardListItems parameters: - description: ID of the dashboard list to add items to. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: examples: default: value: dashboards: - id: q5j-nti-fv6 type: host_timeboard schema: $ref: "#/components/schemas/DashboardListAddItemsRequest" description: Dashboards to add to the dashboard list. required: true responses: "200": content: application/json: examples: default: value: added_dashboards_to_list: - id: q5j-nti-fv6 type: host_timeboard schema: $ref: "#/components/schemas/DashboardListAddItemsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add Items to a Dashboard List tags: - Dashboard Lists x-codegen-request-body-name: body put: description: Update dashboards of an existing dashboard list. operationId: UpdateDashboardListItems parameters: - description: ID of the dashboard list to update items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: examples: default: value: dashboards: - id: q5j-nti-fv6 type: host_timeboard schema: $ref: "#/components/schemas/DashboardListUpdateItemsRequest" description: New dashboards of the dashboard list. required: true responses: "200": content: application/json: examples: default: value: dashboards: - id: q5j-nti-fv6 type: host_timeboard schema: $ref: "#/components/schemas/DashboardListUpdateItemsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update items of a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body /api/v2/dashboard/{dashboard_id}/shared/secure-embed: post: description: >- Create a secure embed share for a dashboard. The response includes a one-time `credential` used for HMAC-SHA256 signing. Store it securely — it cannot be retrieved again. operationId: CreateDashboardSecureEmbed parameters: - $ref: "#/components/parameters/DashboardIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: global_time: live_span: "1h" global_time_selectable: true selectable_template_vars: - default_values: ["1"] name: "org_id" prefix: "org_id" visible_tags: ["1"] status: active title: "Q1 Metrics Dashboard" viewing_preferences: high_density: false theme: "system" type: secure_embed_request schema: $ref: "#/components/schemas/SecureEmbedCreateRequest" description: Secure embed creation request body. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" credential: example-credential-value dashboard_id: abc-def-ghi global_time_selectable: true id: "12345" share_type: secure_embed status: active title: "Q1 Metrics Dashboard" token: abc-123-token url: "https://p.datadoghq.com/sb/secure-embed/abc-123-token" id: "12345" type: secure_embed_create_response schema: $ref: "#/components/schemas/SecureEmbedCreateResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Dashboard Not Found "409": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Conflict — max 1000 share URLs per dashboard exceeded "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_embed_share summary: Create a secure embed for a dashboard tags: - Dashboard Secure Embed x-codegen-request-body-name: body "x-permission": operator: OR permissions: - dashboards_embed_share x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/dashboard/{dashboard_id}/shared/secure-embed/{token}: delete: description: >- Delete a secure embed share for a dashboard. operationId: DeleteDashboardSecureEmbed parameters: - $ref: "#/components/parameters/DashboardIDPathParameter" - $ref: "#/components/parameters/SecureEmbedTokenPathParameter" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_embed_share summary: Delete a secure embed for a dashboard tags: - Dashboard Secure Embed "x-permission": operator: OR permissions: - dashboards_embed_share x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: >- Retrieve an existing secure embed configuration for a dashboard. operationId: GetDashboardSecureEmbed parameters: - $ref: "#/components/parameters/DashboardIDPathParameter" - $ref: "#/components/parameters/SecureEmbedTokenPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" credential_suffix: ab3f dashboard_id: abc-def-ghi global_time_selectable: true id: "12345" share_type: secure_embed status: active title: "Q1 Metrics Dashboard" token: abc-123-token url: "https://p.datadoghq.com/sb/secure-embed/abc-123-token" id: "12345" type: secure_embed_get_response schema: $ref: "#/components/schemas/SecureEmbedGetResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get a secure embed for a dashboard tags: - Dashboard Secure Embed "x-permission": operator: OR permissions: - dashboards_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: >- Partially update a secure embed configuration. All fields are optional (PATCH semantics). operationId: UpdateDashboardSecureEmbed parameters: - $ref: "#/components/parameters/DashboardIDPathParameter" - $ref: "#/components/parameters/SecureEmbedTokenPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: status: active title: "Q1 Metrics Dashboard (Updated)" type: secure_embed_update_request schema: $ref: "#/components/schemas/SecureEmbedUpdateRequest" description: Secure embed update request body. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" credential_suffix: ab3f dashboard_id: abc-def-ghi global_time_selectable: true id: "12345" share_type: secure_embed status: active title: "Q1 Metrics Dashboard (Updated)" token: abc-123-token url: "https://p.datadoghq.com/sb/secure-embed/abc-123-token" id: "12345" type: secure_embed_update_response schema: $ref: "#/components/schemas/SecureEmbedUpdateResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_embed_share summary: Update a secure embed for a dashboard tags: - Dashboard Secure Embed x-codegen-request-body-name: body "x-permission": operator: OR permissions: - dashboards_embed_share x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/datasets: get: description: Get all datasets that have been configured for an organization. operationId: GetAllDatasets responses: "200": content: application/json: examples: default: value: data: - attributes: name: Security Audit Dataset principals: - role:94172442-be03-11e9-a77a-3b7612558ac1 product_filters: - filters: - source:cloudtrail product: logs id: 00000000-0000-0000-0000-000000000003 type: dataset schema: $ref: "#/components/schemas/DatasetResponseMulti" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get all datasets tags: - Datasets "x-permission": operator: OR permissions: - user_access_read x-unstable: |- **Note: Data Access is in preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** post: description: |- Create a dataset with the configurations in the request. operationId: CreateDataset requestBody: content: application/json: examples: default: value: data: attributes: name: Security Audit Dataset principals: - role:94172442-be03-11e9-a77a-3b7612558ac1 product_filters: - filters: - source:cloudtrail product: logs restriction_query_id: 00000000-0000-0000-0000-000000000001 type: dataset schema: $ref: "#/components/schemas/DatasetCreateRequest" description: Dataset payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: Security Audit Dataset principals: - "role:abc-123" product_filters: - filters: - source:cloudtrail product: logs id: 00000000-0000-0000-0000-000000000004 type: dataset schema: $ref: "#/components/schemas/DatasetResponseSingle" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create a dataset tags: - Datasets x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage x-unstable: |- **Note: Data Access is in preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** /api/v2/datasets/{dataset_id}: delete: description: Deletes the dataset associated with the ID. operationId: DeleteDataset parameters: - $ref: "#/components/parameters/DatasetID" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Delete a dataset tags: - Datasets "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note: Data Access is in preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** get: description: Retrieves the dataset associated with the ID. operationId: GetDataset parameters: - $ref: "#/components/parameters/DatasetID" responses: "200": content: application/json: examples: default: value: data: attributes: name: Security Audit Dataset principals: - role:94172442-be03-11e9-a77a-3b7612558ac1 product_filters: - filters: - source:cloudtrail product: logs id: 00000000-0000-0000-0000-000000000001 type: dataset schema: $ref: "#/components/schemas/DatasetResponseSingle" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get a single dataset by ID tags: - Datasets "x-permission": operator: OPEN permissions: [] x-unstable: |- **Note: Data Access is in preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** put: description: |- Edits the dataset associated with the ID. operationId: UpdateDataset parameters: - $ref: "#/components/parameters/DatasetID" requestBody: content: application/json: examples: default: value: data: attributes: name: Security Audit Dataset principals: - role:94172442-be03-11e9-a77a-3b7612558ac1 product_filters: - filters: - "@application.id:ABCD" product: logs type: dataset schema: $ref: "#/components/schemas/DatasetUpdateRequest" description: Dataset payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: Security Audit Dataset principals: - role:94172442-be03-11e9-a77a-3b7612558ac1 product_filters: - filters: - source:cloudtrail product: logs id: 00000000-0000-0000-0000-000000000002 type: dataset schema: $ref: "#/components/schemas/DatasetResponseSingle" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Edit a dataset tags: - Datasets x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note: Data Access is in preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** /api/v2/deletion/data/{product}: post: description: Creates a data deletion request by providing a query and a timeframe targeting the proper data. operationId: CreateDataDeletionRequest parameters: - $ref: "#/components/parameters/ProductName" requestBody: content: application/json: schema: $ref: "#/components/schemas/CreateDataDeletionRequestBody" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00.000000Z" created_by: test@example.com from_time: 1672527600000 is_created: true org_id: 123 product: logs query: "service:xyz host:abc" starting_at: "2024-01-01T02:00:00.000000Z" status: pending to_time: 1704063600000 total_unrestricted: 100 updated_at: "2024-01-01T00:00:00.000000Z" id: "1" type: deletion_request meta: product: logs request_status: pending schema: $ref: "#/components/schemas/CreateDataDeletionResponseBody" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "412": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Precondition failed error "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] summary: Creates a data deletion request tags: - Data Deletion x-permission: operator: OR permissions: - rum_delete_data - logs_delete_data x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deletion/requests: get: description: Gets a list of data deletion requests based on several filter parameters. operationId: GetDataDeletionRequests parameters: - description: |- The next page of the previous search. If the next_page parameter is included, the rest of the query elements are ignored. example: "cGFnZTI=" in: query name: next_page required: false schema: type: string - description: Retrieve only the requests related to the given product. example: "logs" in: query name: product required: false schema: type: string - description: Retrieve only the requests that matches the given query. example: "service:xyz host:abc" in: query name: query required: false schema: type: string - description: Retrieve only the requests with the given status. example: "pending" in: query name: status required: false schema: type: string - description: Sets the page size of the search. example: "50" in: query name: page_size required: false schema: default: 50 format: int64 maximum: 50 minimum: 1 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00.000000Z" created_by: test@example.com from_time: 1672527600000 is_created: true org_id: 123 product: logs query: "service:xyz host:abc" starting_at: "2024-01-01T02:00:00.000000Z" status: pending to_time: 1704063600000 total_unrestricted: 100 updated_at: "2024-01-01T00:00:00.000000Z" id: "1" type: deletion_request meta: next_page: "cGFnZTI=" product: logs schema: $ref: "#/components/schemas/GetDataDeletionsResponseBody" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] summary: Gets a list of data deletion requests tags: - Data Deletion x-permission: operator: OR permissions: - rum_delete_data - logs_delete_data x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deletion/requests/{id}/cancel: put: description: Cancels a data deletion request by providing its ID. operationId: CancelDataDeletionRequest parameters: - $ref: "#/components/parameters/RequestId" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00.000000Z" created_by: test@example.com from_time: 1672527600000 is_created: true org_id: 123 product: logs query: "service:xyz host:abc" starting_at: "2024-01-01T02:00:00.000000Z" status: canceled to_time: 1704063600000 total_unrestricted: 100 updated_at: "2024-01-01T00:00:00.000000Z" id: "1" type: deletion_request meta: product: logs request_status: canceled schema: $ref: "#/components/schemas/CancelDataDeletionResponseBody" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "412": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Precondition failed error "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] summary: Cancels a data deletion request tags: - Data Deletion x-permission: operator: OR permissions: - rum_delete_data - logs_delete_data x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deployment_gates: get: description: |- Returns a paginated list of all deployment gates for the organization. Use `page[cursor]` and `page[size]` query parameters to paginate through results. operationId: ListDeploymentGates parameters: - description: Cursor for pagination. Use the `meta.page.next_cursor` value from the previous response. in: query name: page[cursor] required: false schema: type: string - description: Number of results per page. Defaults to 50. Must be between 1 and 1000. in: query name: page[size] required: false schema: default: 50 format: int64 maximum: 1000 minimum: 1 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: id: 00000000-0000-0000-0000-000000000004 dry_run: false env: production identifier: pre service: my-service id: 00000000-0000-0000-0000-000000000003 type: deployment_gate meta: page: size: 50 schema: $ref: "#/components/schemas/DeploymentGatesListResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Get all deployment gates tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_read x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Endpoint to create a deployment gate. operationId: CreateDeploymentGate requestBody: content: application/json: examples: default: value: data: attributes: dry_run: false env: production identifier: pre service: my-service type: deployment_gate schema: $ref: "#/components/schemas/CreateDeploymentGateParams" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: handle: example-handle id: 00000000-0000-0000-0000-000000000002 name: Example Name dry_run: false env: production identifier: pre service: my-service id: 00000000-0000-0000-0000-000000000001 type: deployment_gate schema: $ref: "#/components/schemas/DeploymentGateResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Create deployment gate tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_write x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deployment_gates/{gate_id}/rules: get: description: |- Endpoint to get rules for a deployment gate. operationId: GetDeploymentGateRules parameters: - description: The ID of the deployment gate. in: path name: gate_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: rules: - created_at: "2024-01-01T00:00:00+00:00" created_by: id: 00000000-0000-0000-0000-000000000012 dry_run: false gate_id: abc-123 name: My deployment rule options: type: faulty_deployment_detection id: 00000000-0000-0000-0000-000000000011 type: list_deployment_rules schema: $ref: "#/components/schemas/DeploymentGateRulesResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Get rules for a deployment gate tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_read x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Endpoint to create a deployment rule. A gate for the rule must already exist. operationId: CreateDeploymentRule parameters: - description: The ID of the deployment gate. in: path name: gate_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: dry_run: false name: My deployment rule options: - resource1 - resource2 type: faulty_deployment_detection type: deployment_rule schema: $ref: "#/components/schemas/CreateDeploymentRuleParams" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: handle: test-user id: 00000000-0000-0000-0000-000000000010 name: Test User dry_run: false gate_id: abc-123 name: My deployment rule options: type: faulty_deployment_detection id: 00000000-0000-0000-0000-000000000009 type: deployment_rule schema: $ref: "#/components/schemas/DeploymentRuleResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Create deployment rule tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_write x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deployment_gates/{gate_id}/rules/{id}: delete: description: |- Endpoint to delete a deployment rule. operationId: DeleteDeploymentRule parameters: - description: The ID of the deployment gate. in: path name: gate_id required: true schema: type: string - description: The ID of the deployment rule. in: path name: id required: true schema: type: string responses: "204": description: No Content "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDGatesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete deployment rule tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_write x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: |- Endpoint to get a deployment rule. operationId: GetDeploymentRule parameters: - description: The ID of the deployment gate. in: path name: gate_id required: true schema: type: string - description: The ID of the deployment rule. in: path name: id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: id: 00000000-0000-0000-0000-000000000014 dry_run: false gate_id: abc-123 name: My deployment rule options: type: faulty_deployment_detection id: 00000000-0000-0000-0000-000000000013 type: deployment_rule schema: $ref: "#/components/schemas/DeploymentRuleResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDRulesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Get deployment rule tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_read x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: |- Endpoint to update a deployment rule. operationId: UpdateDeploymentRule parameters: - description: The ID of the deployment gate. in: path name: gate_id required: true schema: type: string - description: The ID of the deployment rule. in: path name: id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: dry_run: false name: Updated deployment rule options: - resource1 - resource2 type: deployment_rule schema: $ref: "#/components/schemas/UpdateDeploymentRuleParams" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: id: 00000000-0000-0000-0000-000000000016 dry_run: false gate_id: abc-123 name: Updated deployment rule options: - resource1 type: faulty_deployment_detection id: 00000000-0000-0000-0000-000000000015 type: deployment_rule schema: $ref: "#/components/schemas/DeploymentRuleResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDRulesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Update deployment rule tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_write x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deployment_gates/{id}: delete: description: |- Endpoint to delete a deployment gate. Rules associated with the gate are also deleted. operationId: DeleteDeploymentGate parameters: - description: The ID of the deployment gate. in: path name: id required: true schema: type: string responses: "204": description: No Content "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDGatesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete deployment gate tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_write x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: |- Endpoint to get a deployment gate. operationId: GetDeploymentGate parameters: - description: The ID of the deployment gate. in: path name: id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: id: 00000000-0000-0000-0000-000000000006 dry_run: false env: production identifier: pre service: my-service id: 00000000-0000-0000-0000-000000000005 type: deployment_gate schema: $ref: "#/components/schemas/DeploymentGateResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDGatesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Get deployment gate tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_read x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: |- Endpoint to update a deployment gate. operationId: UpdateDeploymentGate parameters: - description: The ID of the deployment gate. in: path name: id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: dry_run: false id: 12345678-1234-1234-1234-123456789012 type: deployment_gate schema: $ref: "#/components/schemas/UpdateDeploymentGateParams" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: id: 00000000-0000-0000-0000-000000000008 dry_run: false env: production identifier: pre service: my-service id: 00000000-0000-0000-0000-000000000007 type: deployment_gate schema: $ref: "#/components/schemas/DeploymentGateResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDGatesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Update deployment gate tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_write x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deployments/gates/evaluation: post: description: |- Triggers an asynchronous deployment gate evaluation for the given service and environment. Returns an evaluation ID that can be used to poll for the result via the `GET /api/v2/deployments/gates/evaluation/{id}` endpoint. operationId: TriggerDeploymentGatesEvaluation requestBody: content: application/json: examples: default: value: data: attributes: env: staging identifier: pre-deploy primary_tag: region:us-east-1 service: transaction-backend version: v1.2.3 type: deployment_gates_evaluation_request schema: $ref: "#/components/schemas/DeploymentGatesEvaluationRequest" required: true responses: "202": content: application/json: examples: default: value: data: attributes: evaluation_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000001 type: deployment_gates_evaluation_response schema: $ref: "#/components/schemas/DeploymentGatesEvaluationResponse" description: Accepted "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDGatesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Trigger a deployment gate evaluation tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_evaluate x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/deployments/gates/evaluation/{id}: get: description: |- Retrieves the result of a deployment gate evaluation by its evaluation ID. If the evaluation is still in progress, `data.attributes.gate_status` will be `in_progress`; continue polling until it returns `pass` or `fail`. Polling every 10-20 seconds is recommended. The endpoint may return a 404 if called too soon after triggering; retry after a few seconds. operationId: GetDeploymentGatesEvaluationResult parameters: - description: The evaluation ID returned by the trigger endpoint. in: path name: id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: attributes: dry_run: false evaluation_id: 00000000-0000-0000-0000-000000000001 evaluation_url: https://app.datadoghq.com/ci/deployment-gates/evaluations?index=cdgates&query=level%3Agate+%40evaluation_id%3A00000000-0000-0000-0000-000000000001 gate_id: 00000000-0000-0000-0000-000000000001 gate_status: pass rules: [] id: 00000000-0000-0000-0000-000000000001 type: deployment_gates_evaluation_result_response schema: $ref: "#/components/schemas/DeploymentGatesEvaluationResultResponse" description: OK "400": $ref: "#/components/responses/HTTPCDGatesBadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/HTTPCDGatesNotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/HTTPCIAppErrors" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a deployment gate evaluation result tags: ["Deployment Gates"] x-permission: operator: OR permissions: - deployment_gates_evaluate x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/domain_allowlist: get: description: Get the domain allowlist for an organization. operationId: GetDomainAllowlist responses: "200": content: application/json: examples: default: value: data: attributes: domains: - "@example.com" enabled: false id: 00000000-0000-0000-0000-000000000002 type: domain_allowlist schema: $ref: "#/components/schemas/DomainAllowlistResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management - AuthZ: - monitors_write summary: Get Domain Allowlist tags: - Domain Allowlist "x-permission": operator: OR permissions: - org_management - monitors_write - generate_dashboard_reports - generate_log_reports - manage_log_reports patch: description: Update the domain allowlist for an organization. operationId: PatchDomainAllowlist requestBody: content: application/json: examples: default: value: data: attributes: domains: - "@static-test-domain.test" enabled: false type: domain_allowlist schema: $ref: "#/components/schemas/DomainAllowlistRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: domains: - "@example.com" enabled: false id: 00000000-0000-0000-0000-000000000001 type: domain_allowlist schema: $ref: "#/components/schemas/DomainAllowlistResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management - AuthZ: - monitors_write summary: Sets Domain Allowlist tags: - Domain Allowlist "x-permission": operator: OR permissions: - org_management - monitors_write - generate_dashboard_reports - generate_log_reports - manage_log_reports /api/v2/dora/deployment: post: description: |- Use this API endpoint to provide deployment data. This is necessary for: - Deployment Frequency - Change Lead Time - Change Failure Rate - Failed Deployment Recovery Time operationId: CreateDORADeployment requestBody: content: application/json: examples: default: value: data: attributes: custom_tags: - language:java - department:engineering env: staging finished_at: 1693491984000000000 git: commit_sha: 66adc9350f2cc9b250b69abddab733dd55e1a588 repository_url: https://github.com/organization/example-repository service: test-service started_at: 1693491974000000000 team: backend version: v1.12.07 schema: $ref: "#/components/schemas/DORADeploymentRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 4242fcdd31586083 type: dora_deployment schema: $ref: "#/components/schemas/DORADeploymentResponse" description: OK "202": content: application/json: examples: default: value: data: id: 4242fcdd31586083 type: dora_deployment schema: $ref: "#/components/schemas/DORADeploymentResponse" description: OK - but delayed due to incident "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] summary: Send a deployment event tags: ["DORA Metrics"] x-codegen-request-body-name: body /api/v2/dora/deployment/{deployment_id}: delete: description: |- Use this API endpoint to delete a deployment event. operationId: DeleteDORADeployment parameters: - description: The ID of the deployment event to delete. in: path name: deployment_id required: true schema: type: string responses: "202": description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete a deployment event tags: ["DORA Metrics"] x-permission: operator: OR permissions: - dora_metrics_write /api/v2/dora/deployments: post: description: |- Use this API endpoint to get a list of deployment events. operationId: ListDORADeployments requestBody: content: application/json: examples: default: value: data: attributes: from: "2025-01-01T00:00:00Z" limit: 100 query: service:(test-service OR api-service) env:production team:backend sort: -finished_at to: "2025-01-31T23:59:59Z" type: dora_deployments_list_request schema: $ref: "#/components/schemas/DORAListDeploymentsRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: env: production finished_at: 1693491984000000000 service: test-service started_at: 1693491974000000000 team: backend id: abc-123 type: dora_deployment schema: $ref: "#/components/schemas/DORADeploymentsListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a list of deployment events tags: ["DORA Metrics"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read /api/v2/dora/deployments/{deployment_id}: get: description: |- Use this API endpoint to get a deployment event. operationId: GetDORADeployment parameters: - description: The ID of the deployment event. in: path name: deployment_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: env: production finished_at: 1693491984000000000 service: test-service started_at: 1693491974000000000 team: backend id: abc-123 type: dora_deployment schema: $ref: "#/components/schemas/DORADeploymentFetchResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a deployment event tags: ["DORA Metrics"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read patch: description: |- Update a deployment's change failure status. Use this to mark a deployment as a change failure or back to stable. You can optionally include remediation details to enable failed deployment recovery time calculation. operationId: PatchDORADeployment parameters: - description: The ID of the deployment event. in: path name: deployment_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: change_failure: true remediation: id: eG42zNIkVjM type: rollback id: z_RwVLi7v4Y type: dora_deployment_patch_request schema: $ref: "#/components/schemas/DORADeploymentPatchRequest" required: true responses: "202": description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Patch a deployment event tags: ["DORA Metrics"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_write /api/v2/dora/failure: post: description: |- Use this API endpoint to provide incident data for DORA Metrics. Note that change failure rate and failed deployment recovery time are computed from change failures detected on deployments, not from incident events sent through this endpoint. Tracking incidents gives a side-by-side view of how failed deployments translate into real-world incidents, including their severity and frequency. operationId: CreateDORAFailure requestBody: content: application/json: examples: default: value: data: attributes: custom_tags: - language:java - department:engineering env: staging finished_at: 1693491984000000000 git: commit_sha: 66adc9350f2cc9b250b69abddab733dd55e1a588 repository_url: https://github.com/organization/example-repository name: Webserver is down failing all requests. services: - test-service severity: High started_at: 1693491974000000000 team: backend version: v1.12.07 schema: $ref: "#/components/schemas/DORAFailureRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 4242fcdd31586085 type: dora_failure schema: $ref: "#/components/schemas/DORAFailureResponse" description: OK "202": content: application/json: examples: default: value: data: id: 4242fcdd31586085 type: dora_failure schema: $ref: "#/components/schemas/DORAFailureResponse" description: OK - but delayed due to incident "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] summary: Send an incident event tags: ["DORA Metrics"] x-codegen-request-body-name: body /api/v2/dora/failure/{failure_id}: delete: description: |- Use this API endpoint to delete an incident event. operationId: DeleteDORAFailure parameters: - description: The ID of the incident event to delete. in: path name: failure_id required: true schema: type: string responses: "202": description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete an incident event tags: ["DORA Metrics"] x-permission: operator: OR permissions: - dora_metrics_write /api/v2/dora/failures: post: description: |- Use this API endpoint to get a list of incident events. operationId: ListDORAFailures requestBody: content: application/json: examples: default: value: data: attributes: from: "2025-01-01T00:00:00Z" limit: 100 query: severity:(SEV-1 OR SEV-2) env:production team:backend sort: -started_at to: "2025-01-31T23:59:59Z" type: dora_failures_list_request schema: $ref: "#/components/schemas/DORAListFailuresRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: env: production name: Database outage services: - test-service severity: SEV-1 started_at: 1693492174000000000 team: backend id: abc-123 type: dora_failure schema: $ref: "#/components/schemas/DORAFailuresListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a list of incident events tags: ["DORA Metrics"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read /api/v2/dora/failures/{failure_id}: get: description: |- Use this API endpoint to get an incident event. operationId: GetDORAFailure parameters: - description: The ID of the incident event. in: path name: failure_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: env: production name: Database outage services: - test-service severity: SEV-1 started_at: 1693492174000000000 team: backend id: abc-123 type: dora_failure schema: $ref: "#/components/schemas/DORAFailureFetchResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get an incident event tags: ["DORA Metrics"] x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read /api/v2/dora/incident: post: deprecated: true description: |- **Note**: This endpoint is deprecated. Please use `/api/v2/dora/failure` instead. Use this API endpoint to provide incident data. Tracking incidents gives a side-by-side view of how failed deployments translate into real-world incidents. operationId: CreateDORAIncident requestBody: content: application/json: examples: default: value: data: attributes: custom_tags: - language:java - department:engineering env: staging finished_at: 1693491984000000000 git: commit_sha: 66adc9350f2cc9b250b69abddab733dd55e1a588 repository_url: https://github.com/organization/example-repository name: Webserver is down failing all requests. services: - test-service severity: High started_at: 1693491974000000000 team: backend version: v1.12.07 schema: $ref: "#/components/schemas/DORAFailureRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 4242fcdd31586085 type: dora_failure schema: $ref: "#/components/schemas/DORAFailureResponse" description: OK "202": content: application/json: examples: default: value: data: id: 4242fcdd31586085 type: dora_failure schema: $ref: "#/components/schemas/DORAFailureResponse" description: OK - but delayed due to incident "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] summary: Send an incident event (legacy) tags: ["DORA Metrics"] x-codegen-request-body-name: body /api/v2/downtime: get: description: Get all scheduled downtimes. operationId: ListDowntimes parameters: - description: Only return downtimes that are active when the request is made. in: query name: current_only required: false schema: type: boolean - description: |- Comma-separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `monitor`. in: query name: include required: false schema: example: "created_by,monitor" type: string - $ref: "#/components/parameters/PageOffset" - description: Maximum number of downtimes in the response. example: 100 in: query name: page[limit] required: false schema: default: 30 format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: created: "2024-01-01T00:00:00+00:00" display_timezone: America/New_York message: Message about the downtime modified: "2024-01-01T00:00:00+00:00" monitor_identifier: monitor_tags: - "*" mute_first_recovery_notification: false notify_end_states: - alert - warn notify_end_types: - canceled - expired scope: env:(staging OR prod) AND datacenter:us-east-1 status: active id: "00000000-0000-1234-0000-000000000000" type: downtime meta: page: total_filtered_count: 1 schema: $ref: "#/components/schemas/ListDowntimesResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Get all downtimes tags: - Downtimes x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data "x-permission": operator: OR permissions: - monitors_downtime post: description: Schedule a downtime. operationId: CreateDowntime requestBody: content: application/json: examples: default: value: data: attributes: display_timezone: America/New_York message: Message about the downtime monitor_identifier: monitor_id: 123 mute_first_recovery_notification: false notify_end_states: - alert - warn notify_end_types: - canceled - expired schedule: timezone: America/New_York scope: env:(staging OR prod) AND datacenter:us-east-1 type: downtime schema: $ref: "#/components/schemas/DowntimeCreateRequest" description: Schedule a downtime request body. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" display_timezone: America/New_York message: Message about the downtime modified: "2024-01-01T00:00:00+00:00" monitor_identifier: monitor_tags: - "*" mute_first_recovery_notification: false notify_end_states: - alert - warn notify_end_types: - canceled - expired scope: env:(staging OR prod) AND datacenter:us-east-1 status: active id: "00000000-0000-1234-0000-000000000000" type: downtime schema: $ref: "#/components/schemas/DowntimeResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Schedule a downtime tags: - Downtimes x-codegen-request-body-name: body "x-permission": operator: OR permissions: - monitors_downtime /api/v2/downtime/{downtime_id}: delete: description: |- Cancel a downtime. **Note**: Downtimes canceled through the API are no longer active, but are retained for approximately two days before being permanently removed. The downtime may still appear in search results until it is permanently removed. operationId: CancelDowntime parameters: - description: ID of the downtime to cancel. in: path name: downtime_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string responses: "204": description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Downtime not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Cancel a downtime tags: - Downtimes "x-permission": operator: OR permissions: - monitors_downtime get: description: Get downtime detail by `downtime_id`. operationId: GetDowntime parameters: - description: ID of the downtime to fetch. in: path name: downtime_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string - description: |- Comma-separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `monitor`. in: query name: include required: false schema: example: "created_by,monitor" type: string responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" display_timezone: America/New_York message: Message about the downtime modified: "2024-01-01T00:00:00+00:00" monitor_identifier: monitor_tags: - "*" mute_first_recovery_notification: false notify_end_states: - alert - warn notify_end_types: - canceled - expired scope: env:(staging OR prod) AND datacenter:us-east-1 status: active id: "00000000-0000-1234-0000-000000000000" type: downtime schema: $ref: "#/components/schemas/DowntimeResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Get a downtime tags: - Downtimes "x-permission": operator: OR permissions: - monitors_downtime patch: description: Update a downtime by `downtime_id`. operationId: UpdateDowntime parameters: - description: ID of the downtime to update. in: path name: downtime_id required: true schema: example: "00e000000-0000-1234-0000-000000000000" type: string requestBody: content: application/json: examples: default: value: data: attributes: display_timezone: America/New_York message: Message about the downtime monitor_identifier: monitor_id: 123 mute_first_recovery_notification: false notify_end_states: - alert - warn notify_end_types: - canceled - expired schedule: timezone: America/New_York scope: env:(staging OR prod) AND datacenter:us-east-1 id: 00000000-0000-1234-0000-000000000000 type: downtime schema: $ref: "#/components/schemas/DowntimeUpdateRequest" description: Update a downtime request body. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" display_timezone: America/New_York message: Message about the downtime modified: "2024-01-01T00:00:00+00:00" monitor_identifier: monitor_tags: - "*" mute_first_recovery_notification: false notify_end_states: - alert - warn notify_end_types: - canceled - expired scope: env:(staging OR prod) AND datacenter:us-east-1 status: active id: "00000000-0000-1234-0000-000000000000" type: downtime schema: $ref: "#/components/schemas/DowntimeResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Downtime not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Update a downtime tags: - Downtimes x-codegen-request-body-name: body "x-permission": operator: OR permissions: - monitors_downtime /api/v2/email/transport/webhook_intake: post: description: |- Receives a batch of email transport webhook log events and emits an audit trail entry for each event with a final delivery status (delivered, dropped, or bounced). Only authorized organizations can submit events. operationId: CreateEmailTransportWebhookIntake requestBody: content: application/json: examples: default: value: - attributes: email: address: "user@example.com" domain: "example.com" email_id: "abc123-def456" email_type_display_name: "Monitor Alert" message: id: message_id: "" smtp_id: "" name: "delivered" response: reason: "250 2.0.0 OK" smtp_code: "250" timestamp: event_timestamp: 1705312200.0 org: 1234 org_uuid: "8dee7c38-00cb-11ea-a77b-8b5a08d3b091" subject: "[Monitor Alert] CPU usage is high" date: "2024-01-15T10:30:00Z" log_id: "AQAAAZPHnBT0TwJAdgAAAABBWlBIblVlNEFBQ0dFMmVkYTFDSnRR" source: "sendgrid" status: "info" tags: - "env:production" schema: $ref: "#/components/schemas/TransportWebhookLogBatchRequest" required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Ingest email transport webhook events tags: - Email Transport x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/error-tracking/issues/search: post: description: Search issues endpoint allows you to programmatically search for issues within your organization. This endpoint returns a list of issues that match a given search query, following the event search syntax. The search results are limited to a maximum of 100 issues per request. operationId: SearchIssues parameters: - $ref: "#/components/parameters/SearchIssuesIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: from: 1671612804000 order_by: IMPACTED_SESSIONS persona: BACKEND query: service:orders-* AND @language:go to: 1671620004000 type: search_request schema: $ref: "#/components/schemas/IssuesSearchRequest" description: Search issues request payload. required: true responses: "200": content: application/json: examples: default: value: data: - attributes: impacted_sessions: 12 impacted_users: 4 total_count: 82 id: abc-123 type: error_tracking_search_result schema: $ref: "#/components/schemas/IssuesSearchResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - error_tracking_read summary: Search error tracking issues tags: - Error Tracking /api/v2/error-tracking/issues/{issue_id}: get: description: Retrieve the full details for a specific error tracking issue, including attributes and relationships. operationId: GetIssue parameters: - $ref: "#/components/parameters/IssueIDPathParameter" - $ref: "#/components/parameters/GetIssueIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: attributes: error_message: "object of type 'NoneType' has no len()" error_type: builtins.TypeError service: test-service state: OPEN id: 00000000-0000-0000-0000-000000000001 type: issue schema: $ref: "#/components/schemas/IssueResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - error_tracking_read summary: Get the details of an error tracking issue tags: - Error Tracking /api/v2/error-tracking/issues/{issue_id}/assignee: delete: description: Remove the assignee of an issue by `issue_id`. operationId: DeleteIssueAssignee parameters: - $ref: "#/components/parameters/IssueIDPathParameter" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - error_tracking_read - error_tracking_write - cases_read - cases_write summary: Remove the assignee of an issue tags: - Error Tracking put: description: Update the assignee of an issue by `issue_id`. operationId: UpdateIssueAssignee parameters: - $ref: "#/components/parameters/IssueIDPathParameter" requestBody: content: application/json: examples: default: value: data: id: 87cb11a0-278c-440a-99fe-701223c80296 type: assignee schema: $ref: "#/components/schemas/IssueUpdateAssigneeRequest" description: Update issue assignee request payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: error_message: "object of type 'NoneType' has no len()" error_type: builtins.TypeError service: test-service state: OPEN id: 00000000-0000-0000-0000-000000000003 type: issue schema: $ref: "#/components/schemas/IssueResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - error_tracking_read - error_tracking_write - cases_read - cases_write summary: Update the assignee of an issue tags: - Error Tracking /api/v2/error-tracking/issues/{issue_id}/state: put: description: Update the state of an issue by `issue_id`. Use this endpoint to move an issue between states such as `OPEN`, `RESOLVED`, or `IGNORED`. operationId: UpdateIssueState parameters: - $ref: "#/components/parameters/IssueIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: state: RESOLVED id: c1726a66-1f64-11ee-b338-da7ad0900002 type: error_tracking_issue schema: $ref: "#/components/schemas/IssueUpdateStateRequest" description: Update issue state request payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: error_message: "object of type 'NoneType' has no len()" error_type: builtins.TypeError service: test-service state: RESOLVED id: 00000000-0000-0000-0000-000000000002 type: issue schema: $ref: "#/components/schemas/IssueResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - error_tracking_read - error_tracking_write summary: Update the state of an issue tags: - Error Tracking /api/v2/events: get: description: |- List endpoint returns events that match an events search query. [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to see your latest events. operationId: ListEvents parameters: - description: Search query following events syntax. in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events, in milliseconds. in: query name: filter[from] required: false schema: type: string - description: Maximum timestamp for requested events, in milliseconds. in: query name: filter[to] required: false schema: type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: "#/components/schemas/EventsSort" - description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: message: "Test event" tags: - "env:prod" timestamp: "2019-01-02T09:42:36.320Z" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: event meta: request_id: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR schema: $ref: "#/components/schemas/EventsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - events_read summary: Get a list of events tags: ["Events"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - events_read post: description: |- This endpoint allows you to publish events. **Note:** To utilize this endpoint with our client libraries, please ensure you are using the latest version released on or after July 1, 2025. Earlier versions do not support this functionality. **Important:** Upgrade to the latest client library version to use the updated endpoint at `https://event-management-intake.{site}/api/v2/events`. Older client library versions of the Post an event (v2) API send requests to a deprecated endpoint (`https://api.{site}/api/v2/events`). ✅ **Only events with the `change` or `alert` category** are in General Availability. For change events, see [Change Tracking](https://docs.datadoghq.com/change_tracking) for more details. ❌ For use cases involving other event categories, use the V1 endpoint or reach out to [support](https://www.datadoghq.com/support/). operationId: CreateEvent requestBody: content: application/json: examples: alert-event: description: Example of an alert event for tracking alerts and monitoring events. summary: Alert Event value: {"data": {"attributes": {"aggregation_key": "deduplication_key_here", "attributes": {"custom": {"my-object-attribute": {"my-array-attribute": [1, 2, 3], "my-array-object-attribute": ["name": "test-object-1", "name": "test-object-2"], "my-integer-attribute": 1}, "my-string-attribute": "my-custom-value"}, "links": [{"category": "runbook", "title": "Datadog website", "url": "https://datadoghq.com"}], "priority": "1", "status": "error"}, "category": "alert", "message": "Something is broken!", "tags": ["service:my-test-service", "datacenter:primary"], "title": "My Alerting Event"}, "type": "event"}} change-event: description: Example of a change event for tracking configuration or feature flag changes. summary: Change Event value: {"data": {"attributes": {"aggregation_key": "aggregation_key_123", "attributes": {"author": {"name": "example@datadog.com", "type": "user"}, "change_metadata": {"dd": {"team": "datadog_team", "user_email": "datadog@datadog.com", "user_id": "datadog_user_id", "user_name": "datadog_username"}, "resource_link": "datadog.com/feature/fallback_payments_test"}, "changed_resource": {"name": "fallback_payments_test", "type": "feature_flag"}, "impacted_resources": [{"name": "payments_api", "type": "service"}], "new_value": {"enabled": true, "percentage": "50%", "rule": {"datacenter": "devcycle.us1.prod"}}, "prev_value": {"enabled": true, "percentage": "10%", "rule": {"datacenter": "devcycle.us1.prod"}}}, "category": "change", "host": "hostname", "integration_id": "custom-events", "message": "payment_processed feature flag has been enabled", "tags": ["env:api_client_test"], "timestamp": "2020-01-01T01:30:15.010000Z", "title": "payment_processed feature flag updated"}, "type": "event"}} default: value: data: attributes: aggregation_key: aggregation_key_123 attributes: author: name: example@datadog.com type: user change_metadata: dd: team: datadog_team user_email: datadog@datadog.com user_id: datadog_user_id user_name: datadog_username resource_link: datadog.com/feature/fallback_payments_test changed_resource: name: fallback_payments_test type: feature_flag impacted_resources: - name: payments_api type: service new_value: enabled: true percentage: 50% rule: datacenter: devcycle.us1.prod prev_value: enabled: true percentage: 10% rule: datacenter: devcycle.us1.prod category: change host: hostname integration_id: custom-events message: payment_processed feature flag has been enabled tags: - env:api_client_test timestamp: "2020-01-01T01:30:15.010000Z" title: payment_processed feature flag updated type: event schema: $ref: "#/components/schemas/EventCreateRequestPayload" description: Event creation request payload. required: true responses: "202": content: application/json: examples: default: value: data: attributes: attributes: evt: uid: abc-123 type: event schema: $ref: "#/components/schemas/EventCreateResponsePayload" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - ap1.datadoghq.com - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com - us2.ddog-gov.com x-enum-varnames: - US1 - US3 - US5 - AP1 - AP2 - EU1 - GOV - US2_GOV subdomain: default: event-management-intake description: The subdomain where the API is deployed. - url: "{protocol}://{name}" variables: name: default: event-management-intake.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: event-management-intake description: The subdomain where the API is deployed. summary: Post an event tags: ["Events"] x-codegen-request-body-name: body /api/v2/events/search: post: description: |- List endpoint returns events that match an events search query. [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to build complex events filtering and search. operationId: SearchEvents requestBody: content: "application/json": examples: default: value: filter: from: now-15m query: service:web* AND @http.status_code:[200 TO 299] to: now options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp schema: $ref: "#/components/schemas/EventsListRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: message: "Test event" tags: - "env:prod" timestamp: "2019-01-02T09:42:36.320Z" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: event meta: request_id: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR schema: $ref: "#/components/schemas/EventsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Search events tags: ["Events"] x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data "x-permission": operator: OR permissions: - events_read /api/v2/events/{event_id}: get: description: >- Get the details of an event by `event_id`. operationId: GetEvent parameters: - description: The UID of the event. in: path name: event_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: message: "The event message" tags: - "env:api_client_test" timestamp: "2017-01-15T01:30:15.010000Z" id: abc-123 type: event schema: $ref: "#/components/schemas/V2EventResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - events_read summary: Get an event tags: ["Events"] "x-permission": operator: OR permissions: - events_read /api/v2/feature-flags: get: description: |- Returns a list of feature flags for the organization. Supports filtering by key and archived status. operationId: ListFeatureFlags parameters: - description: Filter feature flags by key (partial matching). example: "flag-search-term" in: query name: key schema: type: string - description: Filter by archived status. example: false in: query name: is_archived schema: type: boolean - description: Maximum number of results to return. example: 10 in: query name: limit schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: Number of results to skip. example: 0 in: query name: offset schema: default: 0 minimum: 0 type: integer responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/ListFeatureFlagsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List feature flags tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_read - feature_flag_environment_config_read post: description: |- Creates a new feature flag with variants. operationId: CreateFeatureFlag requestBody: content: application/json: examples: default: value: data: attributes: default_variant_key: variant-a description: A sample feature flag enabled: true key: feature-flag-abc123 name: Feature Flag ABC 123 variants: - description: Variant A key: variant-a - description: Variant B key: variant-b type: feature-flags schema: $ref: "#/components/schemas/CreateFeatureFlagRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: A sample feature flag key: feature-flag-abc123 name: Feature Flag ABC 123 updated_at: "2024-01-01T00:00:00+00:00" value_type: BOOLEAN variants: - id: 00000000-0000-0000-0000-000000000002 key: variant-a name: Variant A value: "true" - id: 00000000-0000-0000-0000-000000000003 key: variant-b name: Variant B value: "false" id: 00000000-0000-0000-0000-000000000001 type: feature-flags schema: $ref: "#/components/schemas/FeatureFlagResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create a feature flag tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write - feature_flag_environment_config_read /api/v2/feature-flags/environments: get: description: |- Returns a list of environments for the organization. Supports filtering by name and key. operationId: ListFeatureFlagsEnvironments parameters: - description: Filter environments by name (partial matching). example: "env-search-term" in: query name: name schema: type: string - description: Filter environments by key (partial matching). example: "env-partial" in: query name: key schema: type: string - description: Maximum number of results to return. example: 10 in: query name: limit schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: Number of results to skip. example: 0 in: query name: offset schema: default: 0 minimum: 0 type: integer responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/ListEnvironmentsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List environments tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_environment_config_read post: description: |- Creates a new environment for organizing feature flags. operationId: CreateFeatureFlagsEnvironment requestBody: content: application/json: examples: default: value: data: attributes: name: staging-environment queries: - staging - canary type: environments schema: $ref: "#/components/schemas/CreateEnvironmentRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" is_production: false key: staging-environment name: staging-environment queries: - staging require_feature_flag_approval: false updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000017 type: environments schema: $ref: "#/components/schemas/EnvironmentResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create an environment tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_environment_config_write /api/v2/feature-flags/environments/{environment_id}: delete: description: |- Deletes an environment. This operation cannot be undone. operationId: DeleteFeatureFlagsEnvironment parameters: - $ref: "#/components/parameters/environment_id" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete an environment tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_environment_config_write get: description: |- Returns the details of a specific environment. operationId: GetFeatureFlagsEnvironment parameters: - $ref: "#/components/parameters/environment_id" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" is_production: false key: staging-environment name: staging-environment queries: - staging require_feature_flag_approval: false updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000018 type: environments schema: $ref: "#/components/schemas/EnvironmentResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get an environment tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_environment_config_read put: description: |- Updates an existing environment's metadata such as name and description. operationId: UpdateFeatureFlagsEnvironment parameters: - $ref: "#/components/parameters/environment_id" requestBody: content: application/json: examples: default: value: data: attributes: name: production-environment queries: - production - prod-us type: environments schema: $ref: "#/components/schemas/UpdateEnvironmentRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" is_production: false key: production-environment name: production-environment queries: - production require_feature_flag_approval: false updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000019 type: environments schema: $ref: "#/components/schemas/EnvironmentResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update an environment tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_environment_config_write /api/v2/feature-flags/exposure-schedules/{exposure_schedule_id}/pause: post: description: |- Pauses a progressive rollout while preserving rollout state. operationId: PauseExposureSchedule parameters: - $ref: "#/components/parameters/exposure_schedule_id" responses: "200": content: application/json: examples: default: value: absolute_start_time: "2025-06-13T12:00:00Z" allocation_id: "550e8400-e29b-41d4-a716-446655440020" control_variant_id: "550e8400-e29b-41d4-a716-446655440012" created_at: "2024-01-01T12:00:00Z" guardrail_triggered_action: guardrail_triggers: [] id: "550e8400-e29b-41d4-a716-446655440010" rollout_options: autostart: false selection_interval_ms: 3600000 strategy: "UNIFORM_INTERVALS" rollout_steps: [] updated_at: "2024-01-01T12:00:00Z" schema: $ref: "#/components/schemas/AllocationExposureScheduleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Pause a progressive rollout tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write /api/v2/feature-flags/exposure-schedules/{exposure_schedule_id}/resume: post: description: |- Resumes progression for a previously paused progressive rollout. operationId: ResumeExposureSchedule parameters: - $ref: "#/components/parameters/exposure_schedule_id" responses: "200": content: application/json: examples: default: value: absolute_start_time: "2025-06-13T12:00:00Z" allocation_id: "550e8400-e29b-41d4-a716-446655440020" control_variant_id: "550e8400-e29b-41d4-a716-446655440012" created_at: "2024-01-01T12:00:00Z" guardrail_triggered_action: guardrail_triggers: [] id: "550e8400-e29b-41d4-a716-446655440010" rollout_options: autostart: false selection_interval_ms: 3600000 strategy: "UNIFORM_INTERVALS" rollout_steps: [] updated_at: "2024-01-01T12:00:00Z" schema: $ref: "#/components/schemas/AllocationExposureScheduleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Resume a progressive rollout tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write /api/v2/feature-flags/exposure-schedules/{exposure_schedule_id}/start: post: description: |- Starts a progressive rollout and begins progression. operationId: StartExposureSchedule parameters: - $ref: "#/components/parameters/exposure_schedule_id" responses: "200": content: application/json: examples: default: value: absolute_start_time: "2025-06-13T12:00:00Z" allocation_id: "550e8400-e29b-41d4-a716-446655440020" control_variant_id: "550e8400-e29b-41d4-a716-446655440012" created_at: "2024-01-01T12:00:00Z" guardrail_triggered_action: guardrail_triggers: [] id: "550e8400-e29b-41d4-a716-446655440010" rollout_options: autostart: false selection_interval_ms: 3600000 strategy: "UNIFORM_INTERVALS" rollout_steps: [] updated_at: "2024-01-01T12:00:00Z" schema: $ref: "#/components/schemas/AllocationExposureScheduleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Start a progressive rollout tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write /api/v2/feature-flags/exposure-schedules/{exposure_schedule_id}/stop: post: description: |- Stops a progressive rollout and marks it as aborted. operationId: StopExposureSchedule parameters: - $ref: "#/components/parameters/exposure_schedule_id" responses: "200": content: application/json: examples: default: value: absolute_start_time: "2025-06-13T12:00:00Z" allocation_id: "550e8400-e29b-41d4-a716-446655440020" control_variant_id: "550e8400-e29b-41d4-a716-446655440012" created_at: "2024-01-01T12:00:00Z" guardrail_triggered_action: guardrail_triggers: [] id: "550e8400-e29b-41d4-a716-446655440010" rollout_options: autostart: false selection_interval_ms: 3600000 strategy: "UNIFORM_INTERVALS" rollout_steps: [] updated_at: "2024-01-01T12:00:00Z" schema: $ref: "#/components/schemas/AllocationExposureScheduleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Stop a progressive rollout tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write /api/v2/feature-flags/{feature_flag_id}: get: description: |- Returns the details of a specific feature flag including variants and environment status. operationId: GetFeatureFlag parameters: - $ref: "#/components/parameters/feature_flag_id" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: A sample feature flag key: feature-flag-abc123 name: Feature Flag ABC 123 updated_at: "2024-01-01T00:00:00+00:00" value_type: BOOLEAN variants: - id: 00000000-0000-0000-0000-000000000005 key: variant-a name: Variant A value: "true" - id: 00000000-0000-0000-0000-000000000006 key: variant-b name: Variant B value: "false" id: 00000000-0000-0000-0000-000000000004 type: feature-flags schema: $ref: "#/components/schemas/FeatureFlagResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a feature flag tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_read - feature_flag_environment_config_read put: description: |- Updates an existing feature flag's metadata such as name and description. Does not modify targeting rules or allocations. operationId: UpdateFeatureFlag parameters: - $ref: "#/components/parameters/feature_flag_id" requestBody: content: application/json: examples: default: value: data: attributes: description: Updated description for the feature flag enabled: true name: Updated Feature Flag XYZ789 type: feature-flags schema: $ref: "#/components/schemas/UpdateFeatureFlagRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: A sample feature flag key: feature-flag-abc123 name: Feature Flag ABC 123 updated_at: "2024-01-01T00:00:00+00:00" value_type: BOOLEAN variants: - id: 00000000-0000-0000-0000-000000000008 key: variant-a name: Variant A value: "true" - id: 00000000-0000-0000-0000-000000000009 key: variant-b name: Variant B value: "false" id: 00000000-0000-0000-0000-000000000007 type: feature-flags schema: $ref: "#/components/schemas/FeatureFlagResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update a feature flag tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write - feature_flag_environment_config_read /api/v2/feature-flags/{feature_flag_id}/archive: post: description: |- Archives a feature flag. Archived flags are hidden from the main list but remain accessible and can be unarchived. operationId: ArchiveFeatureFlag parameters: - $ref: "#/components/parameters/feature_flag_id" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: A sample feature flag key: feature-flag-abc123 name: Feature Flag ABC 123 updated_at: "2024-01-01T00:00:00+00:00" value_type: BOOLEAN variants: - id: 00000000-0000-0000-0000-000000000011 key: variant-a name: Variant A value: "true" - id: 00000000-0000-0000-0000-000000000012 key: variant-b name: Variant B value: "false" id: 00000000-0000-0000-0000-000000000010 type: feature-flags schema: $ref: "#/components/schemas/FeatureFlagResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Archive a feature flag tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write - feature_flag_environment_config_read /api/v2/feature-flags/{feature_flag_id}/environments/{environment_id}/allocations: post: description: |- Creates a new targeting rule (allocation) for a specific feature flag in a specific environment. operationId: CreateAllocationsForFeatureFlagInEnvironment parameters: - $ref: "#/components/parameters/feature_flag_id" - $ref: "#/components/parameters/environment_id" requestBody: content: application/json: examples: default: value: data: attributes: key: "prod-rollout" name: "Production Rollout" type: "FEATURE_GATE" variant_weights: - value: 50 variant_id: "550e8400-e29b-41d4-a716-446655440001" - value: 50 variant_id: "550e8400-e29b-41d4-a716-446655440002" type: "allocations" schema: $ref: "#/components/schemas/CreateAllocationsRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T12:00:00Z" environment_ids: - "550e8400-e29b-41d4-a716-446655440001" guardrail_metrics: [] id: "550e8400-e29b-41d4-a716-446655440020" key: "prod-rollout" name: "Production Rollout" order_position: 0 targeting_rules: [] type: "FEATURE_GATE" updated_at: "2024-01-01T12:00:00Z" variant_weights: - value: 50 variant_id: "550e8400-e29b-41d4-a716-446655440001" id: "550e8400-e29b-41d4-a716-446655440020" type: "allocations" schema: $ref: "#/components/schemas/AllocationResponse" description: Created "202": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" environment_ids: - abc-123 guardrail_metrics: [] id: 00000000-0000-0000-0000-000000000016 key: prod-rollout name: Production Rollout order_position: 0 targeting_rules: [] type: FEATURE_GATE updated_at: "2024-01-01T00:00:00+00:00" variant_weights: - value: 50 variant_id: abc-123 id: 00000000-0000-0000-0000-000000000015 type: allocations schema: $ref: "#/components/schemas/AllocationResponse" description: Accepted - Approval required for this change "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create targeting rules for a flag env tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write put: description: |- Updates targeting rules (allocations) for a specific feature flag in a specific environment. This operation replaces the existing allocation set with the request payload. operationId: UpdateAllocationsForFeatureFlagInEnvironment parameters: - $ref: "#/components/parameters/feature_flag_id" - $ref: "#/components/parameters/environment_id" requestBody: content: application/json: examples: default: value: data: - attributes: key: "prod-rollout" name: "Production Rollout" type: "FEATURE_GATE" variant_weights: - value: 50 variant_id: "550e8400-e29b-41d4-a716-446655440001" - value: 50 variant_id: "550e8400-e29b-41d4-a716-446655440002" type: "allocations" schema: $ref: "#/components/schemas/OverwriteAllocationsRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T12:00:00Z" environment_ids: - "550e8400-e29b-41d4-a716-446655440001" guardrail_metrics: [] id: "550e8400-e29b-41d4-a716-446655440020" key: "prod-rollout" name: "Production Rollout" order_position: 0 targeting_rules: [] type: "FEATURE_GATE" updated_at: "2024-01-01T12:00:00Z" variant_weights: - value: 50 variant_id: "550e8400-e29b-41d4-a716-446655440001" id: "550e8400-e29b-41d4-a716-446655440020" type: "allocations" schema: $ref: "#/components/schemas/ListAllocationsResponse" description: OK "202": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/ListAllocationsResponse" description: Accepted - Approval required for this change "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update targeting rules for a flag tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write /api/v2/feature-flags/{feature_flag_id}/environments/{environment_id}/disable: post: description: |- Disable a feature flag in a specific environment. operationId: DisableFeatureFlagEnvironment parameters: - $ref: "#/components/parameters/feature_flag_id" - $ref: "#/components/parameters/environment_id" responses: "200": description: OK "202": description: Accepted - Approval required for this change "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Disable a feature flag in an environment tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write - feature_flag_environment_config_read /api/v2/feature-flags/{feature_flag_id}/environments/{environment_id}/enable: post: description: |- Enable a feature flag in a specific environment. operationId: EnableFeatureFlagEnvironment parameters: - $ref: "#/components/parameters/feature_flag_id" - $ref: "#/components/parameters/environment_id" responses: "200": description: OK "202": description: Accepted - Approval required for this change "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Enable a feature flag in an environment tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write - feature_flag_environment_config_read /api/v2/feature-flags/{feature_flag_id}/unarchive: post: description: |- Unarchives a previously archived feature flag, making it visible in the main list again. operationId: UnarchiveFeatureFlag parameters: - $ref: "#/components/parameters/feature_flag_id" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: This is an example feature flag distribution_channel: ALL key: feature-flag-abc123 name: Feature Flag ABC123 require_approval: false tags: [] updated_at: "2024-01-01T00:00:00+00:00" value_type: boolean variants: - id: 00000000-0000-0000-0000-000000000014 key: variant-abc123 name: Variant ABC123 value: "true" id: 00000000-0000-0000-0000-000000000013 type: feature-flags schema: $ref: "#/components/schemas/FeatureFlagResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Unarchive a feature flag tags: - Feature Flags x-permission: operator: AND permissions: - feature_flag_config_write - feature_flag_environment_config_read /api/v2/hamr: get: description: |- Retrieve the High Availability Multi-Region (HAMR) organization connection details for the authenticated organization. This endpoint returns information about the HAMR connection configuration, including the target organization, datacenter, status, and whether this is the primary or secondary organization in the HAMR relationship. operationId: GetHamrOrgConnection responses: "200": content: application/json: examples: default: value: data: attributes: hamr_status: 4 is_primary: true modified_at: "2024-01-01T00:00:00+00:00" modified_by: test@example.com target_org_datacenter: us1 target_org_name: Production Backup Org target_org_uuid: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000001 type: hamr_org_connections schema: $ref: "#/components/schemas/HamrOrgConnectionResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get HAMR organization connection tags: - High Availability MultiRegion x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Create or update the High Availability Multi-Region (HAMR) organization connection. This endpoint allows you to configure the HAMR connection between the authenticated organization and a target organization, including setting the connection status (ONBOARDING, PASSIVE, FAILOVER, ACTIVE, RECOVERY) operationId: CreateHamrOrgConnection requestBody: content: application/json: examples: default: value: data: attributes: hamr_status: 4 is_primary: true modified_by: admin@example.com target_org_datacenter: us1 target_org_name: Production Backup Org target_org_uuid: 660f9511-f3ac-52e5-b827-557766551111 id: 550e8400-e29b-41d4-a716-446655440000 type: hamr_org_connections schema: $ref: "#/components/schemas/HamrOrgConnectionRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: hamr_status: 4 is_primary: true modified_at: "2024-01-01T00:00:00+00:00" modified_by: test@example.com target_org_datacenter: us1 target_org_name: Production Backup Org target_org_uuid: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000002 type: hamr_org_connections schema: $ref: "#/components/schemas/HamrOrgConnectionResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Create or update HAMR organization connection tags: - High Availability MultiRegion x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents: get: description: >- Get all incidents for the user's organization. operationId: ListIncidents parameters: - $ref: "#/components/parameters/IncidentIncludeQueryParameter" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageOffset" responses: "200": content: application/json: examples: default: value: data: - attributes: created: "2024-01-01T00:00:00+00:00" customer_impacted: false modified: "2024-01-01T00:00:00+00:00" title: A test incident title id: "00000000-0000-0000-1234-000000000000" type: incidents schema: $ref: "#/components/schemas/IncidentsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of incidents tags: - Incidents x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create an incident. operationId: CreateIncident requestBody: content: application/json: examples: default: value: data: attributes: customer_impact_scope: Example customer impact scope customer_impacted: false fields: severity: type: dropdown value: SEV-5 incident_type_uuid: 00000000-0000-0000-0000-000000000000 initial_cells: - cell_type: markdown content: content: "An example timeline cell message." important: false is_test: false notification_handles: - display_name: Jane Doe handle: "@user@email.com" - display_name: Slack Channel handle: "@slack-channel" - display_name: Incident Workflow handle: "@workflow-from-incident" title: A test incident title relationships: commander_user: data: id: 00000000-0000-0000-0000-000000000000 type: users type: incidents schema: $ref: "#/components/schemas/IncidentCreateRequest" description: Incident payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" customer_impacted: false fields: severity: type: dropdown value: SEV-5 modified: "2024-01-01T00:00:00+00:00" title: A test incident title id: "00000000-0000-0000-1234-000000000000" type: incidents schema: $ref: "#/components/schemas/IncidentResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/global/incident-handles: delete: description: Delete a global incident handle. operationId: DeleteGlobalIncidentHandle responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete global incident handle tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Retrieve a list of global incident handles. operationId: ListGlobalIncidentHandles parameters: - description: Comma-separated list of related resources to include in the response in: query name: include required: false schema: example: "created_by_user,last_modified_by_user,commander_user,incident_type" type: string responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" fields: severity: - SEV-1 modified_at: "2024-01-01T00:00:00+00:00" name: "@incident-sev-1" id: 00000000-0000-0000-0000-000000000006 type: incidents_handles schema: $ref: "#/components/schemas/IncidentHandlesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List global incident handles tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new global incident handle. operationId: CreateGlobalIncidentHandle parameters: - description: Comma-separated list of related resources to include in the response in: query name: include required: false schema: example: "created_by_user,last_modified_by_user,commander_user,incident_type" type: string requestBody: content: application/json: examples: default: value: data: attributes: fields: severity: - SEV-1 name: "@incident-sev-1" id: b2494081-cdf0-4205-b366-4e1dd4fdf0bf relationships: commander_user: data: id: f7b538b1-ed7c-4e84-82de-fdf84a539d40 type: incident_types incident_type: data: id: f7b538b1-ed7c-4e84-82de-fdf84a539d40 type: incident_types type: incidents_handles schema: $ref: "#/components/schemas/IncidentHandleRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" fields: severity: - SEV-1 modified_at: "2024-01-01T00:00:00+00:00" name: "@incident-sev-1" id: 00000000-0000-0000-0000-000000000007 type: incidents_handles schema: $ref: "#/components/schemas/IncidentHandleResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create global incident handle tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: Update an existing global incident handle. operationId: UpdateGlobalIncidentHandle parameters: - description: Comma-separated list of related resources to include in the response in: query name: include required: false schema: example: "created_by_user,last_modified_by_user,commander_user,incident_type" type: string requestBody: content: application/json: examples: default: value: data: attributes: fields: severity: - SEV-1 name: "@incident-sev-1" id: b2494081-cdf0-4205-b366-4e1dd4fdf0bf relationships: commander_user: data: id: f7b538b1-ed7c-4e84-82de-fdf84a539d40 type: incident_types incident_type: data: id: f7b538b1-ed7c-4e84-82de-fdf84a539d40 type: incident_types type: incidents_handles schema: $ref: "#/components/schemas/IncidentHandleRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" fields: severity: - SEV-1 modified_at: "2024-01-01T00:00:00+00:00" name: "@incident-sev-1" id: 00000000-0000-0000-0000-000000000008 type: incidents_handles schema: $ref: "#/components/schemas/IncidentHandleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update global incident handle tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/global/settings: get: description: Retrieve global incident settings for the organization. operationId: GetGlobalIncidentSettings responses: "200": content: application/json: examples: default: value: data: attributes: analytics_dashboard_id: 00000000-0000-0000-0000-000000000002-def created: "2024-01-01T00:00:00+00:00" modified: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000001 type: incidents_global_settings schema: $ref: "#/components/schemas/GlobalIncidentSettingsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get global incident settings tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update global incident settings for the organization. operationId: UpdateGlobalIncidentSettings requestBody: content: application/json: examples: default: value: data: attributes: analytics_dashboard_id: 00000000-0000-0000-0000-000000000003-def type: incidents_global_settings schema: $ref: "#/components/schemas/GlobalIncidentSettingsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: analytics_dashboard_id: 00000000-0000-0000-0000-000000000005-def created: "2024-01-01T00:00:00+00:00" modified: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000004 type: incidents_global_settings schema: $ref: "#/components/schemas/GlobalIncidentSettingsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update global incident settings tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/notification-rules: get: description: Lists all notification rules for the organization. Optionally filter by incident type. operationId: ListIncidentNotificationRules parameters: - $ref: "#/components/parameters/IncidentNotificationRuleIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: conditions: - field: severity values: - SEV-1 - SEV-2 created: "2024-01-01T00:00:00+00:00" enabled: true handles: - "@team-email@example.com" modified: "2024-01-01T00:00:00+00:00" trigger: incident_created_trigger visibility: organization id: 00000000-0000-0000-0000-000000000001 type: incident_notification_rules schema: $ref: "#/components/schemas/IncidentNotificationRuleArray" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List incident notification rules tags: - Incidents x-permission: operator: AND permissions: - incident_notification_settings_read x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Creates a new notification rule. operationId: CreateIncidentNotificationRule requestBody: content: application/json: examples: default: value: data: attributes: conditions: - field: severity values: - SEV-1 - SEV-2 enabled: true handles: - "@team-email@company.com" - "@slack-channel" renotify_on: - status - severity trigger: incident_created_trigger visibility: organization relationships: incident_type: data: id: 00000000-0000-0000-0000-000000000000 type: incident_types notification_template: data: id: 00000000-0000-0000-0000-000000000001 type: notification_templates type: incident_notification_rules schema: $ref: "#/components/schemas/CreateIncidentNotificationRuleRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: conditions: - field: severity values: - SEV-1 - SEV-2 created: "2024-01-01T00:00:00+00:00" enabled: true handles: - "@team-email@example.com" modified: "2024-01-01T00:00:00+00:00" trigger: incident_created_trigger visibility: organization id: 00000000-0000-0000-0000-000000000001 type: incident_notification_rules schema: $ref: "#/components/schemas/IncidentNotificationRule" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_notification_settings_write summary: Create an incident notification rule tags: - Incidents x-codegen-request-body-name: body x-permission: operator: AND permissions: - incident_notification_settings_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/notification-rules/{id}: delete: description: Deletes a notification rule by its ID. operationId: DeleteIncidentNotificationRule parameters: - $ref: "#/components/parameters/IncidentNotificationRuleIDPathParameter" - $ref: "#/components/parameters/IncidentNotificationRuleIncludeQueryParameter" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_notification_settings_write summary: Delete an incident notification rule tags: - Incidents x-permission: operator: AND permissions: - incident_notification_settings_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Retrieves a specific notification rule by its ID. operationId: GetIncidentNotificationRule parameters: - $ref: "#/components/parameters/IncidentNotificationRuleIDPathParameter" - $ref: "#/components/parameters/IncidentNotificationRuleIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: attributes: conditions: - field: severity values: - SEV-1 - SEV-2 created: "2024-01-01T00:00:00+00:00" enabled: true handles: - "@team-email@example.com" modified: "2024-01-01T00:00:00+00:00" trigger: incident_created_trigger visibility: organization id: 00000000-0000-0000-0000-000000000001 type: incident_notification_rules schema: $ref: "#/components/schemas/IncidentNotificationRule" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_notification_settings_read summary: Get an incident notification rule tags: - Incidents x-permission: operator: AND permissions: - incident_notification_settings_read x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: Updates an existing notification rule with a complete replacement. operationId: UpdateIncidentNotificationRule parameters: - $ref: "#/components/parameters/IncidentNotificationRuleIDPathParameter" - $ref: "#/components/parameters/IncidentNotificationRuleIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: conditions: - field: severity values: - SEV-1 - SEV-2 enabled: true handles: - "@team-email@company.com" - "@slack-channel" renotify_on: - status - severity trigger: incident_created_trigger visibility: organization id: 00000000-0000-0000-0000-000000000001 relationships: incident_type: data: id: 00000000-0000-0000-0000-000000000000 type: incident_types notification_template: data: id: 00000000-0000-0000-0000-000000000001 type: notification_templates type: incident_notification_rules schema: $ref: "#/components/schemas/PutIncidentNotificationRuleRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: conditions: - field: severity values: - SEV-1 - SEV-2 created: "2024-01-01T00:00:00+00:00" enabled: true handles: - "@team-email@example.com" modified: "2024-01-01T00:00:00+00:00" trigger: incident_created_trigger visibility: organization id: 00000000-0000-0000-0000-000000000001 type: incident_notification_rules schema: $ref: "#/components/schemas/IncidentNotificationRule" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_notification_settings_write summary: Update an incident notification rule tags: - Incidents x-codegen-request-body-name: body x-permission: operator: AND permissions: - incident_notification_settings_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/notification-templates: get: description: Lists all notification templates. Optionally filter by incident type. operationId: ListIncidentNotificationTemplates parameters: - $ref: "#/components/parameters/IncidentNotificationTemplateIncidentTypeFilterQueryParameter" - $ref: "#/components/parameters/IncidentNotificationTemplateIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: category: alert content: "An incident has been declared.\n\nTitle: {{incident.title}}" created: "2024-01-01T00:00:00+00:00" modified: "2024-01-01T00:00:00+00:00" name: Incident Alert Template subject: "{{incident.severity}} Incident: {{incident.title}}" id: 00000000-0000-0000-0000-000000000001 type: notification_templates schema: $ref: "#/components/schemas/IncidentNotificationTemplateArray" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List incident notification templates tags: - Incidents x-permission: operator: AND permissions: - incident_notification_settings_read x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Creates a new notification template. operationId: CreateIncidentNotificationTemplate requestBody: content: application/json: examples: default: value: data: attributes: category: alert content: "An incident has been declared.\n\nTitle: {{incident.title}}\nSeverity: {{incident.severity}}\nAffected Services: {{incident.services}}\nStatus: {{incident.state}}\n\nPlease join the incident channel for updates." name: Incident Alert Template subject: "{{incident.severity}} Incident: {{incident.title}}" relationships: incident_type: data: id: 00000000-0000-0000-0000-000000000000 type: incident_types type: notification_templates schema: $ref: "#/components/schemas/CreateIncidentNotificationTemplateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: category: alert content: "An incident has been declared.\n\nTitle: {{incident.title}}" created: "2024-01-01T00:00:00+00:00" modified: "2024-01-01T00:00:00+00:00" name: Incident Alert Template subject: "{{incident.severity}} Incident: {{incident.title}}" id: 00000000-0000-0000-0000-000000000001 type: notification_templates schema: $ref: "#/components/schemas/IncidentNotificationTemplate" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_notification_settings_write summary: Create incident notification template tags: - Incidents x-codegen-request-body-name: body x-permission: operator: AND permissions: - incident_notification_settings_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/notification-templates/{id}: delete: description: Deletes a notification template by its ID. operationId: DeleteIncidentNotificationTemplate parameters: - $ref: "#/components/parameters/IncidentNotificationTemplateIDPathParameter" - $ref: "#/components/parameters/IncidentNotificationTemplateIncludeQueryParameter" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_notification_settings_write summary: Delete a notification template tags: - Incidents x-permission: operator: AND permissions: - incident_notification_settings_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Retrieves a specific notification template by its ID. operationId: GetIncidentNotificationTemplate parameters: - $ref: "#/components/parameters/IncidentNotificationTemplateIDPathParameter" - $ref: "#/components/parameters/IncidentNotificationTemplateIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: attributes: category: alert content: "An incident has been declared.\n\nTitle: {{incident.title}}" created: "2024-01-01T00:00:00+00:00" modified: "2024-01-01T00:00:00+00:00" name: Incident Alert Template subject: "{{incident.severity}} Incident: {{incident.title}}" id: 00000000-0000-0000-0000-000000000001 type: notification_templates schema: $ref: "#/components/schemas/IncidentNotificationTemplate" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read - incident_write summary: Get incident notification template tags: - Incidents x-permission: operator: OR permissions: - incident_settings_read - incident_write - incident_read x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Updates an existing notification template's attributes. operationId: UpdateIncidentNotificationTemplate parameters: - $ref: "#/components/parameters/IncidentNotificationTemplateIDPathParameter" - $ref: "#/components/parameters/IncidentNotificationTemplateIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: category: update content: "Incident Status Update:\n\nTitle: {{incident.title}}\nNew Status: {{incident.state}}\nSeverity: {{incident.severity}}\nServices: {{incident.services}}\nCommander: {{incident.commander}}\n\nFor more details, visit the incident page." name: Incident Status Update Template subject: "Incident Update: {{incident.title}} - {{incident.state}}" id: 00000000-0000-0000-0000-000000000001 type: notification_templates schema: $ref: "#/components/schemas/PatchIncidentNotificationTemplateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: category: alert content: "An incident has been declared.\n\nTitle: {{incident.title}}" created: "2024-01-01T00:00:00+00:00" modified: "2024-01-01T00:00:00+00:00" name: Incident Alert Template subject: "{{incident.severity}} Incident: {{incident.title}}" id: 00000000-0000-0000-0000-000000000001 type: notification_templates schema: $ref: "#/components/schemas/IncidentNotificationTemplate" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_notification_settings_write summary: Update incident notification template tags: - Incidents x-codegen-request-body-name: body x-permission: operator: AND permissions: - incident_notification_settings_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/postmortem-templates: get: description: Retrieve a list of all postmortem templates for incidents. operationId: ListIncidentPostmortemTemplates responses: "200": content: application/json: examples: default: value: data: - attributes: createdAt: "2024-01-01T00:00:00+00:00" modifiedAt: "2024-01-01T00:00:00+00:00" name: Standard Postmortem Template id: 00000000-0000-0000-0000-000000000001 type: postmortem_template schema: $ref: "#/components/schemas/PostmortemTemplatesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List postmortem templates tags: - Incidents x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new postmortem template for incidents. operationId: CreateIncidentPostmortemTemplate requestBody: content: application/json: examples: default: value: data: attributes: name: Standard Postmortem Template type: postmortem_template schema: $ref: "#/components/schemas/PostmortemTemplateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-01T00:00:00+00:00" modifiedAt: "2024-01-01T00:00:00+00:00" name: Standard Postmortem Template id: 00000000-0000-0000-0000-000000000002 type: postmortem_template schema: $ref: "#/components/schemas/PostmortemTemplateResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create postmortem template tags: - Incidents x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/postmortem-templates/{template_id}: delete: description: Delete a postmortem template. operationId: DeleteIncidentPostmortemTemplate parameters: - description: The ID of the postmortem template in: path name: template_id required: true schema: example: "template-456" type: string responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete postmortem template tags: - Incidents x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Retrieve details of a specific postmortem template. operationId: GetIncidentPostmortemTemplate parameters: - description: The ID of the postmortem template in: path name: template_id required: true schema: example: "template-456" type: string responses: "200": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-01T00:00:00+00:00" modifiedAt: "2024-01-01T00:00:00+00:00" name: Standard Postmortem Template id: 00000000-0000-0000-0000-000000000003 type: postmortem_template schema: $ref: "#/components/schemas/PostmortemTemplateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get postmortem template tags: - Incidents x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update an existing postmortem template. operationId: UpdateIncidentPostmortemTemplate parameters: - description: The ID of the postmortem template in: path name: template_id required: true schema: example: "template-456" type: string requestBody: content: application/json: examples: default: value: data: attributes: name: Standard Postmortem Template type: postmortem_template schema: $ref: "#/components/schemas/PostmortemTemplateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-01T00:00:00+00:00" modifiedAt: "2024-01-01T00:00:00+00:00" name: Standard Postmortem Template id: 00000000-0000-0000-0000-000000000004 type: postmortem_template schema: $ref: "#/components/schemas/PostmortemTemplateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update postmortem template tags: - Incidents x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/types: get: description: Get all incident types. operationId: ListIncidentTypes parameters: - $ref: "#/components/parameters/IncidentTypeIncludeDeletedParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: description: Any incidents that harm the confidentiality, integrity, or availability of our data. is_default: false name: Security Incident id: 00000000-0000-0000-0000-000000000002 type: incident_types schema: $ref: "#/components/schemas/IncidentTypeListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of incident types tags: - Incidents "x-permission": operator: OR permissions: - incident_settings_read - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create an incident type. operationId: CreateIncidentType requestBody: content: application/json: examples: default: value: data: attributes: createdBy: 00000000-0000-0000-0000-000000000000 description: Any incidents that harm (or have the potential to) the confidentiality, integrity, or availability of our data. is_default: false lastModifiedBy: 00000000-0000-0000-0000-000000000000 name: Security Incident prefix: IR type: incident_types schema: $ref: "#/components/schemas/IncidentTypeCreateRequest" description: Incident type payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: description: Any incidents that harm the confidentiality, integrity, or availability of our data. is_default: false name: Security Incident id: 00000000-0000-0000-0000-000000000001 type: incident_types schema: $ref: "#/components/schemas/IncidentTypeResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create an incident type tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: AND permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/types/{incident_type_id}: delete: description: Delete an incident type. operationId: DeleteIncidentType parameters: - $ref: "#/components/parameters/IncidentTypeIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an incident type tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get incident type details. operationId: GetIncidentType parameters: - $ref: "#/components/parameters/IncidentTypeIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: description: Any incidents that harm the confidentiality, integrity, or availability of our data. is_default: false name: Security Incident id: 00000000-0000-0000-0000-000000000003 type: incident_types schema: $ref: "#/components/schemas/IncidentTypeResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get incident type details tags: - Incidents "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update an incident type. operationId: UpdateIncidentType parameters: - $ref: "#/components/parameters/IncidentTypeIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: createdBy: 00000000-0000-0000-0000-000000000000 description: "Any incidents that harm (or have the potential to) the confidentiality, integrity, or availability of our data. Note: This will notify the security team." is_default: false lastModifiedBy: 00000000-0000-0000-0000-000000000000 name: Security Incident prefix: IR id: 00000000-0000-0000-0000-000000000000 type: incident_types schema: $ref: "#/components/schemas/IncidentTypePatchRequest" description: Incident type payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: Any incidents that harm the confidentiality, integrity, or availability of our data. is_default: false name: Security Incident id: 00000000-0000-0000-0000-000000000004 type: incident_types schema: $ref: "#/components/schemas/IncidentTypeResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an incident type tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/user-defined-fields: get: description: Get a list of all incident user-defined fields. operationId: ListIncidentUserDefinedFields parameters: - description: The number of results to return per page. Must be between 0 and 1000. in: query name: page[size] schema: default: 1000 format: int64 maximum: 1000 minimum: 0 type: integer - description: The page number to retrieve, starting at 0. in: query name: page[number] schema: default: 0 format: int64 minimum: 0 type: integer - description: When true, include soft-deleted fields in the response. in: query name: include-deleted schema: default: false type: boolean - description: Filter results to fields associated with the given incident type UUID. in: query name: filter[incident-type] schema: type: string - description: Comma-separated list of related resources to include. Supported values are "last_modified_by_user", "created_by_user", and "incident_type". in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: attached_to: "incidents" category: "what_happened" collected: "active" created: "2026-03-18T08:40:04.437887Z" default_value: deleted: display_name: "Root Cause" metadata: modified: "2026-03-18T08:40:04.437887Z" name: "root_cause" ordinal: "1.1" prerequisite: required: false reserved: false table_id: 0 tag_key: type: 1 valid_values: - description: "A bug in the service code." display_name: "Service Bug" value: "service_bug" id: "6f8f42e0-6a84-4495-9a24-6decb0a87de0" relationships: created_by_user: data: id: "00000000-0000-0000-0000-000000000001" type: "users" incident_type: data: id: "7459c30c-c661-4171-9474-db3a486377b2" type: "incident_types" last_modified_by_user: data: id: "00000000-0000-0000-0000-000000000001" type: "users" type: "user_defined_field" meta: offset: 0 size: 1 schema: $ref: "#/components/schemas/IncidentUserDefinedFieldListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of incident user-defined fields tags: - Incidents x-permission: operator: AND permissions: - incident_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create an incident user-defined field. operationId: CreateIncidentUserDefinedField parameters: - description: Comma-separated list of related resources to include. Supported values are "last_modified_by_user", "created_by_user", and "incident_type". in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: category: what_happened collected: active default_value: critical display_name: Root Cause name: root_cause ordinal: "1.5" required: false tag_key: datacenter type: 3 valid_values: - description: A critical severity incident. display_name: Critical short_description: Critical value: critical relationships: incident_type: data: id: 00000000-0000-0000-0000-000000000000 type: incident_types type: user_defined_field schema: $ref: "#/components/schemas/IncidentUserDefinedFieldCreateRequest" description: Incident user-defined field payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: attached_to: "incidents" category: collected: created: "2026-03-18T08:40:05.185406Z" default_value: deleted: display_name: "Root Cause" metadata: modified: "2026-03-18T08:40:05.185406Z" name: "root_cause" ordinal: "9" prerequisite: required: false reserved: false table_id: 0 tag_key: type: 3 valid_values: id: "82263487-b540-4c12-8797-58ac1d4fed17" relationships: created_by_user: data: id: "2f2c94fe-cd6e-4f8e-b9c7-d5755aca09a6" type: "users" incident_type: data: id: "7459c30c-c661-4171-9474-db3a486377b2" type: "incident_types" last_modified_by_user: data: id: "2f2c94fe-cd6e-4f8e-b9c7-d5755aca09a6" type: "users" type: "user_defined_field" schema: $ref: "#/components/schemas/IncidentUserDefinedFieldResponse" description: CREATED "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create an incident user-defined field tags: - Incidents x-codegen-request-body-name: body x-permission: operator: AND permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/config/user-defined-fields/{field_id}: delete: description: Delete an incident user-defined field. operationId: DeleteIncidentUserDefinedField parameters: - $ref: "#/components/parameters/IncidentUserDefinedFieldIDPathParameter" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an incident user-defined field tags: - Incidents x-permission: operator: AND permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get details of an incident user-defined field. operationId: GetIncidentUserDefinedField parameters: - $ref: "#/components/parameters/IncidentUserDefinedFieldIDPathParameter" - description: Comma-separated list of related resources to include. Supported values are "last_modified_by_user", "created_by_user", and "incident_type". in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: attached_to: "incidents" category: "what_happened" collected: "active" created: "2026-03-18T08:40:04.437887Z" default_value: deleted: display_name: "Root Cause" metadata: modified: "2026-03-18T08:40:04.437887Z" name: "root_cause" ordinal: "1.1" prerequisite: required: false reserved: false table_id: 0 tag_key: type: 1 valid_values: - description: "A bug in the service code." display_name: "Service Bug" value: "service_bug" id: "6f8f42e0-6a84-4495-9a24-6decb0a87de0" relationships: created_by_user: data: id: "00000000-0000-0000-0000-000000000001" type: "users" incident_type: data: id: "7459c30c-c661-4171-9474-db3a486377b2" type: "incident_types" last_modified_by_user: data: id: "00000000-0000-0000-0000-000000000001" type: "users" type: "user_defined_field" schema: $ref: "#/components/schemas/IncidentUserDefinedFieldResponse" description: OK "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get an incident user-defined field tags: - Incidents x-permission: operator: AND permissions: - incident_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update an incident user-defined field. operationId: UpdateIncidentUserDefinedField parameters: - $ref: "#/components/parameters/IncidentUserDefinedFieldIDPathParameter" - description: Comma-separated list of related resources to include. Supported values are "last_modified_by_user", "created_by_user", and "incident_type". in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: category: what_happened collected: active default_value: critical display_name: Root Cause ordinal: "1.5" required: false valid_values: - description: A critical severity incident. display_name: Critical short_description: Critical value: critical id: 00000000-0000-0000-0000-000000000000 type: user_defined_field schema: $ref: "#/components/schemas/IncidentUserDefinedFieldUpdateRequest" description: Incident user-defined field update payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: attached_to: "incidents" category: "what_happened" collected: created: "2026-03-18T08:39:49.913895Z" default_value: deleted: display_name: "Root Cause" metadata: modified: "2026-03-18T08:39:49.922909Z" name: "root_cause" ordinal: "8" prerequisite: required: false reserved: false table_id: 0 tag_key: type: 3 valid_values: id: "13a731a3-a010-450e-b6a3-3d450a26170c" relationships: created_by_user: data: id: "8e7d4859-0916-4df8-b51c-5f5a4ea7815e" type: "users" incident_type: data: id: "95edc42f-c55d-46fa-92a1-a182646454af" type: "incident_types" last_modified_by_user: data: id: "8e7d4859-0916-4df8-b51c-5f5a4ea7815e" type: "users" type: "user_defined_field" schema: $ref: "#/components/schemas/IncidentUserDefinedFieldResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an incident user-defined field tags: - Incidents x-codegen-request-body-name: body x-permission: operator: AND permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/import: post: description: |- Import an incident from an external system. This endpoint allows you to create incidents with historical data such as custom timestamps for detection, declaration, and resolution. Imported incidents do not execute integrations or notification rules. operationId: ImportIncident parameters: - $ref: "#/components/parameters/IncidentImportIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: declared: "2025-01-01T00:00:00Z" detected: "2025-01-01T00:00:00Z" fields: severity: value: SEV-5 state: value: active incident_type_uuid: 00000000-0000-0000-0000-000000000000 resolved: "2025-01-01T01:00:00Z" title: Imported incident from external system visibility: organization relationships: commander_user: data: id: 00000000-0000-0000-0000-000000000000 type: users declared_by_user: data: id: 00000000-0000-0000-0000-000000000000 type: users type: incidents schema: $ref: "#/components/schemas/IncidentImportRequest" description: Incident import payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" fields: severity: value: SEV-5 state: value: active modified: "2024-01-01T00:00:00+00:00" title: Imported incident from external system id: "00000000-0000-0000-1234-000000000000" type: incidents schema: $ref: "#/components/schemas/IncidentImportResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Import an incident tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: AND permissions: - incident_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/search: get: description: >- Search for incidents matching a certain query. operationId: SearchIncidents parameters: - $ref: "#/components/parameters/IncidentSearchIncludeQueryParameter" - $ref: "#/components/parameters/IncidentSearchQueryQueryParameter" - $ref: "#/components/parameters/IncidentSearchSortQueryParameter" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageOffset" responses: "200": content: application/json: examples: default: value: data: attributes: facets: severity: [] state: [] incidents: [] total: 0 type: incidents_search_results schema: $ref: "#/components/schemas/IncidentSearchResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Search for incidents tags: - Incidents x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data.attributes.incidents "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}: delete: description: Deletes an existing incident from the users organization. operationId: DeleteIncident parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an existing incident tags: - Incidents "x-permission": operator: OR permissions: - incident_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: >- Get the details of an incident by `incident_id`. operationId: GetIncident parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" customer_impacted: false fields: severity: type: dropdown value: SEV-5 modified: "2024-01-01T00:00:00+00:00" title: A test incident title id: "00000000-0000-0000-1234-000000000000" type: incidents schema: $ref: "#/components/schemas/IncidentResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get the details of an incident tags: - Incidents "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: >- Updates an incident. Provide only the attributes that should be updated as this request is a partial update. operationId: UpdateIncident parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: customer_impact_scope: Example customer impact scope customer_impacted: false fields: severity: type: dropdown value: SEV-5 notification_handles: - display_name: Jane Doe handle: "@user@email.com" - display_name: Slack Channel handle: "@slack-channel" - display_name: Incident Workflow handle: "@workflow-from-incident" title: A test incident title id: 00000000-0000-0000-4567-000000000000 relationships: commander_user: data: id: 00000000-0000-0000-0000-000000000000 type: users integrations: data: - id: 00000000-abcd-0005-0000-000000000000 type: incident_integrations - id: 00000000-abcd-0006-0000-000000000000 type: incident_integrations postmortem: data: id: 00000000-0000-abcd-3000-000000000000 type: incident_postmortems type: incidents schema: $ref: "#/components/schemas/IncidentUpdateRequest" description: Incident Payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" customer_impacted: false fields: severity: type: dropdown value: SEV-5 modified: "2024-01-01T00:00:00+00:00" title: A test incident title id: "00000000-0000-0000-1234-000000000000" type: incidents schema: $ref: "#/components/schemas/IncidentResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an existing incident tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}/attachments: get: description: List incident attachments. operationId: ListIncidentAttachments parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - description: Filter attachments by type. Supported values are `1` (`postmortem`) and `2` (`link`). in: query name: filter[attachment_type] schema: example: "1" type: string - $ref: "#/components/parameters/AttachmentIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: attachment: documentUrl: "https://app.datadoghq.com/notebook/123/Postmortem-IR-123" title: Postmortem IR-123 attachment_type: postmortem modified: "2024-01-01T00:00:00+00:00" id: 00000000-abcd-0002-0000-000000000000 relationships: incident: data: id: 00000000-0000-0000-1234-000000000000 type: incidents type: incident_attachments schema: $ref: "#/components/schemas/AttachmentArray" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List incident attachments tags: - Incidents "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create an incident attachment. operationId: CreateIncidentAttachment parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/AttachmentIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: attachment: documentUrl: https://app.datadoghq.com/notebook/123/Postmortem-IR-123 title: Postmortem-IR-123 attachment_type: postmortem type: incident_attachments schema: $ref: "#/components/schemas/CreateAttachmentRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: attachment: documentUrl: "https://app.datadoghq.com/notebook/123/Postmortem-IR-123" title: Postmortem IR-123 attachment_type: postmortem modified: "2024-01-01T00:00:00+00:00" id: 00000000-abcd-0002-0000-000000000000 relationships: incident: data: id: 00000000-0000-0000-1234-000000000000 type: incidents type: incident_attachments schema: $ref: "#/components/schemas/Attachment" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create incident attachment tags: - Incidents "x-permission": operator: AND permissions: - incident_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}/attachments/postmortems: post: description: |- Create a postmortem attachment for an incident. The endpoint accepts markdown for notebooks created in Confluence or Google Docs. Postmortems created from notebooks need to be formatted using frontend notebook cells, in addition to markdown format. operationId: CreateIncidentPostmortemAttachment parameters: - description: The ID of the incident in: path name: incident_id required: true schema: example: "00000000-0000-0000-0000-000000000000" type: string requestBody: content: application/json: examples: default: value: data: attributes: cells: - id: cell-1 type: markdown content: "# Incident Report - IR-123\n[...]" postmortem_template_id: 93645509-874e-45c4-adfa-623bfeaead89-123 title: Postmortem-IR-123 type: incident_attachments schema: $ref: "#/components/schemas/PostmortemAttachmentRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: attachment: documentUrl: "https://app.datadoghq.com/notebook/123/Postmortem-IR-123" title: Postmortem IR-123 attachment_type: postmortem modified: "2024-01-01T00:00:00+00:00" id: 00000000-abcd-0002-0000-000000000000 relationships: incident: data: id: 00000000-0000-0000-1234-000000000000 type: incidents type: incident_attachments schema: $ref: "#/components/schemas/Attachment" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create postmortem attachment tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}/attachments/{attachment_id}: delete: operationId: DeleteIncidentAttachment parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/AttachmentIDPathParameter" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete incident attachment tags: - Incidents "x-permission": operator: AND permissions: - incident_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: operationId: UpdateIncidentAttachment parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/AttachmentIDPathParameter" - $ref: "#/components/parameters/AttachmentIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: attachment: documentUrl: https://app.datadoghq.com/notebook/124/Postmortem-IR-124 title: Postmortem-IR-124 id: 00000000-abcd-0002-0000-000000000000 type: incident_attachments schema: $ref: "#/components/schemas/PatchAttachmentRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: attachment: documentUrl: "https://app.datadoghq.com/notebook/124/Postmortem-IR-124" title: Postmortem IR-124 attachment_type: postmortem modified: "2024-01-01T00:00:00+00:00" id: 00000000-abcd-0002-0000-000000000000 relationships: incident: data: id: 00000000-0000-0000-1234-000000000000 type: incidents type: incident_attachments schema: $ref: "#/components/schemas/Attachment" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update incident attachment tags: - Incidents "x-permission": operator: AND permissions: - incident_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}/impacts: get: description: Get all impacts for an incident. operationId: ListIncidentImpacts parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentImpactIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: description: "Service was unavailable for external users" end_at: "2024-01-01T01:00:00+00:00" start_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000001 type: incident_impacts schema: $ref: "#/components/schemas/IncidentImpactsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: List an incident's impacts tags: - Incidents "x-permission": operator: OR permissions: - incident_read post: description: Create an impact for an incident. operationId: CreateIncidentImpact parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentImpactIncludeQueryParameter" requestBody: content: application/json: examples: default: value: data: attributes: description: Service was unavailable for external users end_at: "2025-08-29T13:17:00Z" fields: customers_impacted: all products_impacted: - shopping - marketing start_at: "2025-08-28T13:17:00Z" type: incident_impacts schema: $ref: "#/components/schemas/IncidentImpactCreateRequest" description: Incident impact payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: description: "Service was unavailable for external users" end_at: "2024-01-01T01:00:00+00:00" start_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000002 type: incident_impacts schema: $ref: "#/components/schemas/IncidentImpactResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident impact tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_write /api/v2/incidents/{incident_id}/impacts/{impact_id}: delete: description: Delete an incident impact. operationId: DeleteIncidentImpact parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentImpactIDPathParameter" responses: "204": description: No Content "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an incident impact tags: - Incidents "x-permission": operator: OR permissions: - incident_write /api/v2/incidents/{incident_id}/relationships/integrations: get: description: Get all integration metadata for an incident. operationId: ListIncidentIntegrations parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: incident_id: 00000000-aaaa-0000-0000-000000000000 integration_type: 8 metadata: issues: - account: https://example.atlassian.net project_key: PROJ id: 00000000-0000-0000-1234-000000000000 type: incident_integrations schema: $ref: "#/components/schemas/IncidentIntegrationMetadataListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of an incident's integration metadata tags: - Incidents "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create an incident integration metadata. operationId: CreateIncidentIntegration parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: incident_id: 00000000-aaaa-0000-0000-000000000000 integration_type: 1 metadata: channels: - channel_id: C0123456789 channel_name: "#new-channel" redirect_url: https://slack.com/app_redirect?channel=C0123456789&team=T01234567 team_id: T01234567 type: incident_integrations schema: $ref: "#/components/schemas/IncidentIntegrationMetadataCreateRequest" description: Incident integration metadata payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: incident_id: 00000000-aaaa-0000-0000-000000000000 integration_type: 8 metadata: issues: - account: https://example.atlassian.net project_key: PROJ id: 00000000-0000-0000-1234-000000000000 type: incident_integrations schema: $ref: "#/components/schemas/IncidentIntegrationMetadataResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident integration metadata tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}/relationships/integrations/{integration_metadata_id}: delete: description: Delete an incident integration metadata. operationId: DeleteIncidentIntegration parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentIntegrationMetadataIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an incident integration metadata tags: - Incidents x-codegen-request-body-name: body x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get incident integration metadata details. operationId: GetIncidentIntegration parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentIntegrationMetadataIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: incident_id: 00000000-aaaa-0000-0000-000000000000 integration_type: 8 metadata: issues: - account: https://example.atlassian.net project_key: PROJ id: 00000000-0000-0000-1234-000000000000 type: incident_integrations schema: $ref: "#/components/schemas/IncidentIntegrationMetadataResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get incident integration metadata details tags: - Incidents x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update an existing incident integration metadata. operationId: UpdateIncidentIntegration parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentIntegrationMetadataIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: incident_id: 00000000-aaaa-0000-0000-000000000000 integration_type: 1 metadata: channels: - channel_id: C0123456789 channel_name: "#updated-channel-name" redirect_url: https://slack.com/app_redirect?channel=C0123456789&team=T01234567 team_id: T01234567 type: incident_integrations schema: $ref: "#/components/schemas/IncidentIntegrationMetadataPatchRequest" description: Incident integration metadata payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: incident_id: 00000000-aaaa-0000-0000-000000000000 integration_type: 8 metadata: issues: - account: https://example.atlassian.net issue_key: PROJ-123 project_key: PROJ id: 00000000-0000-0000-1234-000000000000 type: incident_integrations schema: $ref: "#/components/schemas/IncidentIntegrationMetadataResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an existing incident integration metadata tags: - Incidents x-codegen-request-body-name: body x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}/relationships/todos: get: description: Get all todos for an incident. operationId: ListIncidentTodos parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: assignees: - "@test.user@example.com" content: Restore lost data. id: 00000000-0000-0000-0000-000000000002 type: incident_todos schema: $ref: "#/components/schemas/IncidentTodoListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of an incident's todos tags: - Incidents "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create an incident todo. operationId: CreateIncidentTodo parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: assignees: - "@test.user@test.com" completed: "2023-03-06T22:00:00.000000+00:00" content: Restore lost data. due_date: "2023-07-10T05:00:00.000000+00:00" incident_id: 00000000-aaaa-0000-0000-000000000000 type: incident_todos schema: $ref: "#/components/schemas/IncidentTodoCreateRequest" description: Incident todo payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: assignees: - "@test.user@example.com" content: Restore lost data. id: 00000000-0000-0000-0000-000000000001 type: incident_todos schema: $ref: "#/components/schemas/IncidentTodoResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident todo tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/incidents/{incident_id}/relationships/todos/{todo_id}: delete: description: Delete an incident todo. operationId: DeleteIncidentTodo parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentTodoIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an incident todo tags: - Incidents "x-permission": operator: OR permissions: - incident_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get incident todo details. operationId: GetIncidentTodo parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentTodoIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: assignees: - "@test.user@example.com" content: Restore lost data. id: 00000000-0000-0000-0000-000000000003 type: incident_todos schema: $ref: "#/components/schemas/IncidentTodoResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get incident todo details tags: - Incidents "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update an incident todo. operationId: UpdateIncidentTodo parameters: - $ref: "#/components/parameters/IncidentIDPathParameter" - $ref: "#/components/parameters/IncidentTodoIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: assignees: - "@test.user@test.com" completed: "2023-03-06T22:00:00.000000+00:00" content: Restore lost data. due_date: "2023-07-10T05:00:00.000000+00:00" incident_id: 00000000-aaaa-0000-0000-000000000000 type: incident_todos schema: $ref: "#/components/schemas/IncidentTodoPatchRequest" description: Incident todo payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: assignees: - "@test.user@example.com" content: Restore lost data. id: 00000000-0000-0000-0000-000000000004 type: incident_todos schema: $ref: "#/components/schemas/IncidentTodoResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an incident todo tags: - Incidents x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/integration/aws/accounts: get: description: Get a list of AWS Account Integration Configs. operationId: ListAWSAccounts parameters: - description: |- Optional query parameter to filter accounts by AWS Account ID. If not provided, all accounts are returned. example: "123456789012" in: query name: aws_account_id required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/AWSAccountsResponse" description: AWS Accounts List object "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List all AWS integrations tags: - AWS Integration "x-permission": operator: OR permissions: - aws_configuration_read post: description: Create a new AWS Account Integration Config. operationId: CreateAWSAccount requestBody: content: application/json: examples: default: value: data: attributes: account_tags: - env:prod auth_config: access_key_id: ACCESS_KEY_ID secret_access_key: SECRET_ACCESS_KEY aws_account_id: "123456789012" aws_partition: aws aws_regions: include_all: true logs_config: lambda_forwarder: lambdas: - arn:aws:lambda:us-east-1:123456789012:function:DatadogLambdaLogForwarder sources: - s3 metrics_config: automute_enabled: true collect_cloudwatch_alarms: false collect_custom_metrics: false enabled: true tag_filters: - namespace: AWS/EC2 resources_config: cloud_security_posture_management_collection: false extended_collection: true type: account schema: $ref: "#/components/schemas/AWSAccountCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: auth_config: access_key_id: ACCESS_KEY_ID aws_account_id: "123456789012" aws_partition: aws id: 00000000-0000-0000-0000-000000000001 type: account schema: $ref: "#/components/schemas/AWSAccountResponse" description: AWS Account object "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an AWS integration tags: - AWS Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - aws_configurations_manage /api/v2/integration/aws/accounts/{aws_account_config_id}: delete: description: Delete an AWS Account Integration Config by config ID. operationId: DeleteAWSAccount parameters: - $ref: "#/components/parameters/AWSAccountConfigIDPathParameter" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an AWS integration tags: - AWS Integration "x-permission": operator: OR permissions: - aws_configurations_manage get: description: Get an AWS Account Integration Config by config ID. operationId: GetAWSAccount parameters: - $ref: "#/components/parameters/AWSAccountConfigIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: auth_config: access_key_id: ACCESS_KEY_ID aws_account_id: "123456789012" aws_partition: aws id: 00000000-0000-0000-0000-000000000002 type: account schema: $ref: "#/components/schemas/AWSAccountResponse" description: AWS Account object "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an AWS integration by config ID tags: - AWS Integration "x-permission": operator: OR permissions: - aws_configuration_read patch: description: Update an AWS Account Integration Config by config ID. operationId: UpdateAWSAccount parameters: - $ref: "#/components/parameters/AWSAccountConfigIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: account_tags: - env:prod auth_config: access_key_id: ACCESS_KEY_ID secret_access_key: SECRET_ACCESS_KEY aws_account_id: "123456789012" aws_partition: aws aws_regions: include_all: true logs_config: lambda_forwarder: lambdas: - arn:aws:lambda:us-east-1:123456789012:function:DatadogLambdaLogForwarder sources: - s3 metrics_config: automute_enabled: true collect_cloudwatch_alarms: false collect_custom_metrics: false enabled: true tag_filters: - namespace: AWS/EC2 resources_config: cloud_security_posture_management_collection: false extended_collection: true id: 00000000-abcd-0001-0000-000000000000 type: account schema: $ref: "#/components/schemas/AWSAccountUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: auth_config: access_key_id: ACCESS_KEY_ID aws_account_id: "123456789012" aws_partition: aws id: 00000000-0000-0000-0000-000000000003 type: account schema: $ref: "#/components/schemas/AWSAccountResponse" description: AWS Account object "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update an AWS integration tags: - AWS Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - aws_configuration_edit /api/v2/integration/aws/accounts/{aws_account_config_id}/ccm_config: delete: description: |- Delete the Cloud Cost Management config for an AWS Account Integration Config using Cost and Usage Report (CUR) 2.0 by config ID. operationId: DeleteAWSAccountCCMConfig parameters: - $ref: "#/components/parameters/AWSAccountConfigIDPathParameter" responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete AWS CCM config tags: - AWS Integration "x-permission": operator: OR permissions: - aws_configuration_edit x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: |- Get the Cloud Cost Management config for an AWS Account Integration Config using Cost and Usage Report (CUR) 2.0 by config ID. operationId: GetAWSAccountCCMConfig parameters: - $ref: "#/components/parameters/AWSAccountConfigIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: data_export_configs: - bucket_name: billing bucket_region: us-east-1 report_name: cost-and-usage-report report_prefix: reports report_type: CUR2.0 id: 00000000-0000-0000-0000-000000000004 type: ccm_config schema: $ref: "#/components/schemas/AWSCcmConfigResponse" description: AWS CCM Config object "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get AWS CCM config tags: - AWS Integration "x-permission": operator: OR permissions: - aws_configuration_read x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: |- Update the Cloud Cost Management config for an AWS Account Integration Config using Cost and Usage Report (CUR) 2.0 by config ID. operationId: UpdateAWSAccountCCMConfig parameters: - $ref: "#/components/parameters/AWSAccountConfigIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: ccm_config: data_export_configs: - bucket_name: billing bucket_region: us-east-1 report_name: cost-and-usage-report report_prefix: reports report_type: CUR2.0 type: ccm_config schema: $ref: "#/components/schemas/AWSCcmConfigRequest" description: Update a Cloud Cost Management config for an AWS Account Integration Config. required: true responses: "200": content: application/json: examples: default: value: data: attributes: data_export_configs: - bucket_name: billing bucket_region: us-east-1 report_name: cost-and-usage-report report_prefix: reports report_type: CUR2.0 id: 00000000-0000-0000-0000-000000000006 type: ccm_config schema: $ref: "#/components/schemas/AWSCcmConfigResponse" description: AWS CCM Config object "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update AWS CCM config tags: - AWS Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - aws_configuration_edit x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Create the Cloud Cost Management config for an AWS Account Integration Config using Cost and Usage Report (CUR) 2.0 by config ID. operationId: CreateAWSAccountCCMConfig parameters: - $ref: "#/components/parameters/AWSAccountConfigIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: ccm_config: data_export_configs: - bucket_name: billing bucket_region: us-east-1 report_name: cost-and-usage-report report_prefix: reports report_type: CUR2.0 type: ccm_config schema: $ref: "#/components/schemas/AWSCcmConfigRequest" description: Create a Cloud Cost Management config for an AWS Account Integration Config. required: true responses: "200": content: application/json: examples: default: value: data: attributes: data_export_configs: - bucket_name: billing bucket_region: us-east-1 report_name: cost-and-usage-report report_prefix: reports report_type: CUR2.0 id: 00000000-0000-0000-0000-000000000005 type: ccm_config schema: $ref: "#/components/schemas/AWSCcmConfigResponse" description: AWS CCM Config object "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create AWS CCM config tags: - AWS Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - aws_configuration_edit x-unstable: |- **Note**: This endpoint is in preview and may be subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/integration/aws/available_namespaces: get: description: Get a list of available AWS CloudWatch namespaces that can send metrics to Datadog. operationId: ListAWSNamespaces responses: "200": content: application/json: examples: default: value: data: attributes: namespaces: - AWS/EC2 id: namespaces type: namespaces schema: $ref: "#/components/schemas/AWSNamespacesResponse" description: AWS Namespaces List object "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List available namespaces tags: - AWS Integration "x-permission": operator: OR permissions: - aws_configuration_read /api/v2/integration/aws/event_bridge: delete: description: Delete an Amazon EventBridge source. operationId: DeleteAWSEventBridgeSource requestBody: content: application/json: examples: default: value: data: attributes: account_id: "123456789012" event_generator_name: app-alerts-zyxw3210 region: us-east-1 type: event_bridge schema: $ref: "#/components/schemas/AWSEventBridgeDeleteRequest" description: Delete the Amazon EventBridge source with the given name, region, and associated AWS account. required: true responses: "200": content: application/json: examples: default: value: data: attributes: status: empty id: delete_event_bridge type: event_bridge schema: $ref: "#/components/schemas/AWSEventBridgeDeleteResponse" description: Amazon EventBridge source deleted. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an Amazon EventBridge source tags: - AWS Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations get: description: Get all Amazon EventBridge sources. operationId: ListAWSEventBridgeSources responses: "200": content: application/json: examples: default: value: data: attributes: accounts: [] is_installed: true id: get_event_bridge type: event_bridge schema: $ref: "#/components/schemas/AWSEventBridgeListResponse" description: Amazon EventBridge sources list. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all Amazon EventBridge sources tags: - AWS Integration "x-permission": operator: OR permissions: - integrations_read post: description: Create an Amazon EventBridge source. operationId: CreateAWSEventBridgeSource requestBody: content: application/json: examples: default: value: data: attributes: account_id: "123456789012" create_event_bus: true event_generator_name: app-alerts region: us-east-1 type: event_bridge schema: $ref: "#/components/schemas/AWSEventBridgeCreateRequest" description: Create an Amazon EventBridge source for an AWS account with a given name and region. required: true responses: "200": content: application/json: examples: default: value: data: attributes: event_source_name: app-alerts-zyxw3210 has_bus: true region: us-east-1 status: created id: create_event_bridge type: event_bridge schema: $ref: "#/components/schemas/AWSEventBridgeCreateResponse" description: Amazon EventBridge source created. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an Amazon EventBridge source tags: - AWS Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integration/aws/generate_new_external_id: post: description: Generate a new external ID for AWS role-based authentication. operationId: CreateNewAWSExternalID responses: "200": content: application/json: examples: default: value: data: attributes: external_id: abc-123 id: external_id type: external_id schema: $ref: "#/components/schemas/AWSNewExternalIDResponse" description: AWS External ID object "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Generate a new external ID tags: - AWS Integration "x-permission": operator: OR permissions: - aws_configuration_edit /api/v2/integration/aws/iam_permissions: get: description: Get all AWS IAM permissions required for the AWS integration. operationId: GetAWSIntegrationIAMPermissions responses: "200": content: application/json: examples: default: value: data: attributes: permissions: - account:GetContactInformation id: permissions type: permissions schema: $ref: "#/components/schemas/AWSIntegrationIamPermissionsResponse" description: AWS IAM Permissions object "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get AWS integration IAM permissions tags: - AWS Integration /api/v2/integration/aws/iam_permissions/resource_collection: get: description: Get all resource collection AWS IAM permissions required for the AWS integration. operationId: GetAWSIntegrationIAMPermissionsResourceCollection responses: "200": content: application/json: examples: default: value: data: attributes: permissions: - account:GetContactInformation id: permissions type: permissions schema: $ref: "#/components/schemas/AWSIntegrationIamPermissionsResponse" description: AWS integration resource collection IAM permissions. "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get resource collection IAM permissions tags: - AWS Integration /api/v2/integration/aws/iam_permissions/standard: get: description: Get all standard AWS IAM permissions required for the AWS integration. operationId: GetAWSIntegrationIAMPermissionsStandard responses: "200": content: application/json: examples: default: value: data: attributes: permissions: - account:GetContactInformation id: permissions type: permissions schema: $ref: "#/components/schemas/AWSIntegrationIamPermissionsResponse" description: AWS integration standard IAM permissions. "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get AWS integration standard IAM permissions tags: - AWS Integration /api/v2/integration/aws/logs/services: get: description: Get a list of AWS services that can send logs to Datadog. operationId: ListAWSLogsServices responses: "200": content: application/json: examples: default: value: data: attributes: logs_services: - s3 id: logs_services type: logs_services schema: $ref: "#/components/schemas/AWSLogsServicesResponse" description: AWS Logs Services List object "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get list of AWS log ready services tags: - AWS Logs Integration "x-permission": operator: OR permissions: - aws_configuration_read /api/v2/integration/gcp/accounts: get: description: List all GCP STS-enabled service accounts configured in your Datadog account. operationId: ListGCPSTSAccounts responses: "200": content: application/json: examples: default: value: data: - attributes: automute: true client_email: service-account@test-project.iam.gserviceaccount.com is_cspm_enabled: true resource_collection_enabled: true id: abc-123 type: gcp_service_account schema: $ref: "#/components/schemas/GCPSTSServiceAccountsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List all GCP STS-enabled service accounts tags: - GCP Integration "x-permission": operator: OR permissions: - gcp_configuration_read post: description: |- Create a new entry within Datadog for your STS enabled service account. operationId: CreateGCPSTSAccount requestBody: content: application/json: examples: default: value: data: attributes: client_email: datadog-service-account@test-project.iam.gserviceaccount.com cloud_run_revision_filters: - $KEY:$VALUE host_filters: - $KEY:$VALUE is_global_location_enabled: true is_per_project_quota_enabled: true is_resource_change_collection_enabled: true is_security_command_center_enabled: true metric_namespace_configs: - disabled: true id: aiplatform - filters: - snapshot.* - "!*_by_region" id: pubsub monitored_resource_configs: - filters: - $KEY:$VALUE type: gce_instance region_filter_configs: - nam4 - europe-north1 type: gcp_service_account schema: $ref: "#/components/schemas/GCPSTSServiceAccountCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: automute: true client_email: service-account@test-project.iam.gserviceaccount.com is_cspm_enabled: true resource_collection_enabled: true id: abc-123 type: gcp_service_account schema: $ref: "#/components/schemas/GCPSTSServiceAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a new entry for your service account tags: - GCP Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - gcp_configurations_manage /api/v2/integration/gcp/accounts/{account_id}: delete: description: Delete an STS enabled GCP account from within Datadog. operationId: DeleteGCPSTSAccount parameters: - $ref: "#/components/parameters/GCPSTSServiceAccountID" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an STS enabled GCP Account tags: - GCP Integration "x-permission": operator: OR permissions: - gcp_configurations_manage patch: description: Update an STS enabled service account. operationId: UpdateGCPSTSAccount parameters: - $ref: "#/components/parameters/GCPSTSServiceAccountID" requestBody: content: application/json: examples: default: value: data: attributes: client_email: datadog-service-account@test-project.iam.gserviceaccount.com cloud_run_revision_filters: - $KEY:$VALUE host_filters: - $KEY:$VALUE is_global_location_enabled: true is_per_project_quota_enabled: true is_resource_change_collection_enabled: true is_security_command_center_enabled: true metric_namespace_configs: - disabled: true id: aiplatform - filters: - snapshot.* - "!*_by_region" id: pubsub monitored_resource_configs: - filters: - $KEY:$VALUE type: gce_instance region_filter_configs: - nam4 - europe-north1 id: d291291f-12c2-22g4-j290-123456678897 type: gcp_service_account schema: $ref: "#/components/schemas/GCPSTSServiceAccountUpdateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: automute: true client_email: service-account@test-project.iam.gserviceaccount.com is_cspm_enabled: true resource_collection_enabled: true id: abc-123 type: gcp_service_account schema: $ref: "#/components/schemas/GCPSTSServiceAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update STS Service Account tags: - GCP Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - gcp_configuration_edit /api/v2/integration/gcp/sts_delegate: get: description: List your Datadog-GCP STS delegate account configured in your Datadog account. operationId: GetGCPSTSDelegate responses: "200": content: application/json: examples: default: value: data: attributes: delegate_account_email: test@example.com id: abc-123 type: gcp_sts_delegate schema: $ref: "#/components/schemas/GCPSTSDelegateAccountResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List delegate account tags: - GCP Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - gcp_configuration_read post: description: Create a Datadog GCP principal. operationId: MakeGCPSTSDelegate requestBody: content: application/json: examples: default: value: {} schema: example: {} type: object description: Create a delegate service account within Datadog. required: false responses: "200": content: application/json: examples: default: value: data: attributes: delegate_account_email: test@example.com id: abc-123 type: gcp_sts_delegate schema: $ref: "#/components/schemas/GCPSTSDelegateAccountResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a Datadog GCP principal tags: - GCP Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - gcp_configuration_edit /api/v2/integration/google-chat/organizations/app/named-spaces/{domain_name}/{space_display_name}: get: description: Get the resource name and organization binding ID of a space in the Datadog Google Chat integration. operationId: GetSpaceByDisplayName parameters: - $ref: "#/components/parameters/GoogleChatOrganizationDomainNamePathParameter" - $ref: "#/components/parameters/GoogleChatOrganizationSpaceDisplayNamePathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: display_name: General organization_binding_id: 00000000-0000-0000-0000-000000000006 resource_name: spaces/AAAAAAAAA space_uri: https://chat.google.com/room/AAAAAAAAA id: 00000000-0000-0000-0000-000000000005 type: google-chat-app-named-space schema: $ref: "#/components/schemas/GoogleChatAppNamedSpaceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get space information by display name tags: - Google Chat Integration /api/v2/integration/google-chat/organizations/{organization_binding_id}/organization-handles: get: description: Get a list of all organization handles from the Datadog Google Chat integration. operationId: ListOrganizationHandles parameters: - $ref: "#/components/parameters/GoogleChatOrganizationBindingIdPathParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: name: example-handle space_display_name: General space_resource_name: spaces/AAAAAAAAA id: 00000000-0000-0000-0000-000000000001 type: google-chat-organization-handle schema: $ref: "#/components/schemas/GoogleChatOrganizationHandlesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all organization handles tags: - Google Chat Integration post: description: Create an organization handle in the Datadog Google Chat integration. operationId: CreateOrganizationHandle parameters: - $ref: "#/components/parameters/GoogleChatOrganizationBindingIdPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: name: fake-handle-name space_resource_name: spaces/AAAAAAAAA type: google-chat-organization-handle schema: $ref: "#/components/schemas/GoogleChatCreateOrganizationHandleRequest" description: Organization handle payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: example-handle space_display_name: General space_resource_name: spaces/AAAAAAAAA id: 00000000-0000-0000-0000-000000000002 type: google-chat-organization-handle schema: $ref: "#/components/schemas/GoogleChatOrganizationHandleResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create organization handle tags: - Google Chat Integration x-codegen-request-body-name: body /api/v2/integration/google-chat/organizations/{organization_binding_id}/organization-handles/{handle_id}: delete: description: Delete an organization handle from the Datadog Google Chat integration. operationId: DeleteOrganizationHandle parameters: - description: Your organization binding ID. in: path name: organization_binding_id required: true schema: type: string - description: Your organization handle ID. in: path name: handle_id required: true schema: type: string responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete organization handle tags: - Google Chat Integration get: description: Get an organization handle from the Datadog Google Chat integration. operationId: GetOrganizationHandle parameters: - $ref: "#/components/parameters/GoogleChatOrganizationBindingIdPathParameter" - $ref: "#/components/parameters/GoogleChatHandleIdPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: name: example-handle space_display_name: General space_resource_name: spaces/AAAAAAAAA id: 00000000-0000-0000-0000-000000000003 type: google-chat-organization-handle schema: $ref: "#/components/schemas/GoogleChatOrganizationHandleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get organization handle tags: - Google Chat Integration patch: description: Update an organization handle from the Datadog Google Chat integration. operationId: UpdateOrganizationHandle parameters: - $ref: "#/components/parameters/GoogleChatOrganizationBindingIdPathParameter" - $ref: "#/components/parameters/GoogleChatHandleIdPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: name: fake-handle-name space_resource_name: spaces/AAAAAAAAA type: google-chat-organization-handle schema: $ref: "#/components/schemas/GoogleChatUpdateOrganizationHandleRequest" description: Organization handle payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: example-handle space_display_name: General space_resource_name: spaces/AAAAAAAAA id: 00000000-0000-0000-0000-000000000004 type: google-chat-organization-handle schema: $ref: "#/components/schemas/GoogleChatOrganizationHandleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update organization handle tags: - Google Chat Integration x-codegen-request-body-name: body /api/v2/integration/jira/accounts: get: description: |- Get all Jira accounts for the organization. operationId: ListJiraAccounts responses: "200": content: application/json: examples: default: value: data: - attributes: consumer_key: consumer-key-1 instance_url: "https://example.atlassian.net" id: account-1 type: jira-account meta: public_key: "c29tZSBkYXRhIHdpdGggACBhbmQg77u/" schema: $ref: "#/components/schemas/JiraAccountsResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Jira accounts tags: - Jira Integration x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/integration/jira/accounts/{account_id}: delete: description: |- Delete a Jira account by ID. operationId: DeleteJiraAccount parameters: - description: The ID of the Jira account to delete example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: account_id required: true schema: format: uuid type: string responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Jira account tags: - Jira Integration x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/integration/jira/issue-templates: get: description: |- Get all Jira issue templates for the organization. operationId: ListJiraIssueTemplates responses: "200": content: application/json: examples: default: value: data: - attributes: fields: description: payload: "Test Description" type: json issue_type_id: "456" name: Bug Report Template project_id: "123" id: "abc-123" type: jira-issue-template schema: $ref: "#/components/schemas/JiraIssueTemplatesResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Jira issue templates tags: - Jira Integration x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Create a new Jira issue template. operationId: CreateJiraIssueTemplate requestBody: content: application/json: examples: default: value: data: attributes: fields: description: payload: Test type: json issue_type_id: "12730" jira-account: id: 80f16d40-1fba-486e-b1fc-983e6ca19bec name: test-template project_id: "10772" type: jira-issue-template schema: $ref: "#/components/schemas/JiraIssueTemplateCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: fields: description: payload: Test type: json issue_type_id: "456" name: test-template project_id: "123" id: "abc-123" type: jira-issue-template schema: $ref: "#/components/schemas/JiraIssueTemplateResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create Jira issue template tags: - Jira Integration x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/integration/jira/issue-templates/{issue_template_id}: delete: description: |- Delete a Jira issue template by ID. operationId: DeleteJiraIssueTemplate parameters: - description: The ID of the Jira issue template to delete example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: issue_template_id required: true schema: format: uuid type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Jira issue template tags: - Jira Integration x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: |- Get a Jira issue template by ID. operationId: GetJiraIssueTemplate parameters: - description: The ID of the Jira issue template to retrieve example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: issue_template_id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: attributes: fields: description: payload: Test Description type: json issue_type_id: "456" name: test-template project_id: "123" id: "abc-123" type: jira-issue-template schema: $ref: "#/components/schemas/JiraIssueTemplateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get Jira issue template tags: - Jira Integration x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: |- Update a Jira issue template by ID. operationId: UpdateJiraIssueTemplate parameters: - description: The ID of the Jira issue template to update example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: issue_template_id required: true schema: format: uuid type: string requestBody: content: application/json: examples: default: value: data: attributes: fields: description: payload: Updated Description type: json name: test_template_updated type: jira-issue-template schema: $ref: "#/components/schemas/JiraIssueTemplateUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: fields: description: payload: Updated Description type: json issue_type_id: "456" name: test_template_updated project_id: "123" id: "abc-123" type: jira-issue-template schema: $ref: "#/components/schemas/JiraIssueTemplateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Jira issue template tags: - Jira Integration x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/integration/ms-teams/configuration/channel/{tenant_name}/{team_name}/{channel_name}: get: description: Get the tenant, team, and channel ID of a channel in the Datadog Microsoft Teams integration. operationId: GetChannelByName parameters: - $ref: "#/components/parameters/MicrosoftTeamsTenantNamePathParameter" - $ref: "#/components/parameters/MicrosoftTeamsTeamNamePathParameter" - $ref: "#/components/parameters/MicrosoftTeamsChannelNamePathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: is_primary: true team_id: 00000000-0000-0000-0000-000000000000 tenant_id: 00000000-0000-0000-0000-000000000001 id: "19:b41k24b14bn1nwffkernfkwrnfneubgkr@thread.tacv2" type: ms-teams-channel-info schema: $ref: "#/components/schemas/MicrosoftTeamsGetChannelByNameResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get channel information by name tags: - Microsoft Teams Integration /api/v2/integration/ms-teams/configuration/tenant-based-handles: get: description: Get a list of all tenant-based handles from the Datadog Microsoft Teams integration. operationId: ListTenantBasedHandles parameters: - $ref: "#/components/parameters/MicrosoftTeamsTenantIDQueryParameter" - $ref: "#/components/parameters/MicrosoftTeamsHandleNameQueryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: channel_id: fake-channel-id name: fake-handle-name team_id: 00000000-0000-0000-0000-000000000000 tenant_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000001 type: ms-teams-tenant-based-handle-info schema: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandlesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all tenant-based handles tags: - Microsoft Teams Integration post: description: Create a tenant-based handle in the Datadog Microsoft Teams integration. operationId: CreateTenantBasedHandle requestBody: content: application/json: examples: default: value: data: attributes: channel_id: fake-channel-id name: fake-handle-name team_id: 00000000-0000-0000-0000-000000000000 tenant_id: 00000000-0000-0000-0000-000000000001 type: tenant-based-handle schema: $ref: "#/components/schemas/MicrosoftTeamsCreateTenantBasedHandleRequest" description: Tenant-based handle payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: channel_id: fake-channel-id name: fake-handle-name team_id: 00000000-0000-0000-0000-000000000000 tenant_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000002 type: tenant-based-handle schema: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create tenant-based handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/ms-teams/configuration/tenant-based-handles/{handle_id}: delete: description: Delete a tenant-based handle from the Datadog Microsoft Teams integration. operationId: DeleteTenantBasedHandle parameters: - $ref: "#/components/parameters/MicrosoftTeamsTenantBasedHandleIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete tenant-based handle tags: - Microsoft Teams Integration get: description: Get the tenant, team, and channel information of a tenant-based handle from the Datadog Microsoft Teams integration. operationId: GetTenantBasedHandle parameters: - $ref: "#/components/parameters/MicrosoftTeamsTenantBasedHandleIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: channel_id: fake-channel-id name: fake-handle-name team_id: 00000000-0000-0000-0000-000000000000 tenant_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000003 type: tenant-based-handle schema: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get tenant-based handle information tags: - Microsoft Teams Integration patch: description: Update a tenant-based handle from the Datadog Microsoft Teams integration. operationId: UpdateTenantBasedHandle parameters: - $ref: "#/components/parameters/MicrosoftTeamsTenantBasedHandleIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: channel_id: fake-channel-id name: fake-handle-name team_id: 00000000-0000-0000-0000-000000000000 tenant_id: 00000000-0000-0000-0000-000000000001 type: tenant-based-handle schema: $ref: "#/components/schemas/MicrosoftTeamsUpdateTenantBasedHandleRequest" description: Tenant-based handle payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: channel_id: fake-channel-id name: fake-handle-name-updated team_id: 00000000-0000-0000-0000-000000000000 tenant_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000004 type: tenant-based-handle schema: $ref: "#/components/schemas/MicrosoftTeamsTenantBasedHandleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update tenant-based handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/ms-teams/configuration/workflows-webhook-handles: get: description: Get a list of all Workflows webhook handles from the Datadog Microsoft Teams integration. operationId: ListWorkflowsWebhookHandles parameters: - $ref: "#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleNameQueryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: name: fake-handle-name id: 00000000-0000-0000-0000-000000000005 type: workflows-webhook-handle schema: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandlesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all Workflows webhook handles tags: - Microsoft Teams Integration post: description: Create a Workflows webhook handle in the Datadog Microsoft Teams integration. operationId: CreateWorkflowsWebhookHandle requestBody: content: application/json: examples: default: value: data: attributes: name: fake-handle-name url: https://fake.url.com type: workflows-webhook-handle schema: $ref: "#/components/schemas/MicrosoftTeamsCreateWorkflowsWebhookHandleRequest" description: Workflows Webhook handle payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: fake-handle-name id: 00000000-0000-0000-0000-000000000006 type: workflows-webhook-handle schema: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create Workflows webhook handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/ms-teams/configuration/workflows-webhook-handles/{handle_id}: delete: description: Delete a Workflows webhook handle from the Datadog Microsoft Teams integration. operationId: DeleteWorkflowsWebhookHandle parameters: - $ref: "#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Workflows webhook handle tags: - Microsoft Teams Integration get: description: Get the name of a Workflows webhook handle from the Datadog Microsoft Teams integration. operationId: GetWorkflowsWebhookHandle parameters: - $ref: "#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: name: fake-handle-name id: 00000000-0000-0000-0000-000000000007 type: workflows-webhook-handle schema: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get Workflows webhook handle information tags: - Microsoft Teams Integration patch: description: Update a Workflows webhook handle from the Datadog Microsoft Teams integration. operationId: UpdateWorkflowsWebhookHandle parameters: - $ref: "#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: name: fake-handle-name url: https://fake.url.com type: workflows-webhook-handle schema: $ref: "#/components/schemas/MicrosoftTeamsUpdateWorkflowsWebhookHandleRequest" description: Workflows Webhook handle payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: fake-handle-name-updated id: 00000000-0000-0000-0000-000000000008 type: workflows-webhook-handle schema: $ref: "#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "412": $ref: "#/components/responses/PreconditionFailedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Workflows webhook handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/oci/products: get: description: >- Lists the products for a given tenancy. Returns the enabled/disabled status of Datadog products (such as Cloud Security Posture Management) for specific OCI tenancies. operationId: ListTenancyProducts parameters: - description: Comma-separated list of product keys to filter by. in: query name: productKeys required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: products: - enabled: true product_key: CLOUD_SECURITY_POSTURE_MANAGEMENT id: ocid.tenancy.test type: oci_tenancy_product schema: $ref: "#/components/schemas/TenancyProductsList" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List tenancy products tags: - OCI Integration /api/v2/integration/oci/tenancies: get: description: >- Get a list of all configured OCI tenancy integrations. Returns basic information about each tenancy including authentication credentials, region settings, and collection preferences for metrics, logs, and resources. operationId: GetTenancyConfigs responses: "200": content: application/json: examples: default: value: data: - attributes: cost_collection_enabled: true home_region: us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy schema: $ref: "#/components/schemas/TenancyConfigList" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get tenancy configs tags: - OCI Integration x-unstable: "**Note**: This endpoint may be subject to changes." post: description: >- Create a new tenancy config to establish monitoring and data collection from your OCI environment. Requires OCI authentication credentials and tenancy details. Warning: Datadog recommends interacting with this endpoint only through the Datadog web UI to ensure all necessary OCI resources have been created and configured properly. operationId: CreateTenancyConfig requestBody: content: application/json: examples: default: value: data: attributes: auth_credentials: fingerprint: "" private_key: "" cost_collection_enabled: true dd_compartment_id: ocid.compartment.test dd_stack_id: ocid.stack.test home_region: us-ashburn-1 logs_config: compartment_tag_filters: - datadog:true - env:prod enabled: true enabled_services: - service_1 - service_2 metrics_config: compartment_tag_filters: - datadog:true - env:prod enabled: true excluded_services: - service_1 - service_2 regions_config: available: - us-ashburn-1 - us-phoenix-1 disabled: - us-phoenix-1 enabled: - us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy schema: $ref: "#/components/schemas/CreateTenancyConfigRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: cost_collection_enabled: true home_region: us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy schema: $ref: "#/components/schemas/TenancyConfig" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create tenancy config tags: - OCI Integration x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/integration/oci/tenancies/{tenancy_ocid}: delete: description: >- Delete an existing tenancy config. This will stop all data collection from the specified OCI tenancy and remove the stored configuration. This operation cannot be undone. operationId: DeleteTenancyConfig parameters: - description: The OCID of the tenancy config to delete. in: path name: tenancy_ocid required: true schema: type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete tenancy config tags: - OCI Integration get: description: >- Get a single tenancy config object by its OCID. Returns detailed configuration including authentication credentials, enabled services, region settings, and collection preferences. operationId: GetTenancyConfig parameters: - description: The OCID of the tenancy config to retrieve. in: path name: tenancy_ocid required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: cost_collection_enabled: true home_region: us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy schema: $ref: "#/components/schemas/TenancyConfig" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get tenancy config tags: - OCI Integration patch: description: >- Update an existing tenancy config. You can modify authentication credentials, enable/disable collection types, update service filters, and change region settings. Warning: We recommend using the Datadog web UI to avoid unintended update effects. operationId: UpdateTenancyConfig parameters: - description: The OCID of the tenancy config to update. in: path name: tenancy_ocid required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: auth_credentials: fingerprint: "" private_key: "" cost_collection_enabled: true home_region: us-ashburn-1 logs_config: compartment_tag_filters: - datadog:true - env:prod enabled: true enabled_services: - service_1 - service_2 metrics_config: compartment_tag_filters: - datadog:true - env:prod enabled: true excluded_services: - service_1 - service_2 regions_config: available: - us-ashburn-1 - us-phoenix-1 disabled: - us-phoenix-1 enabled: - us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy schema: $ref: "#/components/schemas/UpdateTenancyConfigRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: cost_collection_enabled: true home_region: us-ashburn-1 resource_collection_enabled: true user_ocid: ocid.user.test id: ocid.tenancy.test type: oci_tenancy schema: $ref: "#/components/schemas/TenancyConfig" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update tenancy config tags: - OCI Integration /api/v2/integration/opsgenie/services: get: description: Get a list of all services from the Datadog Opsgenie integration. operationId: ListOpsgenieServices responses: "200": content: application/json: examples: default: value: data: - attributes: custom_url: name: fake-opsgenie-service-name region: us id: 00000000-0000-0000-0000-000000000001 type: opsgenie-service schema: $ref: "#/components/schemas/OpsgenieServicesResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all service objects tags: - Opsgenie Integration "x-permission": operator: OR permissions: - integrations_read post: description: Create a new service object in the Opsgenie integration. operationId: CreateOpsgenieService requestBody: content: application/json: examples: default: value: data: attributes: custom_url: https://example.com name: fake-opsgenie-service-name opsgenie_api_key: 00000000-0000-0000-0000-000000000000 region: us type: opsgenie-service schema: $ref: "#/components/schemas/OpsgenieServiceCreateRequest" description: Opsgenie service payload required: true responses: "201": content: application/json: examples: default: value: data: attributes: custom_url: https://example.com name: fake-opsgenie-service-name region: us id: 00000000-0000-0000-0000-000000000002 type: opsgenie-service schema: $ref: "#/components/schemas/OpsgenieServiceResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a new service object tags: - Opsgenie Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integration/opsgenie/services/{integration_service_id}: delete: description: Delete a single service object in the Datadog Opsgenie integration. operationId: DeleteOpsgenieService parameters: - $ref: "#/components/parameters/OpsgenieServiceIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a single service object tags: - Opsgenie Integration "x-permission": operator: OR permissions: - manage_integrations get: description: Get a single service from the Datadog Opsgenie integration. operationId: GetOpsgenieService parameters: - $ref: "#/components/parameters/OpsgenieServiceIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: custom_url: name: fake-opsgenie-service-name region: us id: 00000000-0000-0000-0000-000000000003 type: opsgenie-service schema: $ref: "#/components/schemas/OpsgenieServiceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a single service object tags: - Opsgenie Integration "x-permission": operator: OR permissions: - integrations_read patch: description: Update a single service object in the Datadog Opsgenie integration. operationId: UpdateOpsgenieService parameters: - $ref: "#/components/parameters/OpsgenieServiceIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: custom_url: https://example.com name: fake-opsgenie-service-name opsgenie_api_key: 00000000-0000-0000-0000-000000000000 region: us id: 596da4af-0563-4097-90ff-07230c3f9db3 type: opsgenie-service schema: $ref: "#/components/schemas/OpsgenieServiceUpdateRequest" description: Opsgenie service payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: custom_url: https://example.com name: fake-opsgenie-service-name region: us id: 00000000-0000-0000-0000-000000000004 type: opsgenie-service schema: $ref: "#/components/schemas/OpsgenieServiceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a single service object tags: - Opsgenie Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integration/servicenow/assignment_groups/{instance_id}: get: description: |- Get all assignment groups for a ServiceNow instance. operationId: ListServiceNowAssignmentGroups parameters: - description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: instance_id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: - attributes: assignment_group_name: Network Team assignment_group_sys_id: abc-123 instance_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000001 type: assignment_groups schema: $ref: "#/components/schemas/ServiceNowAssignmentGroupsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List ServiceNow assignment groups tags: - ServiceNow Integration /api/v2/integration/servicenow/business_services/{instance_id}: get: description: |- Get all business services for a ServiceNow instance. operationId: ListServiceNowBusinessServices parameters: - description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: instance_id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: - attributes: instance_id: 00000000-0000-0000-0000-000000000001 service_name: IT Support service_sys_id: abc-123 id: 00000000-0000-0000-0000-000000000001 type: business_services schema: $ref: "#/components/schemas/ServiceNowBusinessServicesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List ServiceNow business services tags: - ServiceNow Integration /api/v2/integration/servicenow/handles: get: description: |- Get all ServiceNow templates for the organization. operationId: ListServiceNowTemplates responses: "200": content: application/json: examples: default: value: data: - attributes: handle_name: incident-template instance_id: 00000000-0000-0000-0000-000000000001 servicenow_tablename: incident id: 00000000-0000-0000-0000-000000000001 type: servicenow_templates schema: $ref: "#/components/schemas/ServiceNowTemplatesResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List ServiceNow templates tags: - ServiceNow Integration post: description: |- Create a new ServiceNow template. operationId: CreateServiceNowTemplate requestBody: content: application/json: examples: default: value: data: attributes: assignment_group_id: 65b3341b-0680-47f9-a6d4-134db45c603e business_service_id: 65b3341b-0680-47f9-a6d4-134db45c603e fields_mapping: category: software priority: "1" handle_name: incident-template instance_id: 65b3341b-0680-47f9-a6d4-134db45c603e servicenow_tablename: incident user_id: 65b3341b-0680-47f9-a6d4-134db45c603e type: servicenow_templates schema: $ref: "#/components/schemas/ServiceNowTemplateCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: handle_name: incident-template instance_id: 00000000-0000-0000-0000-000000000001 servicenow_tablename: incident id: 00000000-0000-0000-0000-000000000001 type: servicenow_templates schema: $ref: "#/components/schemas/ServiceNowTemplateResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create ServiceNow template tags: - ServiceNow Integration /api/v2/integration/servicenow/handles/{template_id}: delete: description: |- Delete a ServiceNow template by ID. operationId: DeleteServiceNowTemplate parameters: - description: The ID of the ServiceNow template to delete example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: template_id required: true schema: format: uuid type: string responses: "200": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete ServiceNow template tags: - ServiceNow Integration get: description: |- Get a ServiceNow template by ID. operationId: GetServiceNowTemplate parameters: - description: The ID of the ServiceNow template to retrieve example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: template_id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: attributes: handle_name: incident-template instance_id: 00000000-0000-0000-0000-000000000001 servicenow_tablename: incident id: 00000000-0000-0000-0000-000000000001 type: servicenow_templates schema: $ref: "#/components/schemas/ServiceNowTemplateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get ServiceNow template tags: - ServiceNow Integration put: description: |- Update a ServiceNow template by ID. operationId: UpdateServiceNowTemplate parameters: - description: The ID of the ServiceNow template to update example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: template_id required: true schema: format: uuid type: string requestBody: content: application/json: examples: default: value: data: attributes: assignment_group_id: 65b3341b-0680-47f9-a6d4-134db45c603e business_service_id: 65b3341b-0680-47f9-a6d4-134db45c603e fields_mapping: category: hardware priority: "2" handle_name: incident-template-updated instance_id: 65b3341b-0680-47f9-a6d4-134db45c603e servicenow_tablename: incident user_id: 65b3341b-0680-47f9-a6d4-134db45c603e type: servicenow_templates schema: $ref: "#/components/schemas/ServiceNowTemplateUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: handle_name: incident-template-updated instance_id: 00000000-0000-0000-0000-000000000001 servicenow_tablename: incident id: 00000000-0000-0000-0000-000000000001 type: servicenow_templates schema: $ref: "#/components/schemas/ServiceNowTemplateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update ServiceNow template tags: - ServiceNow Integration /api/v2/integration/servicenow/instances: get: description: |- Get all ServiceNow instances for the organization. operationId: ListServiceNowInstances responses: "200": content: application/json: examples: default: value: data: - attributes: instance_name: my-servicenow-instance id: 00000000-0000-0000-0000-000000000001 type: instance schema: $ref: "#/components/schemas/ServiceNowInstancesResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List ServiceNow instances tags: - ServiceNow Integration /api/v2/integration/servicenow/users/{instance_id}: get: description: |- Get all users for a ServiceNow instance. operationId: ListServiceNowUsers parameters: - description: The ID of the ServiceNow instance example: "65b3341b-0680-47f9-a6d4-134db45c603e" in: path name: instance_id required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: - attributes: email: test@example.com full_name: Example Name instance_id: 00000000-0000-0000-0000-000000000001 user_name: example-handle user_sys_id: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000001 type: users schema: $ref: "#/components/schemas/ServiceNowUsersResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List ServiceNow users tags: - ServiceNow Integration /api/v2/integrations: get: operationId: ListIntegrations responses: "200": content: application/json: examples: default: value: data: - attributes: categories: - Category::Kubernetes description: Calico is a networking and network security solution for containers. installed: true title: calico id: calico type: integration schema: $ref: "#/components/schemas/ListIntegrationsResponse" description: Successful Response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List Integrations tags: - Integrations /api/v2/integrations/cloudflare/accounts: get: description: List Cloudflare accounts. operationId: ListCloudflareAccounts responses: "200": content: application/json: examples: default: value: data: - attributes: email: test@example.com name: test-name resources: - web - dns - lb - worker zones: - zone_id_1 - zone_id_2 id: abc-123 type: cloudflare-accounts schema: $ref: "#/components/schemas/CloudflareAccountsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Cloudflare accounts tags: - Cloudflare Integration "x-permission": operator: OR permissions: - integrations_read post: description: Create a Cloudflare account. operationId: CreateCloudflareAccount requestBody: content: application/json: examples: default: value: data: attributes: api_key: EXAMPLE_API_KEY_abc123 email: test-email@example.com name: test-name resources: - web - dns - lb - worker zones: - zone_id_1 - zone_id_2 type: cloudflare-accounts schema: $ref: "#/components/schemas/CloudflareAccountCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: email: test@example.com name: test-name id: abc-123 type: cloudflare-accounts schema: $ref: "#/components/schemas/CloudflareAccountResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add Cloudflare account tags: - Cloudflare Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/cloudflare/accounts/{account_id}: delete: description: Delete a Cloudflare account. operationId: DeleteCloudflareAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Cloudflare account tags: - Cloudflare Integration "x-permission": operator: OR permissions: - manage_integrations get: description: Get a Cloudflare account. operationId: GetCloudflareAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: email: test@example.com name: test-name resources: - web - dns - lb - worker zones: - zone_id_1 - zone_id_2 id: abc-123 type: cloudflare-accounts schema: $ref: "#/components/schemas/CloudflareAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get Cloudflare account tags: - Cloudflare Integration "x-permission": operator: OR permissions: - integrations_read patch: description: Update a Cloudflare account. operationId: UpdateCloudflareAccount parameters: - description: None in: path name: account_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: api_key: EXAMPLE_API_KEY_abc123 email: test-email@example.com resources: - web - dns - lb - worker zones: - zone_id_1 - zone_id_2 type: cloudflare-accounts schema: $ref: "#/components/schemas/CloudflareAccountUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: email: test@example.com name: test-name resources: - web - dns - lb - worker zones: - zone_id_1 - zone_id_2 id: abc-123 type: cloudflare-accounts schema: $ref: "#/components/schemas/CloudflareAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Cloudflare account tags: - Cloudflare Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts: get: description: List Confluent accounts. operationId: ListConfluentAccount responses: "200": content: application/json: examples: default: value: data: - attributes: api_key: abc-123-key tags: - myTag id: abc-123 type: confluent-cloud-accounts schema: $ref: "#/components/schemas/ConfluentAccountsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Confluent accounts tags: - Confluent Cloud "x-permission": operator: OR permissions: - integrations_read post: description: Create a Confluent account. operationId: CreateConfluentAccount requestBody: content: application/json: examples: default: value: data: attributes: api_key: TESTAPIKEY123 api_secret: test-api-secret-123 resources: - enable_custom_metrics: false id: resource-id-123 resource_type: kafka tags: - myTag - myTag2:myValue tags: - myTag - myTag2:myValue type: confluent-cloud-accounts schema: $ref: "#/components/schemas/ConfluentAccountCreateRequest" description: Confluent payload required: true responses: "201": content: application/json: examples: default: value: data: attributes: api_key: abc-123-key tags: - myTag id: abc-123 type: confluent-cloud-accounts schema: $ref: "#/components/schemas/ConfluentAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts/{account_id}: delete: description: Delete a Confluent account with the provided account ID. operationId: DeleteConfluentAccount parameters: - $ref: "#/components/parameters/ConfluentAccountID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Confluent account tags: - Confluent Cloud "x-permission": operator: OR permissions: - manage_integrations get: description: Get the Confluent account with the provided account ID. operationId: GetConfluentAccount parameters: - $ref: "#/components/parameters/ConfluentAccountID" responses: "200": content: application/json: examples: default: value: data: attributes: api_key: abc-123-key tags: - myTag id: abc-123 type: confluent-cloud-accounts schema: $ref: "#/components/schemas/ConfluentAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get Confluent account tags: - Confluent Cloud "x-permission": operator: OR permissions: - integrations_read patch: description: Update the Confluent account with the provided account ID. operationId: UpdateConfluentAccount parameters: - $ref: "#/components/parameters/ConfluentAccountID" requestBody: content: application/json: examples: default: value: data: attributes: api_key: TESTAPIKEY123 api_secret: test-api-secret-123 tags: - myTag - myTag2:myValue type: confluent-cloud-accounts schema: $ref: "#/components/schemas/ConfluentAccountUpdateRequest" description: Confluent payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: api_key: abc-123-key tags: - myTag id: abc-123 type: confluent-cloud-accounts schema: $ref: "#/components/schemas/ConfluentAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts/{account_id}/resources: get: description: Get a Confluent resource for the account associated with the provided ID. operationId: ListConfluentResource parameters: - $ref: "#/components/parameters/ConfluentAccountID" responses: "200": content: application/json: examples: default: value: data: - attributes: enable_custom_metrics: false resource_type: kafka tags: - myTag id: abc-123 type: confluent-cloud-resources schema: $ref: "#/components/schemas/ConfluentResourcesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Confluent Account resources tags: - Confluent Cloud "x-permission": operator: OR permissions: - integrations_read post: description: Create a Confluent resource for the account associated with the provided ID. operationId: CreateConfluentResource parameters: - $ref: "#/components/parameters/ConfluentAccountID" requestBody: content: application/json: examples: default: value: data: attributes: enable_custom_metrics: false resource_type: kafka tags: - myTag - myTag2:myValue id: resource-id-123 type: confluent-cloud-resources schema: $ref: "#/components/schemas/ConfluentResourceRequest" description: Confluent payload required: true responses: "201": content: application/json: examples: default: value: data: attributes: enable_custom_metrics: false resource_type: kafka tags: - myTag id: abc-123 type: confluent-cloud-resources schema: $ref: "#/components/schemas/ConfluentResourceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add resource to Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts/{account_id}/resources/{resource_id}: delete: description: Delete a Confluent resource with the provided resource id for the account associated with the provided account ID. operationId: DeleteConfluentResource parameters: - $ref: "#/components/parameters/ConfluentAccountID" - $ref: "#/components/parameters/ConfluentResourceID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete resource from Confluent account tags: - Confluent Cloud "x-permission": operator: OR permissions: - manage_integrations get: description: Get a Confluent resource with the provided resource id for the account associated with the provided account ID. operationId: GetConfluentResource parameters: - $ref: "#/components/parameters/ConfluentAccountID" - $ref: "#/components/parameters/ConfluentResourceID" responses: "200": content: application/json: examples: default: value: data: attributes: enable_custom_metrics: false resource_type: kafka tags: - myTag id: abc-123 type: confluent-cloud-resources schema: $ref: "#/components/schemas/ConfluentResourceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get resource from Confluent account tags: - Confluent Cloud "x-permission": operator: OR permissions: - integrations_read patch: description: Update a Confluent resource with the provided resource id for the account associated with the provided account ID. operationId: UpdateConfluentResource parameters: - $ref: "#/components/parameters/ConfluentAccountID" - $ref: "#/components/parameters/ConfluentResourceID" requestBody: content: application/json: examples: default: value: data: attributes: enable_custom_metrics: false resource_type: kafka tags: - myTag - myTag2:myValue id: resource-id-123 type: confluent-cloud-resources schema: $ref: "#/components/schemas/ConfluentResourceRequest" description: Confluent payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: enable_custom_metrics: false resource_type: kafka tags: - myTag id: abc-123 type: confluent-cloud-resources schema: $ref: "#/components/schemas/ConfluentResourceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update resource in Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts: get: description: List Fastly accounts. operationId: ListFastlyAccounts responses: "200": content: application/json: examples: default: value: data: - attributes: name: test-name services: [] id: abc-123 type: fastly-accounts schema: $ref: "#/components/schemas/FastlyAccountsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Fastly accounts tags: - Fastly Integration "x-permission": operator: OR permissions: - integrations_read post: description: Create a Fastly account. operationId: CreateFastlyAccount requestBody: content: application/json: examples: default: value: data: attributes: api_key: ABCDEFG123 name: test-name services: - id: 6abc7de6893AbcDe9fghIj tags: - myTag - myTag2:myValue type: fastly-accounts schema: $ref: "#/components/schemas/FastlyAccountCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: test-name services: [] id: abc-123 type: fastly-accounts schema: $ref: "#/components/schemas/FastlyAccountResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add Fastly account tags: - Fastly Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts/{account_id}: delete: description: Delete a Fastly account. operationId: DeleteFastlyAccount parameters: - $ref: "#/components/parameters/FastlyAccountID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Fastly account tags: - Fastly Integration "x-permission": operator: OR permissions: - manage_integrations get: description: Get a Fastly account. operationId: GetFastlyAccount parameters: - $ref: "#/components/parameters/FastlyAccountID" responses: "200": content: application/json: examples: default: value: data: attributes: name: test-name services: [] id: abc-123 type: fastly-accounts schema: $ref: "#/components/schemas/FastlyAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get Fastly account tags: - Fastly Integration "x-permission": operator: OR permissions: - integrations_read patch: description: Update a Fastly account. operationId: UpdateFastlyAccount parameters: - $ref: "#/components/parameters/FastlyAccountID" requestBody: content: application/json: examples: default: value: data: attributes: api_key: ABCDEFG123 type: fastly-accounts schema: $ref: "#/components/schemas/FastlyAccountUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: test-name services: [] id: abc-123 type: fastly-accounts schema: $ref: "#/components/schemas/FastlyAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Fastly account tags: - Fastly Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts/{account_id}/services: get: description: List Fastly services for an account. operationId: ListFastlyServices parameters: - $ref: "#/components/parameters/FastlyAccountID" responses: "200": content: application/json: examples: default: value: data: - attributes: tags: - myTag id: abc-123 type: fastly-services schema: $ref: "#/components/schemas/FastlyServicesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Fastly services tags: - Fastly Integration "x-permission": operator: OR permissions: - integrations_read post: description: Create a Fastly service for an account. operationId: CreateFastlyService parameters: - $ref: "#/components/parameters/FastlyAccountID" requestBody: content: application/json: examples: default: value: data: attributes: tags: - myTag - myTag2:myValue id: abc123 type: fastly-services schema: $ref: "#/components/schemas/FastlyServiceRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: tags: - myTag id: abc-123 type: fastly-services schema: $ref: "#/components/schemas/FastlyServiceResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add Fastly service tags: - Fastly Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts/{account_id}/services/{service_id}: delete: description: Delete a Fastly service for an account. operationId: DeleteFastlyService parameters: - $ref: "#/components/parameters/FastlyAccountID" - $ref: "#/components/parameters/FastlyServiceID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Fastly service tags: - Fastly Integration "x-permission": operator: OR permissions: - manage_integrations get: description: Get a Fastly service for an account. operationId: GetFastlyService parameters: - $ref: "#/components/parameters/FastlyAccountID" - $ref: "#/components/parameters/FastlyServiceID" responses: "200": content: application/json: examples: default: value: data: attributes: tags: - myTag id: abc-123 type: fastly-services schema: $ref: "#/components/schemas/FastlyServiceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get Fastly service tags: - Fastly Integration "x-permission": operator: OR permissions: - integrations_read patch: description: Update a Fastly service for an account. operationId: UpdateFastlyService parameters: - $ref: "#/components/parameters/FastlyAccountID" - $ref: "#/components/parameters/FastlyServiceID" requestBody: content: application/json: examples: default: value: data: attributes: tags: - myTag - myTag2:myValue id: abc123 type: fastly-services schema: $ref: "#/components/schemas/FastlyServiceRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: tags: - myTag id: abc-123 type: fastly-services schema: $ref: "#/components/schemas/FastlyServiceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Fastly service tags: - Fastly Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/okta/accounts: get: description: List Okta accounts. operationId: ListOktaAccounts responses: "200": content: application/json: examples: default: value: data: - attributes: auth_method: oauth domain: "https://example.okta.com/" name: Okta-Prod id: 00000000-0000-0000-0000-000000000001 type: okta-accounts schema: $ref: "#/components/schemas/OktaAccountsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Okta accounts tags: - Okta Integration "x-permission": operator: OR permissions: - integrations_read post: description: Create an Okta account. operationId: CreateOktaAccount requestBody: content: application/json: examples: default: value: data: attributes: auth_method: oauth client_id: client_id client_secret: client_secret domain: https://example.okta.com/ name: Okta-Prod id: f749daaf-682e-4208-a38d-c9b43162c609 type: okta-accounts schema: $ref: "#/components/schemas/OktaAccountRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: auth_method: oauth domain: "https://example.okta.com/" name: Okta-Prod id: 00000000-0000-0000-0000-000000000002 type: okta-accounts schema: $ref: "#/components/schemas/OktaAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add Okta account tags: - Okta Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/integrations/okta/accounts/{account_id}: delete: description: Delete an Okta account. operationId: DeleteOktaAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Okta account tags: - Okta Integration "x-permission": operator: OR permissions: - manage_integrations get: description: Get an Okta account. operationId: GetOktaAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: auth_method: oauth domain: "https://example.okta.com/" name: Okta-Prod id: 00000000-0000-0000-0000-000000000003 type: okta-accounts schema: $ref: "#/components/schemas/OktaAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get Okta account tags: - Okta Integration "x-permission": operator: OR permissions: - integrations_read patch: description: Update an Okta account. operationId: UpdateOktaAccount parameters: - description: None in: path name: account_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: auth_method: oauth domain: https://example.okta.com/ type: okta-accounts schema: $ref: "#/components/schemas/OktaAccountUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: auth_method: oauth domain: "https://example.okta.com/" name: Okta-Prod id: 00000000-0000-0000-0000-000000000004 type: okta-accounts schema: $ref: "#/components/schemas/OktaAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Okta account tags: - Okta Integration x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations /api/v2/ip_allowlist: get: description: Returns the IP allowlist and its enabled or disabled state. operationId: GetIPAllowlist responses: "200": content: application/json: examples: default: value: data: attributes: enabled: false entries: - data: attributes: cidr_block: "127.0.0.1/32" note: "Example entry" id: 00000000-0000-0000-0000-000000000003 type: ip_allowlist_entry id: 00000000-0000-0000-0000-000000000001 type: ip_allowlist schema: $ref: "#/components/schemas/IPAllowlistResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Get IP Allowlist tags: - IP Allowlist "x-permission": operator: OR permissions: - org_management patch: description: Edit the entries in the IP allowlist, and enable or disable it. operationId: UpdateIPAllowlist requestBody: content: application/json: examples: default: value: data: attributes: enabled: false entries: - data: attributes: cidr_block: 127.0.0.1/32 type: ip_allowlist_entry type: ip_allowlist schema: $ref: "#/components/schemas/IPAllowlistUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: enabled: false entries: - data: attributes: cidr_block: "127.0.0.1/32" note: "Example entry" id: 00000000-0000-0000-0000-000000000004 type: ip_allowlist_entry id: 00000000-0000-0000-0000-000000000002 type: ip_allowlist schema: $ref: "#/components/schemas/IPAllowlistResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Update IP Allowlist tags: - IP Allowlist x-codegen-request-body-name: body "x-permission": operator: OR permissions: - org_management /api/v2/llm-obs/v1/annotation-queues: get: description: |- List annotation queues. Optionally filter by project ID or queue IDs. These parameters are mutually exclusive. If neither is provided, all queues in the organization are returned. operationId: ListLLMObsAnnotationQueues parameters: - description: Filter annotation queues by project ID. Cannot be used together with `queueIds`. in: query name: projectId schema: type: string - description: Filter annotation queues by queue IDs (comma-separated). Cannot be used together with `projectId`. in: query name: queueIds schema: items: type: string type: array responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-15T10:30:00Z" created_by: 00000000-0000-0000-0000-000000000002 description: Queue for annotating customer support traces modified_at: "2024-01-15T10:30:00Z" modified_by: 00000000-0000-0000-0000-000000000002 name: My annotation queue owned_by: 00000000-0000-0000-0000-000000000002 project_id: 00000000-0000-0000-0000-000000000002 id: 00000000-0000-0000-0000-000000000001 type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueuesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List LLM Observability annotation queues tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Create an annotation queue. The `name` and `project_id` fields are required. An optional `annotation_schema` can be provided to define the labels for the queue. Fields such as `created_by`, `owned_by`, `created_at`, `modified_by`, and `modified_at` are inferred by the backend. operationId: CreateLLMObsAnnotationQueue requestBody: content: application/json: examples: default: value: data: attributes: description: Queue for annotating customer support traces name: My annotation queue project_id: 00000000-0000-0000-0000-000000000002 type: queues with_schema: summary: Create queue with annotation schema value: data: attributes: annotation_schema: label_schemas: - is_required: true max: 5.0 min: 0.0 name: quality type: score - name: sentiment type: categorical values: - positive - negative - neutral description: Queue for annotating customer support traces name: My annotation queue project_id: 00000000-0000-0000-0000-000000000002 type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueueRequest" description: Create annotation queue payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" created_by: 00000000-0000-0000-0000-000000000002 description: Queue for annotating customer support traces modified_at: "2024-01-15T10:30:00Z" modified_by: 00000000-0000-0000-0000-000000000002 name: My annotation queue owned_by: 00000000-0000-0000-0000-000000000002 project_id: 00000000-0000-0000-0000-000000000002 id: 00000000-0000-0000-0000-000000000001 type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueueResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create an LLM Observability annotation queue tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/annotation-queues/{queue_id}: delete: description: Delete an annotation queue by its ID. operationId: DeleteLLMObsAnnotationQueue parameters: - $ref: "#/components/parameters/LLMObsAnnotationQueueIDPathParameter" responses: "204": description: No Content "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete an LLM Observability annotation queue tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: |- Partially update an annotation queue. The `name`, `description`, and `annotation_schema` fields can be updated. operationId: UpdateLLMObsAnnotationQueue parameters: - $ref: "#/components/parameters/LLMObsAnnotationQueueIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: description: Updated description name: Updated queue name type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueueUpdateRequest" description: Update annotation queue payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" created_by: 00000000-0000-0000-0000-000000000002 description: Queue for annotating customer support traces modified_at: "2024-01-15T10:30:00Z" modified_by: 00000000-0000-0000-0000-000000000002 name: My annotation queue owned_by: 00000000-0000-0000-0000-000000000002 project_id: 00000000-0000-0000-0000-000000000002 id: 00000000-0000-0000-0000-000000000001 type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueueResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update an LLM Observability annotation queue tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/annotation-queues/{queue_id}/annotated-interactions: get: description: Retrieve all interactions (traces and sessions) and their annotations for a given annotation queue. operationId: GetLLMObsAnnotatedInteractions parameters: - $ref: "#/components/parameters/LLMObsAnnotationQueueIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: annotated_interactions: - annotations: [] content_id: trace-abc-123 id: interaction-456 type: trace id: 00000000-0000-0000-0000-000000000001 type: annotated_interactions schema: $ref: "#/components/schemas/LLMObsAnnotatedInteractionsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get annotated queue interactions tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/annotation-queues/{queue_id}/interactions: post: description: |- Add one or more interactions (traces or sessions) to an annotation queue. At least one interaction must be provided. operationId: CreateLLMObsAnnotationQueueInteractions parameters: - $ref: "#/components/parameters/LLMObsAnnotationQueueIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: interactions: - content_id: trace-abc-123 type: trace type: interactions schema: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsRequest" description: Add interactions payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: interactions: - already_existed: false content_id: trace-abc-123 id: 00000000-0000-0000-0000-000000000000 type: trace id: 00000000-0000-0000-0000-000000000001 type: interactions schema: $ref: "#/components/schemas/LLMObsAnnotationQueueInteractionsResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Add annotation queue interactions tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/annotation-queues/{queue_id}/interactions/delete: post: description: Delete one or more interactions from an annotation queue. operationId: DeleteLLMObsAnnotationQueueInteractions parameters: - $ref: "#/components/parameters/LLMObsAnnotationQueueIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: interaction_ids: - 00000000-0000-0000-0000-000000000000 - 00000000-0000-0000-0000-000000000001 type: interactions schema: $ref: "#/components/schemas/LLMObsDeleteAnnotationQueueInteractionsRequest" description: Delete interactions payload. required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete annotation queue interactions tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/annotation-queues/{queue_id}/label-schema: get: description: Retrieve the label schema for a given annotation queue. operationId: GetLLMObsAnnotationQueueLabelSchema parameters: - $ref: "#/components/parameters/LLMObsAnnotationQueueIDPathParameter" responses: "200": content: application/json: examples: default: value: data: attributes: annotation_schema: label_schemas: - id: "abc-123" is_required: true max: 5.0 min: 0.0 name: quality type: score - id: "ef56gh78" name: sentiment type: categorical values: - positive - negative - neutral id: "00000000-0000-0000-0000-000000000001" type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueueLabelSchemaResponse" description: OK "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Get annotation queue label schema tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: |- Create or replace the label schema for a given annotation queue. The label schema defines the labels annotators can apply to interactions in the queue. Label names must be unique within the queue and match the pattern `^[a-zA-Z0-9_-]+$`. Each label must have a valid type: score, categorical, boolean, or text. operationId: UpdateLLMObsAnnotationQueueLabelSchema parameters: - $ref: "#/components/parameters/LLMObsAnnotationQueueIDPathParameter" requestBody: content: application/json: examples: boolean_label: summary: Boolean label schema value: data: attributes: annotation_schema: label_schemas: - has_assessment: true is_assessment: true is_required: true name: is_correct type: boolean type: queues categorical_label: summary: Categorical label schema value: data: attributes: annotation_schema: label_schemas: - is_required: true name: sentiment type: categorical values: - positive - negative - neutral type: queues default: value: data: attributes: annotation_schema: label_schemas: - is_required: true max: 5.0 min: 0.0 name: quality type: score type: queues score_label: summary: Score label schema value: data: attributes: annotation_schema: label_schemas: - has_reasoning: true is_required: true max: 5.0 min: 0.0 name: quality type: score type: queues text_label: summary: Text label schema value: data: attributes: annotation_schema: label_schemas: - is_required: false name: feedback type: text type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueueLabelSchemaUpdateRequest" description: Update label schema payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: annotation_schema: label_schemas: - id: abc-123 is_required: true max: 5.0 min: 0.0 name: quality type: score id: 00000000-0000-0000-0000-000000000001 type: queues schema: $ref: "#/components/schemas/LLMObsAnnotationQueueLabelSchemaResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] summary: Update annotation queue label schema tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/experiments: get: description: List all LLM Observability experiments sorted by creation date, newest first. operationId: ListLLMObsExperiments parameters: - description: Filter experiments by project ID. Required if `filter[dataset_id]` is not provided. in: query name: filter[project_id] schema: type: string - description: Filter experiments by dataset ID. in: query name: filter[dataset_id] schema: type: string - description: Filter experiments by experiment ID. Can be specified multiple times. in: query name: filter[id] schema: type: string - description: Use the Pagination cursor to retrieve the next page of results. in: query name: page[cursor] schema: type: string - description: Maximum number of results to return per page. in: query name: page[limit] schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: config: created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000011 description: "" metadata: name: My Experiment v1 project_id: 00000000-0000-0000-0000-000000000010 updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000009 type: experiments schema: $ref: "#/components/schemas/LLMObsExperimentsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List LLM Observability experiments tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new LLM Observability experiment. operationId: CreateLLMObsExperiment requestBody: content: application/json: examples: default: value: data: attributes: dataset_id: 9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d name: My Experiment v1 project_id: a33671aa-24fd-4dcd-9b33-a8ec7dde7751 type: experiments schema: $ref: "#/components/schemas/LLMObsExperimentRequest" description: Create experiment payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: config: created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000014 description: "" metadata: name: My Experiment v1 project_id: 00000000-0000-0000-0000-000000000013 updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000012 type: experiments schema: $ref: "#/components/schemas/LLMObsExperimentResponse" description: OK "201": content: application/json: examples: default: value: data: attributes: config: created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000017 description: "" metadata: name: My Experiment v1 project_id: 00000000-0000-0000-0000-000000000016 updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000015 type: experiments schema: $ref: "#/components/schemas/LLMObsExperimentResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create an LLM Observability experiment tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/experiments/delete: post: description: Delete one or more LLM Observability experiments. operationId: DeleteLLMObsExperiments requestBody: content: application/json: examples: default: value: data: attributes: experiment_ids: - 3fd6b5e0-8910-4b1c-a7d0-5b84de329012 type: experiments schema: $ref: "#/components/schemas/LLMObsDeleteExperimentsRequest" description: Delete experiments payload. required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete LLM Observability experiments tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/experiments/{experiment_id}: patch: description: Partially update an existing LLM Observability experiment. operationId: UpdateLLMObsExperiment parameters: - $ref: "#/components/parameters/LLMObsExperimentIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: experiments schema: $ref: "#/components/schemas/LLMObsExperimentUpdateRequest" description: Update experiment payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: config: created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000020 description: "" metadata: name: My Experiment v1 project_id: 00000000-0000-0000-0000-000000000019 updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000018 type: experiments schema: $ref: "#/components/schemas/LLMObsExperimentResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update an LLM Observability experiment tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/experiments/{experiment_id}/events: post: description: Push spans and metrics for an LLM Observability experiment. operationId: CreateLLMObsExperimentEvents parameters: - $ref: "#/components/parameters/LLMObsExperimentIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: metrics: - assessment: pass label: faithfulness metric_type: score span_id: span-7a1b2c3d timestamp_ms: 1705314600000 spans: - dataset_id: 9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d duration: 1500000000 name: llm_call project_id: a33671aa-24fd-4dcd-9b33-a8ec7dde7751 span_id: span-7a1b2c3d start_ns: 1705314600000000000 status: ok trace_id: abc123def456 type: events schema: $ref: "#/components/schemas/LLMObsExperimentEventsRequest" description: Experiment events payload. required: true responses: "202": description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Push events for an LLM Observability experiment tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/projects: get: description: List all LLM Observability projects sorted by creation date, newest first. operationId: ListLLMObsProjects parameters: - description: Filter projects by project ID. in: query name: filter[id] schema: type: string - description: Filter projects by name. in: query name: filter[name] schema: type: string - description: Use the Pagination cursor to retrieve the next page of results. in: query name: page[cursor] schema: type: string - description: Maximum number of results to return per page. in: query name: page[limit] schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" description: "" name: My LLM Project updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000001 type: projects schema: $ref: "#/components/schemas/LLMObsProjectsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List LLM Observability projects tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new LLM Observability project. Returns the existing project if a name conflict occurs. operationId: CreateLLMObsProject requestBody: content: application/json: examples: default: value: data: attributes: name: My LLM Project type: projects schema: $ref: "#/components/schemas/LLMObsProjectRequest" description: Create project payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: "" name: My LLM Project updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000002 type: projects schema: $ref: "#/components/schemas/LLMObsProjectResponse" description: OK "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: "" name: My LLM Project updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000003 type: projects schema: $ref: "#/components/schemas/LLMObsProjectResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create an LLM Observability project tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/projects/delete: post: description: Delete one or more LLM Observability projects. operationId: DeleteLLMObsProjects requestBody: content: application/json: examples: default: value: data: attributes: project_ids: - a33671aa-24fd-4dcd-9b33-a8ec7dde7751 type: projects schema: $ref: "#/components/schemas/LLMObsDeleteProjectsRequest" description: Delete projects payload. required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete LLM Observability projects tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/projects/{project_id}: patch: description: Partially update an existing LLM Observability project. operationId: UpdateLLMObsProject parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: projects schema: $ref: "#/components/schemas/LLMObsProjectUpdateRequest" description: Update project payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: "" name: My LLM Project updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000004 type: projects schema: $ref: "#/components/schemas/LLMObsProjectResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update an LLM Observability project tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/{project_id}/datasets: get: description: List all LLM Observability datasets for a project, sorted by creation date, newest first. operationId: ListLLMObsDatasets parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" - description: Filter datasets by name. in: query name: filter[name] schema: type: string - description: Filter datasets by dataset ID. in: query name: filter[id] schema: type: string - description: Use the Pagination cursor to retrieve the next page of results. in: query name: page[cursor] schema: type: string - description: Maximum number of results to return per page. in: query name: page[limit] schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" current_version: 1 description: "" metadata: name: My LLM Dataset updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000005 type: datasets schema: $ref: "#/components/schemas/LLMObsDatasetsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List LLM Observability datasets tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new LLM Observability dataset within the specified project. operationId: CreateLLMObsDataset parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: name: My LLM Dataset type: datasets schema: $ref: "#/components/schemas/LLMObsDatasetRequest" description: Create dataset payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" current_version: 1 description: "" metadata: name: My LLM Dataset updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000006 type: datasets schema: $ref: "#/components/schemas/LLMObsDatasetResponse" description: OK "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" current_version: 1 description: "" metadata: name: My LLM Dataset updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000007 type: datasets schema: $ref: "#/components/schemas/LLMObsDatasetResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create an LLM Observability dataset tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/{project_id}/datasets/delete: post: description: Delete one or more LLM Observability datasets within the specified project. operationId: DeleteLLMObsDatasets parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: dataset_ids: - 9f64e5c7-dc5a-45c8-a17c-1b85f0bec97d type: datasets schema: $ref: "#/components/schemas/LLMObsDeleteDatasetsRequest" description: Delete datasets payload. required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete LLM Observability datasets tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/{project_id}/datasets/{dataset_id}: patch: description: Partially update an existing LLM Observability dataset within the specified project. operationId: UpdateLLMObsDataset parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" - $ref: "#/components/parameters/LLMObsDatasetIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: datasets schema: $ref: "#/components/schemas/LLMObsDatasetUpdateRequest" description: Update dataset payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" current_version: 1 description: "" metadata: name: My LLM Dataset updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000008 type: datasets schema: $ref: "#/components/schemas/LLMObsDatasetResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update an LLM Observability dataset tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/{project_id}/datasets/{dataset_id}/records: get: description: List all records in an LLM Observability dataset, sorted by creation date, newest first. operationId: ListLLMObsDatasetRecords parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" - $ref: "#/components/parameters/LLMObsDatasetIDPathParameter" - description: Retrieve records from a specific dataset version. Defaults to the current version. in: query name: filter[version] schema: format: int64 type: integer - description: Use the Pagination cursor to retrieve the next page of results. in: query name: page[cursor] schema: type: string - description: Maximum number of results to return per page. in: query name: page[limit] schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000022 expected_output: answer: "Paris" id: 00000000-0000-0000-0000-000000000021 input: question: "What is the capital of France?" metadata: updated_at: "2024-01-01T00:00:00+00:00" schema: $ref: "#/components/schemas/LLMObsDatasetRecordsListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List LLM Observability dataset records tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update one or more existing records in an LLM Observability dataset. operationId: UpdateLLMObsDatasetRecords parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" - $ref: "#/components/parameters/LLMObsDatasetIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: records: - id: rec-7c3f5a1b-9e2d-4f8a-b1c6-3d7e9f0a2b4c type: records schema: $ref: "#/components/schemas/LLMObsDatasetRecordsUpdateRequest" description: Update records payload. required: true responses: "200": content: application/json: examples: default: value: data: - records: - created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000028 expected_output: answer: "Paris" id: 00000000-0000-0000-0000-000000000027 input: question: "What is the capital of France?" metadata: updated_at: "2024-01-01T00:00:00+00:00" schema: $ref: "#/components/schemas/LLMObsDatasetRecordsMutationResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update LLM Observability dataset records tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Append one or more records to an LLM Observability dataset. operationId: CreateLLMObsDatasetRecords parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" - $ref: "#/components/parameters/LLMObsDatasetIDPathParameter" requestBody: content: application/json: examples: default: value: data: type: records schema: $ref: "#/components/schemas/LLMObsDatasetRecordsRequest" description: Append records payload. required: true responses: "200": content: application/json: examples: default: value: data: - records: - created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000024 expected_output: answer: "Paris" id: 00000000-0000-0000-0000-000000000023 input: question: "What is the capital of France?" metadata: updated_at: "2024-01-01T00:00:00+00:00" schema: $ref: "#/components/schemas/LLMObsDatasetRecordsMutationResponse" description: OK "201": content: application/json: examples: default: value: data: - records: - created_at: "2024-01-01T00:00:00+00:00" dataset_id: 00000000-0000-0000-0000-000000000026 expected_output: answer: "Paris" id: 00000000-0000-0000-0000-000000000025 input: question: "What is the capital of France?" metadata: updated_at: "2024-01-01T00:00:00+00:00" schema: $ref: "#/components/schemas/LLMObsDatasetRecordsMutationResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Append records to an LLM Observability dataset tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/llm-obs/v1/{project_id}/datasets/{dataset_id}/records/delete: post: description: Delete one or more records from an LLM Observability dataset. operationId: DeleteLLMObsDatasetRecords parameters: - $ref: "#/components/parameters/LLMObsProjectIDPathParameter" - $ref: "#/components/parameters/LLMObsDatasetIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: record_ids: - rec-7c3f5a1b-9e2d-4f8a-b1c6-3d7e9f0a2b4c type: records schema: $ref: "#/components/schemas/LLMObsDeleteDatasetRecordsRequest" description: Delete records payload. required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete LLM Observability dataset records tags: - LLM Observability x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/logs: post: description: |- Send your logs to your Datadog platform over HTTP. Limits per HTTP request are: - Maximum content size per payload (uncompressed): 5MB - Maximum size for a single log: 1MB - Maximum array size if sending multiple logs in an array: 1000 entries Any log exceeding 1MB is accepted and truncated by Datadog: - For a single log request, the API truncates the log at 1MB and returns a 2xx. - For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx. Datadog recommends sending your logs compressed. Add the `Content-Encoding: gzip` header to the request when sending compressed logs. Log events can be submitted with a timestamp that is up to 18 hours in the past. The status codes answered by the HTTP API are: - 202: Accepted: the request has been accepted for processing - 400: Bad request (likely an issue in the payload formatting) - 401: Unauthorized (likely a missing API Key) - 403: Permission issue (likely using an invalid API Key) - 408: Request Timeout, request should be retried after some time - 413: Payload too large (batch is above 5MB uncompressed) - 429: Too Many Requests, request should be retried after some time - 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time - 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time operationId: SubmitLog parameters: - description: HTTP header used to compress the media-type. in: header name: Content-Encoding required: false schema: $ref: "#/components/schemas/ContentEncoding" - description: Log tags can be passed as query parameters with `text/plain` content type. example: "env:prod,user:my-user" in: query name: ddtags required: false schema: type: string requestBody: content: application/json: examples: default: value: ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345678 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World service: payment multi-json-messages: description: Pass multiple log objects at once. summary: Multi JSON Messages value: - ddsource: "nginx" ddtags: "env:staging,version:5.1" hostname: "i-012345678" message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello service: "payment" - ddsource: "nginx" ddtags: "env:staging,version:5.1" hostname: "i-012345679" message: 2019-11-19T14:37:58,995 INFO [process.name][20081] World service: "payment" simple-json-message: description: Log attributes can be passed as `key:value` pairs in valid JSON messages. summary: Simple JSON Message value: ddsource: "nginx" ddtags: "env:staging,version:5.1" hostname: "i-012345678" message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World service: "payment" schema: $ref: "#/components/schemas/HTTPLog" application/logplex-1: examples: default: value: multi-raw-message: description: Submit log messages. summary: Multi Logplex Messages value: "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello\n2019-11-19T14:37:58,995 INFO [process.name][20081] World" multi-raw-message: description: Submit log messages. summary: Multi Logplex Messages value: |- 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello 2019-11-19T14:37:58,995 INFO [process.name][20081] World simple-logplex-message: description: Submit log string. summary: Simple Logplex Message value: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World schema: type: string text/plain: examples: default: value: multi-raw-message: description: Submit log string. summary: Multi Raw Messages value: "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello\n2019-11-19T14:37:58,995 INFO [process.name][20081] World" multi-raw-message: description: Submit log string. summary: Multi Raw Messages value: |- 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello 2019-11-19T14:37:58,995 INFO [process.name][20081] World simple-raw-message: description: >- Submit log string. Log attributes can be passed as query parameters in the URL. This enables the addition of tags or the source by using the `ddtags` and `ddsource` parameters: `?host=my-hostname&service=my-service&ddsource=my-source&ddtags=env:prod,user:my-user`. summary: Simple Raw Message value: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World schema: type: string description: Log to send (JSON format). required: true responses: "202": content: application/json: examples: default: value: {} schema: type: object description: Request accepted for processing (always 202 empty JSON). "400": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Forbidden "408": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Request Timeout "413": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Payload Too Large "429": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Too Many Requests "500": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Internal Server Error "503": content: application/json: schema: $ref: "#/components/schemas/HTTPLogErrors" description: Service Unavailable security: - apiKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - ap1.datadoghq.com - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com - us2.ddog-gov.com x-enum-varnames: - US1 - US3 - US5 - AP1 - AP2 - EU1 - GOV - US2_GOV subdomain: default: http-intake.logs description: The subdomain where the API is deployed. - url: "{protocol}://{name}" variables: name: default: http-intake.logs.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: http-intake.logs description: The subdomain where the API is deployed. summary: Send logs tags: - Logs x-codegen-request-body-name: body /api/v2/logs/analytics/aggregate: post: description: |- The API endpoint to aggregate events into buckets and compute metrics and timeseries. operationId: AggregateLogs requestBody: content: "application/json": examples: default: value: compute: - aggregation: pc90 interval: 5m metric: "@duration" type: timeseries filter: from: now-15m indexes: - main - web query: service:web* AND @http.status_code:[200 TO 299] storage_tier: indexes to: now group_by: - facet: host histogram: interval: 10 max: 100 min: 50 sort: aggregation: count order: asc options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== schema: $ref: "#/components/schemas/LogsAggregateRequest" required: true responses: "200": content: application/json: examples: default: value: data: buckets: - by: host: my-hostname computes: c0: 19 meta: elapsed: 132 status: done schema: $ref: "#/components/schemas/LogsAggregateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Aggregate events tags: ["Logs"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_read_data /api/v2/logs/config/archive-order: get: description: |- Get the current order of your archives. This endpoint takes no JSON arguments. operationId: GetLogsArchiveOrder responses: "200": content: application/json: examples: default: value: data: attributes: archive_ids: - a2zcMylnM4OCHpYusxIi1g - a2zcMylnM4OCHpYusxIi2g - a2zcMylnM4OCHpYusxIi3g type: archive_order schema: $ref: "#/components/schemas/LogsArchiveOrder" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get archive order tags: - Logs Archives "x-permission": operator: OR permissions: - logs_read_config put: description: |- Update the order of your archives. Since logs are processed sequentially, reordering an archive may change the structure and content of the data processed by other archives. **Note**: Using the `PUT` method updates your archive's order by replacing the current order with the new one. operationId: UpdateLogsArchiveOrder requestBody: content: application/json: examples: default: value: data: attributes: archive_ids: - a2zcMylnM4OCHpYusxIi1g - a2zcMylnM4OCHpYusxIi2g - a2zcMylnM4OCHpYusxIi3g type: archive_order schema: $ref: "#/components/schemas/LogsArchiveOrder" description: An object containing the new ordered list of archive IDs. required: true responses: "200": content: application/json: examples: default: value: data: attributes: archive_ids: - a2zcMylnM4OCHpYusxIi1g - a2zcMylnM4OCHpYusxIi2g - a2zcMylnM4OCHpYusxIi3g type: archive_order schema: $ref: "#/components/schemas/LogsArchiveOrder" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update archive order tags: - Logs Archives x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_write_archives /api/v2/logs/config/archives: get: description: |- Get the list of configured logs archives with their definitions. operationId: ListLogsArchives responses: "200": content: application/json: examples: default: value: data: - attributes: destination: bucket: my-bucket integration: account_id: "123456789012" role_name: my-role type: s3 include_tags: false name: Nginx Archive query: source:nginx state: WORKING id: 00000000-0000-0000-0000-000000000001 type: archives schema: $ref: "#/components/schemas/LogsArchives" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all archives tags: - Logs Archives "x-permission": operator: OR permissions: - logs_read_archives post: description: Create an archive in your organization. operationId: CreateLogsArchive requestBody: content: application/json: examples: default: value: data: attributes: compression_method: GZIP destination: container: container-name storage_account: account-name type: azure include_tags: false name: Nginx Archive query: source:nginx rehydration_max_scan_size_in_gb: 100 rehydration_tags: - team:intake - team:app type: archives schema: $ref: "#/components/schemas/LogsArchiveCreateRequest" description: The definition of the new archive. required: true responses: "200": content: application/json: examples: default: value: data: attributes: destination: bucket: my-bucket integration: account_id: "123456789012" role_name: my-role type: s3 include_tags: false name: Nginx Archive query: source:nginx state: WORKING id: 00000000-0000-0000-0000-000000000002 type: archives schema: $ref: "#/components/schemas/LogsArchive" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an archive tags: - Logs Archives x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_write_archives /api/v2/logs/config/archives/{archive_id}: delete: description: |- Delete a given archive from your organization. operationId: DeleteLogsArchive parameters: - $ref: "#/components/parameters/ArchiveID" responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an archive tags: - Logs Archives "x-permission": operator: OR permissions: - logs_write_archives get: description: |- Get a specific archive from your organization. operationId: GetLogsArchive parameters: - $ref: "#/components/parameters/ArchiveID" responses: "200": content: application/json: examples: default: value: data: attributes: destination: bucket: my-bucket integration: account_id: "123456789012" role_name: my-role type: s3 include_tags: false name: Nginx Archive query: source:nginx state: WORKING id: 00000000-0000-0000-0000-000000000003 type: archives schema: $ref: "#/components/schemas/LogsArchive" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an archive tags: - Logs Archives "x-permission": operator: OR permissions: - logs_read_archives put: description: |- Update a given archive configuration. **Note**: Using this method updates your archive configuration by **replacing** your current configuration with the new one sent to your Datadog organization. operationId: UpdateLogsArchive parameters: - $ref: "#/components/parameters/ArchiveID" requestBody: content: application/json: examples: default: value: data: attributes: compression_method: GZIP destination: container: container-name storage_account: account-name type: azure include_tags: false name: Nginx Archive query: source:nginx rehydration_max_scan_size_in_gb: 100 rehydration_tags: - team:intake - team:app type: archives schema: $ref: "#/components/schemas/LogsArchiveCreateRequest" description: New definition of the archive. required: true responses: "200": content: application/json: examples: default: value: data: attributes: destination: bucket: my-bucket integration: account_id: "123456789012" role_name: my-role type: s3 include_tags: false name: Nginx Archive query: source:nginx state: WORKING id: 00000000-0000-0000-0000-000000000004 type: archives schema: $ref: "#/components/schemas/LogsArchive" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update an archive tags: - Logs Archives x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_write_archives /api/v2/logs/config/archives/{archive_id}/readers: delete: description: Removes a role from an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: RemoveRoleFromArchive parameters: - $ref: "#/components/parameters/ArchiveID" requestBody: content: application/json: examples: default: value: data: id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: roles schema: $ref: "#/components/schemas/RelationshipToRole" required: true responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Revoke role from an archive tags: - Logs Archives x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_write_archives get: description: Returns all read roles a given archive is restricted to. operationId: ListArchiveReadRoles parameters: - $ref: "#/components/parameters/ArchiveID" responses: "200": content: application/json: examples: default: value: data: - attributes: name: Example Role id: 00000000-0000-0000-0000-000000000005 type: roles schema: $ref: "#/components/schemas/RolesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List read roles for an archive tags: - Logs Archives x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_read_config post: description: Adds a read role to an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: AddReadRoleToArchive parameters: - $ref: "#/components/parameters/ArchiveID" requestBody: content: application/json: examples: default: value: data: id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: roles schema: $ref: "#/components/schemas/RelationshipToRole" required: true responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Grant role to an archive tags: - Logs Archives x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_write_archives /api/v2/logs/config/custom-destinations: get: description: Get the list of configured custom destinations in your organization with their definitions. operationId: ListLogsCustomDestinations responses: "200": content: application/json: examples: default: value: data: - attributes: enabled: true forward_tags: true forward_tags_restriction_list: - datacenter - host forward_tags_restriction_list_type: ALLOW_LIST forwarder_destination: auth: type: basic endpoint: https://example.com type: http name: Nginx logs query: source:nginx id: 00000000-0000-0000-0000-000000000001 type: custom_destination schema: $ref: "#/components/schemas/CustomDestinationsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all custom destinations tags: - Logs Custom Destinations "x-permission": operator: OR permissions: - logs_read_config - logs_read_data post: description: Create a custom destination in your organization. operationId: CreateLogsCustomDestination requestBody: content: application/json: examples: default: value: data: attributes: enabled: true forward_tags: true forward_tags_restriction_list: - datacenter - host forward_tags_restriction_list_type: ALLOW_LIST forwarder_destination: endpoint: https://example.com type: http name: Nginx logs query: source:nginx type: custom_destination schema: $ref: "#/components/schemas/CustomDestinationCreateRequest" description: The definition of the new custom destination. required: true responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true forward_tags: true forward_tags_restriction_list: - datacenter - host forward_tags_restriction_list_type: ALLOW_LIST forwarder_destination: auth: type: basic endpoint: https://example.com type: http name: Nginx logs query: source:nginx id: 00000000-0000-0000-0000-000000000002 type: custom_destination schema: $ref: "#/components/schemas/CustomDestinationResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a custom destination tags: - Logs Custom Destinations x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_write_forwarding_rules /api/v2/logs/config/custom-destinations/{custom_destination_id}: delete: description: Delete a specific custom destination in your organization. operationId: DeleteLogsCustomDestination parameters: - $ref: "#/components/parameters/CustomDestinationId" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a custom destination tags: - Logs Custom Destinations "x-permission": operator: OR permissions: - logs_write_forwarding_rules get: description: Get a specific custom destination in your organization. operationId: GetLogsCustomDestination parameters: - $ref: "#/components/parameters/CustomDestinationId" responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true forward_tags: true forward_tags_restriction_list: - datacenter - host forward_tags_restriction_list_type: ALLOW_LIST forwarder_destination: auth: type: basic endpoint: https://example.com type: http name: Nginx logs query: source:nginx id: 00000000-0000-0000-0000-000000000003 type: custom_destination schema: $ref: "#/components/schemas/CustomDestinationResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a custom destination tags: - Logs Custom Destinations "x-permission": operator: OR permissions: - logs_read_config - logs_read_data patch: description: Update the given fields of a specific custom destination in your organization. operationId: UpdateLogsCustomDestination parameters: - $ref: "#/components/parameters/CustomDestinationId" requestBody: content: application/json: examples: default: value: data: attributes: enabled: true forward_tags: true forward_tags_restriction_list: - datacenter - host forward_tags_restriction_list_type: ALLOW_LIST forwarder_destination: endpoint: https://example.com type: http name: Nginx logs query: source:nginx id: be5d7a69-d0c8-4d4d-8ee8-bba292d98139 type: custom_destination schema: $ref: "#/components/schemas/CustomDestinationUpdateRequest" description: New definition of the custom destination's fields. required: true responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true forward_tags: true forward_tags_restriction_list: - datacenter - host forward_tags_restriction_list_type: ALLOW_LIST forwarder_destination: auth: type: basic endpoint: https://example.com type: http name: Nginx logs query: source:nginx id: 00000000-0000-0000-0000-000000000004 type: custom_destination schema: $ref: "#/components/schemas/CustomDestinationResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a custom destination tags: - Logs Custom Destinations x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_write_forwarding_rules /api/v2/logs/config/metrics: get: description: Get the list of configured log-based metrics with their definitions. operationId: ListLogsMetrics responses: "200": content: application/json: examples: default: value: data: - attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" filter: query: "service:web* AND @http.status_code:[200 TO 299]" group_by: - path: "@http.status_code" tag_name: status_code id: logs.page.load.count type: logs_metrics schema: $ref: "#/components/schemas/LogsMetricsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all log-based metrics tags: - Logs Metrics "x-permission": operator: OR permissions: - logs_read_config post: description: |- Create a metric based on your ingested logs in your organization. Returns the log-based metric object from the request body when the request is successful. operationId: CreateLogsMetric requestBody: content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" filter: query: service:web* AND @http.status_code:[200 TO 299] group_by: - path: "@http.status_code" tag_name: status_code id: logs.page.load.count type: logs_metrics schema: $ref: "#/components/schemas/LogsMetricCreateRequest" description: The definition of the new log-based metric. required: true responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" filter: query: "service:web* AND @http.status_code:[200 TO 299]" group_by: - path: "@http.status_code" tag_name: status_code id: logs.page.load.count type: logs_metrics schema: $ref: "#/components/schemas/LogsMetricResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_generate_metrics /api/v2/logs/config/metrics/{metric_id}: delete: description: Delete a specific log-based metric from your organization. operationId: DeleteLogsMetric parameters: - $ref: "#/components/parameters/MetricID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a log-based metric tags: - Logs Metrics "x-permission": operator: OR permissions: - logs_generate_metrics get: description: Get a specific log-based metric from your organization. operationId: GetLogsMetric parameters: - $ref: "#/components/parameters/MetricID" responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" filter: query: "service:web* AND @http.status_code:[200 TO 299]" group_by: - path: "@http.status_code" tag_name: status_code id: logs.page.load.count type: logs_metrics schema: $ref: "#/components/schemas/LogsMetricResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a log-based metric tags: - Logs Metrics "x-permission": operator: OR permissions: - logs_read_config patch: description: |- Update a specific log-based metric from your organization. Returns the log-based metric object from the request body when the request is successful. operationId: UpdateLogsMetric parameters: - $ref: "#/components/parameters/MetricID" requestBody: content: application/json: examples: default: value: data: attributes: compute: include_percentiles: true filter: query: service:web* AND @http.status_code:[200 TO 299] group_by: - path: "@http.status_code" tag_name: status_code type: logs_metrics schema: $ref: "#/components/schemas/LogsMetricUpdateRequest" description: New definition of the log-based metric. required: true responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" filter: query: "service:web* AND @http.status_code:[200 TO 299]" group_by: - path: "@http.status_code" tag_name: status_code id: logs.page.load.count type: logs_metrics schema: $ref: "#/components/schemas/LogsMetricResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_generate_metrics /api/v2/logs/config/restriction_queries: get: description: Returns all restriction queries, including their names and IDs. operationId: ListRestrictionQueries parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" modified_at: "2024-01-01T00:00:00+00:00" restriction_query: "env:sandbox" id: 00000000-0000-0000-0000-000000000001 type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryListResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List restriction queries tags: - Logs Restriction Queries "x-permission": operator: OR permissions: - logs_read_config x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new restriction query for your organization. operationId: CreateRestrictionQuery requestBody: content: application/json: examples: default: value: data: attributes: restriction_query: env:sandbox type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryCreatePayload" required: true responses: "200": content: application/json: examples: default: value: data: attributes: restriction_query: "env:sandbox" id: 00000000-0000-0000-0000-000000000002 type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryWithoutRelationshipsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/logs/config/restriction_queries/role/{role_id}: get: description: Get restriction query for a given role. operationId: GetRoleRestrictionQuery parameters: - $ref: "#/components/parameters/RestrictionQueryRoleID" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" modified_at: "2024-01-01T00:00:00+00:00" restriction_query: "env:sandbox" id: 00000000-0000-0000-0000-000000000007 type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get restriction query for a given role tags: - Logs Restriction Queries "x-permission": operator: OR permissions: - logs_read_config x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/logs/config/restriction_queries/user/{user_id}: get: description: Get all restriction queries for a given user. operationId: ListUserRestrictionQueries parameters: - $ref: "#/components/parameters/RestrictionQueryUserID" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" modified_at: "2024-01-01T00:00:00+00:00" restriction_query: "env:sandbox" id: 00000000-0000-0000-0000-000000000006 type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all restriction queries for a given user tags: - Logs Restriction Queries "x-permission": operator: OR permissions: - logs_read_config x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/logs/config/restriction_queries/{restriction_query_id}: delete: description: Deletes a restriction query. operationId: DeleteRestrictionQuery parameters: - $ref: "#/components/parameters/RestrictionQueryID" responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get a restriction query in the organization specified by the restriction query's `restriction_query_id`. operationId: GetRestrictionQuery parameters: - $ref: "#/components/parameters/RestrictionQueryID" responses: "200": content: application/json: examples: default: value: data: attributes: restriction_query: "env:sandbox" id: 00000000-0000-0000-0000-000000000003 relationships: {} type: logs_restriction_queries included: [] schema: $ref: "#/components/schemas/RestrictionQueryWithRelationshipsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_read_config x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: |- Edit a restriction query. operationId: UpdateRestrictionQuery parameters: - $ref: "#/components/parameters/RestrictionQueryID" requestBody: content: application/json: examples: default: value: data: attributes: restriction_query: env:sandbox type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryUpdatePayload" required: true responses: "200": content: application/json: examples: default: value: data: attributes: restriction_query: "env:sandbox" id: 00000000-0000-0000-0000-000000000004 type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryWithoutRelationshipsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: |- Replace a restriction query. operationId: ReplaceRestrictionQuery parameters: - $ref: "#/components/parameters/RestrictionQueryID" requestBody: content: application/json: examples: default: value: data: attributes: restriction_query: env:sandbox type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryUpdatePayload" required: true responses: "200": content: application/json: examples: default: value: data: attributes: restriction_query: "env:sandbox" id: 00000000-0000-0000-0000-000000000005 type: logs_restriction_queries schema: $ref: "#/components/schemas/RestrictionQueryWithoutRelationshipsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Replace a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/logs/config/restriction_queries/{restriction_query_id}/roles: delete: description: Removes a role from a restriction query. operationId: RemoveRoleFromRestrictionQuery parameters: - $ref: "#/components/parameters/RestrictionQueryID" requestBody: content: application/json: examples: default: value: data: id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: roles schema: $ref: "#/components/schemas/RelationshipToRole" required: true responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Revoke role from a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Returns all roles that have a given restriction query. operationId: ListRestrictionQueryRoles parameters: - $ref: "#/components/parameters/RestrictionQueryID" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" responses: "200": content: application/json: examples: default: value: data: - attributes: name: Datadog Admin Role id: 00000000-0000-0000-0000-000000000008 type: roles schema: $ref: "#/components/schemas/RestrictionQueryRolesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List roles for a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - logs_read_config x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: |- Adds a role to a restriction query. **Note**: This operation automatically grants the `logs_read_data` permission to the role if it doesn't already have it. operationId: AddRoleToRestrictionQuery parameters: - $ref: "#/components/parameters/RestrictionQueryID" requestBody: content: application/json: examples: default: value: data: id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: roles schema: $ref: "#/components/schemas/RelationshipToRole" required: true responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Grant role to a restriction query tags: - Logs Restriction Queries x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/logs/events: get: description: |- List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to search and filter your logs. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives operationId: ListLogsGet parameters: - description: Search query following logs syntax. example: "@datacenter:us @role:db" in: query name: filter[query] required: false schema: type: string - description: |- For customers with multiple indexes, the indexes to search. Defaults to '*' which means all indexes example: ["main", "web"] explode: false in: query name: filter[indexes] required: false schema: items: description: The name of a log index. type: string type: array - description: Minimum timestamp for requested logs. example: "2019-01-02T09:42:36.320Z" in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested logs. example: "2019-01-03T09:42:36.320Z" in: query name: filter[to] required: false schema: format: date-time type: string - description: Specifies the storage type to be used example: "indexes" in: query name: filter[storage_tier] required: false schema: $ref: "#/components/schemas/LogsStorageTier" - description: Order of logs in results. in: query name: sort required: false schema: $ref: "#/components/schemas/LogsSort" - description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" in: query name: page[cursor] required: false schema: type: string - description: Maximum number of logs in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: message: "Hello World" service: web-app tags: - "env:prod" timestamp: "2024-01-01T00:00:00+00:00" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: log meta: elapsed: 132 status: done schema: $ref: "#/components/schemas/LogsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Search logs (GET) tags: ["Logs"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - logs_read_data /api/v2/logs/events/search: post: description: |- List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to search and filter your logs. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives operationId: ListLogs requestBody: content: "application/json": examples: default: value: filter: from: now-15m indexes: - main - web query: service:web* AND @http.status_code:[200 TO 299] storage_tier: indexes to: now options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp schema: $ref: "#/components/schemas/LogsListRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: message: Host connected to remote service: test-service status: INFO id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: log meta: elapsed: 132 status: done schema: $ref: "#/components/schemas/LogsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Search logs (POST) tags: ["Logs"] x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data "x-permission": operator: OR permissions: - logs_read_data /api/v2/metrics: get: description: |- Get a list of actively reporting metrics for your organization. Pagination is optional using the `page[cursor]` and `page[size]` query parameters. Query parameters use bracket notation (for example, `filter[tags]`, `filter[queried][window][seconds]`). Pass them as standard URL query strings, URL-encoding the brackets if your client does not handle them. For example: `GET /api/v2/metrics?filter[tags]=env:prod&window[seconds]=86400&page[size]=500`. operationId: ListTagConfigurations parameters: - description: Only return custom metrics that have been configured with Metrics Without Limits. example: true in: query name: filter[configured] required: false schema: type: boolean - description: Only return metrics that have the given tag key(s) in their Metrics Without Limits configuration (included or excluded). example: "app,env" in: query name: filter[tags_configured] required: false schema: description: Tag keys to filter by. type: string - description: Only return metrics of the given metric type. in: query name: filter[metric_type] required: false schema: $ref: "#/components/schemas/MetricTagConfigurationMetricTypeCategory" - description: Only return distribution metrics that have percentile aggregations enabled (true) or disabled (false). example: true in: query name: filter[include_percentiles] required: false schema: type: boolean - description: |- Only return metrics that have been queried (true) or not queried (false) in the look back window. Set the window with `filter[queried][window][seconds]`; if omitted, a default window is used. example: true in: query name: filter[queried] required: false schema: type: boolean - description: |- This parameter has no effect unless `filter[queried]` is also set. Only return metrics that have been queried or not queried in the specified window. The default value is 2,592,000 seconds (30 days), the maximum value is 15,552,000 seconds (180 days), and the minimum value is 1 second. For example: `filter[queried]=true&filter[queried][window][seconds]=604800`. example: 15552000 in: query name: filter[queried][window][seconds] required: false schema: default: 2592000 format: int64 maximum: 15552000 minimum: 1 type: integer - description: |- Only return metrics that were submitted with tags matching this expression. You can use AND, OR, IN, and wildcards. For example: `filter[tags]=env IN (staging,test) AND service:web*`. example: "env IN (staging,test) AND service:web*" in: query name: filter[tags] required: false schema: type: string - description: |- Only return metrics that are used in at least one dashboard, monitor, notebook, or SLO. example: true in: query name: filter[related_assets] required: false schema: type: boolean - description: |- Only return metrics that have been actively reporting in the specified window. The default value is 3600 seconds (1 hour), the maximum value is 2,592,000 seconds (30 days), and the minimum value is 1 second. example: 3600 in: query name: window[seconds] required: false schema: default: 3600 format: int64 maximum: 2592000 minimum: 1 type: integer - description: |- Maximum number of results per page. Send `page[size]` on the first request to opt in to pagination. On each subsequent request, send `page[cursor]` set to the value of `meta.pagination.next_cursor` from the previous response. The default value is 10000, the maximum value is 10000, and the minimum value is 1. in: query name: page[size] required: false schema: default: 10000 format: int32 maximum: 10000 minimum: 1 type: integer - description: |- Cursor for pagination. Use `page[size]` to opt-in to pagination and get the first page; for subsequent pages, use the value from `meta.pagination.next_cursor` in the response. Pagination is complete when `next_cursor` is null. in: query name: page[cursor] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: [] meta: pagination: next_cursor: schema: $ref: "#/components/schemas/MetricsAndMetricTagConfigurationsResponse" description: Success "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: Get a list of metrics tags: - Metrics x-pagination: cursorParam: page[cursor] cursorPath: meta.pagination.next_cursor limitParam: page[size] resultsPath: data "x-permission": operator: OR permissions: - metrics_read /api/v2/metrics/config/bulk-tags: delete: description: |- Delete all custom lists of queryable tag keys for a set of existing count, gauge, rate, and distribution metrics. Metrics are selected by passing a metric name prefix. Results can be sent to a set of account email addresses, just like the same operation in the Datadog web app. Can only be used with application keys of users with the `Manage Tags for Metrics` permission. operationId: DeleteBulkTagsMetricsConfiguration requestBody: content: application/json: examples: default: value: data: attributes: emails: - sue@example.com - bob@example.com id: kafka.lag type: metric_bulk_configure_tags schema: $ref: "#/components/schemas/MetricBulkTagConfigDeleteRequest" required: true responses: "202": content: application/json: examples: default: value: data: attributes: emails: - test@example.com status: Accepted id: kafka.lag type: metric_bulk_configure_tags schema: $ref: "#/components/schemas/MetricBulkTagConfigResponse" description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: Delete tags for multiple metrics tags: - Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - metric_tags_write post: description: |- Create and define a list of queryable tag keys for a set of existing count, gauge, rate, and distribution metrics. Metrics are selected by passing a metric name prefix. Use the Delete method of this API path to remove tag configurations. Results can be sent to a set of account email addresses, just like the same operation in the Datadog web app. If multiple calls include the same metric, the last configuration applied (not by submit order) is used, do not expect deterministic ordering of concurrent calls. The `exclude_tags_mode` value will set all metrics that match the prefix to the same exclusion state, metric tag configurations do not support mixed inclusion and exclusion for tags on the same metric. Can only be used with application keys of users with the `Manage Tags for Metrics` permission. operationId: CreateBulkTagsMetricsConfiguration requestBody: content: application/json: examples: default: value: data: attributes: emails: - sue@example.com - bob@example.com tags: - host - pod_name - is_shadow id: kafka.lag type: metric_bulk_configure_tags schema: $ref: "#/components/schemas/MetricBulkTagConfigCreateRequest" required: true responses: "202": content: application/json: examples: default: value: data: attributes: emails: - test@example.com tags: - host id: kafka.lag type: metric_bulk_configure_tags schema: $ref: "#/components/schemas/MetricBulkTagConfigResponse" description: Accepted "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: Configure tags for multiple metrics tags: - Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - metric_tags_write /api/v2/metrics/{metric_name}/active-configurations: get: description: |- List tags and aggregations that are actively queried on dashboards, notebooks, monitors, the Metrics Explorer, and using the API for a given metric name. operationId: ListActiveMetricConfigurations parameters: - $ref: "#/components/parameters/MetricName" - description: |- The number of seconds of look back (from now). Default value is 604,800 (1 week), minimum value is 7200 (2 hours), maximum value is 2,630,000 (1 month). example: 7200 in: query name: window[seconds] required: false schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: active_aggregations: - space: avg time: avg active_tags: - app id: http.endpoint.request type: actively_queried_configurations schema: $ref: "#/components/schemas/MetricSuggestedTagsAndAggregationsResponse" description: Success "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: List active tags and aggregations tags: - Metrics "x-permission": operator: OR permissions: - metrics_read /api/v2/metrics/{metric_name}/all-tags: get: description: |- View indexed and ingested tags for a given metric name. Results are filtered by the `window[seconds]` parameter, which defaults to 14400 (4 hours). operationId: ListTagsByMetricName parameters: - $ref: "#/components/parameters/MetricName" - description: |- The number of seconds of look back (from now) to query for tag data. Default value is 14400 (4 hours), minimum value is 14400 (4 hours). example: 14400 in: query name: window[seconds] required: false schema: format: int64 type: integer - description: |- Filter results to tags from data points that have the specified tags. For example, `filter[tags]=env:staging,host:123` returns tags only from data points with both `env:staging` and `host:123`. example: "env:staging,host:123" in: query name: filter[tags] required: false schema: type: string - description: |- Filter returned tags to those matching a substring. For example, `filter[match]=env` returns tags like `env:prod`, `environment:staging`, etc. example: "env" in: query name: filter[match] required: false schema: type: string - description: |- Whether to include tag values in the response. Defaults to true. example: true in: query name: filter[include_tag_values] required: false schema: type: boolean - description: |- Whether to allow partial results. Defaults to false. example: false in: query name: filter[allow_partial] required: false schema: type: boolean - description: Maximum number of results to return. example: 1000 in: query name: page[limit] required: false schema: default: 1000000 format: int32 maximum: 1000000 minimum: 1 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: tags: - "env:prod" - "host:myhost" id: system.cpu.user type: metrics schema: $ref: "#/components/schemas/MetricAllTagsResponse" description: Success "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: List tags by metric name tags: - Metrics "x-permission": operator: OR permissions: - metrics_read /api/v2/metrics/{metric_name}/assets: get: description: Returns dashboards, monitors, notebooks, and SLOs that a metric is stored in, if any. Updated every 24 hours. operationId: ListMetricAssets parameters: - $ref: "#/components/parameters/MetricName" responses: "200": content: application/json: examples: default: value: data: id: http.endpoint.request relationships: dashboards: data: [] monitors: data: [] notebooks: data: [] type: metrics schema: $ref: "#/components/schemas/MetricAssetsResponse" description: Success "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Related Assets to a Metric tags: - Metrics /api/v2/metrics/{metric_name}/estimate: get: description: Returns the estimated cardinality for a metric with a given tag, percentile and number of aggregations configuration using Metrics without Limits™. operationId: EstimateMetricsOutputSeries parameters: - $ref: "#/components/parameters/MetricName" - description: |- Comma-separated list of tag keys that the metric is configured to query with. For example: `filter[groups]=app,host`. example: "app,host" in: query name: filter[groups] required: false schema: type: string - description: The number of hours of look back (from now) to estimate cardinality with. If unspecified, it defaults to 0 hours. example: 49 in: query name: filter[hours_ago] required: false schema: format: int32 maximum: 2147483647 minimum: 49 type: integer - description: Deprecated. Number of aggregations has no impact on volume. example: 1 in: query name: filter[num_aggregations] required: false schema: format: int32 maximum: 9 type: integer - description: A boolean, for distribution metrics only, to estimate cardinality if the metric includes additional percentile aggregators. example: true in: query name: filter[pct] required: false schema: type: boolean - description: A window, in hours, from the look back to estimate cardinality with. The minimum and default is 1 hour. example: 6 in: query name: filter[timespan_h] required: false schema: format: int32 maximum: 2147483647 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: estimate_type: count_or_gauge estimated_at: "2024-01-01T00:00:00+00:00" estimated_output_series: 50 id: system.cpu.user type: metric_cardinality_estimate schema: $ref: "#/components/schemas/MetricEstimateResponse" description: Success "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: Tag Configuration Cardinality Estimator tags: - Metrics "x-permission": operator: OPEN permissions: [] /api/v2/metrics/{metric_name}/tag-cardinalities: get: description: Returns the cardinality details of tags for a specific metric. operationId: GetMetricTagCardinalityDetails parameters: - $ref: "#/components/parameters/MetricName" responses: "200": content: application/json: examples: default: value: data: [] meta: {} schema: $ref: "#/components/schemas/MetricTagCardinalitiesResponse" description: Success "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too Many Requests summary: Get tag key cardinality details tags: - Metrics "x-permission": operator: OR permissions: - metrics_read /api/v2/metrics/{metric_name}/tags: delete: description: |- Deletes a metric's tag configuration. Can only be used with application keys from users with the `Manage Tags for Metrics` permission. Note: This operation is irreversible. operationId: DeleteTagConfiguration parameters: - $ref: "#/components/parameters/MetricName" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: Delete a tag configuration tags: - Metrics "x-permission": operator: OR permissions: - metric_tags_write get: description: Returns the tag configuration for the given metric name. operationId: ListTagConfigurationByName parameters: - $ref: "#/components/parameters/MetricName" responses: "200": content: application/json: examples: default: value: data: attributes: metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags schema: $ref: "#/components/schemas/MetricTagConfigurationResponse" description: Success "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: List tag configuration by name tags: - Metrics "x-permission": operator: OR permissions: - metrics_read patch: description: |- Update the tag configuration of a metric or percentile aggregations of a distribution metric or custom aggregations of a count, rate, or gauge metric. By setting `exclude_tags_mode` to true the behavior is changed from an allow-list to a deny-list, and tags in the defined list will not be queryable. Can only be used with application keys from users with the `Manage Tags for Metrics` permission. This endpoint requires a tag configuration to be created first. operationId: UpdateTagConfiguration parameters: - $ref: "#/components/parameters/MetricName" requestBody: content: application/json: examples: default: value: data: attributes: group_by: - app - datacenter include_percentiles: false id: http.endpoint.request type: manage_tags schema: $ref: "#/components/schemas/MetricTagConfigurationUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags schema: $ref: "#/components/schemas/MetricTagConfigurationResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: Update a tag configuration tags: - Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - metric_tags_write post: description: |- Create and define a list of queryable tag keys for an existing count/gauge/rate/distribution metric. Optionally, include percentile aggregations on any distribution metric. By setting `exclude_tags_mode` to true, the behavior is changed from an allow-list to a deny-list, and tags in the defined list are not queryable. Can only be used with application keys of users with the `Manage Tags for Metrics` permission. operationId: CreateTagConfiguration parameters: - $ref: "#/components/parameters/MetricName" requestBody: content: application/json: examples: default: value: data: attributes: include_percentiles: false metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags schema: $ref: "#/components/schemas/MetricTagConfigurationCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags schema: $ref: "#/components/schemas/MetricTagConfigurationResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: Create a tag configuration tags: - Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - metric_tags_write /api/v2/metrics/{metric_name}/volumes: get: description: |- View hourly average metric volumes for the given metric name over the look back period. Custom metrics generated in-app from other products will return `null` for ingested volumes. operationId: ListVolumesByMetricName parameters: - $ref: "#/components/parameters/MetricName" - description: |- The number of seconds of look back (from now). Default value is 3,600 (1 hour), maximum value is 2,592,000 (1 month). example: 7200 in: query name: window[seconds] required: false schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: indexed_volume: 100 ingested_volume: 200 id: http.endpoint.request type: metric_volumes schema: $ref: "#/components/schemas/MetricVolumesResponse" description: Success "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too Many Requests summary: List distinct metric volumes by metric name tags: - Metrics "x-permission": operator: OPEN permissions: [] /api/v2/monitor/notification_rule: get: description: Returns a list of all monitor notification rules. operationId: GetMonitorNotificationRules parameters: - description: The page to start paginating from. If `page` is not specified, the argument defaults to the first page. in: query name: page required: false schema: format: int32 maximum: 1000000 minimum: 0 type: integer - description: The number of rules to return per page. If `per_page` is not specified, the argument defaults to 100. in: query name: per_page required: false schema: format: int32 maximum: 1000 minimum: 1 type: integer - description: |- String for sort order, composed of field and sort order separated by a colon, for example `name:asc`. Supported sort directions: `asc`, `desc`. Supported fields: `name`, `created_at`. in: query name: sort required: false schema: type: string - description: |- JSON-encoded filter object. Supported keys: * `text`: Free-text query matched against rule name, tags, and recipients. * `tags`: Array of strings. Return rules that have any of these tags. * `recipients`: Array of strings. Return rules that have any of these recipients. example: '{"text":"error","tags":["env:prod","team:my-team"],"recipients":["slack-monitor-app","email@example.com"]}' in: query name: filters required: false schema: type: string - description: |- Comma-separated list of resource paths for related resources to include in the response. Supported resource path is `created_by`. in: query name: include required: false schema: example: "created_by" type: string responses: "200": content: application/json: examples: default: value: data: - attributes: filter: scope: "team:product" name: A notification rule name recipients: - slack-test-channel id: "00000000-0000-1234-0000-000000000000" type: monitor-notification-rule schema: $ref: "#/components/schemas/MonitorNotificationRuleListResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get all monitor notification rules tags: - Monitors x-permission: operator: OR permissions: - monitors_read post: description: Creates a monitor notification rule. operationId: CreateMonitorNotificationRule requestBody: content: application/json: examples: default: value: data: attributes: filter: tags: - team:product - host:abc name: A notification rule name recipients: - slack-test-channel - jira-test type: monitor-notification-rule schema: $ref: "#/components/schemas/MonitorNotificationRuleCreateRequest" description: Request body to create a monitor notification rule. required: true responses: "200": content: application/json: examples: default: value: data: attributes: filter: scope: "team:product" name: A notification rule name recipients: - slack-test-channel id: "00000000-0000-1234-0000-000000000000" type: monitor-notification-rule schema: $ref: "#/components/schemas/MonitorNotificationRuleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a monitor notification rule tags: - Monitors x-permission: operator: OR permissions: - monitor_config_policy_write /api/v2/monitor/notification_rule/{rule_id}: delete: description: Deletes a monitor notification rule by `rule_id`. operationId: DeleteMonitorNotificationRule parameters: - description: ID of the monitor notification rule to delete. in: path name: rule_id required: true schema: type: string responses: "204": description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a monitor notification rule tags: - Monitors x-permission: operator: OR permissions: - monitor_config_policy_write get: description: Returns a monitor notification rule by `rule_id`. operationId: GetMonitorNotificationRule parameters: - description: ID of the monitor notification rule to fetch. in: path name: rule_id required: true schema: type: string - description: |- Comma-separated list of resource paths for related resources to include in the response. Supported resource path is `created_by`. in: query name: include required: false schema: example: "created_by" type: string responses: "200": content: application/json: examples: default: value: data: attributes: filter: scope: "team:product" name: A notification rule name recipients: - slack-test-channel id: "00000000-0000-1234-0000-000000000000" type: monitor-notification-rule schema: $ref: "#/components/schemas/MonitorNotificationRuleResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get a monitor notification rule tags: - Monitors x-permission: operator: OR permissions: - monitors_read patch: description: Updates a monitor notification rule by `rule_id`. operationId: UpdateMonitorNotificationRule parameters: - description: ID of the monitor notification rule to update. in: path name: rule_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: filter: tags: - team:product - host:abc name: A notification rule name recipients: - slack-test-channel - jira-test id: 00000000-0000-1234-0000-000000000000 type: monitor-notification-rule schema: $ref: "#/components/schemas/MonitorNotificationRuleUpdateRequest" description: Request body to update the monitor notification rule. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" filter: scope: "team:product AND host:abc" modified: "2024-01-01T00:00:00+00:00" name: A notification rule name recipients: - slack-test-channel - jira-test id: "00000000-0000-1234-0000-000000000000" type: monitor-notification-rule schema: $ref: "#/components/schemas/MonitorNotificationRuleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a monitor notification rule tags: - Monitors x-codegen-request-body-name: body x-permission: operator: OR permissions: - monitor_config_policy_write /api/v2/monitor/policy: get: description: Get all monitor configuration policies. operationId: ListMonitorConfigPolicies responses: "200": content: application/json: examples: default: value: data: - attributes: policy: tag_key: datacenter tag_key_required: true valid_tag_values: - prod - staging policy_type: tag id: "00000000-0000-1234-0000-000000000000" type: monitor-config-policy schema: $ref: "#/components/schemas/MonitorConfigPolicyListResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get all monitor configuration policies tags: - Monitors "x-permission": operator: OR permissions: - monitors_read post: description: Create a monitor configuration policy. operationId: CreateMonitorConfigPolicy requestBody: content: application/json: examples: default: value: data: attributes: policy: tag_key: datacenter tag_key_required: true valid_tag_values: - prod - staging policy_type: tag type: monitor-config-policy schema: $ref: "#/components/schemas/MonitorConfigPolicyCreateRequest" description: Create a monitor configuration policy request body. required: true responses: "200": content: application/json: examples: default: value: data: attributes: policy: tag_key: datacenter tag_key_required: true valid_tag_values: - prod - staging policy_type: tag id: "00000000-0000-1234-0000-000000000000" type: monitor-config-policy schema: $ref: "#/components/schemas/MonitorConfigPolicyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a monitor configuration policy tags: - Monitors x-codegen-request-body-name: body "x-permission": operator: OR permissions: - monitor_config_policy_write /api/v2/monitor/policy/{policy_id}: delete: description: Delete a monitor configuration policy. operationId: DeleteMonitorConfigPolicy parameters: - description: ID of the monitor configuration policy. in: path name: policy_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a monitor configuration policy tags: - Monitors "x-permission": operator: OR permissions: - monitor_config_policy_write get: description: Get a monitor configuration policy by `policy_id`. operationId: GetMonitorConfigPolicy parameters: - description: ID of the monitor configuration policy. in: path name: policy_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string responses: "200": content: application/json: examples: default: value: data: attributes: policy: tag_key: datacenter tag_key_required: true valid_tag_values: - prod - staging policy_type: tag id: "00000000-0000-1234-0000-000000000000" type: monitor-config-policy schema: $ref: "#/components/schemas/MonitorConfigPolicyResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get a monitor configuration policy tags: - Monitors "x-permission": operator: OR permissions: - monitors_read patch: description: Edit a monitor configuration policy. operationId: UpdateMonitorConfigPolicy parameters: - description: ID of the monitor configuration policy. in: path name: policy_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string requestBody: content: application/json: examples: default: value: data: attributes: policy: tag_key: datacenter tag_key_required: true valid_tag_values: - prod - staging policy_type: tag id: 00000000-0000-1234-0000-000000000000 type: monitor-config-policy schema: $ref: "#/components/schemas/MonitorConfigPolicyEditRequest" description: Description of the update. required: true responses: "200": content: application/json: examples: default: value: data: attributes: policy: tag_key: datacenter tag_key_required: true valid_tag_values: - prod - staging policy_type: tag id: "00000000-0000-1234-0000-000000000000" type: monitor-config-policy schema: $ref: "#/components/schemas/MonitorConfigPolicyResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Edit a monitor configuration policy tags: - Monitors x-codegen-request-body-name: body "x-permission": operator: OR permissions: - monitor_config_policy_write /api/v2/monitor/template: get: description: Retrieve all monitor user templates. operationId: ListMonitorUserTemplates responses: "200": content: application/json: examples: default: value: data: - attributes: created: "2024-01-01T00:00:00+00:00" description: This is a template for monitoring user activity. modified: "2024-01-01T00:00:00+00:00" monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure title: Postgres CPU Monitor version: 1 id: "00000000-0000-1234-0000-000000000000" type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateListResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get all monitor user templates tags: - Monitors "x-permission": operator: OR permissions: - monitors_read x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new monitor user template. operationId: CreateMonitorUserTemplate requestBody: content: application/json: examples: default: value: data: attributes: description: This is a template for monitoring user activity. monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure template_variables: - available_values: - value1 - value2 defaults: - defaultValue name: regionName tag_key: datacenter title: Postgres CPU Monitor type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" description: This is a template for monitoring user activity. modified: "2024-01-01T00:00:00+00:00" monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure title: Postgres CPU Monitor version: 1 id: "00000000-0000-1234-0000-000000000000" type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateCreateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a monitor user template tags: - Monitors "x-permission": operator: OR permissions: - monitor_config_policy_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/monitor/template/validate: post: description: Validate the structure and content of a monitor user template. operationId: ValidateMonitorUserTemplate requestBody: content: application/json: examples: default: value: data: attributes: description: This is a template for monitoring user activity. monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure template_variables: - available_values: - value1 - value2 defaults: - defaultValue name: regionName tag_key: datacenter title: Postgres CPU Monitor type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateCreateRequest" required: true responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Validate a monitor user template tags: - Monitors "x-permission": operator: OR permissions: - monitor_config_policy_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/monitor/template/{template_id}: delete: description: Delete an existing monitor user template by its ID. operationId: DeleteMonitorUserTemplate parameters: - description: ID of the monitor user template. in: path name: template_id required: true schema: type: string responses: "204": description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a monitor user template tags: - Monitors "x-permission": operator: OR permissions: - monitor_config_policy_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Retrieve a monitor user template by its ID. operationId: GetMonitorUserTemplate parameters: - description: ID of the monitor user template. in: path name: template_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string - description: Whether to include all versions of the template in the response in the versions field. example: false in: query name: with_all_versions required: false schema: type: boolean responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" description: This is a template for monitoring user activity. modified: "2024-01-01T00:00:00+00:00" monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure title: Postgres CPU Monitor version: 1 id: "00000000-0000-1234-0000-000000000000" type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get a monitor user template tags: - Monitors "x-permission": operator: OR permissions: - monitors_read x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). put: description: Creates a new version of an existing monitor user template. operationId: UpdateMonitorUserTemplate parameters: - description: ID of the monitor user template. in: path name: template_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: description: This is a template for monitoring user activity. monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure template_variables: - available_values: - value1 - value2 defaults: - defaultValue name: regionName tag_key: datacenter title: Postgres CPU Monitor id: 00000000-0000-1234-0000-000000000000 type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created: "2024-01-01T00:00:00+00:00" description: This is a template for monitoring user activity. modified: "2024-01-01T00:00:00+00:00" monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure title: Postgres CPU Monitor version: 2 id: "00000000-0000-1234-0000-000000000000" type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a monitor user template to a new version tags: - Monitors "x-permission": operator: OR permissions: - monitor_config_policy_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/monitor/template/{template_id}/validate: post: description: Validate the structure and content of an existing monitor user template being updated to a new version. operationId: ValidateExistingMonitorUserTemplate parameters: - description: ID of the monitor user template. in: path name: template_id required: true schema: example: "00000000-0000-1234-0000-000000000000" type: string requestBody: content: application/json: examples: default: value: data: attributes: description: This is a template for monitoring user activity. monitor_definition: message: You may need to add web hosts if this is consistently high. name: Bytes received on host0 query: avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100 type: query alert tags: - product:Our Custom App - integration:Azure template_variables: - available_values: - value1 - value2 defaults: - defaultValue name: regionName tag_key: datacenter title: Postgres CPU Monitor id: 00000000-0000-1234-0000-000000000000 type: monitor-user-template schema: $ref: "#/components/schemas/MonitorUserTemplateUpdateRequest" required: true responses: "204": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Validate an existing monitor user template tags: - Monitors "x-permission": operator: OR permissions: - monitor_config_policy_write x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/monitor/{monitor_id}/downtime_matches: get: description: Get all active downtimes for the specified monitor. operationId: ListMonitorDowntimes parameters: - description: The id of the monitor. in: path name: monitor_id required: true schema: format: int64 type: integer - $ref: "#/components/parameters/PageOffset" - description: Maximum number of downtimes in the response. example: 100 in: query name: page[limit] required: false schema: default: 30 format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: end: "2024-01-01T01:00:00+00:00" groups: - service:postgres scope: env:(staging OR prod) AND datacenter:us-east-1 start: "2024-01-01T00:00:00+00:00" id: "00000000-0000-1234-0000-000000000000" type: downtime_match meta: page: total_filtered_count: 1 schema: $ref: "#/components/schemas/MonitorDowntimeMatchResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Monitor Not Found error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Get active downtimes for a monitor tags: - Downtimes x-codegen-request-body-name: body x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data "x-permission": operator: OR permissions: - monitors_downtime /api/v2/ndm/devices: get: description: Get the list of devices. operationId: ListDevices parameters: - $ref: "#/components/parameters/NDMPageSize" - $ref: "#/components/parameters/NDMPageNumber" - description: The field to sort the devices by. Defaults to `name`. example: status in: query name: sort required: false schema: default: name type: string - description: Filter devices by tag. example: status:ok in: query name: filter[tag] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: device_type: other integration: snmp ip_address: 1.2.3.4 name: example device status: ok id: foiwf7rgw38fh type: device meta: page: total_filtered_count: 1 schema: $ref: "#/components/schemas/ListDevicesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the list of devices tags: - Network Device Monitoring x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data /api/v2/ndm/devices/{device_id}: get: description: Get the device details. operationId: GetDevice parameters: - description: The id of the device to fetch. example: example:1.2.3.4 in: path name: device_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: device_type: other integration: snmp ip_address: 1.2.3.4 model: xx-123 name: example device status: ok vendor: example vendor id: foiwf7rgw38fh type: device schema: $ref: "#/components/schemas/GetDeviceResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the device details tags: - Network Device Monitoring /api/v2/ndm/interfaces: get: description: Get the list of interfaces of the device. operationId: GetInterfaces parameters: - description: The ID of the device to get interfaces from. example: example:1.2.3.4 in: query name: device_id required: true schema: type: string - description: Whether to get the IP addresses of the interfaces. example: true in: query name: get_ip_addresses required: false schema: type: boolean responses: "200": content: application/json: examples: default: value: data: - attributes: description: a network interface index: 99 mac_address: 00:00:00:00:00:00 name: if0 status: up id: foiwf7rgw38fh:99 type: interface schema: $ref: "#/components/schemas/GetInterfacesResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the list of interfaces of the device tags: - Network Device Monitoring /api/v2/ndm/tags/devices/{device_id}: get: description: Get the list of tags for a device. operationId: ListDeviceUserTags parameters: - description: The id of the device to fetch tags for. example: example:1.2.3.4 in: path name: device_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: tags: - "tag:test" - "tag:testbis" id: foiwf7rgw38fh type: tags schema: $ref: "#/components/schemas/ListTagsResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the list of tags for a device tags: - Network Device Monitoring patch: description: Update the tags for a device. operationId: UpdateDeviceUserTags parameters: - description: The id of the device to update tags for. example: example:1.2.3.4 in: path name: device_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: tags: - tag:test - tag:testbis id: example:1.2.3.4 type: tags schema: $ref: "#/components/schemas/ListTagsResponse" required: true responses: "200": content: application/json: examples: default: value: data: attributes: tags: - "tag:test" - "tag:testbis" id: foiwf7rgw38fh type: tags schema: $ref: "#/components/schemas/ListTagsResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update the tags for a device tags: - Network Device Monitoring /api/v2/ndm/tags/interfaces/{interface_id}: get: description: Returns the tags associated with the specified interface. operationId: ListInterfaceUserTags parameters: - description: The ID of the interface for which to retrieve tags. example: example:1.2.3.4:1 in: path name: interface_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: tags: - "tag:test" - "tag:testbis" id: foiwf7rgw38fh:1 type: tags schema: $ref: "#/components/schemas/ListInterfaceTagsResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List tags for an interface tags: - Network Device Monitoring patch: description: Updates the tags associated with the specified interface. operationId: UpdateInterfaceUserTags parameters: - description: The ID of the interface for which to update tags. example: example:1.2.3.4:1 in: path name: interface_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: tags: - tag:test - tag:testbis id: example:1.2.3.4:1 type: tags schema: $ref: "#/components/schemas/ListInterfaceTagsResponse" required: true responses: "200": content: application/json: examples: default: value: data: attributes: tags: - "tag:test" - "tag:testbis" id: foiwf7rgw38fh:1 type: tags schema: $ref: "#/components/schemas/ListInterfaceTagsResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update the tags for an interface tags: - Network Device Monitoring /api/v2/network/connections/aggregate: get: description: Get all aggregated connections. operationId: GetAggregatedConnections parameters: - description: Unix timestamp (number of seconds since epoch) of the start of the query window. If not provided, the start of the query window is 15 minutes before the `to` timestamp. If neither `from` nor `to` are provided, the query window is `[now - 15m, now]`. in: query name: from schema: format: int64 type: integer - description: Unix timestamp (number of seconds since epoch) of the end of the query window. If not provided, the end of the query window is the current time. If neither `from` nor `to` are provided, the query window is `[now - 15m, now]`. in: query name: to schema: format: int64 type: integer - description: Comma-separated list of fields to group connections by. The maximum number of group_by(s) is 10. in: query name: group_by schema: type: string - description: Comma-separated list of tags to filter connections by. in: query name: tags schema: type: string - description: The number of connections to be returned. The maximum value is 7500. The default is 100. in: query name: limit schema: default: 100 format: int32 maximum: 7500 minimum: 1 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: bytes_sent_by_client: 100 bytes_sent_by_server: 200 packets_sent_by_client: 10 packets_sent_by_server: 20 id: abc-123 type: aggregated_connection schema: $ref: "#/components/schemas/SingleAggregatedConnectionResponseArray" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all aggregated connections tags: - Cloud Network Monitoring /api/v2/network/dns/aggregate: get: description: Get all aggregated DNS traffic. operationId: GetAggregatedDns parameters: - description: Unix timestamp (number of seconds since epoch) of the start of the query window. If not provided, the start of the query window is 15 minutes before the `to` timestamp. If neither `from` nor `to` are provided, the query window is `[now - 15m, now]`. in: query name: from schema: format: int64 type: integer - description: Unix timestamp (number of seconds since epoch) of the end of the query window. If not provided, the end of the query window is the current time. If neither `from` nor `to` are provided, the query window is `[now - 15m, now]`. in: query name: to schema: format: int64 type: integer - description: Comma-separated list of fields to group DNS traffic by. The server side defaults to `network.dns_query` if unspecified. `server_ungrouped` may be used if groups are not desired. The maximum number of group_by(s) is 10. in: query name: group_by schema: type: string - description: Comma-separated list of tags to filter DNS traffic by. in: query name: tags schema: type: string - description: The number of aggregated DNS entries to be returned. The maximum value is 7500. The default is 100. in: query name: limit schema: default: 100 format: int32 maximum: 7500 minimum: 1 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: group_bys: - key: client_service value: test-service - key: network.dns_query value: example.com metrics: - key: dns_total_requests value: 100 id: abc-123 type: aggregated_dns schema: $ref: "#/components/schemas/SingleAggregatedDnsResponseArray" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all aggregated DNS traffic tags: - Cloud Network Monitoring /api/v2/obs-pipelines/pipelines: get: description: Retrieve a list of pipelines. operationId: ListPipelines parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" responses: "200": content: application/json: examples: default: value: data: - attributes: config: destinations: - id: datadog-logs-destination inputs: - datadog-agent-source type: datadog_logs sources: - id: datadog-agent-source type: datadog_agent name: Main Observability Pipeline id: 00000000-0000-0000-0000-000000000001 type: pipelines schema: $ref: "#/components/schemas/ListPipelinesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List pipelines tags: - Observability Pipelines "x-permission": operator: OR permissions: - observability_pipelines_read post: description: Create a new pipeline. operationId: CreatePipeline requestBody: content: application/json: examples: default: value: data: attributes: config: destinations: - id: datadog-logs-destination inputs: - my-processor-group type: datadog_logs pipeline_type: logs processor_groups: - enabled: true id: my-processor-group include: service:my-service inputs: - datadog-agent-source processors: - enabled: true id: filter-processor include: status:error type: filter - enabled: true field: message id: json-processor include: "*" type: parse_json processors: [] sources: - id: datadog-agent-source type: datadog_agent name: Main Observability Pipeline type: pipelines schema: $ref: "#/components/schemas/ObservabilityPipelineSpec" required: true responses: "201": content: application/json: examples: default: value: data: attributes: config: destinations: - id: datadog-logs-destination inputs: - datadog-agent-source type: datadog_logs sources: - id: datadog-agent-source type: datadog_agent name: Main Observability Pipeline id: 00000000-0000-0000-0000-000000000002 type: pipelines schema: $ref: "#/components/schemas/ObservabilityPipeline" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a new pipeline tags: - Observability Pipelines "x-permission": operator: OR permissions: - observability_pipelines_deploy /api/v2/obs-pipelines/pipelines/validate: post: description: |- Validates a pipeline configuration without creating or updating any resources. Returns a list of validation errors, if any. operationId: ValidatePipeline requestBody: content: application/json: examples: default: value: data: attributes: config: destinations: - id: datadog-logs-destination inputs: - my-processor-group type: datadog_logs pipeline_type: logs processor_groups: - enabled: true id: my-processor-group include: service:my-service inputs: - datadog-agent-source processors: - enabled: true id: filter-processor include: status:error type: filter - enabled: true field: message id: json-processor include: "*" type: parse_json processors: [] sources: - id: datadog-agent-source type: datadog_agent name: Main Observability Pipeline type: pipelines schema: $ref: "#/components/schemas/ObservabilityPipelineSpec" required: true responses: "200": content: application/json: examples: default: value: errors: [] schema: $ref: "#/components/schemas/ValidationResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Validate an observability pipeline tags: - Observability Pipelines "x-permission": operator: OR permissions: - observability_pipelines_read /api/v2/obs-pipelines/pipelines/{pipeline_id}: delete: description: Delete a pipeline. operationId: DeletePipeline parameters: - description: The ID of the pipeline to delete. in: path name: pipeline_id required: true schema: type: string responses: "204": description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a pipeline tags: - Observability Pipelines "x-permission": operator: OR permissions: - observability_pipelines_delete get: description: Get a specific pipeline by its ID. operationId: GetPipeline parameters: - description: The ID of the pipeline to retrieve. in: path name: pipeline_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: config: destinations: - id: datadog-logs-destination inputs: - datadog-agent-source type: datadog_logs sources: - id: datadog-agent-source type: datadog_agent name: Main Observability Pipeline id: 00000000-0000-0000-0000-000000000003 type: pipelines schema: $ref: "#/components/schemas/ObservabilityPipeline" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a specific pipeline tags: - Observability Pipelines "x-permission": operator: OR permissions: - observability_pipelines_read put: description: Update a pipeline. operationId: UpdatePipeline parameters: - description: The ID of the pipeline to update. in: path name: pipeline_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: config: destinations: - id: datadog-logs-destination inputs: - my-processor-group type: datadog_logs pipeline_type: logs processor_groups: - enabled: true id: my-processor-group include: service:my-service inputs: - datadog-agent-source processors: - enabled: true id: filter-processor include: status:error type: filter - enabled: true field: message id: json-processor include: "*" type: parse_json processors: [] sources: - id: datadog-agent-source type: datadog_agent name: Main Observability Pipeline id: 3fa85f64-5717-4562-b3fc-2c963f66afa6 type: pipelines schema: $ref: "#/components/schemas/ObservabilityPipeline" required: true responses: "200": content: application/json: examples: default: value: data: attributes: config: destinations: - id: datadog-logs-destination inputs: - datadog-agent-source type: datadog_logs sources: - id: datadog-agent-source type: datadog_agent name: My Updated Pipeline id: 00000000-0000-0000-0000-000000000004 type: pipelines schema: $ref: "#/components/schemas/ObservabilityPipeline" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a pipeline tags: - Observability Pipelines "x-permission": operator: OR permissions: - observability_pipelines_deploy /api/v2/on-call/escalation-policies: post: description: Create a new On-Call escalation policy operationId: CreateOnCallEscalationPolicy parameters: - description: "Comma-separated list of included relationships to be returned. Allowed values: `teams`, `steps`, `steps.targets`." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 steps: - assignment: default escalate_after_seconds: 3600 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - config: schedule: position: previous id: 00000000-aba2-0000-0000-000000000000 type: schedules - id: 00000000-aba3-0000-0000-000000000000 type: teams - assignment: round-robin escalate_after_seconds: 3600 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-abb1-0000-0000-000000000000 type: users relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies schema: $ref: "#/components/schemas/EscalationPolicyCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 id: 00000000-aba1-0000-0000-000000000000 relationships: steps: data: - id: 00000000-aba1-0000-0000-000000000000 type: steps teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies schema: $ref: "#/components/schemas/EscalationPolicy" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create On-Call escalation policy tags: - On-Call "x-permission": operator: AND permissions: - on_call_write /api/v2/on-call/escalation-policies/{policy_id}: delete: description: Delete an On-Call escalation policy operationId: DeleteOnCallEscalationPolicy parameters: - description: The ID of the escalation policy in: path name: policy_id required: true schema: example: a3000000-0000-0000-0000-000000000000 type: string responses: "204": description: No Content "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete On-Call escalation policy tags: - On-Call "x-permission": operator: AND permissions: - on_call_write get: description: Get an On-Call escalation policy operationId: GetOnCallEscalationPolicy parameters: - description: The ID of the escalation policy in: path name: policy_id required: true schema: example: a3000000-0000-0000-0000-000000000000 type: string - description: "Comma-separated list of included relationships to be returned. Allowed values: `teams`, `steps`, `steps.targets`." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 id: 00000000-aba1-0000-0000-000000000000 relationships: steps: data: - id: 00000000-aba1-0000-0000-000000000000 type: steps teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies schema: $ref: "#/components/schemas/EscalationPolicy" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get On-Call escalation policy tags: - On-Call "x-permission": operator: AND permissions: - on_call_read put: description: Update an On-Call escalation policy operationId: UpdateOnCallEscalationPolicy parameters: - description: The ID of the escalation policy in: path name: policy_id required: true schema: example: a3000000-0000-0000-0000-000000000000 type: string - description: "Comma-separated list of included relationships to be returned. Allowed values: `teams`, `steps`, `steps.targets`." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: false retries: 2 steps: - assignment: default escalate_after_seconds: 3600 id: 00000000-aba1-0000-0000-000000000000 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules id: a3000000-0000-0000-0000-000000000000 relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies schema: $ref: "#/components/schemas/EscalationPolicyUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 id: 00000000-aba1-0000-0000-000000000000 relationships: steps: data: - id: 00000000-aba1-0000-0000-000000000000 type: steps teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies schema: $ref: "#/components/schemas/EscalationPolicy" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update On-Call escalation policy tags: - On-Call "x-permission": operator: AND permissions: - on_call_write /api/v2/on-call/pages: post: description: |- Trigger a new On-Call Page. operationId: CreateOnCallPage requestBody: content: application/json: examples: default: value: data: attributes: description: Page details. tags: - service:test target: identifier: my-team type: team_handle title: Page title urgency: low type: pages schema: $ref: "#/components/schemas/CreatePageRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 type: pages schema: $ref: "#/components/schemas/CreatePageResponse" description: OK. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - lava.oncall.datadoghq.com - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu x-enum-varnames: - LAVA - SAFFRON - NAVY - CORAL - TEAL - BEIGE - url: "{protocol}://{name}" variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Create On-Call Page tags: - On-Call Paging /api/v2/on-call/pages/{page_id}/acknowledge: post: description: |- Acknowledges an On-Call Page. operationId: AcknowledgeOnCallPage parameters: - description: The page ID. in: path name: page_id required: true schema: example: 15e74b8b-f865-48d0-bcc5-453323ed2c8f format: uuid type: string responses: "202": description: Accepted. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - lava.oncall.datadoghq.com - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu x-enum-varnames: - LAVA - SAFFRON - NAVY - CORAL - TEAL - BEIGE - url: "{protocol}://{name}" variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Acknowledge On-Call Page tags: - On-Call Paging /api/v2/on-call/pages/{page_id}/escalate: post: description: |- Escalates an On-Call Page. operationId: EscalateOnCallPage parameters: - description: The page ID. in: path name: page_id required: true schema: example: 15e74b8b-f865-48d0-bcc5-453323ed2c8f format: uuid type: string responses: "202": description: Accepted. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - lava.oncall.datadoghq.com - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu x-enum-varnames: - LAVA - SAFFRON - NAVY - CORAL - TEAL - BEIGE - url: "{protocol}://{name}" variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Escalate On-Call Page tags: - On-Call Paging /api/v2/on-call/pages/{page_id}/resolve: post: description: |- Resolves an On-Call Page. operationId: ResolveOnCallPage parameters: - description: The page ID. in: path name: page_id required: true schema: example: 15e74b8b-f865-48d0-bcc5-453323ed2c8f format: uuid type: string responses: "202": description: Accepted. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - lava.oncall.datadoghq.com - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu x-enum-varnames: - LAVA - SAFFRON - NAVY - CORAL - TEAL - BEIGE - url: "{protocol}://{name}" variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Resolve On-Call Page tags: - On-Call Paging /api/v2/on-call/schedules: post: description: Create a new On-Call schedule operationId: CreateOnCallSchedule parameters: - description: "Comma-separated list of included relationships to be returned. Allowed values: `teams`, `layers`, `layers.members`, `layers.members.user`." in: query name: include schema: type: string requestBody: content: "application/json": examples: default: value: data: attributes: layers: - effective_date: "2025-02-03T05:00:00Z" end_date: "2025-12-31T00:00:00Z" interval: days: 1 members: - user: id: 00000000-aba1-0000-0000-000000000000 name: Layer 1 restrictions: - end_day: friday end_time: "17:00:00" start_day: monday start_time: 09:00:00 rotation_start: "2025-02-01T00:00:00Z" name: On-Call Schedule time_zone: America/New_York relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules schema: $ref: "#/components/schemas/ScheduleCreateRequest" required: true responses: "201": content: "application/json": examples: default: value: data: attributes: name: On-Call Schedule time_zone: America/New_York id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d relationships: layers: data: - id: 00000000-0000-0000-0000-000000000001 type: layers teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules schema: $ref: "#/components/schemas/Schedule" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create On-Call schedule tags: - On-Call "x-permission": operator: AND permissions: - on_call_write /api/v2/on-call/schedules/{schedule_id}: delete: description: Delete an On-Call schedule operationId: DeleteOnCallSchedule parameters: - description: The ID of the schedule in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string responses: "204": description: No Content "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete On-Call schedule tags: - On-Call "x-permission": operator: AND permissions: - on_call_write get: description: Get an On-Call schedule operationId: GetOnCallSchedule parameters: - description: "Comma-separated list of included relationships to be returned. Allowed values: `teams`, `layers`, `layers.members`, `layers.members.user`." in: query name: include schema: type: string - description: The ID of the schedule in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string responses: "200": content: "application/json": examples: default: value: data: attributes: name: On-Call Schedule time_zone: America/New_York id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d relationships: layers: data: - id: 00000000-0000-0000-0000-000000000001 type: layers teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules schema: $ref: "#/components/schemas/Schedule" description: OK "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get On-Call schedule tags: - On-Call "x-permission": operator: AND permissions: - on_call_read put: description: Update a new On-Call schedule operationId: UpdateOnCallSchedule parameters: - description: "Comma-separated list of included relationships to be returned. Allowed values: `teams`, `layers`, `layers.members`, `layers.members.user`." in: query name: include schema: type: string - description: The ID of the schedule in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string requestBody: content: "application/json": examples: default: value: data: attributes: layers: - effective_date: "2025-02-03T05:00:00Z" end_date: "2025-12-31T00:00:00Z" interval: seconds: 3600 members: - user: id: 00000000-aba1-0000-0000-000000000000 name: Layer 1 restrictions: - end_day: friday end_time: "17:00:00" start_day: monday start_time: 09:00:00 rotation_start: "2025-02-01T00:00:00Z" name: On-Call Schedule Updated time_zone: America/New_York id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules schema: $ref: "#/components/schemas/ScheduleUpdateRequest" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: name: On-Call Schedule time_zone: America/New_York id: 00000000-0000-0000-0000-000000000001 relationships: layers: data: - id: 00000000-0000-0000-0000-000000000002 type: layers teams: data: - id: 00000000-0000-0000-0000-000000000003 type: teams type: schedules schema: $ref: "#/components/schemas/Schedule" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update On-Call schedule tags: - On-Call "x-permission": operator: AND permissions: - on_call_write /api/v2/on-call/schedules/{schedule_id}/on-call: get: description: "Retrieves the user who is on-call for the specified schedule at a given time." operationId: GetScheduleOnCallUser parameters: - description: "Specifies related resources to include in the response as a comma-separated list. Allowed value: `user`." in: query name: include schema: type: string - description: The ID of the schedule. in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string - description: Retrieves the on-call user at the given timestamp in RFC3339 format (for example, `2025-05-07T02:53:01Z` or `2025-05-07T02:53:01+00:00`). When using timezone offsets with `+` or `-`, ensure proper URL encoding (`+` should be encoded as `%2B`). Defaults to the current time if omitted. in: query name: filter[at_ts] schema: example: "2025-05-07T02:53:01Z" type: string responses: "200": content: application/json: examples: default: value: data: attributes: end: "2024-01-01T03:53:01.000000000Z" start: "2024-01-01T02:53:01.000000000Z" id: 00000000-0000-0000-0000-000000000000 relationships: user: data: id: 00000000-aba1-0000-0000-000000000000 type: users type: shifts schema: $ref: "#/components/schemas/Shift" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get scheduled on-call user tags: - On-Call "x-permission": operator: AND permissions: - on_call_read /api/v2/on-call/teams/{team_id}/on-call: get: description: Get a team's on-call users at a given time operationId: GetTeamOnCallUsers parameters: - description: "Comma-separated list of included relationships to be returned. Allowed values: `responders`, `escalations`, `escalations.responders`." in: query name: include schema: type: string - description: The team ID in: path name: team_id required: true schema: example: 27590dae-47be-4a7d-9abf-8f4e45124020 type: string responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 relationships: escalations: data: - id: 00000000-aba1-0000-0000-000000000000 type: escalation_policy_steps responders: data: - id: 00000000-aba1-0000-0000-000000000000 type: users type: team_oncall_responders schema: $ref: "#/components/schemas/TeamOnCallResponders" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get team on-call users tags: - On-Call "x-permission": operator: AND permissions: - on_call_read /api/v2/on-call/teams/{team_id}/routing-rules: get: description: Get a team's On-Call routing rules operationId: GetOnCallTeamRoutingRules parameters: - description: The team ID in: path name: team_id required: true schema: example: 27590dae-47be-4a7d-9abf-8f4e45124020 type: string - description: "Comma-separated list of included relationships to be returned. Allowed values: `rules`, `rules.policy`." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: team_routing_rules schema: $ref: "#/components/schemas/TeamRoutingRules" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get On-Call team routing rules tags: - On-Call "x-permission": operator: AND permissions: - on_call_read put: description: Set a team's On-Call routing rules operationId: SetOnCallTeamRoutingRules parameters: - description: The team ID in: path name: team_id required: true schema: example: 27590dae-47be-4a7d-9abf-8f4e45124020 type: string - description: "Comma-separated list of included relationships to be returned. Allowed values: `rules`, `rules.policy`." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: rules: - actions: policy_id: "" query: tags.service:test time_restriction: restrictions: - end_day: monday end_time: "17:00:00" start_day: monday start_time: 09:00:00 - end_day: tuesday end_time: "17:00:00" start_day: tuesday start_time: 09:00:00 time_zone: "" urgency: high - actions: - channel: channel type: send_slack_message workspace: workspace policy_id: fad4eee1-13f5-40d8-886b-4e56d8d5d1c6 query: "" time_restriction: urgency: low id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: team_routing_rules schema: $ref: "#/components/schemas/TeamRoutingRulesRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 type: team_routing_rules schema: $ref: "#/components/schemas/TeamRoutingRules" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Set On-Call team routing rules tags: - On-Call "x-permission": operator: AND permissions: - on_call_write /api/v2/on-call/users/{user_id}/notification-channels: get: description: List the notification channels for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: ListUserNotificationChannels parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string responses: "200": content: "application/json": examples: default: value: data: - attributes: config: address: test@example.com formats: - html type: email id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: notification_channels schema: $ref: "#/components/schemas/ListNotificationChannelsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List On-Call notification channels for a user tags: - On-Call "x-permission": operator: AND permissions: - on_call_read post: description: Create a new notification channel for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: CreateUserNotificationChannel parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string requestBody: content: "application/json": examples: default: value: data: attributes: config: address: foo@bar.com formats: - html type: email type: notification_channels schema: $ref: "#/components/schemas/CreateUserNotificationChannelRequest" required: true responses: "201": content: "application/json": examples: default: value: data: attributes: config: address: test@example.com formats: - html type: email id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: notification_channels schema: $ref: "#/components/schemas/NotificationChannel" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create an On-Call notification channel for a user tags: - On-Call "x-permission": operator: AND permissions: - on_call_respond /api/v2/on-call/users/{user_id}/notification-channels/{channel_id}: delete: description: Delete a notification channel for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: DeleteUserNotificationChannel parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string - description: The channel ID in: path name: channel_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete an On-Call notification channel for a user tags: - On-Call "x-permission": operator: AND permissions: - on_call_respond get: description: Get a notification channel for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: GetUserNotificationChannel parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string - description: The channel ID in: path name: channel_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string responses: "200": content: "application/json": examples: default: value: data: attributes: config: address: test@example.com formats: - html type: email id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: notification_channels schema: $ref: "#/components/schemas/NotificationChannel" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get an On-Call notification channel for a user tags: - On-Call "x-permission": operator: AND permissions: - on_call_read /api/v2/on-call/users/{user_id}/notification-rules: get: description: List the notification rules for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: ListUserNotificationRules parameters: - description: "Comma-separated list of included relationships to be returned. Allowed values: `channel`." in: query name: include schema: type: string - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string responses: "200": content: "application/json": examples: default: value: data: - attributes: category: high_urgency channel_settings: method: sms type: phone delay_minutes: 1 id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: notification_rules schema: $ref: "#/components/schemas/ListOnCallNotificationRulesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List On-Call notification rules for a user tags: - On-Call "x-permission": operator: AND permissions: - on_call_read post: description: Create a new notification rule for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: CreateUserNotificationRule parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string requestBody: content: "application/json": examples: default: value: data: attributes: category: high_urgency channel_settings: method: sms type: phone delay_minutes: 1 relationships: channel: data: id: 1562fab3-a8c2-49e2-8f3a-28dcda2405e2 type: notification_channels type: notification_rules schema: $ref: "#/components/schemas/CreateOnCallNotificationRuleRequest" required: true responses: "201": content: "application/json": examples: default: value: data: attributes: category: high_urgency channel_settings: method: sms type: phone delay_minutes: 1 id: 00000000-0000-0000-0000-000000000001 relationships: channel: data: id: 00000000-0000-0000-0000-000000000002 type: notification_channels type: notification_rules schema: $ref: "#/components/schemas/OnCallNotificationRule" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create an On-Call notification rule for a user tags: - On-Call "x-permission": operator: AND permissions: - on_call_respond /api/v2/on-call/users/{user_id}/notification-rules/{rule_id}: delete: description: Delete a notification rule for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: DeleteUserNotificationRule parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string - description: The rule ID in: path name: rule_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete an On-Call notification rule for a user tags: - On-Call "x-permission": operator: OR permissions: - on_call_respond get: description: Get a notification rule for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: GetUserNotificationRule parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string - description: The rule ID in: path name: rule_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string - description: "Comma-separated list of included relationships to be returned. Allowed values: `channel`." in: query name: include schema: type: string responses: "200": content: "application/json": examples: default: value: data: attributes: category: high_urgency channel_settings: method: sms type: phone delay_minutes: 1 id: 27590dae-47be-4a7d-9abf-8f4e45124020 relationships: channel: data: id: 1562fab3-a8c2-49e2-8f3a-28dcda2405e2 type: notification_channels type: notification_rules schema: $ref: "#/components/schemas/OnCallNotificationRule" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get an On-Call notification rule for a user tags: - On-Call "x-permission": operator: OR permissions: - on_call_read put: description: Update a notification rule for a user. The authenticated user must be the target user or have the `on_call_admin` permission operationId: UpdateUserNotificationRule parameters: - description: The user ID in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string - description: The rule ID in: path name: rule_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string - description: "Comma-separated list of included relationships to be returned. Allowed values: `channel`." in: query name: include schema: type: string requestBody: content: "application/json": examples: default: value: data: attributes: category: high_urgency channel_settings: method: sms type: phone delay_minutes: 1 id: 2462ace1-49e2-aab1-xc4f-29cc4ae1105n7 relationships: channel: data: id: 1562fab3-a8c2-49e2-8f3a-28dcda2405e2 type: notification_channels type: notification_rules schema: $ref: "#/components/schemas/UpdateOnCallNotificationRuleRequest" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: category: high_urgency channel_settings: method: sms type: phone delay_minutes: 1 id: 27590dae-47be-4a7d-9abf-8f4e45124020 relationships: channel: data: id: 1562fab3-a8c2-49e2-8f3a-28dcda2405e2 type: notification_channels type: notification_rules schema: $ref: "#/components/schemas/OnCallNotificationRule" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update an On-Call notification rule for a user tags: - On-Call "x-permission": operator: OR permissions: - on_call_read /api/v2/org: get: description: Returns the current organization and its managed organizations in JSON:API format. operationId: ListOrgs parameters: - description: Filter managed organizations by name. example: "My Child Org" in: query name: "filter[name]" required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: id: "4dee724d-00cc-11ea-a77b-570c9d03c6c5" relationships: current_org: data: id: "4dee724d-00cc-11ea-a77b-570c9d03c6c5" type: "orgs" managed_orgs: data: - id: "a1b2c3d4-00cc-11ea-a77b-570c9d03c6c5" type: "orgs" type: "managed_orgs" included: - attributes: created_at: "2019-09-26T17:28:28Z" description: "Production organization." disabled: false modified_at: "2024-01-15T10:30:00Z" name: "My Organization" public_id: "abcdef12345" sharing: "none" url: "https://app.datadoghq.com/account/my-org" id: "4dee724d-00cc-11ea-a77b-570c9d03c6c5" type: "orgs" - attributes: created_at: "2020-05-10T12:00:00Z" description: "Child organization." disabled: false modified_at: "2024-06-20T08:15:00Z" name: "My Child Org" public_id: "ghijkl67890" sharing: "none" url: "https://app.datadoghq.com/account/my-child-org" id: "a1b2c3d4-00cc-11ea-a77b-570c9d03c6c5" type: "orgs" schema: $ref: "#/components/schemas/ManagedOrgsResponse" description: OK "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management - org_connections_write summary: List your managed organizations tags: - Organizations "x-permission": operator: OR permissions: - org_management - org_connections_write /api/v2/org_configs: get: description: Returns all Org Configs (name, description, and value). operationId: ListOrgConfigs responses: "200": content: application/json: examples: default: value: data: - attributes: description: Example org config description name: monitor_timezone value: UTC value_type: bool id: abcd1234 type: org_configs schema: {$ref: "#/components/schemas/OrgConfigListResponse"} description: OK "400": {$ref: "#/components/responses/BadRequestResponse"} "401": {$ref: "#/components/responses/UnauthorizedResponse"} "403": {$ref: "#/components/responses/ForbiddenResponse"} "429": {$ref: "#/components/responses/TooManyRequestsResponse"} summary: List Org Configs tags: [Organizations] "x-permission": operator: OPEN permissions: [] /api/v2/org_configs/{org_config_name}: get: description: Return the name, description, and value of a specific Org Config. operationId: GetOrgConfig parameters: [$ref: "#/components/parameters/OrgConfigName"] responses: "200": content: application/json: examples: default: value: data: attributes: description: Example org config description name: monitor_timezone value: UTC value_type: bool id: abcd1234 type: org_configs schema: {$ref: "#/components/schemas/OrgConfigGetResponse"} description: OK "400": {$ref: "#/components/responses/BadRequestResponse"} "401": {$ref: "#/components/responses/UnauthorizedResponse"} "403": {$ref: "#/components/responses/ForbiddenResponse"} "404": {$ref: "#/components/responses/NotFoundResponse"} "429": {$ref: "#/components/responses/TooManyRequestsResponse"} summary: Get a specific Org Config value tags: [Organizations] "x-permission": operator: OPEN permissions: [] patch: description: Update the value of a specific Org Config. operationId: UpdateOrgConfig parameters: [$ref: "#/components/parameters/OrgConfigName"] requestBody: content: application/json: examples: default: value: data: attributes: value: UTC type: org_configs schema: {$ref: "#/components/schemas/OrgConfigWriteRequest"} required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: Example org config description name: monitor_timezone value: UTC value_type: bool id: abcd1234 type: org_configs schema: {$ref: "#/components/schemas/OrgConfigGetResponse"} description: OK "400": {$ref: "#/components/responses/BadRequestResponse"} "401": {$ref: "#/components/responses/UnauthorizedResponse"} "403": {$ref: "#/components/responses/ForbiddenResponse"} "404": {$ref: "#/components/responses/NotFoundResponse"} "429": {$ref: "#/components/responses/TooManyRequestsResponse"} summary: Update a specific Org Config tags: [Organizations] "x-permission": operator: OR permissions: - org_management /api/v2/org_connections: get: description: Returns a list of org connections. operationId: ListOrgConnections parameters: - description: The Org ID of the sink org. example: "0879ce27-29a1-481f-a12e-bc2a48ec9ae1" in: query name: sink_org_id required: false schema: type: string - description: The Org ID of the source org. example: "0879ce27-29a1-481f-a12e-bc2a48ec9ae1" in: query name: source_org_id required: false schema: type: string - description: The limit of number of entries you want to return. Default is 1000. example: 1000 in: query name: limit required: false schema: format: int64 type: integer - description: The pagination offset which you want to query from. Default is 0. example: 0 in: query name: offset required: false schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: connection_types: - logs created_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000001 relationships: {} type: org_connection schema: $ref: "#/components/schemas/OrgConnectionListResponse" description: OK "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_connections_read summary: List Org Connections tags: ["Org Connections"] "x-permission": operator: OR permissions: - org_connections_read post: description: Create a new org connection between the current org and a target org. operationId: CreateOrgConnections requestBody: content: application/json: examples: default: value: data: attributes: connection_types: - logs relationships: sink_org: data: id: f9ec96b0-8c8a-4b0a-9b0a-1b2c3d4e5f6a name: Example Org type: orgs type: org_connection schema: $ref: "#/components/schemas/OrgConnectionCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: connection_types: - logs created_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000002 relationships: {} type: org_connection schema: $ref: "#/components/schemas/OrgConnectionResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_connections_write summary: Create Org Connection tags: ["Org Connections"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - org_connections_write /api/v2/org_connections/{connection_id}: delete: description: Delete an existing org connection. operationId: DeleteOrgConnections parameters: - $ref: "#/components/parameters/OrgConnectionId" responses: "200": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_connections_write summary: Delete Org Connection tags: ["Org Connections"] "x-permission": operator: OR permissions: - org_connections_write patch: description: Update an existing org connection. operationId: UpdateOrgConnections parameters: - $ref: "#/components/parameters/OrgConnectionId" requestBody: content: application/json: examples: default: value: data: attributes: connection_types: - logs - metrics id: f9ec96b0-8c8a-4b0a-9b0a-1b2c3d4e5f6a type: org_connection schema: $ref: "#/components/schemas/OrgConnectionUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: connection_types: - logs - metrics created_at: "2024-01-01T00:00:00+00:00" id: f9ec96b0-8c8a-4b0a-9b0a-1b2c3d4e5f6a type: org_connection schema: $ref: "#/components/schemas/OrgConnectionResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_connections_write summary: Update Org Connection tags: ["Org Connections"] "x-permission": operator: OR permissions: - org_connections_write /api/v2/org_group_memberships: get: description: >- List organization group memberships. Filter by org group ID or org UUID. At least one of `filter[org_group_id]` or `filter[org_uuid]` must be provided. When filtering by org UUID, returns a single-item list with the membership for that org. operationId: ListOrgGroupMemberships parameters: - $ref: "#/components/parameters/OrgGroupMembershipFilterOrgGroupId" - $ref: "#/components/parameters/OrgGroupMembershipFilterOrgUuid" - $ref: "#/components/parameters/OrgGroupPageNumber" - $ref: "#/components/parameters/OrgGroupPageSize" - $ref: "#/components/parameters/MembershipSort" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" org_name: "Acme Corp" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "f1e2d3c4-b5a6-7890-1234-567890abcdef" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_memberships links: first: "https://api.datadoghq.com/api/v2/org_group_memberships?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" last: "https://api.datadoghq.com/api/v2/org_group_memberships?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" next: prev: self: "https://api.datadoghq.com/api/v2/org_group_memberships?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" meta: page: first_number: 0 last_number: 0 next_number: number: 0 prev_number: size: 50 total: 1 type: number_size schema: $ref: "#/components/schemas/OrgGroupMembershipListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List org group memberships tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_group_memberships/bulk: patch: description: >- Move a batch of organizations from one org group to another. This is an atomic operation. Maximum 100 orgs per request. operationId: BulkUpdateOrgGroupMemberships requestBody: content: application/json: examples: default: value: data: attributes: orgs: - org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" relationships: source_org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups target_org_group: data: id: "d4e5f6a7-b890-1234-cdef-567890abcdef" type: org_groups type: org_group_membership_bulk_updates schema: $ref: "#/components/schemas/OrgGroupMembershipBulkUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-16T14:00:00Z" org_name: "Acme Corp" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "f1e2d3c4-b5a6-7890-1234-567890abcdef" relationships: org_group: data: id: "d4e5f6a7-b890-1234-cdef-567890abcdef" type: org_groups type: org_group_memberships schema: $ref: "#/components/schemas/OrgGroupMembershipListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Bulk update org group memberships tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_group_memberships/{org_group_membership_id}: get: description: Get a specific organization group membership by its ID. operationId: GetOrgGroupMembership parameters: - $ref: "#/components/parameters/OrgGroupMembershipId" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" org_name: "Acme Corp" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "f1e2d3c4-b5a6-7890-1234-567890abcdef" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_memberships schema: $ref: "#/components/schemas/OrgGroupMembershipResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an org group membership tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Move an organization to a different org group by updating its membership. operationId: UpdateOrgGroupMembership parameters: - $ref: "#/components/parameters/OrgGroupMembershipId" requestBody: content: application/json: examples: default: value: data: id: "f1e2d3c4-b5a6-7890-1234-567890abcdef" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_memberships schema: $ref: "#/components/schemas/OrgGroupMembershipUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-16T14:00:00Z" org_name: "Acme Corp" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "f1e2d3c4-b5a6-7890-1234-567890abcdef" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_memberships schema: $ref: "#/components/schemas/OrgGroupMembershipResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update an org group membership tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_group_policies: get: description: List policies for an organization group. Requires a filter on org group ID. operationId: ListOrgGroupPolicies parameters: - $ref: "#/components/parameters/OrgGroupPolicyFilterOrgGroupId" - $ref: "#/components/parameters/OrgGroupPolicyFilterPolicyName" - $ref: "#/components/parameters/OrgGroupPageNumber" - $ref: "#/components/parameters/OrgGroupPageSize" - $ref: "#/components/parameters/PolicySort" responses: "200": content: application/json: examples: default: value: data: - attributes: content: value: "UTC" enforcement_tier: "DEFAULT" modified_at: "2024-01-15T10:30:00Z" policy_name: "monitor_timezone" policy_type: "org_config" id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_policies links: first: "https://api.datadoghq.com/api/v2/org_group_policies?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" last: "https://api.datadoghq.com/api/v2/org_group_policies?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" next: prev: self: "https://api.datadoghq.com/api/v2/org_group_policies?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" meta: page: first_number: 0 last_number: 0 next_number: number: 0 prev_number: size: 50 total: 1 type: number_size schema: $ref: "#/components/schemas/OrgGroupPolicyListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List org group policies tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new policy for an organization group. operationId: CreateOrgGroupPolicy requestBody: content: application/json: examples: default: value: data: attributes: content: value: "UTC" enforcement_tier: "DEFAULT" policy_name: "monitor_timezone" policy_type: "org_config" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_policies schema: $ref: "#/components/schemas/OrgGroupPolicyCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: content: value: "UTC" enforcement_tier: "DEFAULT" modified_at: "2024-01-15T10:30:00Z" policy_name: "monitor_timezone" policy_type: "org_config" id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_policies schema: $ref: "#/components/schemas/OrgGroupPolicyResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "409": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an org group policy tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_group_policies/{org_group_policy_id}: delete: description: Delete an organization group policy by its ID. operationId: DeleteOrgGroupPolicy parameters: - $ref: "#/components/parameters/OrgGroupPolicyId" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an org group policy tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get a specific organization group policy by its ID. operationId: GetOrgGroupPolicy parameters: - $ref: "#/components/parameters/OrgGroupPolicyId" responses: "200": content: application/json: examples: default: value: data: attributes: content: value: "UTC" enforcement_tier: "DEFAULT" modified_at: "2024-01-15T10:30:00Z" policy_name: "monitor_timezone" policy_type: "org_config" id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_policies schema: $ref: "#/components/schemas/OrgGroupPolicyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an org group policy tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in Preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update an existing organization group policy. operationId: UpdateOrgGroupPolicy parameters: - $ref: "#/components/parameters/OrgGroupPolicyId" requestBody: content: application/json: examples: default: value: data: attributes: content: value: "US/Eastern" enforcement_tier: "ENFORCE" id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" type: org_group_policies schema: $ref: "#/components/schemas/OrgGroupPolicyUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: content: value: "US/Eastern" enforcement_tier: "ENFORCE" modified_at: "2024-01-16T14:00:00Z" policy_name: "monitor_timezone" policy_type: "org_config" id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups type: org_group_policies schema: $ref: "#/components/schemas/OrgGroupPolicyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update an org group policy tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_group_policy_configs: get: description: List all org configs that are eligible to be used as organization group policies. operationId: ListOrgGroupPolicyConfigs responses: "200": content: application/json: examples: default: value: data: - attributes: allowed_values: ["UTC", "US/Eastern", "US/Pacific"] default_value: "UTC" description: "The default timezone for monitors." name: "monitor_timezone" value_type: "string" id: "monitor_timezone" type: org_group_policy_configs schema: $ref: "#/components/schemas/OrgGroupPolicyConfigListResponse" description: OK "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List org group policy configs tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_group_policy_overrides: get: description: >- List policy overrides for an organization group. Requires a filter on org group ID. Optionally filter by policy ID. operationId: ListOrgGroupPolicyOverrides parameters: - $ref: "#/components/parameters/OrgGroupPolicyOverrideFilterOrgGroupId" - $ref: "#/components/parameters/OrgGroupPolicyOverrideFilterPolicyId" - $ref: "#/components/parameters/OrgGroupPageNumber" - $ref: "#/components/parameters/OrgGroupPageSize" - $ref: "#/components/parameters/OverrideSort" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups org_group_policy: data: id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" type: org_group_policies type: org_group_policy_overrides links: first: "https://api.datadoghq.com/api/v2/org_group_policy_overrides?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" last: "https://api.datadoghq.com/api/v2/org_group_policy_overrides?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" next: prev: self: "https://api.datadoghq.com/api/v2/org_group_policy_overrides?filter%5Borg_group_id%5D=a1b2c3d4-e5f6-7890-abcd-ef0123456789&page%5Bnumber%5D=0&page%5Bsize%5D=50" meta: page: first_number: 0 last_number: 0 next_number: number: 0 prev_number: size: 50 total: 1 type: number_size schema: $ref: "#/components/schemas/OrgGroupPolicyOverrideListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List org group policy overrides tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new policy override for an organization within an org group. operationId: CreateOrgGroupPolicyOverride requestBody: content: application/json: examples: default: value: data: attributes: org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups org_group_policy: data: id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" type: org_group_policies type: org_group_policy_overrides schema: $ref: "#/components/schemas/OrgGroupPolicyOverrideCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups org_group_policy: data: id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" type: org_group_policies type: org_group_policy_overrides schema: $ref: "#/components/schemas/OrgGroupPolicyOverrideResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "409": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an org group policy override tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_group_policy_overrides/{org_group_policy_override_id}: delete: description: Delete an organization group policy override by its ID. operationId: DeleteOrgGroupPolicyOverride parameters: - $ref: "#/components/parameters/OrgGroupPolicyOverrideId" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an org group policy override tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get a specific organization group policy override by its ID. operationId: GetOrgGroupPolicyOverride parameters: - $ref: "#/components/parameters/OrgGroupPolicyOverrideId" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups org_group_policy: data: id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" type: org_group_policies type: org_group_policy_overrides schema: $ref: "#/components/schemas/OrgGroupPolicyOverrideResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an org group policy override tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in Preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update an existing organization group policy override. operationId: UpdateOrgGroupPolicyOverride parameters: - $ref: "#/components/parameters/OrgGroupPolicyOverrideId" requestBody: content: application/json: examples: default: value: data: attributes: org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" type: org_group_policy_overrides schema: $ref: "#/components/schemas/OrgGroupPolicyOverrideUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-16T14:00:00Z" org_site: "us1" org_uuid: "c3d4e5f6-a7b8-9012-cdef-012345678901" id: "9f8e7d6c-5b4a-3210-fedc-ba0987654321" relationships: org_group: data: id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups org_group_policy: data: id: "1a2b3c4d-5e6f-7890-abcd-ef0123456789" type: org_group_policies type: org_group_policy_overrides schema: $ref: "#/components/schemas/OrgGroupPolicyOverrideResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update an org group policy override tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_groups: get: description: List all organization groups that the requesting organization has access to. operationId: ListOrgGroups parameters: - $ref: "#/components/parameters/OrgGroupPageNumber" - $ref: "#/components/parameters/OrgGroupPageSize" - $ref: "#/components/parameters/OrgGroupSort" - $ref: "#/components/parameters/OrgGroupInclude" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" name: "My Org Group" owner_org_site: "us1" owner_org_uuid: "b2c3d4e5-f6a7-8901-bcde-f01234567890" id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups links: first: "https://api.datadoghq.com/api/v2/org_groups?page%5Bnumber%5D=0&page%5Bsize%5D=50" last: "https://api.datadoghq.com/api/v2/org_groups?page%5Bnumber%5D=0&page%5Bsize%5D=50" next: prev: self: "https://api.datadoghq.com/api/v2/org_groups?page%5Bnumber%5D=0&page%5Bsize%5D=50" meta: page: first_number: 0 last_number: 0 next_number: number: 0 prev_number: size: 50 total: 1 type: number_size schema: $ref: "#/components/schemas/OrgGroupListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List org groups tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: description: Create a new organization group. operationId: CreateOrgGroup requestBody: content: application/json: examples: default: value: data: attributes: name: "My Org Group" type: org_groups schema: $ref: "#/components/schemas/OrgGroupCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" name: "My Org Group" owner_org_site: "us1" owner_org_uuid: "b2c3d4e5-f6a7-8901-bcde-f01234567890" id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups schema: $ref: "#/components/schemas/OrgGroupResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "409": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an org group tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/org_groups/{org_group_id}: delete: description: Delete an organization group by its ID. operationId: DeleteOrgGroup parameters: - $ref: "#/components/parameters/OrgGroupId" responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an org group tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). get: description: Get a specific organization group by its ID. operationId: GetOrgGroup parameters: - $ref: "#/components/parameters/OrgGroupId" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-15T10:30:00Z" name: "My Org Group" owner_org_site: "us1" owner_org_uuid: "b2c3d4e5-f6a7-8901-bcde-f01234567890" id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups schema: $ref: "#/components/schemas/OrgGroupResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an org group tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_read x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: Update the name of an existing organization group. operationId: UpdateOrgGroup parameters: - $ref: "#/components/parameters/OrgGroupId" requestBody: content: application/json: examples: default: value: data: attributes: name: "Updated Org Group Name" id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups schema: $ref: "#/components/schemas/OrgGroupUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-15T10:30:00Z" modified_at: "2024-01-16T14:00:00Z" name: "Updated Org Group Name" owner_org_site: "us1" owner_org_uuid: "b2c3d4e5-f6a7-8901-bcde-f01234567890" id: "a1b2c3d4-e5f6-7890-abcd-ef0123456789" type: org_groups schema: $ref: "#/components/schemas/OrgGroupResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update an org group tags: [Org Groups] "x-permission": operator: OR permissions: - org_group_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/permissions: get: description: |- Returns a list of all permissions, including name, description, and ID. operationId: ListPermissions responses: "200": content: application/json: examples: default: value: data: - attributes: description: Full access to all resources. display_name: Admin group_name: General name: admin restricted: false id: 00000000-0000-0000-0000-000000000001 type: permissions schema: $ref: "#/components/schemas/PermissionsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List permissions tags: - Roles "x-permission": operator: OR permissions: - user_access_read /api/v2/personal_access_tokens: get: description: List all personal access tokens for the organization. operationId: ListPersonalAccessTokens parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/PersonalAccessTokensSortParameter" - $ref: "#/components/parameters/PersonalAccessTokensFilterParameter" - $ref: "#/components/parameters/PersonalAccessTokensFilterOwnerUUIDParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" name: My Personal Access Token scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000002 type: personal_access_tokens meta: page: total_filtered_count: 1 schema: $ref: "#/components/schemas/ListPersonalAccessTokensResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all personal access tokens tags: - Key Management "x-permission": operator: OR permissions: - user_app_keys - org_app_keys_read post: description: Create a personal access token for the current user. operationId: CreatePersonalAccessToken requestBody: content: application/json: examples: default: value: data: attributes: expires_at: "2025-12-31T23:59:59+00:00" name: My Personal Access Token scopes: - dashboards_read - dashboards_write type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" key: "" name: My Personal Access Token public_portion: ddpat_abc123 scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000001 type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenCreateResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a personal access token tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_app_keys /api/v2/personal_access_tokens/{pat_id}: delete: description: Revoke a specific personal access token. operationId: RevokePersonalAccessToken parameters: - $ref: "#/components/parameters/PersonalAccessTokenID" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Revoke a personal access token tags: - Key Management "x-permission": operator: OR permissions: - user_app_keys - org_app_keys_write get: description: Get a specific personal access token by its UUID. operationId: GetPersonalAccessToken parameters: - $ref: "#/components/parameters/PersonalAccessTokenID" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" name: My Personal Access Token scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000003 type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a personal access token tags: - Key Management "x-permission": operator: OR permissions: - user_app_keys - org_app_keys_read patch: description: Update a specific personal access token. operationId: UpdatePersonalAccessToken parameters: - $ref: "#/components/parameters/PersonalAccessTokenID" requestBody: content: application/json: examples: default: value: data: attributes: name: Updated Personal Access Token scopes: - dashboards_read - dashboards_write id: 00112233-4455-6677-8899-aabbccddeeff type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" name: My Personal Access Token scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000004 type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a personal access token tags: - Key Management x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_app_keys - org_app_keys_write /api/v2/posture_management/findings: get: description: |- Get a list of findings. These include both misconfigurations and identity risks. **Note**: To filter and return only identity risks, add the following query parameter: `?filter[tags]=dd_rule_type:ciem` ### Filtering Filters can be applied by appending query parameters to the URL. - Using a single filter: `?filter[attribute_key]=attribute_value` - Chaining filters: `?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...` - Filtering on tags: `?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2` Here, `attribute_key` can be any of the filter keys described further below. Query parameters of type `integer` support comparison operators (`>`, `>=`, `<`, `<=`). This is particularly useful when filtering by `evaluation_changed_at` or `resource_discovery_timestamp`. For example: `?filter[evaluation_changed_at]=>20123123121`. You can also use the negation operator on strings. For example, use `filter[resource_type]=-aws*` to filter for any non-AWS resources. The operator must come after the equal sign. For example, to filter with the `>=` operator, add the operator after the equal sign: `filter[evaluation_changed_at]=>=1678809373257`. Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. `filter[status]=low&filter[status]=info`) are not allowed. ### Additional extension fields Additional extension fields are available for some findings. The data is available when you include the query parameter `?detailed_findings=true` in the request. The following fields are available for findings: - `external_id`: The resource external ID related to the finding. - `description`: The description and remediation steps for the finding. - `datadog_link`: The Datadog relative link for the finding. - `ip_addresses`: The list of private IP addresses for the resource related to the finding. ### Response The response includes an array of finding objects, pagination metadata, and a count of items that match the query. Each finding object contains the following: - The finding ID that can be used in a `GetFinding` request to retrieve the full finding details. - Core attributes, including status, evaluation, high-level resource details, muted state, and rule details. - `evaluation_changed_at` and `resource_discovery_date` time stamps. - An array of associated tags. operationId: ListFindings parameters: - description: Limit the number of findings returned. Must be <= 1000. example: 50 in: query name: page[limit] required: false schema: default: 100 format: int64 maximum: 1000 minimum: 1 type: integer - description: Return findings for a given snapshot of time (Unix ms). example: 1678721573794 in: query name: snapshot_timestamp required: false schema: format: int64 minimum: 1 type: integer - description: Return the next page of findings pointed to by the cursor. example: "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=" in: query name: page[cursor] required: false schema: type: string - description: Return findings that have these associated tags (repeatable). example: filter[tags]=cloud_provider:aws&filter[tags]=aws_account:999999999999 in: query name: filter[tags] required: false schema: type: string - description: "Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators)." example: ">=1678721573794" in: query name: filter[evaluation_changed_at] required: false schema: type: string - description: Set to `true` to return findings that are muted. Set to `false` to return unmuted findings. in: query name: filter[muted] required: false schema: type: boolean - description: Return findings for the specified rule ID. in: query name: filter[rule_id] required: false schema: type: string - description: Return findings for the specified rule. in: query name: filter[rule_name] required: false schema: type: string - description: Return only findings for the specified resource type. in: query name: filter[resource_type] required: false schema: type: string - description: Return only findings for the specified resource id. in: query name: filter[@resource_id] required: false schema: type: string - description: "Return findings that were found on a specified date (Unix ms) or date range (using comparison operators)." example: ">=1678721573794" in: query name: filter[discovery_timestamp] required: false schema: type: string - description: Return only `pass` or `fail` findings. example: pass in: query name: filter[evaluation] required: false schema: $ref: "#/components/schemas/FindingEvaluation" - description: Return only findings with the specified status. example: critical in: query name: filter[status] required: false schema: $ref: "#/components/schemas/FindingStatus" - description: Return findings that match the selected vulnerability types (repeatable). example: - misconfiguration explode: true in: query name: filter[vulnerability_type] required: false schema: items: $ref: "#/components/schemas/FindingVulnerabilityType" type: array - description: Return additional fields for some findings. example: - true in: query name: detailed_findings required: false schema: type: boolean responses: "200": content: application/json: examples: default: value: data: - attributes: evaluation: fail resource: "arn:aws:s3:::my-bucket" resource_type: aws_s3_bucket status: high id: abc-123-xyz type: finding meta: page: cursor: "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=" total_filtered_count: 1 snapshot_timestamp: 1678721573794 schema: $ref: "#/components/schemas/ListFindingsResponse" description: OK "400": $ref: "#/components/responses/FindingsBadRequestResponse" "403": $ref: "#/components/responses/FindingsForbiddenResponse" "404": $ref: "#/components/responses/FindingsNotFoundResponse" "429": $ref: "#/components/responses/FindingsTooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: List findings tags: - "Security Monitoring" x-pagination: cursorParam: page[cursor] cursorPath: meta.page.cursor limitParam: page[limit] resultsPath: data x-unstable: |- **Note**: This endpoint uses the legacy security findings data model and is planned for deprecation. Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings), which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/), to search security findings. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). patch: description: |- Mute or unmute findings. operationId: MuteFindings requestBody: content: application/json: examples: default: value: data: attributes: mute: expiration_date: 1778721573794 muted: true reason: ACCEPTED_RISK id: dbe5f567-192b-4404-b908-29b70e1c9f76 meta: findings: - finding_id: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== type: finding schema: $ref: "#/components/schemas/BulkMuteFindingsRequest" description: |- ### Attributes All findings are updated with the same attributes. The request body must include at least two attributes: `muted` and `reason`. The allowed reasons depend on whether the finding is being muted or unmuted: - To mute a finding: `PENDING_FIX`, `FALSE_POSITIVE`, `ACCEPTED_RISK`, `OTHER`. - To unmute a finding : `NO_PENDING_FIX`, `HUMAN_ERROR`, `NO_LONGER_ACCEPTED_RISK`, `OTHER`. ### Meta The request body must include a list of the finding IDs to be updated. required: true responses: "200": content: application/json: examples: default: value: data: id: abc-123 type: finding schema: $ref: "#/components/schemas/BulkMuteFindingsResponse" description: OK "400": $ref: "#/components/responses/FindingsBadRequestResponse" "403": $ref: "#/components/responses/FindingsForbiddenResponse" "404": $ref: "#/components/responses/FindingsNotFoundResponse" "422": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Invalid Request: The server understands the request syntax but cannot process it due to invalid data." "429": $ref: "#/components/responses/FindingsTooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Mute or unmute a batch of findings tags: - "Security Monitoring" x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write - appsec_vm_write x-unstable: |- **Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/posture_management/findings/{finding_id}: get: description: Returns a single finding with message and resource configuration. operationId: GetFinding parameters: - description: The ID of the finding. in: path name: finding_id required: true schema: type: string - description: Return the finding for a given snapshot of time (Unix ms). example: 1678721573794 in: query name: snapshot_timestamp required: false schema: format: int64 minimum: 1 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: evaluation: fail message: "## Remediation\n\n1. Go to Storage Account." resource: my_resource_name resource_type: azure_storage_account status: critical id: abc-123 type: detailed_finding schema: $ref: "#/components/schemas/GetFindingResponse" description: OK "400": $ref: "#/components/responses/FindingsBadRequestResponse" "403": $ref: "#/components/responses/FindingsForbiddenResponse" "404": $ref: "#/components/responses/FindingsNotFoundResponse" "429": $ref: "#/components/responses/FindingsTooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: Get a finding tags: - "Security Monitoring" x-unstable: |- **Note**: This endpoint uses the legacy security findings data model and is planned for deprecation. Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings), which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/), to search security findings. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/powerpacks: get: description: Get a list of all powerpacks. operationId: ListPowerpacks parameters: - description: Maximum number of powerpacks in the response. example: 25 in: query name: page[limit] required: false schema: default: 25 format: int64 maximum: 1000 type: integer - $ref: "#/components/parameters/PageOffset" responses: "200": content: application/json: examples: default: value: data: - attributes: description: Powerpack for ABC group_widget: definition: layout_type: ordered type: group widgets: - definition: content: example type: note layout: height: 5 width: 10 x: 0 y: 0 name: Sample Powerpack tags: - "tag:foo1" id: 00000000-0000-0000-0000-000000000001 type: powerpack schema: $ref: "#/components/schemas/ListPowerpacksResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get all powerpacks tags: - Powerpack x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data "x-permission": operator: OR permissions: - dashboards_read post: description: Create a powerpack. operationId: CreatePowerpack requestBody: content: application/json: examples: default: value: data: attributes: description: Powerpack for ABC group_widget: definition: layout_type: ordered show_title: true title: Sample Powerpack type: group widgets: - definition: content: example type: note layout: height: 5 width: 10 x: 0 y: 0 layout: height: 0 width: 0 x: 0 y: 0 live_span: 5m name: Sample Powerpack tags: - tag:foo1 template_variables: - defaults: - "*" name: test relationships: author: data: id: 00000000-0000-0000-2345-000000000000 type: users type: powerpack schema: $ref: "#/components/schemas/Powerpack" description: Create a powerpack request body. required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000002 type: powerpack schema: $ref: "#/components/schemas/PowerpackResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_write summary: Create a new powerpack tags: - Powerpack x-codegen-request-body-name: body "x-permission": operator: OR permissions: - dashboards_write /api/v2/powerpacks/{powerpack_id}: delete: description: Delete a powerpack. operationId: DeletePowerpack parameters: - description: Powerpack id in: path name: powerpack_id required: true schema: type: string responses: "204": description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Powerpack Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_write summary: Delete a powerpack tags: - Powerpack "x-permission": operator: OR permissions: - dashboards_write get: description: Get a powerpack. operationId: GetPowerpack parameters: - description: ID of the powerpack. in: path name: powerpack_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: description: Powerpack for ABC group_widget: definition: layout_type: ordered type: group widgets: - definition: content: example type: note layout: height: 5 width: 10 x: 0 y: 0 name: Sample Powerpack tags: - "tag:foo1" id: 00000000-0000-0000-0000-000000000003 type: powerpack schema: $ref: "#/components/schemas/PowerpackResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Powerpack Not Found. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get a Powerpack tags: - Powerpack "x-permission": operator: OR permissions: - dashboards_read patch: description: Update a powerpack. operationId: UpdatePowerpack parameters: - description: ID of the powerpack. in: path name: powerpack_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: description: Powerpack for ABC group_widget: definition: layout_type: ordered show_title: true title: Sample Powerpack type: group widgets: - definition: content: example type: note layout: height: 5 width: 10 x: 0 y: 0 layout: height: 0 width: 0 x: 0 y: 0 live_span: 5m name: Sample Powerpack tags: - tag:foo1 template_variables: - defaults: - "*" name: test relationships: author: data: id: 00000000-0000-0000-2345-000000000000 type: users type: powerpack schema: $ref: "#/components/schemas/Powerpack" description: Update a powerpack request body. required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: Powerpack for ABC group_widget: definition: layout_type: ordered type: group widgets: - definition: content: example type: note layout: height: 5 width: 10 x: 0 y: 0 name: Sample Powerpack tags: - "tag:foo1" id: 00000000-0000-0000-0000-000000000004 type: powerpack schema: $ref: "#/components/schemas/PowerpackResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Powerpack Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_write summary: Update a powerpack tags: - Powerpack x-codegen-request-body-name: body "x-permission": operator: OR permissions: - dashboards_write /api/v2/processes: get: description: Get all processes for your organization. operationId: ListProcesses parameters: - description: String to search processes by. in: query name: search required: false schema: type: string - description: Comma-separated list of tags to filter processes by. example: account:prod,user:admin in: query name: tags required: false schema: type: string - description: |- Unix timestamp (number of seconds since epoch) of the start of the query window. If not provided, the start of the query window will be 15 minutes before the `to` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`. in: query name: from required: false schema: format: int64 type: integer - description: |- Unix timestamp (number of seconds since epoch) of the end of the query window. If not provided, the end of the query window will be 15 minutes after the `from` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`. in: query name: to required: false schema: format: int64 type: integer - description: Maximum number of results returned. in: query name: page[limit] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: |- String to query the next page of results. This key is provided with each valid response from the API in `meta.page.after`. in: query name: page[cursor] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: cmdline: /usr/bin/python3 host: my-host pid: 123 id: abc-123 type: process schema: $ref: "#/components/schemas/ProcessSummariesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all processes tags: - Processes x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OPEN permissions: [] /api/v2/prodlytics: post: description: |- Send server-side events to Product Analytics. Server-side events are retained for 15 months. Server-Side events in Product Analytics are helpful for tracking events that occur on the server, as opposed to client-side events, which are captured by Real User Monitoring (RUM) SDKs. This allows for a more comprehensive view of the user journey by including actions that happen on the server. Typical examples could be `checkout.completed` or `payment.processed`. Ingested server-side events are integrated into Product Analytics to allow users to select and filter these events in the event picker, similar to how views or actions are handled. **Requirements:** - At least one of `usr`, `account`, or `session` must be provided with a valid ID. - The `application.id` must reference a Product Analytics-enabled application. **Custom Attributes:** Any additional fields in the payload are flattened and searchable as facets. For example, a payload with `{"customer": {"tier": "premium"}}` is searchable with the syntax `@customer.tier:premium` in Datadog. The status codes answered by the HTTP API are: - 202: Accepted: The request has been accepted for processing - 400: Bad request (likely an issue in the payload formatting) - 401: Unauthorized (likely a missing API Key) - 403: Permission issue (likely using an invalid API Key) - 408: Request Timeout, request should be retried after some time - 413: Payload too large (batch is above 5MB uncompressed) - 429: Too Many Requests, request should be retried after some time - 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time - 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time operationId: SubmitProductAnalyticsEvent requestBody: content: application/json: examples: default: value: application: id: 123abcde-123a-123b-1234-123456789abc event: name: payment.processed type: server usr: id: "123" event-with-account: description: Send a server-side event linked to an account. summary: Event with account ID value: account: id: "account-456" application: id: "123abcde-123a-123b-1234-123456789abc" event: name: "checkout.completed" type: "server" event-with-custom-attributes: description: Send a server-side event with additional custom attributes. summary: Event with custom attributes value: application: id: "123abcde-123a-123b-1234-123456789abc" customer: tier: "premium" event: name: "payment.processed" type: "server" usr: id: "123" event-with-session: description: Send a server-side event linked to a session. summary: Event with session ID value: application: id: "123abcde-123a-123b-1234-123456789abc" event: name: "form.submitted" session: id: "session-789" type: "server" simple-event-with-user: description: Send a server-side event linked to a user. summary: Simple event with user ID value: application: id: "123abcde-123a-123b-1234-123456789abc" event: name: "payment.processed" type: "server" usr: id: "123" schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventItem" description: Server-side event to send (JSON format). required: true responses: "202": content: application/json: examples: default: value: {} schema: type: object description: Request accepted for processing (always 202 empty JSON). "400": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Forbidden "408": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Request Timeout "413": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Payload Too Large "429": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Too Many Requests "500": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Internal Server Error "503": content: application/json: schema: $ref: "#/components/schemas/ProductAnalyticsServerSideEventErrors" description: Service Unavailable security: - apiKeyAuth: [] servers: - url: https://{site} variables: site: default: browser-intake-datadoghq.com description: The intake domain for the regional site. enum: - browser-intake-datadoghq.com - browser-intake-us3-datadoghq.com - browser-intake-us5-datadoghq.com - browser-intake-ap1-datadoghq.com - browser-intake-ap2-datadoghq.com - browser-intake-datadoghq.eu x-enum-varnames: - US1 - US3 - US5 - AP1 - AP2 - EU1 - url: "{protocol}://{name}" variables: name: default: browser-intake-datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Send server-side events tags: - Product Analytics x-codegen-request-body-name: body /api/v2/product-analytics/accounts/facet_info: post: description: Get facet information for account attributes including possible values and counts operationId: GetAccountFacetInfo requestBody: content: application/json: examples: default: value: data: attributes: facet_id: first_browser_name limit: 10 search: query: user_org_id:5001 AND first_country_code:US term_search: value: Chrome id: facet_info_request type: users_facet_info_request schema: $ref: "#/components/schemas/FacetInfoRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: result: values: - count: 4892 value: Chrome id: facet_info_response type: users_facet_info schema: $ref: "#/components/schemas/FacetInfoResponse" description: Successful response with facet information "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get account facet info tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/accounts/query: post: description: Query accounts with flexible filtering by account properties operationId: QueryAccounts requestBody: content: application/json: examples: default: value: data: attributes: limit: 20 query: plan_type:enterprise AND user_count:>100 AND subscription_status:active select_columns: - account_id - account_name - user_count - plan_type - subscription_status - created_at - mrr - industry sort: field: user_count order: DESC wildcard_search_term: tech id: query_account_request type: query_account_request schema: $ref: "#/components/schemas/QueryAccountRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: hits: - account_id: "123" account_name: Example Account plan_type: enterprise user_count: 150 total: 1 id: query_response type: query_response schema: $ref: "#/components/schemas/QueryResponse" description: Successful response with account data "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Query accounts tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/analytics/scalar: post: description: |- Compute scalar analytics results for Product Analytics data. Returns aggregated values (counts, averages, percentiles) optionally grouped by facets. operationId: QueryProductAnalyticsScalar requestBody: content: application/json: examples: default: value: data: attributes: from: 1771232048460 query: compute: aggregation: count query: data_source: product_analytics search: query: "@type:view" to: 1771836848262 type: formula_analytics_extended_request schema: $ref: "#/components/schemas/ProductAnalyticsAnalyticsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: columns: [] id: abc-123 type: scalar_response schema: $ref: "#/components/schemas/ProductAnalyticsScalarResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Compute scalar analytics tags: - Product Analytics x-codegen-request-body-name: body x-permission: operator: OR permissions: - rum_apps_read /api/v2/product-analytics/analytics/timeseries: post: description: |- Compute timeseries analytics results for Product Analytics data. Returns time-bucketed values for charts and trend analysis. The `compute.interval` field (milliseconds) is required for time bucketing. operationId: QueryProductAnalyticsTimeseries requestBody: content: application/json: examples: default: value: data: attributes: from: 1771232048460 query: compute: aggregation: count query: data_source: product_analytics search: query: "@type:view" to: 1771836848262 type: formula_analytics_extended_request schema: $ref: "#/components/schemas/ProductAnalyticsAnalyticsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: series: [] times: [] id: abc-123 type: timeseries_response schema: $ref: "#/components/schemas/ProductAnalyticsTimeseriesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Compute timeseries analytics tags: - Product Analytics x-codegen-request-body-name: body x-permission: operator: OR permissions: - rum_apps_read /api/v2/product-analytics/users/event_filtered_query: post: description: Query users filtered by both user properties and event platform data operationId: QueryEventFilteredUsers requestBody: content: application/json: examples: default: value: data: attributes: event_query: query: "@type:view AND @view.loading_time:>3000 AND @application.name:ecommerce-platform" time_frame: end: 1761309676 start: 1760100076 include_row_count: true limit: 25 query: user_org_id:5001 AND first_country_code:US AND first_browser_name:Chrome select_columns: - user_id - user_email - first_country_code - first_browser_name - events_count - session_count - error_count - avg_loading_time id: query_event_filtered_users_request type: query_event_filtered_users_request schema: $ref: "#/components/schemas/QueryEventFilteredUsersRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: hits: - first_browser_name: Chrome first_country_code: US user_email: test@example.com user_id: "123" total: 1 id: query_response type: query_response schema: $ref: "#/components/schemas/QueryResponse" description: Successful response with filtered user data "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Query event filtered users tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/users/facet_info: post: description: Get facet information for user attributes including possible values and counts operationId: GetUserFacetInfo requestBody: content: application/json: examples: default: value: data: attributes: facet_id: first_browser_name limit: 10 search: query: user_org_id:5001 AND first_country_code:US term_search: value: Chrome id: facet_info_request type: users_facet_info_request schema: $ref: "#/components/schemas/FacetInfoRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: result: values: - count: 4892 value: Chrome id: facet_info_response type: users_facet_info schema: $ref: "#/components/schemas/FacetInfoResponse" description: Successful response with facet information "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get user facet info tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/users/query: post: description: Query users with flexible filtering by user properties, with optional wildcard search operationId: QueryUsers requestBody: content: application/json: examples: default: value: data: attributes: limit: 25 query: user_email:*@techcorp.com AND first_country_code:US AND first_browser_name:Chrome select_columns: - user_id - user_email - user_name - user_org_id - first_country_code - first_browser_name - first_device_type - last_seen sort: field: first_seen order: DESC wildcard_search_term: john id: query_users_request type: query_users_request schema: $ref: "#/components/schemas/QueryUsersRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: hits: - user_email: test@example.com user_id: "123" total: 1 id: query_response type: query_response schema: $ref: "#/components/schemas/QueryResponse" description: Successful response with user data "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Query users tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/{entity}/mapping: get: description: Get entity mapping configuration including all available attributes and their properties operationId: GetMapping parameters: - description: The entity for which to get the mapping in: path name: entity required: true schema: example: users type: string responses: "200": content: application/json: examples: default: value: data: attributes: attributes: [] id: get_mappings_response type: get_mappings_response schema: $ref: "#/components/schemas/GetMappingResponse" description: Successful response with entity mapping configuration "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get mapping tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/{entity}/mapping/connection: post: description: Create a new data connection and its fields for an entity operationId: CreateConnection parameters: - description: The entity for which to create the connection in: path name: entity required: true schema: example: users type: string requestBody: content: application/json: examples: default: value: data: attributes: fields: - description: Customer subscription tier from `CRM` display_name: Customer Tier id: customer_tier source_name: subscription_tier type: string - description: Customer lifetime value in `USD` display_name: Lifetime Value id: lifetime_value source_name: ltv type: number join_attribute: user_email join_type: email type: ref_table id: crm-integration type: connection_id schema: $ref: "#/components/schemas/CreateConnectionRequest" required: true responses: "201": description: Connection created successfully "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create connection tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." put: description: Update an existing data connection by adding, updating, or deleting fields operationId: UpdateConnection parameters: - description: The entity for which to update the connection in: path name: entity required: true schema: example: users type: string requestBody: content: application/json: examples: default: value: data: attributes: fields_to_add: - description: Net Promoter Score from customer surveys display_name: NPS Score groups: - Satisfaction - Metrics id: nps_score source_name: net_promoter_score type: number fields_to_delete: - old_revenue_field fields_to_update: - field_id: lifetime_value updated_display_name: Customer Lifetime Value (`USD`) updated_groups: - Financial - Metrics id: crm-integration type: connection_id schema: $ref: "#/components/schemas/UpdateConnectionRequest" required: true responses: "200": description: Connection updated successfully "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update connection tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/{entity}/mapping/connection/{id}: delete: description: Delete an existing data connection for an entity operationId: DeleteConnection parameters: - description: The connection ID to delete in: path name: id required: true schema: example: connection-id-123 type: string - description: The entity for which to delete the connection in: path name: entity required: true schema: example: users type: string responses: "204": description: Connection deleted successfully "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete connection tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/product-analytics/{entity}/mapping/connections: get: description: List all data connections for an entity operationId: ListConnections parameters: - description: The entity for which to list connections in: path name: entity required: true schema: example: users type: string responses: "200": content: application/json: examples: default: value: data: attributes: connections: [] id: list_connections_response type: list_connections_response schema: $ref: "#/components/schemas/ListConnectionsResponse" description: Successful response with list of connections "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List connections tags: - Rum Audience Management x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/query/scalar: post: description: |- Query scalar values (as seen on Query Value, Table, and Toplist widgets). Multiple data sources are supported with the ability to process the data using formulas and functions. operationId: QueryScalarData requestBody: content: "application/json": examples: default: value: data: attributes: formulas: - formula: a+b limit: count: 10 from: 1568899800000 queries: - aggregator: avg data_source: metrics query: avg:system.cpu.user{*} by {env} to: 1568923200000 type: scalar_request schema: $ref: "#/components/schemas/ScalarFormulaQueryRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: columns: [] type: scalar_response schema: $ref: "#/components/schemas/ScalarFormulaQueryResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - timeseries_query summary: Query scalar data across multiple products tags: - Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - timeseries_query /api/v2/query/timeseries: post: description: |- Query timeseries data across various data sources and process the data by applying formulas and functions. operationId: QueryTimeseriesData requestBody: content: "application/json": examples: default: value: data: attributes: formulas: - formula: a+b limit: count: 10 from: 1568899800000 interval: 5000 queries: - data_source: metrics query: avg:system.cpu.user{*} by {env} to: 1568923200000 type: timeseries_request schema: $ref: "#/components/schemas/TimeseriesFormulaQueryRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: series: [] times: [] values: [] type: timeseries_response schema: $ref: "#/components/schemas/TimeseriesFormulaQueryResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - timeseries_query summary: Query timeseries data across multiple products tags: - Metrics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - timeseries_query /api/v2/reference-tables/queries/batch-rows: post: description: Batch query reference table rows by their primary key values. Returns only found rows in the included array. operationId: BatchRowsQuery requestBody: content: application/json: examples: default: value: data: attributes: row_ids: - row_id_1 - row_id_2 table_id: 00000000-0000-0000-0000-000000000000 type: reference-tables-batch-rows-query happy_path: summary: Batch query reference table rows by their primary key values. value: data: attributes: row_ids: - "row_id_1" - "row_id_2" table_id: 00000000-0000-0000-0000-000000000000 type: reference-tables-batch-rows-query schema: $ref: "#/components/schemas/BatchRowsQueryRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000000 relationships: rows: data: - id: row_id_1 type: row - id: row_id_2 type: row type: reference-tables-batch-rows-query schema: $ref: "#/components/schemas/BatchRowsQueryResponse" description: Successfully retrieved rows. Some or all requested rows were found. Response includes found rows in the included section. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Batch rows query tags: - Reference Tables /api/v2/reference-tables/tables: get: description: List all reference tables in this organization. operationId: ListTables parameters: - description: Number of tables to return. example: 15 in: query name: page[limit] required: false schema: default: 15 format: int64 maximum: 100 minimum: 1 type: integer - description: Number of tables to skip for pagination. example: 0 in: query name: page[offset] required: false schema: default: 0 format: int64 minimum: 0 type: integer - description: Sort field and direction for the list of reference tables. Use field name for ascending, prefix with "-" for descending. example: "-updated_at" in: query name: sort required: false schema: $ref: "#/components/schemas/ReferenceTableSortType" - description: Filter by table status. example: DONE in: query name: filter[status] required: false schema: type: string - description: Filter by exact table name match. example: "my_reference_table" in: query name: filter[table_name][exact] required: false schema: type: string - description: Filter by table name containing substring. example: "user" in: query name: filter[table_name][contains] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: status: DONE table_name: my_reference_table id: abc-123 type: reference_table schema: $ref: "#/components/schemas/TableResultV2Array" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List tables tags: - Reference Tables post: description: |- Creates a reference table. You can provide data in two ways: 1. Call POST /api/v2/reference-tables/upload to get an upload ID. Then, PUT the CSV data (not the file itself) in chunks to each URL in the request body. Finally, call this POST endpoint with `upload_id` in `file_metadata`. 2. Provide `access_details` in `file_metadata` pointing to a CSV file in cloud storage. operationId: CreateReferenceTable requestBody: content: application/json: examples: cloud_storage: summary: Create table from cloud storage (S3) value: data: attributes: description: Customer reference data synced from S3 file_metadata: access_details: aws_detail: aws_account_id: "924305315327" aws_bucket_name: my-data-bucket file_path: customers.csv sync_enabled: true schema: fields: - name: customer_id type: STRING - name: customer_name type: STRING - name: email type: STRING primary_keys: - customer_id source: S3 table_name: customer_reference_data tags: - team:data-platform type: reference_table default: value: data: attributes: description: Customer reference data synced from S3 file_metadata: access_details: aws_detail: aws_account_id: "924305315327" aws_bucket_name: my-data-bucket file_path: customers.csv sync_enabled: true schema: fields: - name: customer_id type: STRING - name: customer_name type: STRING - name: email type: STRING primary_keys: - customer_id source: S3 table_name: customer_reference_data tags: - team:data-platform type: reference_table local_file: summary: Create table from local file upload value: data: attributes: description: Product catalog uploaded via local file file_metadata: upload_id: "00000000-0000-0000-0000-000000000000" schema: fields: - name: product_id type: STRING - name: product_name type: STRING - name: price type: DOUBLE primary_keys: - product_id source: LOCAL_FILE table_name: product_catalog tags: - team:ecommerce type: reference_table schema: $ref: "#/components/schemas/CreateTableRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: status: DONE table_name: my_reference_table id: abc-123 type: reference_table schema: $ref: "#/components/schemas/TableResultV2" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create reference table tags: - Reference Tables /api/v2/reference-tables/tables/{id}: delete: description: Delete a reference table by ID operationId: DeleteTable parameters: - description: Unique identifier of the reference table to delete in: path name: id required: true schema: type: string responses: "200": description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete table tags: - Reference Tables get: description: Get a reference table by ID operationId: GetTable parameters: - description: Unique identifier of the reference table to retrieve in: path name: id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_by: 00000000-0000-0000-0000-000000000000 description: example description file_metadata: access_details: {} sync_enabled: false last_updated_by: 00000000-0000-0000-0000-000000000000 row_count: 5 schema: fields: - name: id type: INT32 - name: name type: STRING primary_keys: - id source: S3 status: DONE table_name: test_reference_table tags: - tag1 updated_at: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000000 type: reference_table schema: $ref: "#/components/schemas/TableResultV2" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get table tags: - Reference Tables patch: description: >- Update a reference table by ID. You can update the table's data, description, and tags. Note: The source type cannot be changed after table creation. For data updates: For existing tables of type `source:LOCAL_FILE`, call POST api/v2/reference-tables/uploads first to get an upload ID, then PUT chunks of CSV data to each provided URL, and finally call this PATCH endpoint with the upload_id in file_metadata. For existing tables with `source:` types of `S3`, `GCS`, or `AZURE`, provide updated access_details in file_metadata pointing to a CSV file in the same type of cloud storage. operationId: UpdateReferenceTable parameters: - description: Unique identifier of the reference table to update in: path name: id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: description: this is a cloud table generated via a cloud bucket sync file_metadata: access_details: aws_detail: aws_account_id: test-account-id aws_bucket_name: test-bucket file_path: test_rt.csv sync_enabled: true schema: fields: - name: id type: INT32 - name: name type: STRING primary_keys: - id tags: - test_tag type: reference_table schema: $ref: "#/components/schemas/PatchTableRequest" required: true responses: "200": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update reference table tags: - Reference Tables /api/v2/reference-tables/tables/{id}/rows: delete: description: Delete multiple rows from a Reference Table by their primary key values. operationId: DeleteRows parameters: - description: Unique identifier of the reference table to delete rows from in: path name: id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: - id: primary_key_value type: row schema: $ref: "#/components/schemas/BatchDeleteRowsRequestArray" required: true responses: "200": description: Rows deleted successfully "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete rows tags: - Reference Tables get: description: Get reference table rows by their primary key values. operationId: GetRowsByID parameters: - description: Unique identifier of the reference table to get rows from example: "table-123" in: path name: id required: true schema: type: string - description: List of row IDs (primary key values) to retrieve from the reference table. example: ["row1", "row2"] explode: true in: query name: row_id required: true schema: items: type: string type: array responses: "200": content: application/json: examples: default: value: data: - attributes: values: id: 1 name: Example Row id: row_id_1 type: row schema: $ref: "#/components/schemas/TableRowResourceArray" description: Some or all requested rows were found. "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get rows by id tags: - Reference Tables post: description: >- Create or update rows in a Reference Table by their primary key values. If a row with the specified primary key exists, it is updated; otherwise, a new row is created. operationId: UpsertRows parameters: - description: Unique identifier of the reference table to upsert rows into in: path name: id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: - attributes: values: age: 25 example_key_value: primary_key_value name: row_name id: primary_key_value type: row happy_path: summary: Upsert a row with mixed string and int values value: data: - attributes: values: age: 25 example_key_value: "primary_key_value" name: "row_name" id: "primary_key_value" type: row schema: $ref: "#/components/schemas/BatchUpsertRowsRequestArray" required: true responses: "200": description: Rows created or updated successfully "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal Server Error security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Upsert rows tags: - Reference Tables /api/v2/reference-tables/uploads: post: description: Create a reference table upload for bulk data ingestion operationId: CreateReferenceTableUpload requestBody: content: application/json: examples: default: value: data: attributes: headers: - product_id - product_name - price part_count: 3 part_size: 10000000 table_name: my_products_table type: upload schema: $ref: "#/components/schemas/CreateUploadRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: part_urls: - https://example.com/upload-part-1 id: 00000000-0000-0000-0000-000000000000 type: upload schema: $ref: "#/components/schemas/CreateUploadResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create reference table upload tags: - Reference Tables /api/v2/remote_config/products/asm/waf/custom_rules: get: description: Retrieve a list of WAF custom rule. operationId: ListApplicationSecurityWAFCustomRules responses: "200": content: application/json: examples: default: value: data: - attributes: blocking: false conditions: - operator: match_regex parameters: inputs: - address: server.request.query key_path: - id regex: path.* enabled: false name: Block request from bad useragent tags: category: attack_attempt type: lfi id: 00000000-0000-0000-0000-000000000003 type: custom_rule schema: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleListResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List all WAF custom rules tags: - "Application Security" post: description: Create a new WAF custom rule with the given parameters. operationId: CreateApplicationSecurityWafCustomRule requestBody: content: application/json: examples: default: value: data: attributes: action: action: block_request parameters: location: /blocking status_code: 403 blocking: false conditions: - operator: match_regex parameters: data: blocked_users regex: path.* value: custom_tag enabled: false name: Block request from a bad useragent path_glob: /api/search/* scope: - env: prod service: billing-service tags: category: business_logic type: users.login.success type: custom_rule schema: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleCreateRequest" description: The definition of the new WAF Custom Rule. required: true responses: "201": content: "application/json": examples: default: value: data: attributes: blocking: false conditions: - operator: match_regex parameters: inputs: - address: server.request.query key_path: - id regex: path.* enabled: false name: Block request from a bad useragent tags: category: attack_attempt type: lfi id: 00000000-0000-0000-0000-000000000004 type: custom_rule schema: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a WAF custom rule tags: - "Application Security" x-codegen-request-body-name: body /api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}: delete: description: Delete a specific WAF custom rule. operationId: DeleteApplicationSecurityWafCustomRule parameters: - $ref: "#/components/parameters/ApplicationSecurityWafCustomRuleIDParam" responses: "204": description: No Content "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a WAF Custom Rule tags: - "Application Security" x-terraform-resource: appsec_waf_custom_rule get: description: Retrieve a WAF custom rule by ID. operationId: GetApplicationSecurityWafCustomRule parameters: - $ref: "#/components/parameters/ApplicationSecurityWafCustomRuleIDParam" responses: "200": content: application/json: examples: default: value: data: attributes: blocking: false conditions: - operator: match_regex parameters: inputs: - address: server.request.query key_path: - id regex: path.* enabled: false name: Block request from bad useragent tags: category: attack_attempt type: lfi id: 00000000-0000-0000-0000-000000000001 type: custom_rule schema: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a WAF custom rule tags: - "Application Security" x-terraform-resource: appsec_waf_custom_rule put: description: |- Update a specific WAF custom Rule. Returns the Custom Rule object when the request is successful. operationId: UpdateApplicationSecurityWafCustomRule parameters: - $ref: "#/components/parameters/ApplicationSecurityWafCustomRuleIDParam" requestBody: content: application/json: examples: default: value: data: attributes: action: action: block_request parameters: location: /blocking status_code: 403 blocking: false conditions: - operator: match_regex parameters: data: blocked_users inputs: - address: server.request.query key_path: - id regex: path.* value: custom_tag enabled: false name: Block request from bad useragent path_glob: /api/search/* scope: - env: prod service: billing-service tags: category: business_logic type: users.login.success type: custom_rule schema: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleUpdateRequest" description: New definition of the WAF Custom Rule. required: true responses: "200": content: application/json: examples: default: value: data: attributes: blocking: false conditions: - operator: match_regex parameters: inputs: - address: server.request.query key_path: - id regex: path.* enabled: false name: Block request from bad useragent tags: category: attack_attempt type: lfi id: 00000000-0000-0000-0000-000000000002 type: custom_rule schema: $ref: "#/components/schemas/ApplicationSecurityWafCustomRuleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a WAF Custom Rule tags: - "Application Security" x-codegen-request-body-name: body x-terraform-resource: appsec_waf_custom_rule /api/v2/remote_config/products/asm/waf/exclusion_filters: get: description: Retrieve a list of WAF exclusion filters. operationId: ListApplicationSecurityWafExclusionFilters responses: "200": content: application/json: examples: default: value: data: - attributes: description: Exclude false positives on a path enabled: true ip_list: - 198.51.100.72 parameters: - list.search.query path_glob: /accounts/* id: 00000000-0000-0000-0000-000000000003 type: exclusion_filter schema: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFiltersResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List all WAF exclusion filters tags: - "Application Security" "x-permission": operator: AND permissions: - appsec_protect_read x-terraform-resource: appsec_waf_exclusion_filter post: description: |- Create a new WAF exclusion filter with the given parameters. A request matched by an exclusion filter will be ignored by the Application Security WAF product. Go to https://app.datadoghq.com/security/appsec/passlist to review existing exclusion filters (also called passlist entries). operationId: CreateApplicationSecurityWafExclusionFilter requestBody: content: application/json: examples: default: value: data: attributes: description: Exclude false positives on a path enabled: true ip_list: - 198.51.100.72 on_match: monitor parameters: - list.search.query path_glob: /accounts/* rules_target: - rule_id: dog-913-009 tags: category: attack_attempt type: lfi scope: - env: www service: prod type: exclusion_filter schema: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterCreateRequest" description: The definition of the new WAF exclusion filter. required: true responses: "200": content: "application/json": examples: default: value: data: attributes: description: Exclude false positives on a path enabled: true ip_list: - 198.51.100.72 parameters: - list.search.query path_glob: /accounts/* id: 00000000-0000-0000-0000-000000000004 type: exclusion_filter schema: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a WAF exclusion filter tags: - "Application Security" x-codegen-request-body-name: body "x-permission": operator: AND permissions: - appsec_protect_write x-terraform-resource: appsec_waf_exclusion_filter /api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}: delete: description: Delete a specific WAF exclusion filter using its identifier. operationId: DeleteApplicationSecurityWafExclusionFilter parameters: - $ref: "#/components/parameters/ApplicationSecurityWafExclusionFilterID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a WAF exclusion filter tags: - "Application Security" "x-permission": operator: AND permissions: - appsec_protect_write x-terraform-resource: appsec_waf_exclusion_filter get: description: Retrieve a specific WAF exclusion filter using its identifier. operationId: GetApplicationSecurityWafExclusionFilter parameters: - $ref: "#/components/parameters/ApplicationSecurityWafExclusionFilterID" responses: "200": content: application/json: examples: default: value: data: attributes: description: Exclude false positives on a path enabled: true ip_list: - 198.51.100.72 parameters: - list.search.query path_glob: /accounts/* id: 00000000-0000-0000-0000-000000000001 type: exclusion_filter schema: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a WAF exclusion filter tags: - "Application Security" "x-permission": operator: AND permissions: - appsec_protect_read x-terraform-resource: appsec_waf_exclusion_filter put: description: |- Update a specific WAF exclusion filter using its identifier. Returns the exclusion filter object when the request is successful. operationId: UpdateApplicationSecurityWafExclusionFilter parameters: - $ref: "#/components/parameters/ApplicationSecurityWafExclusionFilterID" requestBody: content: application/json: examples: default: value: data: attributes: description: Exclude false positives on a path enabled: true ip_list: - 198.51.100.72 on_match: monitor parameters: - list.search.query path_glob: /accounts/* rules_target: - rule_id: dog-913-009 tags: category: attack_attempt type: lfi scope: - env: www service: prod type: exclusion_filter schema: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterUpdateRequest" description: The exclusion filter to update. required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: Exclude false positives on a path enabled: true ip_list: - 198.51.100.72 parameters: - list.search.query path_glob: /accounts/* id: 00000000-0000-0000-0000-000000000002 type: exclusion_filter schema: $ref: "#/components/schemas/ApplicationSecurityWafExclusionFilterResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a WAF exclusion filter tags: - "Application Security" x-codegen-request-body-name: body "x-permission": operator: AND permissions: - appsec_protect_write x-terraform-resource: appsec_waf_exclusion_filter /api/v2/remote_config/products/cws/agent_rules: get: description: |- Get the list of Workload Protection agent rules. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: ListCSMThreatsAgentRules parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID" responses: "200": content: "application/json": examples: default: value: data: - attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all Workload Protection agent rules tags: ["CSM Threats"] post: description: |- Create a new Workload Protection agent rule with the given parameters. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: CreateCSMThreatsAgentRule requestBody: content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule policy_id: a8c8e364-6556-434d-b798-a4c23de29c0b silent: false type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest" description: "The definition of the new agent rule" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a Workload Protection agent rule tags: ["CSM Threats"] x-codegen-request-body-name: body /api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}: delete: description: |- Delete a specific Workload Protection agent rule. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: DeleteCSMThreatsAgentRule parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityAgentRuleID" - $ref: "#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a Workload Protection agent rule tags: ["CSM Threats"] get: description: |- Get the details of a specific Workload Protection agent rule. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: GetCSMThreatsAgentRule parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityAgentRuleID" - $ref: "#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID" responses: "200": content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a Workload Protection agent rule tags: ["CSM Threats"] patch: description: |- Update a specific Workload Protection Agent rule. Returns the agent rule object when the request is successful. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: UpdateCSMThreatsAgentRule parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityAgentRuleID" - $ref: "#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID" requestBody: content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" policy_id: a8c8e364-6556-434d-b798-a4c23de29c0b silent: false id: 3dd-0uc-h1s type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest" description: "New definition of the agent rule" required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a Workload Protection agent rule tags: ["CSM Threats"] x-codegen-request-body-name: body /api/v2/remote_config/products/cws/policy: get: description: |- Get the list of Workload Protection policies. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: ListCSMThreatsAgentPolicies responses: "200": content: "application/json": examples: default: value: data: - attributes: description: My agent policy enabled: true name: my_agent_policy id: abc-123 type: policy schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPoliciesListResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all Workload Protection policies tags: ["CSM Threats"] post: description: |- Create a new Workload Protection policy with the given parameters. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: CreateCSMThreatsAgentPolicy requestBody: content: application/json: examples: default: value: data: attributes: description: My agent policy enabled: true hostTagsLists: - - env:test name: my_agent_policy type: policy schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyCreateRequest" description: "The definition of the new Agent policy" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: description: My agent policy enabled: true name: my_agent_policy id: abc-123 type: policy schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a Workload Protection policy tags: ["CSM Threats"] x-codegen-request-body-name: body /api/v2/remote_config/products/cws/policy/download: get: description: |- The download endpoint generates a Workload Protection policy file from your currently active Workload Protection agent rules, and downloads them as a `.policy` file. This file can then be deployed to your agents to update the policy running in your environment. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: DownloadCSMThreatsPolicy responses: "200": content: application/zip: examples: default: value: "" schema: format: binary type: string description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: "Download the Workload Protection policy" tags: ["CSM Threats"] /api/v2/remote_config/products/cws/policy/{policy_id}: delete: description: |- Delete a specific Workload Protection policy. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: DeleteCSMThreatsAgentPolicy parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID" responses: "202": description: OK "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a Workload Protection policy tags: ["CSM Threats"] get: description: |- Get the details of a specific Workload Protection policy. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: GetCSMThreatsAgentPolicy parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID" responses: "200": content: application/json: examples: default: value: data: attributes: description: My agent policy enabled: true name: my_agent_policy id: abc-123 type: policy schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a Workload Protection policy tags: ["CSM Threats"] patch: description: |- Update a specific Workload Protection policy. Returns the policy object when the request is successful. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. operationId: UpdateCSMThreatsAgentPolicy parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID" requestBody: content: application/json: examples: default: value: data: attributes: description: My agent policy enabled: true name: my_agent_policy id: 6517fcc1-cec7-4394-a655-8d6e9d085255 type: policy schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdateRequest" description: "New definition of the Agent policy" required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: My agent policy enabled: true name: my_agent_policy id: abc-123 type: policy schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentPolicyResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a Workload Protection policy tags: ["CSM Threats"] x-codegen-request-body-name: body /api/v2/replay/heatmap/snapshots: get: description: List heatmap snapshots. operationId: ListReplayHeatmapSnapshots parameters: - description: Device type to filter snapshots. in: query name: filter[device_type] schema: example: desktop type: string - description: View name to filter snapshots. in: query name: filter[view_name] required: true schema: example: /home type: string - description: Maximum number of snapshots to return. in: query name: page[limit] schema: example: 10 type: integer - description: Filter by application ID. in: query name: filter[application_id] schema: example: aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb type: string responses: "200": content: application/json: examples: default: value: data: - attributes: device_type: desktop event_id: 11111111-2222-3333-4444-555555555555 snapshot_name: My Snapshot view_name: /home id: 00000000-0000-0000-0000-000000000001 type: snapshots schema: $ref: "#/components/schemas/SnapshotArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List replay heatmap snapshots tags: - Rum Replay Heatmaps post: description: Create a heatmap snapshot. operationId: CreateReplayHeatmapSnapshot requestBody: content: application/json: examples: default: value: data: attributes: application_id: aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb device_type: desktop event_id: 11111111-2222-3333-4444-555555555555 is_device_type_selected_by_user: false snapshot_name: My Snapshot start: 0 view_name: /home type: snapshots schema: $ref: "#/components/schemas/SnapshotCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: device_type: desktop event_id: 11111111-2222-3333-4444-555555555555 snapshot_name: My Snapshot view_name: /home id: 00000000-0000-0000-0000-000000000001 type: snapshots schema: $ref: "#/components/schemas/Snapshot" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create replay heatmap snapshot tags: - Rum Replay Heatmaps /api/v2/replay/heatmap/snapshots/{snapshot_id}: delete: description: Delete a heatmap snapshot. operationId: DeleteReplayHeatmapSnapshot parameters: - description: Unique identifier of the heatmap snapshot. in: path name: snapshot_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete replay heatmap snapshot tags: - Rum Replay Heatmaps patch: description: Update a heatmap snapshot. operationId: UpdateReplayHeatmapSnapshot parameters: - description: Unique identifier of the heatmap snapshot. in: path name: snapshot_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string requestBody: content: application/json: examples: default: value: data: attributes: event_id: 11111111-2222-3333-4444-555555555555 is_device_type_selected_by_user: false start: 0 id: 00000000-0000-0000-0000-000000000001 type: snapshots schema: $ref: "#/components/schemas/SnapshotUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: device_type: desktop event_id: 11111111-2222-3333-4444-555555555555 snapshot_name: My Snapshot view_name: /home id: 00000000-0000-0000-0000-000000000001 type: snapshots schema: $ref: "#/components/schemas/Snapshot" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update replay heatmap snapshot tags: - Rum Replay Heatmaps /api/v2/restriction_policy/{resource_id}: delete: description: Deletes the restriction policy associated with a specified resource. operationId: DeleteRestrictionPolicy parameters: - $ref: "#/components/parameters/ResourceID" responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete a restriction policy tags: - Restriction Policies "x-permission": operator: OPEN permissions: [] get: description: Retrieves the restriction policy associated with a specified resource. operationId: GetRestrictionPolicy parameters: - $ref: "#/components/parameters/ResourceID" responses: "200": content: application/json: examples: default: value: data: attributes: bindings: - principals: - "role:00000000-0000-1111-0000-000000000000" relation: editor id: dashboard:abc-def-ghi type: restriction_policy schema: $ref: "#/components/schemas/RestrictionPolicyResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a restriction policy tags: - Restriction Policies "x-permission": operator: OPEN permissions: [] post: description: |- Updates the restriction policy associated with a resource. #### Supported resources Restriction policies can be applied to the following resources: - Dashboards: `dashboard` - Integration Services: `integration-service` - Integration Webhooks: `integration-webhook` - Notebooks: `notebook` - Powerpacks: `powerpack` - Reference Tables: `reference-table` - Security Rules: `security-rule` - Service Level Objectives: `slo` - Synthetic Global Variables: `synthetics-global-variable` - Synthetic Tests: `synthetics-test` - Synthetic Private Locations: `synthetics-private-location` - Monitors: `monitor` - Workflows: `workflow` - App Builder Apps: `app-builder-app` - Connections: `connection` - Connection Groups: `connection-group` - RUM Applications: `rum-application` - Cross Org Connections: `cross-org-connection` - Spreadsheets: `spreadsheet` - On-Call Schedules: `on-call-schedule` - On-Call Escalation Policies: `on-call-escalation-policy` - On-Call Team Routing Rules: `on-call-team-routing-rules` - Logs Pipelines: `logs-pipeline` - Case Management Projects: `case-management-project` - Monitor Notification Rules: `monitor-notification-rule` #### Supported relations for resources Resource Type | Supported Relations ----------------------------|-------------------------- Dashboards | `viewer`, `editor` Integration Services | `viewer`, `editor` Integration Webhooks | `viewer`, `editor` Notebooks | `viewer`, `editor` Powerpacks | `viewer`, `editor` Security Rules | `viewer`, `editor` Service Level Objectives | `viewer`, `editor` Synthetic Global Variables | `viewer`, `editor` Synthetic Tests | `viewer`, `editor` Synthetic Private Locations | `viewer`, `editor` Monitors | `viewer`, `editor` Reference Tables | `viewer`, `editor` Workflows | `viewer`, `runner`, `editor` App Builder Apps | `viewer`, `editor` Connections | `viewer`, `resolver`, `editor` Connection Groups | `viewer`, `editor` RUM Application | `viewer`, `editor` Cross Org Connections | `viewer`, `editor` Spreadsheets | `viewer`, `editor` On-Call Schedules | `viewer`, `overrider`, `editor` On-Call Escalation Policies | `viewer`, `editor` On-Call Team Routing Rules | `viewer`, `editor` Logs Pipelines | `viewer`, `processors_editor`, `editor` Case Management Projects | `viewer`, `contributor`, `manager` Monitor Notification Rules | `viewer`, `editor` operationId: UpdateRestrictionPolicy parameters: - $ref: "#/components/parameters/ResourceID" - description: Allows admins (users with the `user_access_manage` permission) to remove their own access from the resource if set to `true`. By default, this is set to `false`, preventing admins from locking themselves out. in: query name: allow_self_lockout required: false schema: type: boolean requestBody: content: application/json: examples: default: value: data: attributes: bindings: - principals: - user:4dee724d-00cc-11ea-a77b-570c9d03c6c5 relation: editor id: dashboard:abc-def-ghi type: restriction_policy schema: $ref: "#/components/schemas/RestrictionPolicyUpdateRequest" description: Restriction policy payload required: true responses: "200": content: application/json: examples: default: value: data: attributes: bindings: - principals: - "role:00000000-0000-1111-0000-000000000000" relation: editor id: dashboard:abc-def-ghi type: restriction_policy schema: $ref: "#/components/schemas/RestrictionPolicyResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update a restriction policy tags: - Restriction Policies x-codegen-request-body-name: body "x-permission": operator: OPEN permissions: [] /api/v2/roles: get: description: Returns all roles, including their names and their unique identifiers. operationId: ListRoles parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: |- Sort roles depending on the given field. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example: `sort=-name`. in: query name: sort required: false schema: $ref: "#/components/schemas/RolesSort" - description: Filter all roles by the given string. in: query name: filter required: false schema: type: string - description: Filter all roles by the given list of role IDs. in: query name: filter[id] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: name: developers id: 00000000-0000-0000-0000-000000000001 type: roles meta: page: total_count: 1 total_filtered_count: 1 schema: $ref: "#/components/schemas/RolesResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List roles tags: - Roles "x-permission": operator: OR permissions: - user_access_read post: description: Create a new role for your organization. operationId: CreateRole requestBody: content: application/json: examples: default: value: data: attributes: name: developers type: roles schema: $ref: "#/components/schemas/RoleCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: developers id: 00000000-0000-0000-0000-000000000002 type: roles schema: $ref: "#/components/schemas/RoleCreateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create role tags: - Roles x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage /api/v2/roles/templates: get: description: List all role templates operationId: ListRoleTemplates responses: "200": content: application/json: examples: default: value: data: - attributes: name: Datadog Standard Role id: 00000000-0000-0000-0000-000000000012 type: roles schema: $ref: "#/components/schemas/RoleTemplateArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List role templates tags: - Roles x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/roles/{role_id}: delete: description: Disables a role. operationId: DeleteRole parameters: - $ref: "#/components/parameters/RoleID" responses: "204": description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Delete role tags: - Roles x-codegen-request-body-name: body get: description: Get a role in the organization specified by the role’s `role_id`. operationId: GetRole parameters: - $ref: "#/components/parameters/RoleID" responses: "200": content: application/json: examples: default: value: data: attributes: name: developers id: 00000000-0000-0000-0000-000000000003 type: roles schema: $ref: "#/components/schemas/RoleResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get a role tags: - Roles x-codegen-request-body-name: body patch: description: |- Edit a role. Can only be used with application keys belonging to administrators. operationId: UpdateRole parameters: - $ref: "#/components/parameters/RoleID" requestBody: content: application/json: examples: default: value: data: attributes: name: updated-role-name id: 00000000-0000-1111-0000-000000000000 type: roles schema: $ref: "#/components/schemas/RoleUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: developers id: 00000000-0000-0000-0000-000000000004 type: roles schema: $ref: "#/components/schemas/RoleUpdateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a role tags: - Roles x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage /api/v2/roles/{role_id}/clone: post: description: Clone an existing role operationId: CloneRole parameters: - $ref: "#/components/parameters/RoleID" requestBody: content: application/json: examples: default: value: data: attributes: name: cloned-role type: roles schema: $ref: "#/components/schemas/RoleCloneRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: developers id: 00000000-0000-0000-0000-000000000011 type: roles schema: $ref: "#/components/schemas/RoleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create a new role by cloning an existing role tags: - Roles x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage /api/v2/roles/{role_id}/permissions: delete: description: Removes a permission from a role. operationId: RemovePermissionFromRole parameters: - $ref: "#/components/parameters/RoleID" requestBody: content: application/json: examples: default: value: data: id: 6f66600e-dd12-11e8-9e55-7f30fbb45e73 type: permissions schema: $ref: "#/components/schemas/RelationshipToPermission" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: name: logs_read_data id: 00000000-0000-0000-0000-000000000007 type: permissions schema: $ref: "#/components/schemas/PermissionsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Revoke permission tags: - Roles x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage get: description: Returns a list of all permissions for a single role. operationId: ListRolePermissions parameters: - $ref: "#/components/parameters/RoleID" responses: "200": content: application/json: examples: default: value: data: - attributes: name: logs_read_data id: 00000000-0000-0000-0000-000000000005 type: permissions schema: $ref: "#/components/schemas/PermissionsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List permissions for a role tags: - Roles x-codegen-request-body-name: body post: description: Adds a permission to a role. operationId: AddPermissionToRole parameters: - $ref: "#/components/parameters/RoleID" requestBody: content: application/json: examples: default: value: data: id: 6f66600e-dd12-11e8-9e55-7f30fbb45e73 type: permissions schema: $ref: "#/components/schemas/RelationshipToPermission" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: name: logs_read_data id: 00000000-0000-0000-0000-000000000006 type: permissions schema: $ref: "#/components/schemas/PermissionsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Grant permission to a role tags: - Roles x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage /api/v2/roles/{role_id}/users: delete: description: Removes a user from a role. operationId: RemoveUserFromRole parameters: - $ref: "#/components/parameters/RoleID" requestBody: content: application/json: examples: default: value: data: id: 00000000-0000-0000-2345-000000000000 type: users schema: $ref: "#/components/schemas/RelationshipToUser" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: email: test@example.com name: Example Name id: 00000000-0000-0000-0000-000000000010 type: users schema: $ref: "#/components/schemas/UsersResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Remove a user from a role tags: - Roles x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage get: description: Gets all users of a role. operationId: ListRoleUsers parameters: - $ref: "#/components/parameters/RoleID" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: |- User attribute to order results by. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `email`, `status`. in: query name: sort required: false schema: default: name type: string - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: email: test@example.com name: Example Name id: 00000000-0000-0000-0000-000000000008 type: users schema: $ref: "#/components/schemas/UsersResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get all users of a role tags: - Roles post: description: Adds a user to a role. operationId: AddUserToRole parameters: - $ref: "#/components/parameters/RoleID" requestBody: content: application/json: examples: default: value: data: id: 00000000-0000-0000-2345-000000000000 type: users schema: $ref: "#/components/schemas/RelationshipToUser" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: email: test@example.com name: Example Name id: 00000000-0000-0000-0000-000000000009 type: users schema: $ref: "#/components/schemas/UsersResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Add a user to a role tags: - Roles x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage /api/v2/rum/analytics/aggregate: post: description: |- The API endpoint to aggregate RUM events into buckets of computed metrics and timeseries. operationId: AggregateRUMEvents requestBody: content: "application/json": examples: default: value: compute: - aggregation: pc90 interval: 5m metric: "@duration" type: timeseries filter: from: now-15m query: "@type:session AND @session.type:user" to: now group_by: - facet: "@view.time_spent" histogram: interval: 10 max: 100 min: 50 sort: aggregation: count order: asc options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 schema: $ref: "#/components/schemas/RUMAggregateRequest" required: true responses: "200": content: application/json: examples: default: value: data: buckets: - by: "@session.type": user "@type": view computes: c0: 19 meta: elapsed: 132 request_id: abc-123 status: done schema: $ref: "#/components/schemas/RUMAnalyticsAggregateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Aggregate RUM events tags: ["RUM"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - rum_apps_read /api/v2/rum/applications: get: description: List all the RUM applications in your organization. operationId: GetRUMApplications responses: "200": content: application/json: examples: default: value: data: - attributes: application_id: abc-123 created_at: 1659479836169 created_by_handle: example-handle name: my_rum_application org_id: 123 type: browser updated_at: 1659479836169 updated_by_handle: example-handle id: abc-123 type: rum_application schema: $ref: "#/components/schemas/RUMApplicationsResponse" description: OK "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List all the RUM applications tags: ["RUM"] "x-permission": operator: OR permissions: - rum_apps_read post: description: Create a new RUM application in your organization. operationId: CreateRUMApplication requestBody: content: application/json: examples: default: value: data: attributes: name: my_new_rum_application product_analytics_retention_state: MAX rum_event_processing_state: ALL type: browser type: rum_application_create schema: $ref: "#/components/schemas/RUMApplicationCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: application_id: abc-123 client_token: abc-123-token created_at: 1659479836169 created_by_handle: example-handle name: my_rum_application org_id: 123 type: browser updated_at: 1659479836169 updated_by_handle: example-handle id: abc-123 type: rum_application schema: $ref: "#/components/schemas/RUMApplicationResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a new RUM application tags: ["RUM"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - rum_apps_write /api/v2/rum/applications/{app_id}/relationships/retention_filters: patch: description: |- Order RUM retention filters for a RUM application. Returns RUM retention filter objects without attributes from the request body when the request is successful. operationId: OrderRetentionFilters parameters: - $ref: "#/components/parameters/RumApplicationIDParameter" requestBody: content: application/json: examples: default: value: data: - id: 051601eb-54a0-abc0-03f9-cc02efa18892 type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFiltersOrderRequest" description: New definition of the RUM retention filter. required: true responses: "200": content: application/json: examples: default: value: data: - id: "051601eb-54a0-abc0-03f9-cc02efa18892" type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFiltersOrderResponse" description: Ordered "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Order RUM retention filters tags: - Rum Retention Filters x-codegen-request-body-name: body /api/v2/rum/applications/{app_id}/retention_filters: get: description: Get the list of RUM retention filters for a RUM application. operationId: ListRetentionFilters parameters: - $ref: "#/components/parameters/RumApplicationIDParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: cross_product_sampling: trace_enabled: true trace_sample_rate: 25.0 enabled: true event_type: session name: Retention filter for session query: "@session.has_replay:true" sample_rate: 50.5 id: "051601eb-54a0-abc0-03f9-cc02efa18892" type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFiltersResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all RUM retention filters tags: - Rum Retention Filters post: description: |- Create a RUM retention filter for a RUM application. Returns RUM retention filter objects from the request body when the request is successful. operationId: CreateRetentionFilter parameters: - $ref: "#/components/parameters/RumApplicationIDParameter" requestBody: content: application/json: examples: default: value: data: attributes: cross_product_sampling: trace_enabled: true trace_sample_rate: 25.0 enabled: true event_type: session name: Retention filter for session query: "@session.has_replay:true" sample_rate: 50.5 type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFilterCreateRequest" description: The definition of the new RUM retention filter. required: true responses: "201": content: application/json: examples: default: value: data: attributes: enabled: true event_type: session name: Retention filter for session query: "@session.has_replay:true" sample_rate: 50.5 id: 00000000-0000-0000-0000-000000000001 type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFilterResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a RUM retention filter tags: - Rum Retention Filters x-codegen-request-body-name: body /api/v2/rum/applications/{app_id}/retention_filters/{rf_id}: delete: description: Delete a RUM retention filter for a RUM application. operationId: DeleteRetentionFilter parameters: - $ref: "#/components/parameters/RumApplicationIDParameter" - $ref: "#/components/parameters/RumRetentionFilterIDParameter" responses: "204": description: No Content "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a RUM retention filter tags: - Rum Retention Filters get: description: Get a RUM retention filter for a RUM application. operationId: GetRetentionFilter parameters: - $ref: "#/components/parameters/RumApplicationIDParameter" - $ref: "#/components/parameters/RumRetentionFilterIDParameter" responses: "200": content: application/json: examples: default: value: data: attributes: cross_product_sampling: trace_enabled: true trace_sample_rate: 25.0 enabled: true event_type: session name: Retention filter for session query: "@session.has_replay:true" sample_rate: 50.5 id: "051601eb-54a0-abc0-03f9-cc02efa18892" type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFilterResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a RUM retention filter tags: - Rum Retention Filters patch: description: |- Update a RUM retention filter for a RUM application. Returns RUM retention filter objects from the request body when the request is successful. operationId: UpdateRetentionFilter parameters: - $ref: "#/components/parameters/RumApplicationIDParameter" - $ref: "#/components/parameters/RumRetentionFilterIDParameter" requestBody: content: application/json: examples: default: value: data: attributes: cross_product_sampling: trace_enabled: true trace_sample_rate: 25.0 enabled: true event_type: session name: Retention filter for session query: "@session.has_replay:true" sample_rate: 50.5 id: 051601eb-54a0-abc0-03f9-cc02efa18892 type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFilterUpdateRequest" description: New definition of the RUM retention filter. required: true responses: "200": content: application/json: examples: default: value: data: attributes: cross_product_sampling: trace_enabled: true trace_sample_rate: 25.0 enabled: true event_type: session name: Retention filter for session query: "@session.has_replay:true" sample_rate: 50.5 id: "051601eb-54a0-abc0-03f9-cc02efa18892" type: retention_filters schema: $ref: "#/components/schemas/RumRetentionFilterResponse" description: Updated "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a RUM retention filter tags: - Rum Retention Filters x-codegen-request-body-name: body /api/v2/rum/applications/{id}: delete: description: Delete an existing RUM application in your organization. operationId: DeleteRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string responses: "204": description: No Content "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a RUM application tags: ["RUM"] "x-permission": operator: OR permissions: - rum_apps_write get: description: Get the RUM application with given ID in your organization. operationId: GetRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: application_id: abc-123 client_token: abc-123-token created_at: 1659479836169 created_by_handle: example-handle name: my_rum_application org_id: 123 type: browser updated_at: 1659479836169 updated_by_handle: example-handle id: abc-123 type: rum_application schema: $ref: "#/components/schemas/RUMApplicationResponse" description: OK "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a RUM application tags: ["RUM"] "x-permission": operator: OR permissions: - rum_apps_read patch: description: Update the RUM application with given ID in your organization. operationId: UpdateRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: name: updated_name_for_my_existing_rum_application product_analytics_retention_state: MAX rum_event_processing_state: ALL type: browser id: abcd1234-0000-0000-abcd-1234abcd5678 type: rum_application_update schema: $ref: "#/components/schemas/RUMApplicationUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: application_id: abc-123 client_token: abc-123-token created_at: 1659479836169 created_by_handle: example-handle name: updated_name_for_my_existing_rum_application org_id: 123 type: browser updated_at: 1659479836169 updated_by_handle: example-handle id: abc-123 type: rum_application schema: $ref: "#/components/schemas/RUMApplicationResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity. "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a RUM application tags: ["RUM"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - rum_apps_write /api/v2/rum/config/metrics: get: description: Get the list of configured rum-based metrics with their definitions. operationId: ListRumMetrics responses: "200": content: application/json: examples: default: value: data: - attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" event_type: session filter: query: "@service:web-api" group_by: - path: "@browser.name" tag_name: browser_name uniqueness: when: match id: rum.sessions.web.count type: rum_metrics schema: $ref: "#/components/schemas/RumMetricsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all rum-based metrics tags: - Rum Metrics post: description: |- Create a metric based on your organization's RUM data. Returns the rum-based metric object from the request body when the request is successful. operationId: CreateRumMetric requestBody: content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" event_type: session filter: query: "@service:web-api" group_by: - path: "@browser.name" tag_name: browser_name uniqueness: when: match id: rum.sessions.web.count type: rum_metrics schema: $ref: "#/components/schemas/RumMetricCreateRequest" description: The definition of the new rum-based metric. required: true responses: "201": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" event_type: session filter: query: "@service:web-api" group_by: - path: "@browser.name" tag_name: browser_name uniqueness: when: match id: rum.sessions.web.count type: rum_metrics schema: $ref: "#/components/schemas/RumMetricResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a rum-based metric tags: - Rum Metrics x-codegen-request-body-name: body /api/v2/rum/config/metrics/{metric_id}: delete: description: Delete a specific rum-based metric from your organization. operationId: DeleteRumMetric parameters: - $ref: "#/components/parameters/RumMetricIDParameter" responses: "204": description: No Content "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a rum-based metric tags: - Rum Metrics get: description: Get a specific rum-based metric from your organization. operationId: GetRumMetric parameters: - $ref: "#/components/parameters/RumMetricIDParameter" responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" event_type: session filter: query: "@service:web-api" group_by: - path: "@browser.name" tag_name: browser_name uniqueness: when: match id: rum.sessions.web.count type: rum_metrics schema: $ref: "#/components/schemas/RumMetricResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a rum-based metric tags: - Rum Metrics patch: description: |- Update a specific rum-based metric from your organization. Returns the rum-based metric object from the request body when the request is successful. operationId: UpdateRumMetric parameters: - $ref: "#/components/parameters/RumMetricIDParameter" requestBody: content: application/json: examples: default: value: data: attributes: compute: include_percentiles: true filter: query: "@service:web-api" group_by: - path: "@browser.name" tag_name: browser_name id: rum.sessions.web.count type: rum_metrics schema: $ref: "#/components/schemas/RumMetricUpdateRequest" description: New definition of the rum-based metric. required: true responses: "200": content: application/json: examples: default: value: data: attributes: compute: aggregation_type: distribution include_percentiles: true path: "@duration" event_type: session filter: query: "@service:web-api" group_by: - path: "@browser.name" tag_name: browser_name uniqueness: when: match id: rum.sessions.web.count type: rum_metrics schema: $ref: "#/components/schemas/RumMetricResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a rum-based metric tags: - Rum Metrics x-codegen-request-body-name: body /api/v2/rum/events: get: description: |- List endpoint returns events that match a RUM search query. [Results are paginated][1]. Use this endpoint to see your latest RUM events. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination operationId: ListRUMEvents parameters: - description: Search query following RUM syntax. example: "@type:session @application_id:xxxx" in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: "2019-01-02T09:42:36.320Z" in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: "2019-01-03T09:42:36.320Z" in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: "#/components/schemas/RUMSort" - description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: service: test-service timestamp: "2024-01-01T00:00:00+00:00" id: abc-123 type: rum schema: $ref: "#/components/schemas/RUMEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a list of RUM events tags: ["RUM"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - rum_apps_read /api/v2/rum/events/search: post: description: |- List endpoint returns RUM events that match a RUM search query. [Results are paginated][1]. Use this endpoint to build complex RUM events filtering and search. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination operationId: SearchRUMEvents requestBody: content: "application/json": examples: default: value: filter: from: now-15m query: "@type:session AND @session.type:user" to: now options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp schema: $ref: "#/components/schemas/RUMSearchEventsRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: service: test-service timestamp: "2024-01-01T00:00:00+00:00" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: rum meta: elapsed: 132 request_id: abc-123 status: done schema: $ref: "#/components/schemas/RUMEventsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Search RUM events tags: ["RUM"] x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data "x-permission": operator: OR permissions: - rum_apps_read /api/v2/rum/replay/playlists: get: description: List playlists. operationId: ListRumReplayPlaylists parameters: - description: Filter playlists by the UUID of the user who created them. in: query name: filter[created_by_uuid] schema: example: 00000000-0000-0000-0000-000000000001 type: string - description: Search query to filter playlists by name. in: query name: filter[query] schema: example: my playlist type: string - description: Page number for pagination (0-indexed). in: query name: page[number] schema: example: 0 type: integer - description: Number of items per page. in: query name: page[size] schema: example: 25 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: name: My Playlist id: "123" type: rum_replay_playlist schema: $ref: "#/components/schemas/PlaylistArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List rum replay playlists tags: - Rum Replay Playlists post: description: Create a playlist. operationId: CreateRumReplayPlaylist requestBody: content: application/json: examples: default: value: data: attributes: created_by: handle: john.doe@example.com id: 00000000-0000-0000-0000-000000000001 uuid: 00000000-0000-0000-0000-000000000001 name: My Playlist type: rum_replay_playlist schema: $ref: "#/components/schemas/Playlist" required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: My Playlist id: "123" type: rum_replay_playlist schema: $ref: "#/components/schemas/Playlist" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create rum replay playlist tags: - Rum Replay Playlists /api/v2/rum/replay/playlists/{playlist_id}: delete: description: Delete a playlist. operationId: DeleteRumReplayPlaylist parameters: - description: Unique identifier of the playlist. in: path name: playlist_id required: true schema: example: 1234567 type: integer responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete rum replay playlist tags: - Rum Replay Playlists get: description: Get a playlist. operationId: GetRumReplayPlaylist parameters: - description: Unique identifier of the playlist. in: path name: playlist_id required: true schema: example: 1234567 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: name: My Playlist id: "123" type: rum_replay_playlist schema: $ref: "#/components/schemas/Playlist" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get rum replay playlist tags: - Rum Replay Playlists put: description: Update a playlist. operationId: UpdateRumReplayPlaylist parameters: - description: Unique identifier of the playlist. in: path name: playlist_id required: true schema: example: 1234567 type: integer requestBody: content: application/json: examples: default: value: data: attributes: created_by: handle: john.doe@example.com id: 00000000-0000-0000-0000-000000000001 uuid: 00000000-0000-0000-0000-000000000001 name: My Playlist type: rum_replay_playlist schema: $ref: "#/components/schemas/Playlist" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: My Playlist id: "123" type: rum_replay_playlist schema: $ref: "#/components/schemas/Playlist" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update rum replay playlist tags: - Rum Replay Playlists /api/v2/rum/replay/playlists/{playlist_id}/sessions: delete: description: Remove sessions from a playlist. operationId: BulkRemoveRumReplayPlaylistSessions parameters: - description: Unique identifier of the playlist. in: path name: playlist_id required: true schema: example: 1234567 type: integer requestBody: content: application/json: examples: default: value: data: - id: 00000000-0000-0000-0000-000000000001 type: rum_replay_session schema: $ref: "#/components/schemas/SessionIdArray" required: true responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Bulk remove rum replay playlist sessions tags: - Rum Replay Playlists get: description: List sessions in a playlist. operationId: ListRumReplayPlaylistSessions parameters: - description: Unique identifier of the playlist. in: path name: playlist_id required: true schema: example: 1234567 type: integer - description: Page number for pagination (0-indexed). in: query name: page[number] schema: example: 0 type: integer - description: Number of items per page. in: query name: page[size] schema: example: 25 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: track: main id: 00000000-0000-0000-0000-000000000001 type: rum_replay_session schema: $ref: "#/components/schemas/PlaylistsSessionArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List rum replay playlist sessions tags: - Rum Replay Playlists /api/v2/rum/replay/playlists/{playlist_id}/sessions/{session_id}: delete: description: Remove a session from a playlist. operationId: RemoveRumReplaySessionFromPlaylist parameters: - description: Unique identifier of the playlist. in: path name: playlist_id required: true schema: example: 1234567 type: integer - description: Unique identifier of the session. in: path name: session_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Remove rum replay session from playlist tags: - Rum Replay Playlists put: description: Add a session to a playlist. operationId: AddRumReplaySessionToPlaylist parameters: - description: "Data source type. Valid values: 'rum' or 'product_analytics'. Defaults to 'rum'." in: query name: data_source schema: example: rum type: string - description: Server-side timestamp in milliseconds. in: query name: ts required: true schema: example: 1704067200000 format: int64 type: integer - description: Unique identifier of the playlist. in: path name: playlist_id required: true schema: example: 1234567 type: integer - description: Unique identifier of the session. in: path name: session_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string responses: "200": content: application/json: examples: default: value: data: attributes: track: main id: 00000000-0000-0000-0000-000000000001 type: rum_replay_session schema: $ref: "#/components/schemas/PlaylistsSession" description: OK "201": content: application/json: examples: default: value: data: attributes: track: main id: 00000000-0000-0000-0000-000000000001 type: rum_replay_session schema: $ref: "#/components/schemas/PlaylistsSession" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Add rum replay session to playlist tags: - Rum Replay Playlists /api/v2/rum/replay/sessions/{session_id}/views/{view_id}/segments: get: description: Get segments for a view. operationId: GetSegments parameters: - description: Unique identifier of the view. in: path name: view_id required: true schema: example: 00000000-0000-0000-0000-000000000002 type: string - description: "Storage source: 'event_platform' or 'blob'." in: query name: source schema: example: event_platform type: string - description: Unique identifier of the session. in: path name: session_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string - description: Server-side timestamp in milliseconds. in: query name: ts schema: example: 1704067200000 format: int64 type: integer - description: Maximum size in bytes for the segment list. in: query name: max_list_size schema: example: 1048576 type: integer - description: Paging token for pagination. in: query name: paging schema: example: eyJuZXh0IjoiYWJjMTIzIn0 type: string responses: "200": description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get segments tags: - Rum Replay Sessions /api/v2/rum/replay/sessions/{session_id}/watchers: get: description: List session watchers. operationId: ListRumReplaySessionWatchers parameters: - description: Number of items per page. in: query name: page[size] schema: example: 25 type: integer - description: Page number for pagination (0-indexed). in: query name: page[number] schema: example: 0 type: integer - description: Unique identifier of the session. in: path name: session_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string responses: "200": content: application/json: examples: default: value: data: - attributes: handle: test@example.com last_watched_at: "2024-01-01T00:00:00+00:00" watch_count: 1 id: abc-123 type: rum_replay_watcher schema: $ref: "#/components/schemas/WatcherArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List rum replay session watchers tags: - Rum Replay Viewership /api/v2/rum/replay/sessions/{session_id}/watches: delete: description: Delete session watch history. operationId: DeleteRumReplaySessionWatch parameters: - description: Unique identifier of the session. in: path name: session_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete rum replay session watch tags: - Rum Replay Viewership post: description: Record a session watch. operationId: CreateRumReplaySessionWatch parameters: - description: Unique identifier of the session. in: path name: session_id required: true schema: example: 00000000-0000-0000-0000-000000000001 type: string requestBody: content: application/json: examples: default: value: data: attributes: application_id: aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb event_id: 11111111-2222-3333-4444-555555555555 timestamp: "2026-01-13T17:15:53.208340Z" type: rum_replay_watch schema: $ref: "#/components/schemas/Watch" required: true responses: "201": content: application/json: examples: default: value: data: attributes: application_id: aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb event_id: 11111111-2222-3333-4444-555555555555 timestamp: "2024-01-01T00:00:00+00:00" id: abc-123 type: rum_replay_watch schema: $ref: "#/components/schemas/Watch" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create rum replay session watch tags: - Rum Replay Viewership /api/v2/rum/replay/viewership-history/sessions: get: description: List watched sessions. operationId: ListRumReplayViewershipHistorySessions parameters: - description: Start timestamp in milliseconds for watched_at filter. in: query name: filter[watched_at][start] schema: example: 1704067200000 format: int64 type: integer - description: Page number for pagination (0-indexed). in: query name: page[number] schema: example: 0 type: integer - description: Filter by user UUID. Defaults to current user if not specified. in: query name: filter[created_by] schema: example: 00000000-0000-0000-0000-000000000001 type: string - description: End timestamp in milliseconds for watched_at filter. in: query name: filter[watched_at][end] schema: example: 1704153600000 format: int64 type: integer - description: Comma-separated list of session IDs to filter by. in: query name: filter[session_ids] schema: example: 11111111-2222-3333-4444-555555555555,22222222-3333-4444-5555-666666666666 type: string - description: Number of items per page. in: query name: page[size] schema: example: 25 type: integer - description: Filter by application ID. in: query name: filter[application_id] schema: example: aaaaaaaa-1111-2222-3333-bbbbbbbbbbbb type: string responses: "200": content: application/json: examples: default: value: data: - attributes: last_watched_at: "2024-01-01T00:00:00+00:00" id: abc-123 type: rum_replay_session schema: $ref: "#/components/schemas/ViewershipHistorySessionArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List rum replay viewership history sessions tags: - Rum Replay Viewership /api/v2/saml_configurations/idp_metadata: post: description: |- Endpoint for uploading IdP metadata for SAML setup. Use this endpoint to upload or replace IdP metadata for SAML login configuration. operationId: UploadIdPMetadata requestBody: content: multipart/form-data: examples: default: value: {} schema: $ref: "#/components/schemas/IdPMetadataFormData" required: true responses: "200": description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Upload IdP metadata tags: - Organizations x-codegen-request-body-name: body "x-permission": operator: OR permissions: - org_management /api/v2/scorecard/campaigns: get: description: Fetches all scorecard campaigns. operationId: ListScorecardCampaigns parameters: - description: Maximum number of campaigns to return. in: query name: page[limit] required: false schema: default: 10 example: 10 format: int64 type: integer - description: Offset for pagination. in: query name: page[offset] required: false schema: default: 0 example: 0 format: int64 type: integer - description: Filter campaigns by name (full-text search). in: query name: filter[campaign][name] required: false schema: example: security type: string - description: Filter campaigns by status. in: query name: filter[campaign][status] required: false schema: example: in_progress type: string - description: Filter campaigns by owner UUID. in: query name: filter[campaign][owner] required: false schema: example: 550e8400-e29b-41d4-a716-446655440000 type: string responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2026-01-01T00:00:00Z" entity_scope: kind:service key: test-campaign-1 modified_at: "2026-01-01T00:00:00Z" name: Test Campaign 1 owner: "" start_date: "2026-01-01T00:00:00Z" status: in_progress id: campaign-1 meta: entity_count: 25 rule_count: 2 relationships: rules: data: - id: rule-1 type: rule - id: rule-2 type: rule type: campaign meta: count: 1 limit: 10 offset: 0 total: 1 schema: $ref: "#/components/schemas/ListCampaignsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read - cases_read summary: List all campaigns tags: - Scorecards post: description: Creates a new scorecard campaign. operationId: CreateScorecardCampaign requestBody: content: application/json: examples: default: value: data: attributes: description: Campaign to improve security posture for Q1 2024. due_date: "2024-03-31T23:59:59Z" entity_scope: "kind:service AND team:platform" guidance: Please ensure all services pass the security requirements. key: q1-security-2024 name: Q1 Security Campaign owner_id: 550e8400-e29b-41d4-a716-446655440000 rule_ids: - q8MQxk8TCqrHnWkx - r9NRyl9UDrsIoXly start_date: "2024-01-01T00:00:00Z" status: in_progress type: campaign schema: $ref: "#/components/schemas/CreateCampaignRequest" description: Campaign data. required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2026-01-01T00:00:00Z" key: minimal-campaign modified_at: "2026-01-01T00:00:00Z" name: Minimal Campaign owner: 21f98ae1-4ae2-11eb-958f-07e105a6e810 start_date: "2026-01-01T00:00:00Z" status: in_progress id: campaign-2 relationships: rules: data: - id: rule-1 type: rule type: campaign schema: $ref: "#/components/schemas/CampaignResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write - cases_write summary: Create a new campaign tags: - Scorecards /api/v2/scorecard/campaigns/{campaign_id}: delete: description: Deletes a single campaign by ID or key. operationId: DeleteScorecardCampaign parameters: - description: Campaign ID or key. in: path name: campaign_id required: true schema: example: c10ODp0VCrrIpXmz type: string responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write - cases_write summary: Delete a campaign tags: - Scorecards get: description: Fetches a single campaign by ID or key. operationId: GetScorecardCampaign parameters: - description: Campaign ID or key. in: path name: campaign_id required: true schema: example: c10ODp0VCrrIpXmz type: string - description: Include related data (for example, scores). in: query name: include required: false schema: example: scores type: string - description: Include metadata (entity and rule counts). in: query name: include_meta required: false schema: example: true type: boolean responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2026-01-01T00:00:00Z" key: test-campaign modified_at: "2026-01-01T00:00:00Z" name: Test Campaign owner: "" start_date: "2026-01-01T00:00:00Z" status: in_progress id: c2b79b87-327c-40fa-b726-228f1a60bbb4 relationships: campaign_score: data: id: c2b79b87-327c-40fa-b726-228f1a60bbb4 type: score rule_scores: data: - id: rule-1 type: score rules: data: - id: rule-1 type: rule type: campaign included: - attributes: aggregation: campaign denominator: 13 numerator: 10 score: 76.92 total_fail: 2 total_no_data: 0 total_pass: 10 total_skip: 1 id: c2b79b87-327c-40fa-b726-228f1a60bbb4 type: score schema: $ref: "#/components/schemas/CampaignResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read - cases_read summary: Get a campaign tags: - Scorecards put: description: Updates an existing campaign. operationId: UpdateScorecardCampaign parameters: - description: Campaign ID or key. in: path name: campaign_id required: true schema: example: c10ODp0VCrrIpXmz type: string requestBody: content: application/json: examples: default: value: data: attributes: description: Campaign to improve security posture for Q1 2024. due_date: "2024-03-31T23:59:59Z" entity_scope: "kind:service AND team:platform" guidance: Please ensure all services pass the security requirements. key: q1-security-2024 name: Q1 Security Campaign owner_id: 550e8400-e29b-41d4-a716-446655440000 rule_ids: - q8MQxk8TCqrHnWkx - r9NRyl9UDrsIoXly start_date: "2024-01-01T00:00:00Z" status: in_progress type: campaign schema: $ref: "#/components/schemas/UpdateCampaignRequest" description: Campaign data. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2026-01-01T00:00:00Z" description: Updated Description key: updated-campaign modified_at: "2026-01-02T00:00:00Z" name: Updated Campaign owner: 21f98ae1-4ae2-11eb-958f-07e105a6e810 start_date: "2026-01-01T00:00:00Z" status: completed id: 9c15b9ca-5abd-4875-84c2-02e166a45959 relationships: rules: data: - id: rule-1 type: rule - id: rule-2 type: rule type: campaign schema: $ref: "#/components/schemas/CampaignResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write - cases_write summary: Update a campaign tags: - Scorecards /api/v2/scorecard/outcomes: get: description: Fetches all rule outcomes. operationId: ListScorecardOutcomes parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageOffset" - description: Include related rule details in the response. in: query name: include required: false schema: example: rule type: string - description: Return only specified values in the outcome attributes. in: query name: fields[outcome] required: false schema: example: state, service_name type: string - description: Return only specified values in the included rule details. in: query name: fields[rule] required: false schema: example: name type: string - description: Filter outcomes on a specific service name. in: query name: filter[outcome][service_name] required: false schema: example: web-store type: string - description: Filter outcomes by a specific state. in: query name: filter[outcome][state] required: false schema: example: fail type: string - description: Filter outcomes based on whether a rule is enabled or disabled. in: query name: filter[rule][enabled] required: false schema: example: true type: boolean - description: Filter outcomes based on rule ID. in: query name: filter[rule][id] required: false schema: example: f4485c79-0762-449c-96cf-c31e54a659f6 type: string - description: Filter outcomes based on rule name. in: query name: filter[rule][name] required: false schema: example: SLOs Defined type: string responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2026-01-06T12:51:32.000546001Z" modified_at: "2026-01-06T12:51:32.000546001Z" remarks: test service_name: my-service state: pass id: a75tJIv_kNQ relationships: rule: data: id: rule-1 type: rule type: outcome links: next: /api/v2/scorecard/outcomes?page%5Blimit%5D=100&page%5Boffset%5D=100 schema: $ref: "#/components/schemas/OutcomesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: List all rule outcomes tags: - Scorecards x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data post: description: Updates multiple scorecard rule outcomes in a single batched request. operationId: UpdateScorecardOutcomes requestBody: content: application/json: examples: default: value: data: attributes: results: - entity_reference: service:my-service remarks: 'See: Services' rule_id: q8MQxk8TCqrHnWkx state: pass type: batched-outcome schema: $ref: "#/components/schemas/UpdateOutcomesAsyncRequest" description: Set of scorecard outcomes. required: true responses: "202": description: Accepted "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Update Scorecard outcomes tags: - Scorecards x-codegen-request-body-name: body /api/v2/scorecard/outcomes/batch: post: deprecated: true description: Sets multiple service-rule outcomes in a single batched request. operationId: CreateScorecardOutcomesBatch requestBody: content: application/json: examples: default: value: data: attributes: results: - remarks: 'See: Services' rule_id: q8MQxk8TCqrHnWkx service_name: my-service state: pass type: batched-outcome schema: $ref: "#/components/schemas/OutcomesBatchRequest" description: Set of scorecard outcomes. required: true responses: "200": content: application/json: examples: default: value: data: - attributes: modified_at: "2026-03-11T07:37:20.758067Z" remarks: test remarks service_name: my-service state: pass id: nFs2_9E97Zo relationships: rule: data: id: rule-1 type: rule type: outcome meta: total_received: 1 total_staged: 1 schema: $ref: "#/components/schemas/OutcomesBatchResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create outcomes batch tags: - Scorecards x-codegen-request-body-name: body x-sunset: "2026-04-01" x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/scorecard/rules: get: description: Fetch all rules. operationId: ListScorecardRules parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageOffset" - description: Include related scorecard details in the response. in: query name: include required: false schema: example: scorecard type: string - description: Filter the rules on a rule ID. in: query name: filter[rule][id] required: false schema: example: 37d2f990-c885-4972-949b-8b798213a166 type: string - description: Filter for enabled rules only. in: query name: filter[rule][enabled] required: false schema: example: true type: boolean - description: Filter for custom rules only. in: query name: filter[rule][custom] required: false schema: example: true type: boolean - description: Filter rules on the rule name. in: query name: filter[rule][name] required: false schema: example: Code Repos Defined type: string - description: Filter rules on the rule description. in: query name: filter[rule][description] required: false schema: example: Identifying type: string - description: Return only specific fields in the response for rule attributes. in: query name: fields[rule] required: false schema: example: name, description type: string - description: Return only specific fields in the included response for scorecard attributes. in: query name: fields[scorecard] required: false schema: example: name type: string responses: "200": content: application/json: examples: default: value: data: - attributes: category: Test Scorecard created_at: "2026-01-06T12:51:32Z" custom: true enabled: true level: 3 modified_at: "2026-01-06T12:51:32Z" name: Test Rule 1 scorecard_name: Test Scorecard id: rule-1 relationships: scorecard: data: id: scorecard-1 type: scorecard type: rule included: - attributes: description: Scorecard Description name: Test Scorecard id: scorecard-1 type: scorecard links: next: /api/v2/scorecard/rules?include=scorecard&page%5Blimit%5D=100&page%5Boffset%5D=100 schema: $ref: "#/components/schemas/ListRulesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: List all rules tags: - Scorecards x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data post: description: Creates a new rule. operationId: CreateScorecardRule requestBody: content: application/json: examples: default: value: data: attributes: enabled: true name: My Rule owner: Datadog scorecard_name: My Scorecard type: rule schema: $ref: "#/components/schemas/CreateRuleRequest" description: Rule attributes. required: true responses: "201": content: application/json: examples: default: value: data: attributes: category: Test Scorecard created_at: "2026-01-06T12:51:32Z" custom: true enabled: true level: 3 modified_at: "2026-01-06T12:51:32Z" name: Test Rule scorecard_name: Test Scorecard id: rule-1 relationships: scorecard: data: id: scorecard-1 type: scorecard type: rule schema: $ref: "#/components/schemas/CreateRuleResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create a new rule tags: - Scorecards x-codegen-request-body-name: body /api/v2/scorecard/rules/{rule_id}: delete: description: Deletes a single rule. operationId: DeleteScorecardRule parameters: - $ref: "#/components/parameters/RuleId" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a rule tags: - Scorecards put: description: Updates an existing rule. operationId: UpdateScorecardRule parameters: - $ref: "#/components/parameters/RuleId" requestBody: content: application/json: examples: default: value: data: attributes: description: Updated Description enabled: false name: Updated Rule owner: team:updated-team scope_query: kind:service scorecard_name: Updated Scorecard type: rule schema: $ref: "#/components/schemas/UpdateRuleRequest" description: Rule attributes. required: true responses: "200": content: application/json: examples: default: value: data: attributes: category: Updated Scorecard created_at: "2026-01-06T12:51:32Z" custom: true description: Updated Description enabled: false level: 1 modified_at: "2026-01-06T13:00:00Z" name: Updated Rule owner: team:updated-team scope_query: kind:service scorecard_name: Updated Scorecard id: rule-1 relationships: scope: data: id: ae07a16e-1319-5e61-bdba-b3026bc2bdcd type: entity-scope scorecard: data: id: scorecard-2 type: scorecard type: rule schema: $ref: "#/components/schemas/UpdateRuleResponse" description: Rule updated successfully "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Update an existing scorecard rule tags: - Scorecards x-codegen-request-body-name: body /api/v2/scorecard/scorecards: get: description: Fetches all scorecards. operationId: ListScorecards parameters: - description: Offset for pagination. in: query name: page[offset] required: false schema: default: 0 example: 0 format: int64 type: integer - description: Maximum number of scorecards to return. in: query name: page[size] required: false schema: default: 100 example: 10 format: int64 type: integer - description: Filter by scorecard ID. in: query name: filter[scorecard][id] required: false schema: example: q8MQxk8TCqrHnWkx type: string - description: Filter by scorecard name (partial match). in: query name: filter[scorecard][name] required: false schema: example: Observability type: string - description: Filter by scorecard description (partial match). in: query name: filter[scorecard][description] required: false schema: example: Best Practices type: string responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2026-01-01T00:00:00Z" description: Best practices for observability. modified_at: "2026-01-05T14:20:00Z" name: Observability Best Practices id: q8MQxk8TCqrHnWkx type: scorecard schema: $ref: "#/components/schemas/ListScorecardsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: List all scorecards tags: - Scorecards /api/v2/seats/users: delete: description: |- Unassign seats from users for a product code. operationId: UnassignSeatsUser requestBody: content: application/json: examples: default: value: data: attributes: product_code: "" user_uuids: - 626a4e8e-64bd-409d-b80e-428f08ac0b62 type: seat-assignments schema: $ref: "#/components/schemas/UnassignSeatsUserRequest" required: true responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Unassign seats from users tags: - Seats "x-permission": operator: OR permissions: - billing_edit - incident_write - on_call_write get: description: |- Get the list of users assigned seats for a product code. operationId: GetSeatsUsers parameters: - description: The product code for which to retrieve seat users. in: query name: product_code required: true schema: type: string - description: Maximum number of results to return. in: query name: page[limit] required: false schema: type: integer - description: Cursor for pagination. in: query name: page[cursor] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: assigned_at: "2024-01-01T00:00:00+00:00" email: test@example.com name: Example Name id: 00000000-0000-0000-0000-000000000001 type: seat-users schema: $ref: "#/components/schemas/SeatUserDataArray" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get users with seats tags: - Seats "x-permission": operator: OR permissions: - billing_read - incident_read - on_call_read post: description: |- Assign seats to users for a product code. operationId: AssignSeatsUser requestBody: content: application/json: examples: default: value: data: attributes: product_code: "" user_uuids: - "" type: seat-assignments schema: $ref: "#/components/schemas/AssignSeatsUserRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: assigned_ids: - abc-123 product_code: example-product id: 00000000-0000-0000-0000-000000000002 type: seat-assignments schema: $ref: "#/components/schemas/AssignSeatsUserResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Assign seats to users tags: - Seats "x-permission": operator: OR permissions: - billing_edit - incident_write - on_call_write /api/v2/security-entities/risk-scores: get: description: |- Get a list of entity risk scores for your organization. Entity risk scores provide security risk assessment for entities like cloud resources, identities, or services based on detected signals, misconfigurations, and identity risks. operationId: ListEntityRiskScores parameters: - description: Start time for the query in Unix timestamp (milliseconds). Defaults to 2 weeks ago. in: query name: from required: false schema: example: 1704067200000 format: int64 type: integer - description: End time for the query in Unix timestamp (milliseconds). Defaults to now. in: query name: to required: false schema: example: 1705276800000 format: int64 type: integer - description: Size of the page to return. Maximum is 1000. in: query name: page[size] required: false schema: default: 10 example: 10 type: integer - description: Page number to return (1-indexed). in: query name: page[number] required: false schema: default: 1 example: 1 type: integer - description: Query ID for pagination consistency. in: query name: page[queryId] required: false schema: example: "abc123def456" type: string - description: |- Sort order for results. Format: `field:direction` where direction is `asc` or `desc`. Supported fields: `riskScore`, `lastDetected`, `firstDetected`, `entityName`, `signalsDetected`. in: query name: filter[sort] required: false schema: example: "riskScore:desc" type: string - description: |- Supports filtering by entity attributes, risk scores, severity, and more. Example: `severity:critical AND entityType:aws_iam_user` in: query name: filter[query] required: false schema: example: "severity:critical" type: string - description: Filter by entity type(s). Can specify multiple values. explode: true in: query name: entityType required: false schema: example: ["aws_iam_user", "aws_ec2_instance"] items: example: "aws_iam_user" type: string type: array style: form responses: "200": content: application/json: examples: default: value: data: - attributes: configRisks: hasIdentityRisk: false hasMisconfiguration: true hasPrivilegedRole: false isPrivileged: false isProduction: true isPubliclyAccessible: true entityID: "arn:aws:iam::123456789012:user/test-user" entityMetadata: environments: - production mitreTactics: [] mitreTechniques: [] services: - api-gateway sources: - cloudtrail entityName: test-user entityProviders: - aws entityRoles: [] entityType: aws_iam_user firstDetected: 1704067200000 lastActivityTitle: "Suspicious API call detected" lastDetected: 1705276800000 riskScore: 85 riskScoreEvolution: 12 severity: critical signalsDetected: 15 id: "arn:aws:iam::123456789012:user/test-user" type: security_entity_risk_score meta: page: total: 1 schema: $ref: "#/components/schemas/SecurityEntityRiskScoresResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Entity Risk Scores tags: - Entity Risk Scores x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security/cloud_workload/policy/download: get: description: |- The download endpoint generates a Workload Protection policy file from your currently active Workload Protection agent rules, and downloads them as a `.policy` file. This file can then be deployed to your agents to update the policy running in your environment. **Note**: This endpoint should only be used for the Government (US1-FED) site. operationId: DownloadCloudWorkloadPolicyFile responses: "200": content: application/yaml: examples: default: value: "" schema: format: binary type: string description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: "Download the Workload Protection policy (US1-FED)" tags: ["CSM Threats"] "x-permission": operator: OR permissions: - security_monitoring_cws_agent_rules_read /api/v2/security/findings: get: description: |- Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/). ### Query Syntax This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix. Example: `@severity:(critical OR high) @status:open team:platform` operationId: ListSecurityFindings parameters: - description: The search query following log search syntax. example: "@severity:(critical OR high) @status:open team:platform" in: query name: filter[query] required: false schema: default: "*" type: string - description: Get the next page of results with a cursor provided in the previous query. example: "eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==" in: query name: page[cursor] required: false schema: type: string - description: The maximum number of findings in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int64 maximum: 150 minimum: 1 type: integer - description: Sorts by @detection_changed_at. in: query name: sort required: false schema: $ref: "#/components/schemas/SecurityFindingsSort" responses: "200": content: application/json: examples: default: value: data: - attributes: attributes: severity: high status: open tags: - "team:platform" timestamp: 1765901760 id: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== type: finding meta: elapsed: 548 status: done schema: $ref: "#/components/schemas/ListSecurityFindingsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: List security findings tags: - "Security Monitoring" x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - security_monitoring_findings_read - appsec_vm_read /api/v2/security/findings/cases: delete: description: >- Detach security findings from their case. This operation dissociates security findings from their associated cases without deleting the cases themselves. You can detach security findings from multiple different cases in a single request, with a limit of 50 security findings per request. Security findings that are not currently attached to any case will be ignored. operationId: DetachCase requestBody: content: application/json: examples: default: value: data: relationships: findings: data: - id: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== type: findings type: cases schema: $ref: "#/components/schemas/DetachCaseRequest" required: true responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Detach security findings from their case tags: - "Security Monitoring" x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write - appsec_vm_write post: description: >- Create cases for security findings. You can create up to 50 cases per request and associate up to 50 security findings per case. Security findings that are already attached to another case will be detached from their previous case and attached to the newly created case. operationId: CreateCases requestBody: content: application/json: examples: default: value: data: - attributes: assignee_id: f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0 description: A description of the case. priority: NOT_DEFINED title: A title for the case. relationships: findings: data: - id: YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE= type: findings project: data: id: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: cases schema: $ref: "#/components/schemas/CreateCaseRequestArray" required: true responses: "201": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" description: A description of the case. modified_at: "2024-01-01T00:00:00+00:00" priority: P4 status: OPEN title: A title for the case. id: 00000000-0000-0000-0000-000000000001 type: cases schema: $ref: "#/components/schemas/FindingCaseResponseArray" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create cases for security findings tags: - "Security Monitoring" x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write - appsec_vm_write /api/v2/security/findings/cases/{case_id}: patch: description: >- Attach security findings to a case. You can attach up to 50 security findings per case. Security findings that are already attached to another case will be detached from their previous case and attached to the specified case. operationId: AttachCase parameters: - description: Unique identifier of the case to attach security findings to in: path name: case_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: id: c1234567-89ab-cdef-0123-456789abcdef relationships: findings: data: - id: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== type: cases schema: $ref: "#/components/schemas/AttachCaseRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: A description of the case. modified_at: "2024-01-01T00:00:00+00:00" priority: P4 status: OPEN title: A title for the case. id: 00000000-0000-0000-0000-000000000002 type: cases schema: $ref: "#/components/schemas/FindingCaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Attach security findings to a case tags: - "Security Monitoring" x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write - appsec_vm_write /api/v2/security/findings/jira_issues: patch: description: >- Attach security findings to a Jira issue by providing the Jira issue URL. You can attach up to 50 security findings per Jira issue. If the Jira issue is not linked to any case, this operation will create a case for the security findings and link the Jira issue to the newly created case. To configure the Jira integration, see [Bidirectional ticket syncing with Jira](https://docs.datadoghq.com/security/ticketing_integrations/#bidirectional-ticket-syncing-with-jira). Security findings that are already attached to another Jira issue will be detached from their previous Jira issue and attached to the specified Jira issue. operationId: AttachJiraIssue requestBody: content: application/json: examples: default: value: data: attributes: jira_issue_url: https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476 relationships: findings: data: - id: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== project: data: id: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: projects type: jira_issues schema: $ref: "#/components/schemas/AttachJiraIssueRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" description: A description of the Jira issue. modified_at: "2024-01-01T00:00:00+00:00" priority: P4 status: OPEN title: A title for the Jira issue. id: 00000000-0000-0000-0000-000000000004 type: cases schema: $ref: "#/components/schemas/FindingCaseResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Attach security findings to a Jira issue tags: - "Security Monitoring" x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write - appsec_vm_write post: description: >- Create Jira issues for security findings. This operation creates a case in Datadog and a Jira issue linked to that case for bidirectional sync between Datadog and Jira. To configure the Jira integration, see [Bidirectional ticket syncing with Jira](https://docs.datadoghq.com/security/ticketing_integrations/#bidirectional-ticket-syncing-with-jira). You can create up to 50 Jira issues per request and associate up to 50 security findings per Jira issue. Security findings that are already attached to another Jira issue will be detached from their previous Jira issue and attached to the newly created Jira issue. operationId: CreateJiraIssues requestBody: content: application/json: examples: default: value: data: - attributes: assignee_id: f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0 description: A description of the Jira issue. fields: key1: value key2: - value key3: key4: value priority: NOT_DEFINED title: A title for the Jira issue. relationships: project: data: id: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: jira_issues schema: $ref: "#/components/schemas/CreateJiraIssueRequestArray" required: true responses: "201": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" description: A description of the Jira issue. modified_at: "2024-01-01T00:00:00+00:00" priority: P4 status: OPEN title: A title for the Jira issue. id: 00000000-0000-0000-0000-000000000003 type: cases schema: $ref: "#/components/schemas/FindingCaseResponseArray" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create Jira issues for security findings tags: - "Security Monitoring" x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write - appsec_vm_write /api/v2/security/findings/mute: patch: description: >- Mute or unmute security findings. You can mute or unmute up to 100 security findings per request. The request body must include `is_muted` and `reason` attributes. The allowed reasons depend on whether the finding is being muted or unmuted: - To mute a finding: `PENDING_FIX`, `FALSE_POSITIVE`, `OTHER`, `NO_FIX`, `DUPLICATE`, `RISK_ACCEPTED`. - To unmute a finding: `NO_PENDING_FIX`, `HUMAN_ERROR`, `NO_LONGER_ACCEPTED_RISK`, `OTHER`. operationId: MuteSecurityFindings requestBody: content: application/json: examples: default: value: data: attributes: mute: description: "To be resolved later." expire_at: 1778721573794 is_muted: true reason: "RISK_ACCEPTED" relationships: findings: data: - id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==" type: "findings" type: "mute" schema: $ref: "#/components/schemas/MuteFindingsRequest" required: true responses: "202": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 type: mute schema: $ref: "#/components/schemas/MuteFindingsResponse" description: Accepted "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "422": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Unprocessable Entity" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Mute or unmute security findings tags: - "Security Monitoring" x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_findings_write - appsec_vm_write x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security/findings/search: post: description: |- Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/). ### Query Syntax The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix. Example: `@severity:(critical OR high) @status:open team:platform` operationId: SearchSecurityFindings requestBody: content: application/json: examples: default: value: data: attributes: filter: "@severity:(critical OR high) @status:open team:platform" page: cursor: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== limit: 25 sort: "@detection_changed_at" schema: $ref: "#/components/schemas/SecurityFindingsSearchRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: attributes: severity: high status: open tags: - "team:platform" timestamp: 1765901760 id: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== type: finding meta: elapsed: 548 status: done schema: $ref: "#/components/schemas/ListSecurityFindingsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: Search security findings tags: - "Security Monitoring" x-codegen-request-body-name: body x-pagination: cursorParam: body.data.attributes.page.cursor cursorPath: meta.page.after limitParam: body.data.attributes.page.limit resultsPath: data "x-permission": operator: OR permissions: - security_monitoring_findings_read - appsec_vm_read /api/v2/security/sboms: get: description: |- Get a list of assets SBOMs for an organization. ### Pagination Please review the [Pagination section](#pagination) for the "List Vulnerabilities" endpoint. ### Filtering Please review the [Filtering section](#filtering) for the "List Vulnerabilities" endpoint. ### Metadata Please review the [Metadata section](#metadata) for the "List Vulnerabilities" endpoint. operationId: ListAssetsSBOMs parameters: - description: Its value must come from the `links` section of the response of the first request. Do not manually edit it. example: "b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" in: query name: page[token] required: false schema: type: string - description: The page number to be retrieved. It should be equal to or greater than 1. example: 1 in: query name: page[number] required: false schema: format: int64 minimum: 1 type: integer - description: The type of the assets for the SBOM request. example: Repository in: query name: filter[asset_type] required: false schema: $ref: "#/components/schemas/AssetType" - description: The name of the asset for the SBOM request. example: "github.com/datadog/datadog-agent" in: query name: filter[asset_name] required: false schema: type: string - description: The name of the component that is a dependency of an asset. example: "opentelemetry-api" in: query name: filter[package_name] required: false schema: type: string - description: The version of the component that is a dependency of an asset. example: "1.33.1" in: query name: filter[package_version] required: false schema: type: string - description: The software license name of the component that is a dependency of an asset. example: "Apache-2.0" in: query name: filter[license_name] required: false schema: type: string - description: The software license type of the component that is a dependency of an asset. example: "network_strong_copyleft" in: query name: filter[license_type] required: false schema: $ref: "#/components/schemas/SBOMComponentLicenseType" responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/ListAssetsSBOMsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Bad request: The server cannot process the request due to invalid syntax in the request." "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Forbidden: Access denied" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Not found: asset not found" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List assets SBOMs tags: - "Security Monitoring" x-permission: operator: OR permissions: - appsec_vm_read /api/v2/security/sboms/{asset_type}: get: description: |- Get a single SBOM related to an asset by its type and name. operationId: GetSBOM parameters: - description: The type of the asset for the SBOM request. example: Repository in: path name: asset_type required: true schema: $ref: "#/components/schemas/AssetType" - description: The name of the asset for the SBOM request. example: "github.com/datadog/datadog-agent" in: query name: filter[asset_name] required: true schema: type: string - description: The container image `repo_digest` for the SBOM request. When the requested asset type is 'Image', this filter is mandatory. example: "sha256:0ae7da091191787229d321e3638e39c319a97d6e20f927d465b519d699215bf7" in: query name: filter[repo_digest] required: false schema: type: string - description: The standard of the SBOM. example: CycloneDX in: query name: ext:format required: false schema: $ref: "#/components/schemas/SBOMFormat" responses: "200": content: application/json: examples: default: value: data: attributes: bomFormat: CycloneDX components: - name: google.golang.org/grpc type: library version: 1.68.1 dependencies: [] metadata: {} serialNumber: urn:uuid:abc-123 specVersion: "1.5" version: 1 id: "github.com/datadog/datadog-agent" type: sboms schema: $ref: "#/components/schemas/GetSBOMResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Bad request: The server cannot process the request due to invalid syntax in the request." "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Forbidden: Access denied" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Not found: asset not found" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get SBOM tags: - "Security Monitoring" x-permission: operator: OR permissions: - appsec_vm_read /api/v2/security/scanned-assets-metadata: get: description: |- Get a list of security scanned assets metadata for an organization. ### Pagination For the "List Vulnerabilities" endpoint, see the [Pagination section](#pagination). ### Filtering For the "List Vulnerabilities" endpoint, see the [Filtering section](#filtering). ### Metadata For the "List Vulnerabilities" endpoint, see the [Metadata section](#metadata). ### Related endpoints This endpoint returns additional metadata for cloud resources that is not available from the standard resource endpoints. To access a richer dataset, call this endpoint together with the relevant resource endpoint(s) and merge (join) their results using the resource identifier. **Hosts** To enrich host data, join the response from the [Hosts](https://docs.datadoghq.com/api/latest/hosts/) endpoint with the response from the scanned-assets-metadata endpoint on the following key fields: | ENDPOINT | JOIN KEY | TYPE | | --- | --- | --- | | [/api/v1/hosts](https://docs.datadoghq.com/api/latest/hosts/) | host_list.host_name | string | | /api/v2/security/scanned-assets-metadata | data.attributes.asset.name | string | **Host Images** To enrich host image data, join the response from the [Hosts](https://docs.datadoghq.com/api/latest/hosts/) endpoint with the response from the scanned-assets-metadata endpoint on the following key fields: | ENDPOINT | JOIN KEY | TYPE | | --- | --- | --- | | [/api/v1/hosts](https://docs.datadoghq.com/api/latest/hosts/) | host_list.tags_by_source["Amazon Web Services"]["image"] | string | | /api/v2/security/scanned-assets-metadata | data.attributes.asset.name | string | **Container Images** To enrich container image data, join the response from the [Container Images](https://docs.datadoghq.com/api/latest/container-images/) endpoint with the response from the scanned-assets-metadata endpoint on the following key fields: | ENDPOINT | JOIN KEY | TYPE | | --- | --- | --- | | [/api/v2/container_images](https://docs.datadoghq.com/api/latest/container-images/) | `data.attributes.name`@`data.attributes.repo_digest` | string | | /api/v2/security/scanned-assets-metadata | data.attributes.asset.name | string | operationId: ListScannedAssetsMetadata parameters: - description: Its value must come from the `links` section of the response of the first request. Do not manually edit it. example: "b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" in: query name: page[token] required: false schema: type: string - description: The page number to be retrieved. It should be equal to or greater than 1. example: 1 in: query name: page[number] required: false schema: format: int64 minimum: 1 type: integer - description: The type of the scanned asset. example: Host in: query name: filter[asset.type] required: false schema: $ref: "#/components/schemas/CloudAssetType" - description: The name of the scanned asset. example: "i-0fc7edef1ab26d7ef" in: query name: filter[asset.name] required: false schema: type: string - description: The origin of last success scan. example: "agent" in: query name: filter[last_success.origin] required: false schema: type: string - description: The environment of last success scan. example: "prod" in: query name: filter[last_success.env] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: asset: name: i-0fc7edef1ab26d7ef type: Host first_success_timestamp: "2024-01-01T00:00:00Z" last_success: env: prod id: "Host|i-0fc7edef1ab26d7ef" schema: $ref: "#/components/schemas/ScannedAssetsMetadata" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Bad request: The server cannot process the request due to invalid syntax in the request." "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Forbidden: Access denied" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Not found: asset not found" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List scanned assets metadata tags: - "Security Monitoring" x-permission: operator: OR permissions: - appsec_vm_read x-unstable: |- **Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9). /api/v2/security/siem/ioc-explorer: get: description: |- Get a list of indicators of compromise (IoCs) matching the specified filters. operationId: ListIndicatorsOfCompromise parameters: - description: Number of results per page. in: query name: limit required: false schema: default: 50 format: int32 maximum: 2147483647 type: integer - description: Pagination offset. in: query name: offset required: false schema: default: 0 format: int32 maximum: 2147483647 type: integer - description: Search/filter query (supports field:value syntax). in: query name: query required: false schema: type: string - description: "Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type." in: query name: sort[column] required: false schema: default: score type: string - description: "Sort order: asc or desc." in: query name: sort[order] required: false schema: default: desc type: string responses: "200": content: "application/json": examples: default: value: data: attributes: data: - id: abc-123 indicator: "192.0.2.1" indicator_type: ip score: 85.0 metadata: count: 1 paging: offset: 0 id: abc-123 type: ioc_explorer_list_response schema: $ref: "#/components/schemas/IoCExplorerListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: List indicators of compromise tags: ["Security Monitoring"] x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/security/siem/ioc-explorer/indicator: get: description: |- Get detailed information about a specific indicator of compromise (IoC). operationId: GetIndicatorOfCompromise parameters: - description: The indicator value to look up (for example, an IP address or domain). in: query name: indicator required: true schema: type: string responses: "200": content: "application/json": examples: default: value: data: attributes: data: id: abc-123 indicator: "192.0.2.1" indicator_type: ip score: 85.0 id: abc-123 type: ioc_indicator_response schema: $ref: "#/components/schemas/GetIoCIndicatorResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get an indicator of compromise tags: ["Security Monitoring"] x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/security/signals/notification_rules: get: description: Returns the list of notification rules for security signals. operationId: GetSignalNotificationRules responses: "200": $ref: "#/components/responses/NotificationRulesList" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get the list of signal-based notification rules tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_read post: description: Create a new notification rule for security signals and return the created rule. operationId: CreateSignalNotificationRule requestBody: content: "application/json": examples: default: value: data: attributes: enabled: true name: Rule 1 selectors: query: (source:production_service OR env:prod) rule_types: - misconfiguration - attack_path severities: - critical trigger_source: security_findings targets: - "@john.doe@email.com" time_aggregation: 86400 type: notification_rules schema: $ref: "#/components/schemas/CreateNotificationRuleParameters" description: |- The body of the create notification rule request is composed of the rule type and the rule attributes: the rule name, the selectors, the notification targets, and the rule enabled status. required: true responses: "201": content: "application/json": examples: default: value: data: attributes: created_at: 1722439510282 created_by: handle: example-handle name: Example Name enabled: true modified_at: 1722439510282 modified_by: handle: example-handle name: Example Name name: Rule 1 selectors: query: env:prod rule_types: - log_detection severities: - critical trigger_source: security_signals targets: - "@test@example.com" version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/NotificationRuleResponse" description: Successfully created the notification rule. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create a new signal-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security/signals/notification_rules/{id}: delete: description: Delete a notification rule for security signals. operationId: DeleteSignalNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: "204": description: "Rule successfully deleted." "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete a signal-based notification rule tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_write get: description: Get the details of a notification rule for security signals. operationId: GetSignalNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: "200": content: "application/json": examples: default: value: data: attributes: created_at: 1722439510282 created_by: handle: example-handle name: Example Name enabled: true modified_at: 1722439510282 modified_by: handle: example-handle name: Example Name name: Rule 1 selectors: query: env:prod rule_types: - log_detection severities: - critical trigger_source: security_signals targets: - "@test@example.com" version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/NotificationRuleResponse" description: Notification rule details. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get details of a signal-based notification rule tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_read patch: description: "Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated." operationId: PatchSignalNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string requestBody: content: "application/json": examples: default: value: data: attributes: enabled: true name: Rule 1 selectors: query: (source:production_service OR env:prod) rule_types: - misconfiguration - attack_path severities: - critical trigger_source: security_findings targets: - "@john.doe@email.com" time_aggregation: 86400 version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/PatchNotificationRuleParameters" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: created_at: 1722439510282 created_by: handle: example-handle name: Example Name enabled: true modified_at: 1722439510282 modified_by: handle: example-handle name: Example Name name: Rule 1 selectors: query: env:prod rule_types: - log_detection severities: - critical trigger_source: security_signals targets: - "@test@example.com" version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/NotificationRuleResponse" description: Notification rule successfully patched. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "422": $ref: "#/components/responses/UnprocessableEntityResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Patch a signal-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security/vulnerabilities: get: deprecated: true description: |- Get a list of vulnerabilities. ### Pagination Pagination is enabled by default in both `vulnerabilities` and `assets`. The size of the page varies depending on the endpoint and cannot be modified. To automate the request of the next page, you can use the links section in the response. This endpoint will return paginated responses. The pages are stored in the links section of the response: ```JSON { "data": [...], "meta": {...}, "links": { "self": "https://.../api/v2/security/vulnerabilities", "first": "https://.../api/v2/security/vulnerabilities?page[number]=1&page[token]=abc", "last": "https://.../api/v2/security/vulnerabilities?page[number]=43&page[token]=abc", "next": "https://.../api/v2/security/vulnerabilities?page[number]=2&page[token]=abc" } } ``` - `links.previous` is empty if the first page is requested. - `links.next` is empty if the last page is requested. #### Token Vulnerabilities can be created, updated or deleted at any point in time. Upon the first request, a token is created to ensure consistency across subsequent paginated requests. A token is valid only for 24 hours. #### First request We consider a request to be the first request when there is no `page[token]` parameter. The response of this first request contains the newly created token in the `links` section. This token can then be used in the subsequent paginated requests. *Note: The first request may take longer to complete than subsequent requests.* #### Subsequent requests Any request containing valid `page[token]` and `page[number]` parameters will be considered a subsequent request. If the `token` is invalid, a `404` response will be returned. If the page `number` is invalid, a `400` response will be returned. The returned `token` is valid for all requests in the pagination sequence. To send paginated requests in parallel, reuse the same `token` and change only the `page[number]` parameter. ### Filtering The request can include some filter parameters to filter the data to be retrieved. The format of the filter parameters follows the [JSON:API format](https://jsonapi.org/format/#fetching-filtering): `filter[$prop_name]`, where `prop_name` is the property name in the entity being filtered by. All filters can include multiple values, where data will be filtered with an OR clause: `filter[title]=Title1,Title2` will filter all vulnerabilities where title is equal to `Title1` OR `Title2`. String filters are case sensitive. Boolean filters accept `true` or `false` as values. Number filters must include an operator as a second filter input: `filter[$prop_name][$operator]`. For example, for the vulnerabilities endpoint: `filter[cvss.base.score][lte]=8`. Available operators are: `eq` (==), `lt` (<), `lte` (<=), `gt` (>) and `gte` (>=). ### Metadata Following [JSON:API format](https://jsonapi.org/format/#document-meta), object including non-standard meta-information. This endpoint includes the meta member in the response. For more details on each of the properties included in this section, check the endpoints response tables. ```JSON { "data": [...], "meta": { "total": 1500, "count": 18732, "token": "some_token" }, "links": {...} } ``` ### Extensions Requests may include extensions to modify the behavior of the requested endpoint. The filter parameters follow the [JSON:API format](https://jsonapi.org/extensions/#extensions) format: `ext:$extension_name`, where `extension_name` is the name of the modifier that is being applied. Extensions can only include one value: `ext:modifier=value`. operationId: ListVulnerabilities parameters: - description: Its value must come from the `links` section of the response of the first request. Do not manually edit it. example: "b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" in: query name: page[token] required: false schema: type: string - description: The page number to be retrieved. It should be equal or greater than `1` example: 1 in: query name: page[number] required: false schema: format: int64 minimum: 1 type: integer - description: Filter by vulnerability type. example: WeakCipher in: query name: filter[type] required: false schema: $ref: "#/components/schemas/VulnerabilityType" - description: Filter by vulnerability base (i.e. from the original advisory) severity score. example: 5.5 in: query name: filter[cvss.base.score][`$op`] required: false schema: format: double maximum: 10 minimum: 0 type: number - description: Filter by vulnerability base severity. example: Medium in: query name: filter[cvss.base.severity] required: false schema: $ref: "#/components/schemas/VulnerabilitySeverity" - description: Filter by vulnerability base CVSS vector. example: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" in: query name: filter[cvss.base.vector] required: false schema: type: string - description: Filter by vulnerability Datadog severity score. example: 4.3 in: query name: filter[cvss.datadog.score][`$op`] required: false schema: format: double maximum: 10 minimum: 0 type: number - description: Filter by vulnerability Datadog severity. example: Medium in: query name: filter[cvss.datadog.severity] required: false schema: $ref: "#/components/schemas/VulnerabilitySeverity" - description: Filter by vulnerability Datadog CVSS vector. example: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:L/MAC:H/MPR:L/MUI:N/MS:U/MC:N/MI:N/MA:H" in: query name: filter[cvss.datadog.vector] required: false schema: type: string - description: Filter by the status of the vulnerability. example: Open in: query name: filter[status] required: false schema: $ref: "#/components/schemas/VulnerabilityStatus" - description: Filter by the tool of the vulnerability. example: SCA in: query name: filter[tool] required: false schema: $ref: "#/components/schemas/VulnerabilityTool" - description: Filter by library name. example: linux-aws-5.15 in: query name: filter[library.name] required: false schema: type: string - description: Filter by library version. example: 5.15.0 in: query name: filter[library.version] required: false schema: type: string - description: Filter by advisory ID. example: CVE-2023-0615 in: query name: filter[advisory.id] required: false schema: type: string - description: Filter by exploitation probability. example: false in: query name: filter[risks.exploitation_probability] required: false schema: type: boolean - description: Filter by POC exploit availability. example: false in: query name: filter[risks.poc_exploit_available] required: false schema: type: boolean - description: Filter by public exploit availability. example: false in: query name: filter[risks.exploit_available] required: false schema: type: boolean - description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity score. example: 0.00042 in: query name: filter[risks.epss.score][`$op`] required: false schema: format: double maximum: 1 minimum: 0 type: number - description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity. example: Low in: query name: filter[risks.epss.severity] required: false schema: $ref: "#/components/schemas/VulnerabilitySeverity" - description: Filter by language. example: ubuntu in: query name: filter[language] required: false schema: type: string - description: Filter by ecosystem. example: Deb in: query name: filter[ecosystem] required: false schema: $ref: "#/components/schemas/VulnerabilityEcosystem" - description: Filter by vulnerability location. example: "com.example.Class:100" in: query name: filter[code_location.location] required: false schema: type: string - description: Filter by vulnerability file path. example: "src/Class.java:100" in: query name: filter[code_location.file_path] required: false schema: type: string - description: Filter by method. example: FooBar in: query name: filter[code_location.method] required: false schema: type: string - description: Filter by fix availability. example: false in: query name: filter[fix_available] required: false schema: type: boolean - description: Filter by vulnerability `repo_digest` (when the vulnerability is related to `Image` asset). example: "sha256:0ae7da091191787229d321e3638e39c319a97d6e20f927d465b519d699215bf7" in: query name: filter[repo_digests] required: false schema: type: string - description: Filter by origin. example: agentless-scanner in: query name: filter[origin] required: false schema: type: string - description: Filter for whether the vulnerability affects a running kernel (for vulnerabilities related to a `Host` asset). example: true in: query name: filter[running_kernel] required: false schema: type: boolean - description: Filter by asset name. This field supports the usage of wildcards (*). example: datadog-agent in: query name: filter[asset.name] required: false schema: type: string - description: Filter by asset type. example: Host in: query name: filter[asset.type] required: false schema: $ref: "#/components/schemas/AssetType" - description: Filter by the first version of the asset this vulnerability has been detected on. example: v1.15.1 in: query name: filter[asset.version.first] required: false schema: type: string - description: Filter by the last version of the asset this vulnerability has been detected on. example: v1.15.1 in: query name: filter[asset.version.last] required: false schema: type: string - description: Filter by the repository url associated to the asset. example: github.com/DataDog/datadog-agent.git in: query name: filter[asset.repository_url] required: false schema: type: string - description: Filter whether the asset is in production or not. example: false in: query name: filter[asset.risks.in_production] required: false schema: type: boolean - description: Filter whether the asset is under attack or not. example: false in: query name: filter[asset.risks.under_attack] required: false schema: type: boolean - description: Filter whether the asset is publicly accessible or not. example: false in: query name: filter[asset.risks.is_publicly_accessible] required: false schema: type: boolean - description: Filter whether the asset is publicly accessible or not. example: false in: query name: filter[asset.risks.has_privileged_access] required: false schema: type: boolean - description: Filter whether the asset has access to sensitive data or not. example: false in: query name: filter[asset.risks.has_access_to_sensitive_data] required: false schema: type: boolean - description: Filter by asset environments. example: staging in: query name: filter[asset.environments] required: false schema: type: string - description: Filter by asset teams. example: compute in: query name: filter[asset.teams] required: false schema: type: string - description: Filter by asset architecture. example: arm64 in: query name: filter[asset.arch] required: false schema: type: string - description: Filter by asset operating system name. example: ubuntu in: query name: filter[asset.operating_system.name] required: false schema: type: string - description: Filter by asset operating system version. example: "24.04" in: query name: filter[asset.operating_system.version] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/ListVulnerabilitiesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Bad request: The server cannot process the request due to invalid syntax in the request." "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Forbidden: Access denied" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Not found: There is no request associated with the provided token." "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List vulnerabilities tags: - "Security Monitoring" x-permission: operator: OR permissions: - appsec_vm_read x-sunset: "2027-01-01" x-unstable: |- **Note**: This endpoint is deprecated. See the [List Security Findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#list-security-findings). /api/v2/security/vulnerabilities/notification_rules: get: description: Returns the list of notification rules for security vulnerabilities. operationId: GetVulnerabilityNotificationRules responses: "200": $ref: "#/components/responses/NotificationRulesList" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get the list of vulnerability notification rules tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_read post: description: Create a new notification rule for security vulnerabilities and return the created rule. operationId: CreateVulnerabilityNotificationRule requestBody: content: "application/json": examples: default: value: data: attributes: enabled: true name: Rule 1 selectors: query: (source:production_service OR env:prod) rule_types: - misconfiguration - attack_path severities: - critical trigger_source: security_findings targets: - "@john.doe@email.com" time_aggregation: 86400 type: notification_rules schema: $ref: "#/components/schemas/CreateNotificationRuleParameters" description: |- The body of the create notification rule request is composed of the rule type and the rule attributes: the rule name, the selectors, the notification targets, and the rule enabled status. required: true responses: "201": content: "application/json": examples: default: value: data: attributes: created_at: 1722439510282 created_by: handle: example-handle name: Example Name enabled: true modified_at: 1722439510282 modified_by: handle: example-handle name: Example Name name: Rule 1 selectors: query: env:prod rule_types: - misconfiguration severities: - critical trigger_source: security_findings targets: - "@test@example.com" time_aggregation: 86400 version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/NotificationRuleResponse" description: Successfully created the notification rule. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create a new vulnerability-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security/vulnerabilities/notification_rules/{id}: delete: description: Delete a notification rule for security vulnerabilities. operationId: DeleteVulnerabilityNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: "204": description: "Rule successfully deleted." "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete a vulnerability-based notification rule tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_write get: description: Get the details of a notification rule for security vulnerabilities. operationId: GetVulnerabilityNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: "200": content: "application/json": examples: default: value: data: attributes: created_at: 1722439510282 created_by: handle: example-handle name: Example Name enabled: true modified_at: 1722439510282 modified_by: handle: example-handle name: Example Name name: Rule 1 selectors: query: env:prod rule_types: - misconfiguration severities: - critical trigger_source: security_findings targets: - "@test@example.com" time_aggregation: 86400 version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/NotificationRuleResponse" description: Notification rule details. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get details of a vulnerability notification rule tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_read patch: description: "Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated." operationId: PatchVulnerabilityNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string requestBody: content: "application/json": examples: default: value: data: attributes: enabled: true name: Rule 1 selectors: query: (source:production_service OR env:prod) rule_types: - misconfiguration - attack_path severities: - critical trigger_source: security_findings targets: - "@john.doe@email.com" time_aggregation: 86400 version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/PatchNotificationRuleParameters" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: created_at: 1722439510282 created_by: handle: example-handle name: Example Name enabled: true modified_at: 1722439510282 modified_by: handle: example-handle name: Example Name name: Rule 1 selectors: query: env:prod rule_types: - misconfiguration severities: - critical trigger_source: security_findings targets: - "@test@example.com" time_aggregation: 86400 version: 1 id: aaa-bbb-ccc type: notification_rules schema: $ref: "#/components/schemas/NotificationRuleResponse" description: Notification rule successfully patched. "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "422": $ref: "#/components/responses/UnprocessableEntityResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Patch a vulnerability-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security/vulnerable-assets: get: description: |- Get a list of vulnerable assets. ### Pagination Please review the [Pagination section for the "List Vulnerabilities"](#pagination) endpoint. ### Filtering Please review the [Filtering section for the "List Vulnerabilities"](#filtering) endpoint. ### Metadata Please review the [Metadata section for the "List Vulnerabilities"](#metadata) endpoint. operationId: ListVulnerableAssets parameters: - description: Its value must come from the `links` section of the response of the first request. Do not manually edit it. example: "b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4" in: query name: page[token] required: false schema: type: string - description: The page number to be retrieved. It should be equal or greater than `1` example: 1 in: query name: page[number] required: false schema: format: int64 minimum: 1 type: integer - description: Filter by name. This field supports the usage of wildcards (*). example: datadog-agent in: query name: filter[name] required: false schema: type: string - description: Filter by type. example: Host in: query name: filter[type] required: false schema: $ref: "#/components/schemas/AssetType" - description: Filter by the first version of the asset since it has been vulnerable. example: v1.15.1 in: query name: filter[version.first] required: false schema: type: string - description: Filter by the last detected version of the asset. example: v1.15.1 in: query name: filter[version.last] required: false schema: type: string - description: Filter by the repository url associated to the asset. example: github.com/DataDog/datadog-agent.git in: query name: filter[repository_url] required: false schema: type: string - description: Filter whether the asset is in production or not. example: false in: query name: filter[risks.in_production] required: false schema: type: boolean - description: Filter whether the asset (Service) is under attack or not. example: false in: query name: filter[risks.under_attack] required: false schema: type: boolean - description: Filter whether the asset (Host) is publicly accessible or not. example: false in: query name: filter[risks.is_publicly_accessible] required: false schema: type: boolean - description: Filter whether the asset (Host) has privileged access or not. example: false in: query name: filter[risks.has_privileged_access] required: false schema: type: boolean - description: Filter whether the asset (Host) has access to sensitive data or not. example: false in: query name: filter[risks.has_access_to_sensitive_data] required: false schema: type: boolean - description: Filter by environment. example: staging in: query name: filter[environments] required: false schema: type: string - description: Filter by teams. example: compute in: query name: filter[teams] required: false schema: type: string - description: Filter by architecture. example: arm64 in: query name: filter[arch] required: false schema: type: string - description: Filter by operating system name. example: ubuntu in: query name: filter[operating_system.name] required: false schema: type: string - description: Filter by operating system version. example: "24.04" in: query name: filter[operating_system.version] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/ListVulnerableAssetsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Bad request: The server cannot process the request due to invalid syntax in the request." "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Forbidden: Access denied" "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: "Not found: There is no request associated with the provided token." "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: List vulnerable assets tags: - "Security Monitoring" x-permission: operator: OR permissions: - appsec_vm_read x-unstable: |- **Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9). /api/v2/security_monitoring/cloud_workload_security/agent_rules: get: description: |- Get the list of agent rules. **Note**: This endpoint should only be used for the Government (US1-FED) site. operationId: ListCloudWorkloadSecurityAgentRules responses: "200": content: "application/json": examples: default: value: data: - attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get all Workload Protection agent rules (US1-FED) tags: ["CSM Threats"] "x-permission": operator: OR permissions: - security_monitoring_cws_agent_rules_read post: description: |- Create a new agent rule with the given parameters. **Note**: This endpoint should only be used for the Government (US1-FED) site. operationId: CreateCloudWorkloadSecurityAgentRule requestBody: content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest" description: "The definition of the new agent rule" required: true responses: "200": content: "application/json": examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a Workload Protection agent rule (US1-FED) tags: ["CSM Threats"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_cws_agent_rules_write /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}: delete: description: |- Delete a specific agent rule. **Note**: This endpoint should only be used for the Government (US1-FED) site. operationId: DeleteCloudWorkloadSecurityAgentRule parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityAgentRuleID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a Workload Protection agent rule (US1-FED) tags: ["CSM Threats"] "x-permission": operator: OR permissions: - security_monitoring_cws_agent_rules_write get: description: |- Get the details of a specific agent rule. **Note**: This endpoint should only be used for the Government (US1-FED) site. operationId: GetCloudWorkloadSecurityAgentRule parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityAgentRuleID" responses: "200": content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a Workload Protection agent rule (US1-FED) tags: ["CSM Threats"] "x-permission": operator: OR permissions: - security_monitoring_cws_agent_rules_read patch: description: |- Update a specific agent rule. Returns the agent rule object when the request is successful. **Note**: This endpoint should only be used for the Government (US1-FED) site. operationId: UpdateCloudWorkloadSecurityAgentRule parameters: - $ref: "#/components/parameters/CloudWorkloadSecurityAgentRuleID" requestBody: content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" id: 3dd-0uc-h1s type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest" description: "New definition of the agent rule" required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: My Agent rule enabled: true expression: exec.file.name == "sh" name: my_agent_rule id: abc-123 type: agent_rule schema: $ref: "#/components/schemas/CloudWorkloadSecurityAgentRuleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a Workload Protection agent rule (US1-FED) tags: ["CSM Threats"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_cws_agent_rules_write /api/v2/security_monitoring/configuration/critical_assets: get: description: Get the list of all critical assets. operationId: ListSecurityMonitoringCriticalAssets responses: "200": content: application/json: examples: default: value: data: - attributes: enabled: true query: security:monitoring rule_query: type:log_detection source:cloudtrail severity: increase version: 1 id: 4e2435a5-6670-4b8f-baff-46083cd1c250 type: critical_assets schema: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_critical_assets_read summary: Get all critical assets tags: - Security Monitoring post: description: Create a new critical asset. operationId: CreateSecurityMonitoringCriticalAsset requestBody: content: application/json: examples: default: value: data: attributes: enabled: true query: security:monitoring rule_query: type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail severity: increase tags: - team:database - source:cloudtrail type: critical_assets schema: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetCreateRequest" description: The definition of the new critical asset. required: true responses: "200": content: "application/json": examples: default: value: data: attributes: enabled: true query: security:monitoring rule_query: type:log_detection source:cloudtrail severity: increase version: 1 id: 4e2435a5-6670-4b8f-baff-46083cd1c250 type: critical_assets schema: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_critical_assets_write summary: Create a critical asset tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/configuration/critical_assets/rules/{rule_id}: get: description: Get the list of critical assets that affect a specific existing rule by the rule's ID. operationId: GetCriticalAssetsAffectingRule parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" responses: "200": content: application/json: examples: default: value: data: - attributes: enabled: true query: security:monitoring rule_query: type:log_detection source:cloudtrail severity: increase version: 1 id: 4e2435a5-6670-4b8f-baff-46083cd1c250 type: critical_assets schema: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_critical_assets_read summary: Get critical assets affecting a specific rule tags: - Security Monitoring /api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}: delete: description: Delete a specific critical asset. operationId: DeleteSecurityMonitoringCriticalAsset parameters: - $ref: "#/components/parameters/SecurityMonitoringCriticalAssetID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_critical_assets_write summary: Delete a critical asset tags: - Security Monitoring get: description: Get the details of a specific critical asset. operationId: GetSecurityMonitoringCriticalAsset parameters: - $ref: "#/components/parameters/SecurityMonitoringCriticalAssetID" responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true query: security:monitoring rule_query: type:log_detection source:cloudtrail severity: increase version: 1 id: 4e2435a5-6670-4b8f-baff-46083cd1c250 type: critical_assets schema: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_critical_assets_read summary: Get a critical asset tags: - Security Monitoring patch: description: Update a specific critical asset. operationId: UpdateSecurityMonitoringCriticalAsset parameters: - $ref: "#/components/parameters/SecurityMonitoringCriticalAssetID" requestBody: content: application/json: examples: default: value: data: attributes: enabled: true query: security:monitoring rule_query: type:log_detection source:cloudtrail severity: increase tags: - technique:T1110-brute-force - source:cloudtrail version: 1 type: critical_assets schema: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetUpdateRequest" description: New definition of the critical asset. Supports partial updates. required: true responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true query: security:monitoring rule_query: type:log_detection source:cloudtrail severity: increase version: 1 id: 4e2435a5-6670-4b8f-baff-46083cd1c250 type: critical_assets schema: $ref: "#/components/schemas/SecurityMonitoringCriticalAssetResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_critical_assets_write summary: Update a critical asset tags: - Security Monitoring /api/v2/security_monitoring/configuration/security_filters: get: description: Get the list of configured security filters with their definitions. operationId: ListSecurityFilters responses: "200": content: "application/json": examples: default: value: data: - attributes: exclusion_filters: - name: Exclude staging query: source:staging filtered_data_type: logs is_builtin: false is_enabled: true name: Custom security filter query: service:api version: 1 id: 3dd-0uc-h1s type: security_filters schema: $ref: "#/components/schemas/SecurityFiltersResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get all security filters tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_filters_read post: description: |- Create a security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples. operationId: CreateSecurityFilter requestBody: content: application/json: examples: default: value: data: attributes: exclusion_filters: - name: Exclude staging query: source:staging filtered_data_type: logs is_enabled: true name: Custom security filter query: service:api type: security_filters schema: $ref: "#/components/schemas/SecurityFilterCreateRequest" description: The definition of the new security filter. required: true responses: "200": content: "application/json": examples: default: value: data: attributes: exclusion_filters: - name: Exclude staging query: source:staging filtered_data_type: logs is_builtin: false is_enabled: true name: Custom security filter query: service:api version: 1 id: 3dd-0uc-h1s type: security_filters schema: $ref: "#/components/schemas/SecurityFilterResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Create a security filter tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_filters_write /api/v2/security_monitoring/configuration/security_filters/{security_filter_id}: delete: description: Delete a specific security filter. operationId: DeleteSecurityFilter parameters: - $ref: "#/components/parameters/SecurityFilterID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Delete a security filter tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_filters_write get: description: |- Get the details of a specific security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples. operationId: GetSecurityFilter parameters: - $ref: "#/components/parameters/SecurityFilterID" responses: "200": content: application/json: examples: default: value: data: attributes: exclusion_filters: - name: Exclude staging query: source:staging filtered_data_type: logs is_builtin: false is_enabled: true name: Custom security filter query: service:api version: 1 id: 3dd-0uc-h1s type: security_filters schema: $ref: "#/components/schemas/SecurityFilterResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get a security filter tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_filters_read patch: description: |- Update a specific security filter. Returns the security filter object when the request is successful. operationId: UpdateSecurityFilter parameters: - $ref: "#/components/parameters/SecurityFilterID" requestBody: content: application/json: examples: default: value: data: attributes: exclusion_filters: [] filtered_data_type: logs is_enabled: true name: Custom security filter query: service:api version: 1 type: security_filters schema: $ref: "#/components/schemas/SecurityFilterUpdateRequest" description: New definition of the security filter. required: true responses: "200": content: application/json: examples: default: value: data: attributes: exclusion_filters: - name: Exclude staging query: source:staging filtered_data_type: logs is_builtin: false is_enabled: true name: Custom security filter query: service:api version: 1 id: 3dd-0uc-h1s type: security_filters schema: $ref: "#/components/schemas/SecurityFilterResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Update a security filter tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_filters_write /api/v2/security_monitoring/configuration/suppressions: get: description: Get the list of all suppression rules. operationId: ListSecurityMonitoringSuppressions parameters: - description: Query string. in: query name: query required: false schema: type: string - description: Attribute used to sort the list of suppression rules. Prefix with `-` to sort in descending order. in: query name: sort required: false schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionSort" - description: Size for a given page. Use `-1` to return all items. in: query name: page[size] required: false schema: default: -1 example: 10 format: int64 type: integer - $ref: "#/components/parameters/PageNumber" responses: "200": content: application/json: examples: default: value: data: - attributes: editable: true enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail suppression_query: env:staging status:low version: 1 id: 3dd-0uc-h1s type: suppressions meta: page: pageNumber: 0 pageSize: 10 totalCount: 1 schema: $ref: "#/components/schemas/SecurityMonitoringPaginatedSuppressionsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read summary: Get all suppression rules tags: - Security Monitoring post: description: Create a new suppression rule. operationId: CreateSecurityMonitoringSuppression requestBody: content: application/json: examples: default: value: data: attributes: data_exclusion_query: source:cloudtrail account_id:12345 description: This rule suppresses low-severity signals in staging environments. enabled: true expiration_date: 1703187336000 name: Custom suppression rule_query: type:log_detection source:cloudtrail start_date: 1703187336000 suppression_query: env:staging status:low tags: - technique:T1110-brute-force - source:cloudtrail type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionCreateRequest" description: The definition of the new suppression rule. required: true responses: "200": content: "application/json": examples: default: value: data: attributes: enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail suppression_query: env:staging status:low id: abc-123 type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_write summary: Create a suppression rule tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/configuration/suppressions/rules: post: description: Get the list of suppressions that would affect a rule. operationId: GetSuppressionsAffectingFutureRule requestBody: content: "application/json": examples: default: value: calculatedFields: - expression: "@request_end_timestamp - @request_start_timestamp" name: response_time cases: [] filters: - action: require groupSignalsBy: - service hasExtendedTitle: true isEnabled: true message: "" name: My security monitoring rule. options: anomalyDetectionOptions: bucketDuration: 300 detectionTolerance: 5 instantaneousBaseline: false complianceRuleOptions: regoRule: policy: "package datadog\n\nimport data.datadog.output as dd_output\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource) = \"skip\" if {\n # Logic that evaluates to true if the resource should be skipped\n true\n} else = \"pass\" {\n # Logic that evaluates to true if the resource is compliant\n true\n} else = \"fail\" {\n # Logic that evaluates to true if the resource is not compliant\n true\n}\n\n# This part remains unchanged for all rules\nresults contains result if {\n some resource in input.resources[input.main_resource_type]\n result := dd_output.format(resource, eval(resource))\n}" resourceTypes: - gcp_iam_service_account - gcp_iam_policy resourceType: aws_acm decreaseCriticalityBasedOnEnv: false detectionMethod: threshold hardcodedEvaluatorType: log4shell impossibleTravelOptions: baselineUserLocations: true newValueOptions: instantaneousBaseline: false learningMethod: duration thirdPartyRuleOptions: defaultStatus: critical rootQueries: - query: source:cloudtrail queries: [] schedulingOptions: rrule: FREQ=HOURLY;INTERVAL=1; start: "2025-07-14T12:00:00" timezone: America/New_York tags: - env:prod - team:security thirdPartyCases: [] type: api_security schema: $ref: "#/components/schemas/SecurityMonitoringRuleCreatePayload" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail suppression_query: env:staging status:low id: abc-123 type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read summary: Get suppressions affecting future rule tags: - Security Monitoring /api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}: get: description: Get the list of suppressions that affect a specific existing rule by its ID. operationId: GetSuppressionsAffectingRule parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" responses: "200": content: application/json: examples: default: value: data: - attributes: editable: true enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail suppression_query: env:staging status:low version: 1 id: 3dd-0uc-h1s type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read summary: Get suppressions affecting a specific rule tags: - Security Monitoring /api/v2/security_monitoring/configuration/suppressions/validation: post: description: Validate a suppression rule. operationId: ValidateSecurityMonitoringSuppression requestBody: content: "application/json": examples: default: value: data: attributes: data_exclusion_query: source:cloudtrail account_id:12345 description: This rule suppresses low-severity signals in staging environments. enabled: true expiration_date: 1703187336000 name: Custom suppression rule_query: type:log_detection source:cloudtrail start_date: 1703187336000 suppression_query: env:staging status:low tags: - technique:T1110-brute-force - source:cloudtrail type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionCreateRequest" required: true responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_write summary: Validate a suppression rule tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_suppressions_write /api/v2/security_monitoring/configuration/suppressions/{suppression_id}: delete: description: Delete a specific suppression rule. operationId: DeleteSecurityMonitoringSuppression parameters: - $ref: "#/components/parameters/SecurityMonitoringSuppressionID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_write summary: Delete a suppression rule tags: - Security Monitoring get: description: Get the details of a specific suppression rule. operationId: GetSecurityMonitoringSuppression parameters: - $ref: "#/components/parameters/SecurityMonitoringSuppressionID" responses: "200": content: application/json: examples: default: value: data: attributes: editable: true enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail suppression_query: env:staging status:low version: 1 id: 3dd-0uc-h1s type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read summary: Get a suppression rule tags: - Security Monitoring patch: description: Update a specific suppression rule. operationId: UpdateSecurityMonitoringSuppression parameters: - $ref: "#/components/parameters/SecurityMonitoringSuppressionID" requestBody: content: application/json: examples: default: value: data: attributes: data_exclusion_query: source:cloudtrail account_id:12345 description: This rule suppresses low-severity signals in staging environments. enabled: true expiration_date: 1703187336000 name: Custom suppression rule_query: type:log_detection source:cloudtrail start_date: 1703187336000 suppression_query: env:staging status:low tags: - technique:T1110-brute-force - source:cloudtrail type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionUpdateRequest" description: New definition of the suppression rule. Supports partial updates. required: true responses: "200": content: application/json: examples: default: value: data: attributes: editable: true enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail suppression_query: env:staging status:low version: 1 id: 3dd-0uc-h1s type: suppressions schema: $ref: "#/components/schemas/SecurityMonitoringSuppressionResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConcurrentModificationResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_write summary: Update a suppression rule tags: - Security Monitoring /api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_history: get: description: Get a suppression's version history. operationId: GetSuppressionVersionHistory parameters: - $ref: "#/components/parameters/SecurityMonitoringSuppressionID" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" responses: "200": content: application/json: examples: default: value: data: attributes: count: 1 data: "1": changes: [] suppression: enabled: true name: Custom suppression rule_query: type:log_detection source:cloudtrail version: 1 id: 3dd-0uc-h1s type: suppression_version_history schema: $ref: "#/components/schemas/GetSuppressionVersionHistoryResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read summary: Get a suppression's version history tags: - Security Monitoring /api/v2/security_monitoring/content_packs/states: get: description: |- Get the activation state, integration status, and log collection status for all Cloud SIEM content packs. operationId: GetContentPacksStates responses: "200": content: application/json: examples: default: value: data: - attributes: cloud_siem_index_incorrect: false cp_activation: activated filters_configured_for_logs: true logs_last_collected: within_24_hours logs_seen_from_any_index: true state: active id: aws-cloudtrail type: content_pack_state meta: cloud_siem_index_incorrect: false sku: add_on_2024 schema: $ref: "#/components/schemas/SecurityMonitoringContentPackStatesResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get content pack states tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_filters_read - logs_read_index_data x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/activate: put: description: |- Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. operationId: ActivateContentPack parameters: - description: The ID of the content pack to activate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true schema: example: aws-cloudtrail type: string responses: "202": description: Accepted "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Activate content pack tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_filters_write - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate: put: description: |- Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. operationId: DeactivateContentPack parameters: - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true schema: example: aws-cloudtrail type: string responses: "202": description: Accepted "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Deactivate content pack tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_filters_write - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/rules: get: description: List rules. operationId: ListSecurityMonitoringRules parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: A search query to filter security rules. You can filter by attributes such as `type`, `source`, `tags`. example: "type:signal_correlation source:cloudtrail" in: query name: query required: false schema: type: string - description: Attribute used to sort rules. Prefix with `-` to sort in descending order. in: query name: sort required: false schema: $ref: "#/components/schemas/SecurityMonitoringRuleSort" responses: "200": content: "application/json": examples: default: value: data: - id: abc-123 isEnabled: true name: My security monitoring rule. type: log_detection meta: {} schema: $ref: "#/components/schemas/SecurityMonitoringListRulesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: List rules tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_rules_read post: description: Create a detection rule. operationId: CreateSecurityMonitoringRule requestBody: content: "application/json": examples: default: value: cases: - condition: "a > 0" name: "" notifications: [] status: info filters: [] hasExtendedTitle: true isEnabled: true message: Test rule name: My security monitoring rule. options: evaluationWindow: 900 keepAlive: 3600 maxSignalDuration: 86400 queries: - aggregation: count distinctFields: [] groupByFields: [] metric: "" query: "@test:true" referenceTables: - checkPresence: true columnName: value logFieldPath: testtag ruleQueryName: a tableName: synthetics_test_reference_table_dont_delete tags: [] type: log_detection schema: $ref: "#/components/schemas/SecurityMonitoringRuleCreatePayload" required: true responses: "200": content: "application/json": examples: default: value: cases: - condition: "a > 0" name: "" notifications: [] status: info id: abc-123 isEnabled: true message: Test rule name: My security monitoring rule. tags: [] type: log_detection schema: $ref: "#/components/schemas/SecurityMonitoringRuleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Create a detection rule tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/bulk_delete: delete: description: |- Delete multiple security monitoring rules in a single request. Default rules cannot be deleted. operationId: BulkDeleteSecurityMonitoringRules requestBody: content: application/json: examples: default: value: data: attributes: ruleIds: - abc-000-u7q - abc-000-7dd type: bulk_delete_rules schema: $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeletePayload" required: true responses: "200": content: "application/json": examples: default: value: deletedRules: - abc-000-u7q - abc-000-7dd failedRules: [] schema: $ref: "#/components/schemas/SecurityMonitoringRuleBulkDeleteResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Bulk delete security monitoring rules tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/bulk_export: post: description: |- Export a list of security monitoring rules as a ZIP file containing JSON rule definitions. The endpoint accepts a list of rule IDs and returns a ZIP archive where each rule is saved as a separate JSON file named after the rule. operationId: BulkExportSecurityMonitoringRules requestBody: content: "application/json": examples: default: value: data: attributes: ruleIds: - def-000-u7q - def-000-7dd id: bulk_export type: security_monitoring_rules_bulk_export schema: $ref: "#/components/schemas/SecurityMonitoringRuleBulkExportPayload" required: true responses: "200": content: application/zip: examples: default: value: "" schema: format: binary type: string description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Bulk export security monitoring rules tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_read /api/v2/security_monitoring/rules/convert: post: description: |- Convert a rule that doesn't (yet) exist from JSON to Terraform for Datadog provider resource `datadog_security_monitoring_rule`. You can do so for the following rule types: - App and API Protection - Cloud SIEM (log detection and signal correlation) - Workload Protection You can convert Cloud Security configuration rules using Terraform's [Datadog Cloud Configuration Rule resource](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/cloud_configuration_rule). operationId: ConvertSecurityMonitoringRuleFromJSONToTerraform requestBody: content: "application/json": examples: default: value: calculatedFields: - expression: "@request_end_timestamp - @request_start_timestamp" name: response_time cases: - condition: a > 0 name: "" notifications: [] status: info filters: [] groupSignalsBy: - service hasExtendedTitle: true isEnabled: true message: My security monitoring rule. name: My security monitoring rule. options: anomalyDetectionOptions: bucketDuration: 300 detectionTolerance: 5 instantaneousBaseline: false complianceRuleOptions: regoRule: policy: "package datadog\n\nimport data.datadog.output as dd_output\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource) = \"skip\" if {\n # Logic that evaluates to true if the resource should be skipped\n true\n} else = \"pass\" {\n # Logic that evaluates to true if the resource is compliant\n true\n} else = \"fail\" {\n # Logic that evaluates to true if the resource is not compliant\n true\n}\n\n# This part remains unchanged for all rules\nresults contains result if {\n some resource in input.resources[input.main_resource_type]\n result := dd_output.format(resource, eval(resource))\n}" resourceTypes: - gcp_iam_service_account - gcp_iam_policy resourceType: aws_acm decreaseCriticalityBasedOnEnv: false detectionMethod: threshold evaluationWindow: 900 hardcodedEvaluatorType: log4shell impossibleTravelOptions: baselineUserLocations: true keepAlive: 3600 maxSignalDuration: 86400 newValueOptions: instantaneousBaseline: false learningMethod: duration thirdPartyRuleOptions: defaultStatus: critical rootQueries: - query: source:cloudtrail queries: - aggregation: count distinctFields: [] groupByFields: [] query: source:cloudtrail schedulingOptions: rrule: FREQ=HOURLY;INTERVAL=1; start: "2025-07-14T12:00:00" timezone: America/New_York tags: - env:prod - team:security thirdPartyCases: [] type: log_detection schema: $ref: "#/components/schemas/SecurityMonitoringRuleConvertPayload" required: true responses: "200": content: "application/json": examples: default: value: ruleId: abc-123 terraformContent: 'resource "datadog_security_monitoring_rule" "example" {}' schema: $ref: "#/components/schemas/SecurityMonitoringRuleConvertResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Convert a rule from JSON to Terraform tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/test: post: description: |- Test a rule. operationId: TestSecurityMonitoringRule requestBody: content: "application/json": examples: default: value: rule: calculatedFields: - expression: "@request_end_timestamp - @request_start_timestamp" name: response_time cases: - condition: a > 0 name: "" notifications: [] status: info filters: - action: require groupSignalsBy: - service hasExtendedTitle: true isEnabled: true message: My security monitoring rule message. name: My security monitoring rule. options: anomalyDetectionOptions: bucketDuration: 300 detectionTolerance: 5 instantaneousBaseline: false complianceRuleOptions: resourceType: aws_acm decreaseCriticalityBasedOnEnv: false detectionMethod: threshold evaluationWindow: 0 hardcodedEvaluatorType: log4shell impossibleTravelOptions: baselineUserLocations: true keepAlive: 0 maxSignalDuration: 0 newValueOptions: instantaneousBaseline: false learningMethod: duration thirdPartyRuleOptions: defaultStatus: critical queries: - aggregation: count distinctFields: [] groupByFields: - "@userIdentity.assumed_role" name: "" query: source:cloudtrail schedulingOptions: rrule: FREQ=HOURLY;INTERVAL=1; start: "2025-07-14T12:00:00" timezone: America/New_York tags: - env:prod - team:security thirdPartyCases: [] type: log_detection ruleQueryPayloads: - expectedResult: true index: 0 payload: ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345678 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World service: payment schema: $ref: "#/components/schemas/SecurityMonitoringRuleTestRequest" required: true responses: "200": content: "application/json": examples: default: value: results: - true schema: $ref: "#/components/schemas/SecurityMonitoringRuleTestResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Test a rule tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/validation: post: description: Validate a detection rule. operationId: ValidateSecurityMonitoringRule requestBody: content: "application/json": examples: default: value: calculatedFields: - expression: "@request_end_timestamp - @request_start_timestamp" name: response_time cases: - condition: a > 0 name: "" notifications: [] status: info filters: - action: require groupSignalsBy: - service hasExtendedTitle: true isEnabled: true message: My security monitoring rule name: My security monitoring rule. options: anomalyDetectionOptions: bucketDuration: 300 detectionTolerance: 5 instantaneousBaseline: false complianceRuleOptions: regoRule: policy: "package datadog\n\nimport data.datadog.output as dd_output\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource) = \"skip\" if {\n # Logic that evaluates to true if the resource should be skipped\n true\n} else = \"pass\" {\n # Logic that evaluates to true if the resource is compliant\n true\n} else = \"fail\" {\n # Logic that evaluates to true if the resource is not compliant\n true\n}\n\n# This part remains unchanged for all rules\nresults contains result if {\n some resource in input.resources[input.main_resource_type]\n result := dd_output.format(resource, eval(resource))\n}" resourceTypes: - gcp_iam_service_account - gcp_iam_policy resourceType: aws_acm decreaseCriticalityBasedOnEnv: false detectionMethod: threshold evaluationWindow: 1800 hardcodedEvaluatorType: log4shell impossibleTravelOptions: baselineUserLocations: true keepAlive: 1800 maxSignalDuration: 1800 newValueOptions: instantaneousBaseline: false learningMethod: duration thirdPartyRuleOptions: defaultStatus: critical rootQueries: - query: source:cloudtrail queries: - aggregation: count distinctFields: [] groupByFields: - "@userIdentity.assumed_role" name: "" query: source:cloudtrail schedulingOptions: rrule: FREQ=HOURLY;INTERVAL=1; start: "2025-07-14T12:00:00" timezone: America/New_York tags: - env:prod - team:security thirdPartyCases: [] type: log_detection schema: $ref: "#/components/schemas/SecurityMonitoringRuleValidatePayload" required: true responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Validate a detection rule tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/{rule_id}: delete: description: |- Delete an existing rule. Default rules cannot be deleted. operationId: DeleteSecurityMonitoringRule parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" responses: "204": description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Delete an existing rule tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_rules_write get: description: Get a rule's details. operationId: GetSecurityMonitoringRule parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" responses: "200": content: "application/json": examples: default: value: cases: - condition: "a > 0" name: "" notifications: [] status: info id: abc-123 isEnabled: true message: Test rule name: My security monitoring rule. tags: [] type: log_detection schema: $ref: "#/components/schemas/SecurityMonitoringRuleResponse" description: OK "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a rule's details tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_rules_read put: description: |- Update an existing rule. When updating `cases`, `queries` or `options`, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled, to change notifications, or to update the tags (default tags cannot be removed). operationId: UpdateSecurityMonitoringRule parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" requestBody: content: "application/json": examples: default: value: cases: - condition: "a > 0" name: "" notifications: [] status: info filters: [] isEnabled: true message: Test rule name: My security monitoring rule. options: evaluationWindow: 900 keepAlive: 3600 maxSignalDuration: 86400 queries: - aggregation: count distinctFields: [] groupByFields: [] metrics: [] query: "@test:true" tags: [] schema: $ref: "#/components/schemas/SecurityMonitoringRuleUpdatePayload" required: true responses: "200": content: "application/json": examples: default: value: cases: - condition: "a > 0" name: "" notifications: [] status: info id: abc-123 isEnabled: true message: Test rule name: My security monitoring rule. tags: [] type: log_detection schema: $ref: "#/components/schemas/SecurityMonitoringRuleResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Update an existing rule tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/{rule_id}/convert: get: description: |- Convert an existing rule from JSON to Terraform for Datadog provider resource `datadog_security_monitoring_rule`. You can do so for the following rule types: - App and API Protection - Cloud SIEM (log detection and signal correlation) - Workload Protection You can convert Cloud Security configuration rules using Terraform's [Datadog Cloud Configuration Rule resource](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/cloud_configuration_rule). operationId: ConvertExistingSecurityMonitoringRule parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" responses: "200": content: "application/json": examples: default: value: ruleId: abc-123 terraformContent: 'resource "datadog_security_monitoring_rule" "example" {}' schema: $ref: "#/components/schemas/SecurityMonitoringRuleConvertResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Convert an existing rule from JSON to Terraform tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_rules_read /api/v2/security_monitoring/rules/{rule_id}/test: post: description: |- Test an existing rule. operationId: TestExistingSecurityMonitoringRule parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" requestBody: content: "application/json": examples: default: value: rule: cases: - condition: "a > 0" name: "" notifications: [] status: info hasExtendedTitle: true isEnabled: true message: My security monitoring rule message. name: My security monitoring rule. options: decreaseCriticalityBasedOnEnv: false detectionMethod: threshold evaluationWindow: 0 keepAlive: 0 maxSignalDuration: 0 queries: - aggregation: count distinctFields: [] groupByFields: - "@userIdentity.assumed_role" name: "" query: "source:source_here" tags: - "env:prod" - "team:security" type: log_detection ruleQueryPayloads: - expectedResult: true index: 0 payload: ddsource: source_here ddtags: "env:staging,version:5.1" hostname: i-012345678 message: "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World" service: payment userIdentity: assumed_role: fake assumed_role schema: $ref: "#/components/schemas/SecurityMonitoringRuleTestRequest" required: true responses: "200": content: "application/json": examples: default: value: results: - true schema: $ref: "#/components/schemas/SecurityMonitoringRuleTestResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Test an existing rule tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/{rule_id}/version_history: get: description: Get a rule's version history. operationId: GetRuleVersionHistory parameters: - $ref: "#/components/parameters/SecurityMonitoringRuleID" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" responses: "200": content: "application/json": examples: default: value: data: attributes: count: 1 data: {} id: abc-123 type: GetRuleVersionHistoryResponse schema: $ref: "#/components/schemas/GetRuleVersionHistoryResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a rule's version history tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_rules_read x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. /api/v2/security_monitoring/signals: get: description: |- The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals. operationId: ListSecurityMonitoringSignals parameters: - $ref: "#/components/parameters/QueryFilterSearch" - $ref: "#/components/parameters/QueryFilterFrom" - $ref: "#/components/parameters/QueryFilterTo" - $ref: "#/components/parameters/QuerySort" - $ref: "#/components/parameters/QueryPageCursor" - $ref: "#/components/parameters/QueryPageLimit" responses: "200": content: application/json: examples: default: value: data: - attributes: tags: - "source:cloudtrail" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal links: next: "" meta: page: after: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== schema: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a quick list of security signals tags: ["Security Monitoring"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data "x-permission": operator: OR permissions: - security_monitoring_signals_read /api/v2/security_monitoring/signals/bulk/assignee: patch: description: |- Change the triage assignees of multiple security signals at once. The maximum number of signals that can be updated in a single request is 199. operationId: BulkEditSecurityMonitoringSignalsAssignee requestBody: content: application/json: examples: default: value: data: - attributes: assignee: 773b045d-ccf8-4808-bd3b-955ef6a8c940 id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkAssigneeUpdateRequest" description: Attributes describing the signal assignee updates. required: true responses: "200": content: application/json: examples: default: value: result: count: 1 events: - event: assignee: uuid: 00000000-0000-0000-0000-000000000001 id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA incident_ids: [] state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA status: done type: status schema: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Bulk update triage assignee of security signals tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/bulk/state: patch: description: |- Change the triage states of multiple security signals at once. The maximum number of signals that can be updated in a single request is 199. operationId: BulkEditSecurityMonitoringSignalsState requestBody: content: application/json: examples: default: value: data: - attributes: archive_reason: none state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkStateUpdateRequest" description: Attributes describing the signal state updates. required: true responses: "200": content: application/json: examples: default: value: result: count: 1 events: - event: assignee: uuid: 00000000-0000-0000-0000-000000000001 id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA incident_ids: [] state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA status: done type: status schema: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Bulk update triage state of security signals tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/bulk/update: patch: description: |- Update the triage state or assignee of multiple security signals at once. The maximum number of signals that can be updated in a single request is 199. operationId: BulkEditSecurityMonitoringSignals requestBody: content: application/json: examples: default: value: data: - attributes: archive_reason: none state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateRequest" description: Attributes describing the signal updates. required: true responses: "200": content: application/json: examples: default: value: result: count: 1 events: - event: assignee: uuid: 00000000-0000-0000-0000-000000000001 id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA incident_ids: [] state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA status: done type: status schema: $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Bulk update security signals tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/search: post: description: |- Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals. operationId: SearchSecurityMonitoringSignals requestBody: content: "application/json": examples: default: value: filter: from: "2019-01-02T09:42:36.320Z" query: security:attack status:high to: "2019-01-03T09:42:36.320Z" page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp schema: $ref: "#/components/schemas/SecurityMonitoringSignalListRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: tags: - "source:cloudtrail" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal links: next: "" meta: page: after: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== schema: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a list of security signals tags: ["Security Monitoring"] x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data "x-permission": operator: OR permissions: - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}: get: description: Get a signal's details. operationId: GetSecurityMonitoringSignal parameters: - $ref: "#/components/parameters/SignalID" responses: "200": content: "application/json": examples: default: value: data: attributes: tags: - "source:cloudtrail" id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a signal's details tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/assignee: patch: description: |- Modify the triage assignee of a security signal. operationId: EditSecurityMonitoringSignalAssignee parameters: - $ref: "#/components/parameters/SignalID" requestBody: content: application/json: examples: default: value: data: attributes: assignee: uuid: 773b045d-ccf8-4808-bd3b-955ef6a8c940 schema: $ref: "#/components/schemas/SecurityMonitoringSignalAssigneeUpdateRequest" description: Attributes describing the signal update. required: true responses: "200": content: application/json: examples: default: value: data: attributes: assignee: uuid: 00000000-0000-0000-0000-000000000001 incident_ids: [] state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal_metadata schema: $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Modify the triage assignee of a security signal tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/{signal_id}/incidents: patch: description: |- Change the related incidents for a security signal. operationId: EditSecurityMonitoringSignalIncidents parameters: - $ref: "#/components/parameters/SignalID" requestBody: content: application/json: examples: default: value: data: attributes: incident_ids: - 2066 schema: $ref: "#/components/schemas/SecurityMonitoringSignalIncidentsUpdateRequest" description: Attributes describing the signal update. required: true responses: "200": content: application/json: examples: default: value: data: attributes: assignee: uuid: 00000000-0000-0000-0000-000000000001 incident_ids: [] state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal_metadata schema: $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Change the related incidents of a security signal tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/{signal_id}/investigation_queries: get: description: Get the list of investigation log queries available for a given security signal. operationId: GetInvestigationLogQueriesMatchingSignal parameters: - $ref: "#/components/parameters/SignalID" responses: "200": content: application/json: example: data: - attributes: name: Cloudtrail events for user ARN query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' template_variables: "@userIdentity.arn": - foo url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 id: w00-t10-992 type: investigation_log_queries - attributes: title: Monitor Okta logs to track system access and unusual activity url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ id: bxy-o8v-i1a type: recommended_blog_posts schema: $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_signals_read summary: Get investigation queries for a signal tags: ["Security Monitoring"] x-permission: operator: AND permissions: - security_monitoring_rules_read - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/state: patch: description: |- Change the triage state of a security signal. operationId: EditSecurityMonitoringSignalState parameters: - $ref: "#/components/parameters/SignalID" requestBody: content: application/json: examples: default: value: data: attributes: archive_reason: none state: archived type: signal_metadata schema: $ref: "#/components/schemas/SecurityMonitoringSignalStateUpdateRequest" description: Attributes describing the signal update. required: true responses: "200": content: application/json: examples: default: value: data: attributes: assignee: uuid: 00000000-0000-0000-0000-000000000001 incident_ids: [] state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal_metadata schema: $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Change the triage state of a security signal tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/{signal_id}/suggested_actions: get: description: Get the list of suggested actions for a given security signal. operationId: GetSuggestedActionsMatchingSignal parameters: - $ref: "#/components/parameters/SignalID" responses: "200": content: application/json: example: data: - attributes: name: Cloudtrail events for user ARN query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' template_variables: "@userIdentity.arn": - foo url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 id: w00-t10-992 type: investigation_log_queries - attributes: title: Monitor Okta logs to track system access and unusual activity url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ id: bxy-o8v-i1a type: recommended_blog_posts schema: $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_signals_read summary: Get suggested actions for a signal tags: ["Security Monitoring"] x-permission: operator: AND permissions: - security_monitoring_rules_read - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/update: patch: description: |- Update the triage state or assignee of a security signal. operationId: EditSecurityMonitoringSignal parameters: - $ref: "#/components/parameters/SignalID" requestBody: content: application/json: examples: default: value: data: attributes: archive_reason: none state: archived type: signal_metadata schema: $ref: "#/components/schemas/SecurityMonitoringSignalUpdateRequest" description: Attributes describing the signal triage state or assignee update. required: true responses: "200": content: application/json: examples: default: value: data: attributes: assignee: uuid: 00000000-0000-0000-0000-000000000001 incident_ids: [] state: archived id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: signal_metadata schema: $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update security signal triage state or assignee tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/terraform/{resource_type}/bulk: post: description: |- Export multiple security monitoring resources to Terraform, packaged as a zip archive. The `resource_type` path parameter specifies the type of resources to export and must be one of `suppressions` or `critical_assets`. A maximum of 1000 resources can be exported in a single request. operationId: BulkExportSecurityMonitoringTerraformResources parameters: - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceType" requestBody: content: application/json: examples: default: value: data: attributes: resource_ids: - abc-123-def type: bulk_export_resources schema: $ref: "#/components/schemas/SecurityMonitoringTerraformBulkExportRequest" description: The resource IDs to export. required: true responses: "200": content: application/zip: examples: default: value: "" schema: format: binary type: string description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read - AuthZ: - security_monitoring_rules_read summary: Export security monitoring resources to Terraform tags: - Security Monitoring x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_suppressions_read - security_monitoring_rules_read x-unstable: "**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/security_monitoring/terraform/{resource_type}/convert: post: description: |- Convert a security monitoring resource that doesn't (yet) exist from JSON to Terraform. The `resource_type` path parameter specifies the type of resource to convert and must be one of `suppressions` or `critical_assets`. operationId: ConvertSecurityMonitoringTerraformResource parameters: - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceType" requestBody: content: application/json: examples: default: value: data: attributes: resource_json: enabled: true name: Example-Security-Monitoring rule_query: "source:cloudtrail" suppression_query: "env:test" id: abc-123 type: convert_resource schema: $ref: "#/components/schemas/SecurityMonitoringTerraformConvertRequest" description: The resource JSON to convert. required: true responses: "200": content: application/json: examples: default: value: data: attributes: output: 'resource "datadog_security_monitoring_suppression" "abc-123" {}' resource_id: abc-123 type_name: datadog_security_monitoring_suppression id: datadog_security_monitoring_suppression|abc-123 type: format_resource schema: $ref: "#/components/schemas/SecurityMonitoringTerraformExportResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read - AuthZ: - security_monitoring_rules_read summary: Convert security monitoring resource to Terraform tags: - Security Monitoring x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_suppressions_read - security_monitoring_rules_read x-unstable: "**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/security_monitoring/terraform/{resource_type}/{resource_id}: get: description: |- Export a security monitoring resource to a Terraform configuration. The `resource_type` path parameter specifies the type of resource to export and must be one of `suppressions` or `critical_assets`. operationId: ExportSecurityMonitoringTerraformResource parameters: - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceType" - $ref: "#/components/parameters/SecurityMonitoringTerraformResourceId" responses: "200": content: application/json: examples: default: value: data: attributes: output: 'resource "datadog_security_monitoring_suppression" "abc-123" {}' resource_id: abc-123 type_name: datadog_security_monitoring_suppression id: datadog_security_monitoring_suppression|abc-123 type: format_resource schema: $ref: "#/components/schemas/SecurityMonitoringTerraformExportResponse" description: OK "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read - AuthZ: - security_monitoring_rules_read summary: Export security monitoring resource to Terraform tags: - Security Monitoring "x-permission": operator: OR permissions: - security_monitoring_suppressions_read - security_monitoring_rules_read x-unstable: "**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/sensitive-data-scanner/config: get: description: List all the Scanning groups in your organization. operationId: ListScanningGroups responses: "200": content: application/json: examples: default: value: data: attributes: {} id: abc-123 relationships: groups: data: - id: group-abc-123 type: sensitive_data_scanner_group type: sensitive_data_scanner_configuration included: - attributes: description: "" filter: query: "*" is_enabled: true name: My scanning group product_list: - logs samplings: - product: logs rate: 100.0 id: group-abc-123 relationships: configuration: data: id: abc-123 type: sensitive_data_scanner_configuration rules: data: - id: rule-abc-123 type: sensitive_data_scanner_rule type: sensitive_data_scanner_group - attributes: description: Detects credit card numbers in various formats excluded_namespaces: - admin.name included_keyword_configuration: character_count: 35 keywords: - credit card is_enabled: true name: Credit Card Rule namespaces: - admin priority: 1 tags: - sensitive_data:true text_replacement: type: none id: rule-abc-123 relationships: group: data: id: group-abc-123 type: sensitive_data_scanner_group type: sensitive_data_scanner_rule meta: count_limit: 500 group_count_limit: 20 is_pci_compliant: false version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerGetConfigResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Scanning Groups tags: - Sensitive Data Scanner "x-permission": operator: OR permissions: - data_scanner_read patch: description: Reorder the list of groups. operationId: ReorderScanningGroups requestBody: content: application/json: examples: default: value: data: relationships: groups: data: - id: a796feff-a0cc-4a9f-8c61-16c4d5e44964 type: sensitive_data_scanner_group type: sensitive_data_scanner_configuration meta: version: 0 schema: $ref: "#/components/schemas/SensitiveDataScannerConfigRequest" required: true responses: "200": content: application/json: examples: default: value: meta: version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerReorderGroupsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Reorder Groups tags: - Sensitive Data Scanner x-codegen-request-body-name: body "x-permission": operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/groups: post: description: |- Create a scanning group. The request MAY include a configuration relationship. A rules relationship can be omitted entirely, but if it is included it MUST be null or an empty array (rules cannot be created at the same time). The new group will be ordered last within the configuration. operationId: CreateScanningGroup requestBody: content: application/json: examples: default: value: data: attributes: filter: query: "*" is_enabled: false product_list: - logs samplings: - product: logs rate: 100.0 relationships: configuration: data: type: sensitive_data_scanner_configuration type: sensitive_data_scanner_group meta: version: 0 schema: $ref: "#/components/schemas/SensitiveDataScannerGroupCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: description: "" filter: query: "*" is_enabled: false name: My scanning group product_list: - logs samplings: - product: logs rate: 100.0 id: group-abc-123 relationships: configuration: data: id: abc-123 type: sensitive_data_scanner_configuration rules: data: [] type: sensitive_data_scanner_group meta: version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerCreateGroupResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create Scanning Group tags: - Sensitive Data Scanner x-codegen-request-body-name: body "x-permission": operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/groups/{group_id}: delete: description: Delete a given group. operationId: DeleteScanningGroup parameters: - $ref: "#/components/parameters/SensitiveDataScannerGroupID" requestBody: content: application/json: examples: default: value: meta: version: 0 schema: $ref: "#/components/schemas/SensitiveDataScannerGroupDeleteRequest" required: true responses: "200": content: application/json: examples: default: value: meta: version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerGroupDeleteResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Scanning Group tags: - Sensitive Data Scanner x-codegen-request-body-name: body "x-permission": operator: OR permissions: - data_scanner_write patch: description: |- Update a group, including the order of the rules. Rules within the group are reordered by including a rules relationship. If the rules relationship is present, its data section MUST contain linkages for all of the rules currently in the group, and MUST NOT contain any others. operationId: UpdateScanningGroup parameters: - $ref: "#/components/parameters/SensitiveDataScannerGroupID" requestBody: content: application/json: examples: default: value: data: attributes: filter: query: "*" is_enabled: false product_list: - logs samplings: - product: logs rate: 100.0 relationships: configuration: data: type: sensitive_data_scanner_configuration type: sensitive_data_scanner_group meta: version: 0 schema: $ref: "#/components/schemas/SensitiveDataScannerGroupUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: meta: version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerGroupUpdateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Scanning Group tags: - Sensitive Data Scanner x-codegen-request-body-name: body "x-permission": operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/rules: post: description: |- Create a scanning rule in a sensitive data scanner group, ordered last. The posted rule MUST include a group relationship. It MUST include either a standard_pattern relationship or a regex attribute, but not both. If included_attributes is empty or missing, we will scan all attributes except excluded_attributes. If both are missing, we will scan the whole event. operationId: CreateScanningRule requestBody: content: application/json: examples: default: value: data: attributes: excluded_namespaces: - admin.name included_keyword_configuration: character_count: 30 keywords: - email - address - login is_enabled: true namespaces: - admin suppressions: ends_with: - "@example.com" - another.example.com exact_match: - admin@example.com - user@example.com starts_with: - admin - user tags: - sensitive_data:true text_replacement: type: none relationships: group: data: type: sensitive_data_scanner_group standard_pattern: data: type: sensitive_data_scanner_standard_pattern type: sensitive_data_scanner_rule meta: version: 0 schema: $ref: "#/components/schemas/SensitiveDataScannerRuleCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: description: Detects credit card numbers in various formats excluded_namespaces: - admin.name included_keyword_configuration: character_count: 35 keywords: - credit card is_enabled: true name: Credit Card Rule namespaces: - admin priority: 1 tags: - sensitive_data:true text_replacement: type: none id: rule-abc-123 relationships: group: data: id: group-abc-123 type: sensitive_data_scanner_group type: sensitive_data_scanner_rule meta: version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerCreateRuleResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create Scanning Rule tags: - Sensitive Data Scanner x-codegen-request-body-name: body "x-permission": operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/rules/{rule_id}: delete: description: Delete a given rule. operationId: DeleteScanningRule parameters: - $ref: "#/components/parameters/SensitiveDataScannerRuleID" requestBody: content: application/json: examples: default: value: meta: version: 0 schema: $ref: "#/components/schemas/SensitiveDataScannerRuleDeleteRequest" required: true responses: "200": content: application/json: examples: default: value: meta: version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerRuleDeleteResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Scanning Rule tags: - Sensitive Data Scanner x-codegen-request-body-name: body "x-permission": operator: OR permissions: - data_scanner_write patch: description: |- Update a scanning rule. The request body MUST NOT include a standard_pattern relationship, as that relationship is non-editable. Trying to edit the regex attribute of a rule with a standard_pattern relationship will also result in an error. operationId: UpdateScanningRule parameters: - $ref: "#/components/parameters/SensitiveDataScannerRuleID" requestBody: content: application/json: examples: default: value: data: attributes: excluded_namespaces: - admin.name included_keyword_configuration: character_count: 30 keywords: - email - address - login is_enabled: true namespaces: - admin suppressions: ends_with: - "@example.com" - another.example.com exact_match: - admin@example.com - user@example.com starts_with: - admin - user tags: - sensitive_data:true text_replacement: type: none relationships: group: data: type: sensitive_data_scanner_group standard_pattern: data: type: sensitive_data_scanner_standard_pattern type: sensitive_data_scanner_rule meta: version: 0 schema: $ref: "#/components/schemas/SensitiveDataScannerRuleUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: meta: version: 1 schema: $ref: "#/components/schemas/SensitiveDataScannerRuleUpdateResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Scanning Rule tags: - Sensitive Data Scanner x-codegen-request-body-name: body "x-permission": operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/standard-patterns: get: description: Returns all standard patterns. operationId: ListStandardPatterns responses: "200": content: application/json: examples: default: value: data: - attributes: description: Detects credit card numbers in various formats included_keywords: - credit card - card number name: Credit Card Number priority: 1 tags: - card_number id: abc-123 type: sensitive_data_scanner_standard_pattern schema: $ref: "#/components/schemas/SensitiveDataScannerStandardPatternsResponseData" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication Error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List standard patterns tags: - Sensitive Data Scanner "x-permission": operator: OR permissions: - data_scanner_read /api/v2/series: post: description: |- The metrics end-point allows you to post time-series data that can be graphed on Datadog’s dashboards. The maximum payload size is 500 kilobytes (512000 bytes). Compressed payloads must have a decompressed size of less than 5 megabytes (5242880 bytes). If you’re submitting metrics directly to the Datadog API without using DogStatsD, expect: - 64 bits for the timestamp - 64 bits for the value - 20 bytes for the metric names - 50 bytes for the timeseries - The full payload is approximately 100 bytes. Host name is one of the resources in the Resources field. operationId: SubmitMetrics parameters: - description: HTTP header used to compress the media-type. in: header name: Content-Encoding required: false schema: $ref: "#/components/schemas/MetricContentEncoding" requestBody: content: application/json: examples: default: value: series: - metric: system.load.1 points: - timestamp: 1636629071 value: 1.1 resources: - name: dummyhost type: host type: 0 dynamic-points: description: Post time-series data that can be graphed on Datadog’s dashboards. externalValue: examples/metrics/dynamic-points.json.sh summary: Dynamic Points x-variables: NOW: $(date +%s) schema: $ref: "#/components/schemas/MetricPayload" required: true responses: "202": content: application/json: examples: default: value: errors: [] schema: $ref: "#/components/schemas/IntakePayloadAccepted" description: Payload accepted "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "408": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Request timeout "413": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Payload too large "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] summary: Submit metrics tags: - Metrics x-codegen-request-body-name: body /api/v2/service_accounts: post: description: Create a service account for your organization. operationId: CreateServiceAccount requestBody: content: application/json: examples: default: value: data: attributes: email: jane.doe@example.com service_account: true relationships: roles: data: - id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: users schema: $ref: "#/components/schemas/ServiceAccountCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: email: test@example.com service_account: true id: 00000000-0000-0000-0000-000000000001 type: users schema: $ref: "#/components/schemas/UserResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a service account tags: - Service Accounts x-codegen-request-body-name: body "x-permission": operator: OR permissions: - service_account_write /api/v2/service_accounts/{service_account_id}/access_tokens: get: description: List all access tokens for a specific service account. operationId: ListServiceAccountAccessTokens parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/PersonalAccessTokensSortParameter" - $ref: "#/components/parameters/PersonalAccessTokensFilterParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" name: My Personal Access Token scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000005 type: personal_access_tokens meta: page: total_filtered_count: 1 schema: $ref: "#/components/schemas/ListPersonalAccessTokensResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List access tokens for a service account tags: - Service Accounts "x-permission": operator: OR permissions: - service_account_write post: description: Create an access token for a service account. operationId: CreateServiceAccountAccessToken parameters: - $ref: "#/components/parameters/ServiceAccountID" requestBody: content: application/json: examples: default: value: data: attributes: name: Service Account Access Token scopes: - dashboards_read - dashboards_write type: personal_access_tokens schema: $ref: "#/components/schemas/ServiceAccountAccessTokenCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" key: "" name: My Personal Access Token public_portion: ddpat_abc123 scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000006 type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenCreateResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an access token for a service account tags: - Service Accounts x-codegen-request-body-name: body "x-permission": operator: OR permissions: - service_account_write /api/v2/service_accounts/{service_account_id}/access_tokens/{pat_id}: delete: description: Revoke a specific access token for a service account. operationId: RevokeServiceAccountAccessToken parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/PersonalAccessTokenID" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Revoke an access token for a service account tags: - Service Accounts "x-permission": operator: OR permissions: - service_account_write get: description: Get a specific access token for a service account by its UUID. operationId: GetServiceAccountAccessToken parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/PersonalAccessTokenID" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" name: My Personal Access Token scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000007 type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get an access token for a service account tags: - Service Accounts "x-permission": operator: OR permissions: - service_account_write patch: description: Update a specific access token for a service account. operationId: UpdateServiceAccountAccessToken parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/PersonalAccessTokenID" requestBody: content: application/json: examples: default: value: data: attributes: name: Updated Personal Access Token scopes: - dashboards_read - dashboards_write id: 00112233-4455-6677-8899-aabbccddeeff type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2025-12-31T23:59:59+00:00" name: My Personal Access Token scopes: - dashboards_read id: 00000000-0000-0000-0000-000000000008 type: personal_access_tokens schema: $ref: "#/components/schemas/PersonalAccessTokenResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update an access token for a service account tags: - Service Accounts x-codegen-request-body-name: body "x-permission": operator: OR permissions: - service_account_write /api/v2/service_accounts/{service_account_id}/application_keys: get: description: List all application keys available for this service account. operationId: ListServiceAccountApplicationKeys parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/ApplicationKeysSortParameter" - $ref: "#/components/parameters/ApplicationKeyFilterParameter" - $ref: "#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter" - $ref: "#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000002 type: application_keys schema: $ref: "#/components/schemas/ListApplicationKeysResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List application keys for this service account tags: - Service Accounts "x-permission": operator: OR permissions: - service_account_write post: description: Create an application key for this service account. operationId: CreateServiceAccountApplicationKey parameters: - $ref: "#/components/parameters/ServiceAccountID" requestBody: content: application/json: examples: default: value: data: attributes: name: Application Key for managing dashboards scopes: - dashboards_read - dashboards_write - dashboards_public_share type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000003 type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body "x-permission": operator: OR permissions: - service_account_write /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id}: delete: description: Delete an application key owned by this service account. operationId: DeleteServiceAccountApplicationKey parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/ApplicationKeyID" responses: "204": description: No Content "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete an application key for this service account tags: - Service Accounts "x-permission": operator: OR permissions: - service_account_write get: description: Get an application key owned by this service account. operationId: GetServiceAccountApplicationKey parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/ApplicationKeyID" responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000004 type: application_keys schema: $ref: "#/components/schemas/PartialApplicationKeyResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get one application key for this service account tags: - Service Accounts "x-permission": operator: OR permissions: - service_account_write patch: description: Edit an application key owned by this service account. operationId: UpdateServiceAccountApplicationKey parameters: - $ref: "#/components/parameters/ServiceAccountID" - $ref: "#/components/parameters/ApplicationKeyID" requestBody: content: application/json: examples: default: value: data: attributes: name: Application Key for managing dashboards scopes: - dashboards_read - dashboards_write - dashboards_public_share id: 00112233-4455-6677-8899-aabbccddeeff type: application_keys schema: $ref: "#/components/schemas/ApplicationKeyUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" name: Application Key for managing dashboards id: 00000000-0000-0000-0000-000000000005 type: application_keys schema: $ref: "#/components/schemas/PartialApplicationKeyResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Edit an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body "x-permission": operator: OR permissions: - service_account_write /api/v2/services: get: deprecated: true description: >- Get all incident services uploaded for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services. operationId: ListIncidentServices parameters: - $ref: "#/components/parameters/IncidentServiceIncludeQueryParameter" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageOffset" - $ref: "#/components/parameters/IncidentServiceSearchQueryParameter" responses: "200": content: application/json: examples: default: value: data: - attributes: name: test-service id: 00000000-0000-0000-0000-000000000002 type: services schema: $ref: "#/components/schemas/IncidentServicesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of all incident services tags: - Incident Services "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is deprecated. post: deprecated: true description: Creates a new incident service. operationId: CreateIncidentService requestBody: content: application/json: examples: default: value: data: attributes: name: an example service name relationships: created_by: data: id: 00000000-0000-0000-2345-000000000000 type: users last_modified_by: data: id: 00000000-0000-0000-2345-000000000000 type: users type: services schema: $ref: "#/components/schemas/IncidentServiceCreateRequest" description: Incident Service Payload. required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: test-service id: 00000000-0000-0000-0000-000000000001 type: services schema: $ref: "#/components/schemas/IncidentServiceResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create a new incident service tags: - Incident Services x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is deprecated. /api/v2/services/definitions: get: description: Get a list of all service definitions from the Datadog Service Catalog. operationId: ListServiceDefinitions parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/SchemaVersion" responses: "200": content: application/json: examples: default: value: data: - attributes: schema: dd-service: test-service schema-version: v2.2 team: my-team id: test-service type: service_definitions schema: $ref: "#/components/schemas/ServiceDefinitionsListResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get all service definitions tags: - Service Definition x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data "x-permission": operator: OR permissions: - apm_service_catalog_read post: description: Create or update service definition in the Datadog Service Catalog. operationId: CreateOrUpdateServiceDefinitions requestBody: content: application/json: examples: default: value: application: my-app ci-pipeline-fingerprints: - j88xdEy0J5lc - eZ7LMljCk8vo contacts: - contact: https://teams.microsoft.com/myteam name: My team channel type: slack dd-service: my-service description: My service description extensions: myorg/extension: extensionValue integrations: opsgenie: region: US service-url: https://my-org.opsgenie.com/service/123e4567-e89b-12d3-a456-426614174000 pagerduty: service-url: https://my-org.pagerduty.com/service-directory/PMyService languages: - dotnet - go - java - js - php - python - ruby - c++ lifecycle: sandbox links: - name: Runbook provider: Github type: runbook url: https://my-runbook schema-version: v2.2 tags: - my:tag - service:tag team: my-team tier: High type: web schema: $ref: "#/components/schemas/ServiceDefinitionsCreateRequest" description: Service Definition YAML/JSON. required: true responses: "200": content: application/json: examples: default: value: data: - attributes: schema: dd-service: my-service schema-version: v2.2 id: abc-123 type: service_definitions schema: $ref: "#/components/schemas/ServiceDefinitionCreateResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create or update service definition tags: - Service Definition x-codegen-request-body-name: body "x-permission": operator: OR permissions: - apm_service_catalog_write /api/v2/services/definitions/{service_name}: delete: description: Delete a single service definition in the Datadog Service Catalog. operationId: DeleteServiceDefinition parameters: - $ref: "#/components/parameters/ServiceName" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a single service definition tags: - Service Definition "x-permission": operator: OR permissions: - apm_service_catalog_write get: description: Get a single service definition from the Datadog Service Catalog. operationId: GetServiceDefinition parameters: - $ref: "#/components/parameters/ServiceName" - $ref: "#/components/parameters/SchemaVersion" responses: "200": content: application/json: examples: default: value: data: attributes: schema: dd-service: test-service schema-version: v2.2 team: my-team id: test-service type: service_definitions schema: $ref: "#/components/schemas/ServiceDefinitionGetResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a single service definition tags: - Service Definition "x-permission": operator: OR permissions: - apm_service_catalog_read /api/v2/services/{service_id}: delete: deprecated: true description: Deletes an existing incident service. operationId: DeleteIncidentService parameters: - $ref: "#/components/parameters/IncidentServiceIDPathParameter" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an existing incident service tags: - Incident Services "x-permission": operator: OR permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is deprecated. get: deprecated: true description: |- Get details of an incident service. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services. operationId: GetIncidentService parameters: - $ref: "#/components/parameters/IncidentServiceIDPathParameter" - $ref: "#/components/parameters/IncidentServiceIncludeQueryParameter" responses: "200": content: application/json: examples: default: value: data: attributes: name: test-service id: 00000000-0000-0000-0000-000000000004 type: services schema: $ref: "#/components/schemas/IncidentServiceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get details of an incident service tags: - Incident Services "x-permission": operator: OR permissions: - incident_read x-unstable: |- **Note**: This endpoint is deprecated. patch: deprecated: true description: >- Updates an existing incident service. Only provide the attributes which should be updated as this request is a partial update. operationId: UpdateIncidentService parameters: - $ref: "#/components/parameters/IncidentServiceIDPathParameter" requestBody: content: application/json: examples: default: value: data: attributes: name: an example service name id: 00000000-0000-0000-0000-000000000000 relationships: created_by: data: id: 00000000-0000-0000-2345-000000000000 type: users last_modified_by: data: id: 00000000-0000-0000-2345-000000000000 type: users type: services schema: $ref: "#/components/schemas/IncidentServiceUpdateRequest" description: Incident Service Payload. required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: test-service id: 00000000-0000-0000-0000-000000000003 type: services schema: $ref: "#/components/schemas/IncidentServiceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/UnauthorizedResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an existing incident service tags: - Incident Services x-codegen-request-body-name: body "x-permission": operator: OR permissions: - incident_settings_write x-unstable: |- **Note**: This endpoint is deprecated. /api/v2/siem-historical-detections/histsignals: get: description: List hist signals. operationId: ListSecurityMonitoringHistsignals parameters: - $ref: "#/components/parameters/QueryFilterSearch" - $ref: "#/components/parameters/QueryFilterFrom" - $ref: "#/components/parameters/QueryFilterTo" - $ref: "#/components/parameters/QuerySort" - $ref: "#/components/parameters/QueryPageCursor" - $ref: "#/components/parameters/QueryPageLimit" responses: "200": content: application/json: examples: default: value: data: - attributes: message: A large number of failed login attempts. tags: - source:production timestamp: "2024-01-01T00:00:00+00:00" id: abc-123 type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: List hist signals tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_signals_read x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/histsignals/search: get: description: Search hist signals. operationId: SearchSecurityMonitoringHistsignals requestBody: content: "application/json": examples: default: value: filter: from: "2019-01-02T09:42:36.320Z" query: "security:attack status:high" to: "2019-01-03T09:42:36.320Z" page: limit: 25 sort: timestamp schema: $ref: "#/components/schemas/SecurityMonitoringSignalListRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: message: A large number of failed login attempts. tags: - source:production timestamp: "2024-01-01T00:00:00+00:00" id: abc-123 type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Search hist signals tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_signals_read x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/histsignals/{histsignal_id}: get: description: Get a hist signal's details. operationId: GetSecurityMonitoringHistsignal parameters: - $ref: "#/components/parameters/HistoricalSignalID" responses: "200": content: "application/json": examples: default: value: data: attributes: message: A large number of failed login attempts. tags: - source:production timestamp: "2024-01-01T00:00:00+00:00" id: abc-123 type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a hist signal's details tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_signals_read x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/jobs: get: description: List historical jobs. operationId: ListHistoricalJobs parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: The order of the jobs in results. example: "status" in: query name: sort required: false schema: type: string - description: Query used to filter items from the fetched list. example: "security:attack status:high" in: query name: filter[query] required: false schema: type: string responses: "200": content: "application/json": examples: default: value: data: - attributes: createdAt: "2024-01-01T00:00:00+00:00" createdByHandle: example-handle createdByName: Example Name jobName: Example Job jobStatus: COMPLETED id: abc-123 type: historicalDetectionsJob meta: totalCount: 1 schema: $ref: "#/components/schemas/ListHistoricalJobsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List historical jobs tags: ["Security Monitoring"] x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. post: description: |- Run a historical job. operationId: RunHistoricalJob requestBody: content: "application/json": examples: default: value: data: attributes: jobDefinition: cases: - condition: "a > 1" name: Condition 1 notifications: [] status: info from: 1730387522611 index: main message: "A large number of failed login attempts." name: "Excessive number of failed attempts." options: evaluationWindow: 900 keepAlive: 3600 maxSignalDuration: 86400 queries: - aggregation: count distinctFields: [] groupByFields: [] query: "source:non_existing_src_weekend" tags: [] to: 1730391122611 type: log_detection type: historicalDetectionsJobCreate schema: $ref: "#/components/schemas/RunHistoricalJobRequest" required: true responses: "201": content: "application/json": examples: default: value: data: id: abc-123 type: historicalDetectionsJob schema: $ref: "#/components/schemas/JobCreateResponse" description: Status created "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Run a historical job tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_rules_write x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/jobs/signal_convert: post: description: |- Convert a job result to a signal. operationId: ConvertJobResultToSignal requestBody: content: "application/json": examples: default: value: data: attributes: jobResultIds: - "" notifications: - "" signalMessage: A large number of failed login attempts. signalSeverity: critical type: historicalDetectionsJobResultSignalConversion schema: $ref: "#/components/schemas/ConvertJobResultsToSignalsRequest" required: true responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Convert a job result to a signal tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - security_monitoring_signals_write x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/jobs/{job_id}: delete: description: |- Delete an existing job. operationId: DeleteHistoricalJob parameters: - $ref: "#/components/parameters/HistoricalJobID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete an existing job tags: ["Security Monitoring"] x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. get: description: Get a job's details. operationId: GetHistoricalJob parameters: - $ref: "#/components/parameters/HistoricalJobID" responses: "200": content: "application/json": examples: default: value: data: attributes: createdAt: "2024-01-01T00:00:00+00:00" createdByHandle: example-handle createdByName: Example Name jobName: Example Job jobStatus: COMPLETED modifiedAt: "2024-01-01T00:00:00+00:00" signalOutput: false id: abc-123 type: historicalDetectionsJob schema: $ref: "#/components/schemas/HistoricalJobResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a job's details tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_rules_read x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/jobs/{job_id}/cancel: patch: description: Cancel a historical job. operationId: CancelHistoricalJob parameters: - $ref: "#/components/parameters/HistoricalJobID" responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "401": $ref: "#/components/responses/ConcurrentModificationResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Cancel a historical job tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_rules_write x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/jobs/{job_id}/histsignals: get: description: Get a job's hist signals. operationId: GetSecurityMonitoringHistsignalsByJobId parameters: - $ref: "#/components/parameters/HistoricalJobID" - $ref: "#/components/parameters/QueryFilterSearch" - $ref: "#/components/parameters/QueryFilterFrom" - $ref: "#/components/parameters/QueryFilterTo" - $ref: "#/components/parameters/QuerySort" - $ref: "#/components/parameters/QueryPageCursor" - $ref: "#/components/parameters/QueryPageLimit" responses: "200": content: application/json: examples: default: value: data: - attributes: message: A large number of failed login attempts. tags: - source:production timestamp: "2024-01-01T00:00:00+00:00" id: abc-123 type: signal schema: $ref: "#/components/schemas/SecurityMonitoringSignalsListResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a job's hist signals tags: ["Security Monitoring"] "x-permission": operator: OR permissions: - security_monitoring_signals_read x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/slo/report: post: description: |- Create a job to generate an SLO report. The report job is processed asynchronously and eventually results in a CSV report being available for download. Check the status of the job and download the CSV report using the returned `report_id`. operationId: CreateSLOReportJob requestBody: content: application/json: examples: default: value: data: attributes: from_ts: 1690901870 interval: weekly query: slo_type:metric timezone: America/New_York to_ts: 1706803070 schema: $ref: "#/components/schemas/SloReportCreateRequest" description: Create SLO report job request body. required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000001 type: report_id schema: $ref: "#/components/schemas/SLOReportPostResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - slos_read summary: Create a new SLO report tags: - Service Level Objectives x-codegen-request-body-name: body "x-permission": operator: OR permissions: - slos_read x-unstable: |- **Note**: This feature is in private beta. To request access, use the request access form in the [Service Level Objectives](https://docs.datadoghq.com/service_management/service_level_objectives/#slo-csv-export) docs. /api/v2/slo/report/{report_id}/download: get: description: |- Download an SLO report. This can only be performed after the report job has completed. Reports are not guaranteed to exist indefinitely. Datadog recommends that you download the report as soon as it is available. operationId: GetSLOReport parameters: - $ref: "#/components/parameters/ReportID" responses: "200": content: text/csv: examples: default: value: "slo_name,slo_id,sli,error_budget_remaining\nMy SLO,abc-123,99.95,99.5" schema: type: string description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - slos_read summary: Get SLO report tags: - Service Level Objectives x-unstable: |- **Note**: This feature is in private beta. To request access, use the request access form in the [Service Level Objectives](https://docs.datadoghq.com/service_management/service_level_objectives/#slo-csv-export) docs. /api/v2/slo/report/{report_id}/status: get: description: Get the status of the SLO report job. operationId: GetSLOReportJobStatus parameters: - $ref: "#/components/parameters/ReportID" responses: "200": content: application/json: examples: default: value: data: attributes: status: completed id: 00000000-0000-0000-0000-000000000002 type: report_id schema: $ref: "#/components/schemas/SLOReportStatusGetResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - slos_read summary: Get SLO report status tags: - Service Level Objectives x-unstable: |- **Note**: This feature is in private beta. To request access, use the request access form in the [Service Level Objectives](https://docs.datadoghq.com/service_management/service_level_objectives/#slo-csv-export) docs. /api/v2/slo/{slo_id}/status: get: description: |- Get the status of a Service Level Objective (SLO) for a given time period. This endpoint returns the current SLI value, error budget remaining, and other status information for the specified SLO. operationId: GetSloStatus parameters: - $ref: "#/components/parameters/SloID" - $ref: "#/components/parameters/FromTimestamp" - $ref: "#/components/parameters/ToTimestamp" - $ref: "#/components/parameters/DisableCorrections" responses: "200": content: application/json: examples: default: value: data: attributes: error_budget_remaining: 99.5 raw_error_budget_remaining: unit: seconds value: 86400.5 sli: 99.95 span_precision: 2 state: ok id: "00000000-0000-0000-0000-000000000000" type: slo_status schema: $ref: "#/components/schemas/SloStatusResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - slos_read summary: Get SLO status tags: - Service Level Objectives "x-permission": operator: OR permissions: - slos_read x-unstable: |- **Note**: This endpoint is in public beta and it's subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/spa/recommendations/{service}: get: description: This endpoint is currently experimental and restricted to Datadog internal use only. Retrieve resource recommendations for a Spark job. The caller (Spark Gateway or DJM UI) provides a service name and SPA returns structured recommendations for driver and executor resources. The version with a shard should be preferred, where possible, as it gives more accurate results. operationId: GetSPARecommendations parameters: - description: The recommendation service should not use its metrics cache. in: query name: bypass_cache schema: type: string - description: The service name for a spark job. in: path name: service required: true schema: type: string responses: "200": content: application/json: example: data: attributes: driver: estimation: cpu: {max: 1500, p75: 1000, p95: 1200} ephemeral_storage: 896 heap: 6144 memory: 7168 overhead: 1024 executor: estimation: cpu: {max: 2000, p75: 1200, p95: 1500} ephemeral_storage: 512 heap: 3072 memory: 4096 overhead: 1024 id: "dedupeactivecontexts:adp_dedupeactivecontexts_org2" type: recommendation schema: $ref: "#/components/schemas/RecommendationDocument" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - AuthZ: [] summary: Get SPA Recommendations tags: - Spa x-unstable: |- **Note**: This endpoint is in preview and may change in the future. It is not yet recommended for production use. /api/v2/spa/recommendations/{service}/{shard}: get: description: This endpoint is currently experimental and restricted to Datadog internal use only. Retrieve resource recommendations for a Spark job. The caller (Spark Gateway or DJM UI) provides a service name and shard identifier, and SPA returns structured recommendations for driver and executor resources. operationId: GetSPARecommendationsWithShard parameters: - description: The shard tag for a spark job, which differentiates jobs within the same service that have different resource needs in: path name: shard required: true schema: type: string - description: The service name for a spark job in: path name: service required: true schema: type: string - description: The recommendation service should not use its metrics cache. in: query name: bypass_cache schema: type: string responses: "200": content: application/json: example: data: attributes: driver: estimation: cpu: {max: 1500, p75: 1000, p95: 1200} ephemeral_storage: 896 heap: 6144 memory: 7168 overhead: 1024 executor: estimation: cpu: {max: 2000, p75: 1200, p95: 1500} ephemeral_storage: 512 heap: 3072 memory: 4096 overhead: 1024 id: "dedupeactivecontexts:adp_dedupeactivecontexts_org2" type: recommendation schema: $ref: "#/components/schemas/RecommendationDocument" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - AuthZ: [] summary: Get SPA Recommendations with a shard parameter tags: - Spa x-unstable: |- **Note**: This endpoint is in preview and may change in the future. It is not yet recommended for production use. /api/v2/spans/analytics/aggregate: post: description: |- The API endpoint to aggregate spans into buckets and compute metrics and timeseries. This endpoint is rate limited to `300` requests per hour. operationId: AggregateSpans requestBody: content: "application/json": examples: default: value: data: attributes: compute: - aggregation: pc90 interval: 5m metric: "@duration" type: timeseries filter: from: now-15m query: service:web* AND @http.status_code:[200 TO 299] to: now group_by: - facet: host histogram: interval: 10 max: 100 min: 50 sort: aggregation: count order: asc options: timezone: GMT type: aggregate_request schema: $ref: "#/components/schemas/SpansAggregateRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: by: host: my-hostname computes: c0: 19 id: abc-123 type: bucket meta: elapsed: 132 status: done schema: $ref: "#/components/schemas/SpansAggregateResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_read summary: Aggregate spans tags: ["Spans"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - apm_read /api/v2/spans/events: get: description: |- List endpoint returns spans that match a span search query. [Results are paginated][1]. Use this endpoint to see your latest spans. This endpoint is rate limited to `300` requests per hour. [1]: /logs/guide/collect-multiple-logs-with-pagination?tab=v2api operationId: ListSpansGet parameters: - description: Search query following spans syntax. example: "@datacenter:us @role:db" in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested spans. Supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: "2023-01-02T09:42:36.320Z" in: query name: filter[from] required: false schema: type: string - description: Maximum timestamp for requested spans. Supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: "2023-01-03T09:42:36.320Z" in: query name: filter[to] required: false schema: type: string - description: Order of spans in results. in: query name: sort required: false schema: $ref: "#/components/schemas/SpansSort" - description: |- List following results with a cursor provided in the previous query. example: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" in: query name: page[cursor] required: false schema: type: string - description: Maximum number of spans in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: service: web-store id: abc-123 type: spans schema: $ref: "#/components/schemas/SpansListResponse" description: OK "400": $ref: "#/components/responses/SpansBadRequestResponse" "403": $ref: "#/components/responses/SpansForbiddenResponse" "422": $ref: "#/components/responses/SpansUnprocessableEntityResponse" "429": $ref: "#/components/responses/SpansTooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_read summary: Get a list of spans tags: ["Spans"] x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data /api/v2/spans/events/search: post: description: |- List endpoint returns spans that match a span search query. [Results are paginated][1]. Use this endpoint to build complex spans filtering and search. This endpoint is rate limited to `300` requests per hour. [1]: /logs/guide/collect-multiple-logs-with-pagination?tab=v2api operationId: ListSpans requestBody: content: "application/json": examples: default: value: data: attributes: filter: from: now-15m query: service:web* AND @http.status_code:[200 TO 299] to: now options: timezone: GMT page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: timestamp type: search_request schema: $ref: "#/components/schemas/SpansListRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: env: prod service: test-service id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: spans meta: elapsed: 132 status: done schema: $ref: "#/components/schemas/SpansListResponse" description: OK "400": $ref: "#/components/responses/SpansBadRequestResponse" "403": $ref: "#/components/responses/SpansForbiddenResponse" "422": $ref: "#/components/responses/SpansUnprocessableEntityResponse" "429": $ref: "#/components/responses/SpansTooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_read summary: Search spans tags: ["Spans"] x-codegen-request-body-name: body x-pagination: cursorParam: body.data.attributes.page.cursor cursorPath: meta.page.after limitParam: body.data.attributes.page.limit resultsPath: data /api/v2/static-analysis-sca/dependencies: post: operationId: CreateSCAResult requestBody: content: application/json: examples: default: value: data: type: scarequests schema: $ref: "#/components/schemas/ScaRequest" required: true responses: "200": description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - code_analysis_read summary: Post dependencies for analysis tags: - Static Analysis x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/static-analysis-sca/vulnerabilities/resolve-vulnerable-symbols: post: operationId: CreateSCAResolveVulnerableSymbols requestBody: content: application/json: examples: default: value: data: type: resolve-vulnerable-symbols-request schema: $ref: "#/components/schemas/ResolveVulnerableSymbolsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: results: - purl: "pkg:npm/lodash@4.17.20" vulnerable_symbols: [] id: abc-123 type: resolve-vulnerable-symbols-response schema: $ref: "#/components/schemas/ResolveVulnerableSymbolsResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - code_analysis_read summary: POST request to resolve vulnerable symbols tags: - Static Analysis x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/static-analysis/custom/rulesets/{ruleset_name}: delete: description: Delete a custom ruleset operationId: DeleteCustomRuleset parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string responses: "200": description: Successfully deleted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Ruleset not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Custom Ruleset tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." get: description: Get a custom ruleset by name operationId: GetCustomRuleset parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: example-handle description: Example ruleset description name: my-ruleset rules: [] short_description: Short description id: my-ruleset type: custom_ruleset schema: $ref: "#/components/schemas/CustomRulesetResponse" description: Successful response "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Ruleset not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Show Custom Ruleset tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." patch: description: Update an existing custom ruleset operationId: UpdateCustomRuleset parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: rules: - created_at: "2026-01-09T13:00:57.473141Z" created_by: foobarbaz last_revision: id: revision-123 name: my-rule type: custom_ruleset schema: $ref: "#/components/schemas/CustomRulesetRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: example-handle description: Example ruleset description name: my-ruleset rules: [] short_description: Short description id: my-ruleset type: custom_ruleset schema: $ref: "#/components/schemas/CustomRulesetResponse" description: Successfully updated "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "412": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Precondition failed - validation error or ruleset not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update Custom Ruleset tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/static-analysis/custom/rulesets/{ruleset_name}/rules: put: description: Create a new custom rule within a ruleset operationId: CreateCustomRule parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string requestBody: content: application/json: examples: default: value: data: type: custom_rule schema: $ref: "#/components/schemas/CustomRuleRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: example-handle last_revision: attributes: {} id: revision-abc-123 type: custom_rule_revision name: my-rule id: my-rule type: custom_rule schema: $ref: "#/components/schemas/CustomRuleResponse" description: Successfully created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "409": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Conflict - rule already exists "412": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Precondition failed - validation error or ruleset not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create Custom Rule tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/static-analysis/custom/rulesets/{ruleset_name}/rules/{rule_name}: delete: description: Delete a custom rule operationId: DeleteCustomRule parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string - description: The rule name in: path name: rule_name required: true schema: type: string responses: "200": description: Successfully deleted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Rule not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete Custom Rule tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." get: description: Get a custom rule by name operationId: GetCustomRule parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string - description: The rule name in: path name: rule_name required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" created_by: example-handle last_revision: attributes: {} id: revision-abc-123 type: custom_rule_revision name: my-rule id: my-rule type: custom_rule schema: $ref: "#/components/schemas/CustomRuleResponse" description: Successful response "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Rule not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Show Custom Rule tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/static-analysis/custom/rulesets/{ruleset_name}/rules/{rule_name}/revisions: get: description: Get all revisions for a custom rule operationId: ListCustomRuleRevisions parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string - description: The rule name in: path name: rule_name required: true schema: type: string - description: Pagination offset in: query name: page[offset] required: false schema: default: 0 type: integer - description: Pagination limit in: query name: page[limit] required: false schema: default: 10 type: integer responses: "200": content: application/json: examples: default: value: data: - attributes: arguments: [] category: SECURITY checksum: 8a66c4e4e631099ad71be3c1ea3ea8fc2d57193e56db2c296e2dd8a508b26b99 code: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== created_at: "2024-01-01T00:00:00+00:00" created_by: example-handle creation_message: Initial revision cve: cwe: description: Example ruleset description documentation_url: is_published: false is_testing: false language: PYTHON severity: ERROR short_description: Short description should_use_ai_fix: false tags: [] tests: [] tree_sitter_query: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== id: revision-123 type: custom_rule_revision schema: $ref: "#/components/schemas/CustomRuleRevisionsResponse" description: Successful response "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Rule not found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: List Custom Rule Revisions tags: - Static Analysis x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." put: description: Create a new revision for a custom rule operationId: CreateCustomRuleRevision parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string - description: The rule name in: path name: rule_name required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: arguments: - description: Maximum call depth to analyze name: max_depth category: SECURITY code: "def rule(node): return node.type == 'call'" creation_message: Initial revision cve: CVE-2024-1234 cwe: CWE-79 description: Detects insecure coding patterns that may lead to vulnerabilities documentation_url: https://docs.example.com/rules/my-rule is_published: false is_testing: false language: PYTHON severity: ERROR short_description: Rule to detect insecure patterns should_use_ai_fix: false tags: - security - custom tests: - annotation_count: 1 code: "result = insecure_function()" filename: test.yaml tree_sitter_query: "(call_expression) @call" type: custom_rule_revision schema: $ref: "#/components/schemas/CustomRuleRevisionRequest" required: true responses: "200": description: Successfully created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Rule not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create Custom Rule Revision tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/static-analysis/custom/rulesets/{ruleset_name}/rules/{rule_name}/revisions/revert: post: description: Revert a custom rule to a previous revision operationId: RevertCustomRuleRevision parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string - description: The rule name in: path name: rule_name required: true schema: type: string requestBody: content: application/json: examples: default: value: data: type: revert_custom_rule_revision_request schema: $ref: "#/components/schemas/RevertCustomRuleRevisionRequest" required: true responses: "200": description: Successfully reverted "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Revert Custom Rule Revision tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/static-analysis/custom/rulesets/{ruleset_name}/rules/{rule_name}/revisions/{id}: get: description: Get a specific revision of a custom rule operationId: GetCustomRuleRevision parameters: - description: The ruleset name in: path name: ruleset_name required: true schema: type: string - description: The rule name in: path name: rule_name required: true schema: type: string - description: The revision ID in: path name: id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: arguments: [] category: SECURITY checksum: 8a66c4e4e631099ad71be3c1ea3ea8fc2d57193e56db2c296e2dd8a508b26b99 code: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== created_at: "2024-01-01T00:00:00+00:00" created_by: example-handle creation_message: Initial revision cve: cwe: description: Example ruleset description documentation_url: is_published: false is_testing: false language: PYTHON severity: ERROR short_description: Short description should_use_ai_fix: false tags: [] tests: [] tree_sitter_query: Y29uZHVjdG9yOgogICAgLSBkZXBsb3lfb25seTogdHJ1ZQ== id: revision-123 type: custom_rule_revision schema: $ref: "#/components/schemas/CustomRuleRevisionResponse" description: Successful response "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "401": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Unauthorized - custom rules not enabled "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Revision not found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Show Custom Rule Revision tags: - Static Analysis x-unstable: "This endpoint is in Preview and may introduce breaking changes.\nIf you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/)." /api/v2/static-analysis/rulesets: post: description: Get rules for multiple rulesets in batch. operationId: ListMultipleRulesets requestBody: content: application/json: examples: default: value: data: type: get_multiple_rulesets_request schema: $ref: "#/components/schemas/GetMultipleRulesetsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: rulesets: [] id: abc-123 type: get_multiple_rulesets_response schema: $ref: "#/components/schemas/GetMultipleRulesetsResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - code_analysis_read summary: Ruleset get multiple tags: - "Security Monitoring" x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/static-analysis/secrets/rules: get: description: |- Returns a list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID. operationId: GetSecretsRules responses: "200": content: application/json: examples: default: value: data: - attributes: description: "Detects example secrets" name: "Example Secret Rule" pattern: "[A-Za-z0-9]{32}" priority: "1" id: abc-123 type: secret_rule schema: $ref: "#/components/schemas/SecretRuleArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - code_analysis_read summary: Returns a list of Secrets rules tags: - "Security Monitoring" x-unstable: "**Note**: This endpoint may be subject to changes." /api/v2/statuspages: get: description: Lists all status pages for the organization. operationId: ListStatusPages parameters: - description: Offset to use as the start of the page. in: query name: page[offset] schema: default: 0 type: integer - description: The number of status pages to return per page. in: query name: page[limit] schema: default: 50 type: integer - description: Filter status pages by exact domain prefix match. Returns at most one result. in: query name: filter[domain_prefix] schema: type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: components: [] domain_prefix: status-page-us1 enabled: true name: Status Page US1 subscriptions_enabled: true type: public visualization_type: bars_and_uptime_percentage id: 00000000-0000-0000-0000-000000000001 type: status_pages schema: $ref: "#/components/schemas/StatusPageArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List status pages tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read post: description: "Creates a new status page in an unpublished state. Use the dedicated [publish](#publish-status-page) status page endpoint to publish the page after creation." operationId: CreateStatusPage parameters: - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: company_logo: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAIKMMMM components: - name: API position: 0 type: component - components: - name: Login position: 0 type: component - name: Settings position: 1 type: component name: Web App position: 1 type: group - name: Webhooks position: 2 type: component domain_prefix: status-page-us1 email_header_image: data:image/png;base64,pQSLAw0KGgoAAAANSUhEUgAAAQ4AASJKFF favicon: data:image/png;base64,kWMRNw0KGgoAAAANSUhEUgAAAEAAAABACA name: Status Page US1 subscriptions_enabled: true type: public visualization_type: bars_and_uptime_percentage type: status_pages schema: $ref: "#/components/schemas/CreateStatusPageRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: components: [] domain_prefix: status-page-us1 enabled: true name: Status Page US1 subscriptions_enabled: true type: public visualization_type: bars_and_uptime_percentage id: 00000000-0000-0000-0000-000000000002 type: status_pages schema: $ref: "#/components/schemas/StatusPage" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create status page tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_write /api/v2/statuspages/degradations: get: description: Lists all degradations for the organization. Optionally filter by status and page. operationId: ListDegradations parameters: - description: Optional page id filter. in: query name: filter[page_id] schema: type: string - description: Offset to use as the start of the page. in: query name: page[offset] schema: default: 0 type: integer - description: The number of degradations to return per page. in: query name: page[limit] schema: default: 50 type: integer - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string - description: "Optional degradation status filter. Supported values: investigating, identified, monitoring, resolved." in: query name: filter[status] schema: type: string - description: "Sort order. Prefix with '-' for descending. Supported values: created_at, -created_at, modified_at, -modified_at." in: query name: sort schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: components_affected: [] created_at: "2024-01-01T00:00:00+00:00" description: Our API is experiencing elevated latency. modified_at: "2024-01-01T00:00:00+00:00" status: investigating title: Elevated API Latency updates: [] id: 00000000-0000-0000-0000-000000000005 type: degradations schema: $ref: "#/components/schemas/DegradationArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List degradations tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read /api/v2/statuspages/maintenances: get: description: Lists all maintenances for the organization. Optionally filter by status and page. operationId: ListMaintenances parameters: - description: Optional page id filter. in: query name: filter[page_id] schema: type: string - description: Offset to use as the start of the page. in: query name: page[offset] schema: default: 0 type: integer - description: The number of maintenances to return per page. in: query name: page[limit] schema: default: 50 type: integer - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string - description: "Optional maintenance status filter. Supported values: scheduled, in_progress, completed." in: query name: filter[status] schema: type: string - description: "Sort order. Prefix with '-' for descending. Supported values: created_at, -created_at, start_date, -start_date." in: query name: sort schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: completed_date: "2024-01-01T01:00:00+00:00" completed_description: We have completed maintenance on the API. components_affected: [] in_progress_description: We are currently performing maintenance on the API. scheduled_description: We will be performing maintenance on the API. start_date: "2024-01-01T00:00:00+00:00" status: scheduled title: API Maintenance id: 00000000-0000-0000-0000-000000000016 type: maintenances schema: $ref: "#/components/schemas/MaintenanceArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List maintenances tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read /api/v2/statuspages/{page_id}: delete: description: Deletes a status page by its ID. operationId: DeleteStatusPage parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete status page tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_write get: description: Retrieves a specific status page by its ID. operationId: GetStatusPage parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: components: [] domain_prefix: status-page-us1 enabled: true name: Status Page US1 subscriptions_enabled: true type: public visualization_type: bars_and_uptime_percentage id: 00000000-0000-0000-0000-000000000007 type: status_pages schema: $ref: "#/components/schemas/StatusPage" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get status page tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read patch: description: "Updates an existing status page's attributes. **Note**: Publishing and unpublishing via the `enabled` property will be deprecated on this endpoint. Use the dedicated [publish](#publish-status-page) and [unpublish](#unpublish-status-page) status page endpoints instead." operationId: UpdateStatusPage parameters: - description: Whether to delete existing subscribers when updating a status page's type. in: query name: delete_subscribers schema: default: false type: boolean - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: company_logo: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAIKMMMM domain_prefix: status-page-us1-east email_header_image: data:image/png;base64,pQSLAw0KGgoAAAANSUhEUgAAAQ4AASJKFF enabled: false favicon: data:image/png;base64,kWMRNw0KGgoAAAANSUhEUgAAAEAAAABACA name: Status Page US1 East subscriptions_enabled: false type: internal visualization_type: bars_only id: 1234abcd-12ab-34cd-56ef-123456abcdef type: status_pages schema: $ref: "#/components/schemas/PatchStatusPageRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: components: [] domain_prefix: status-page-us1-east enabled: false name: Status Page US1 East subscriptions_enabled: false type: internal visualization_type: bars_only id: 00000000-0000-0000-0000-000000000006 type: status_pages schema: $ref: "#/components/schemas/StatusPage" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update status page tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_write /api/v2/statuspages/{page_id}/components: get: description: Lists all components for a status page. operationId: ListComponents parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page, group." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: name: Metrics Intake position: 0 status: operational type: component id: 00000000-0000-0000-0000-000000000008 type: components schema: $ref: "#/components/schemas/StatusPagesComponentArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List components tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read post: description: Creates a new component. operationId: CreateComponent parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page, group." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: name: Metrics Intake position: 0 type: component relationships: group: data: type: components schema: $ref: "#/components/schemas/CreateComponentRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: Metrics Intake position: 0 status: operational type: component id: 00000000-0000-0000-0000-000000000009 type: components schema: $ref: "#/components/schemas/StatusPagesComponent" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create component tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_write /api/v2/statuspages/{page_id}/components/{component_id}: delete: description: Deletes a component by its ID. operationId: DeleteComponent parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: The ID of the component. in: path name: component_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete component tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_write get: description: Retrieves a specific component by its ID. operationId: GetComponent parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: The ID of the component. in: path name: component_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page, group." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: name: Metrics Intake position: 0 status: operational type: component id: 00000000-0000-0000-0000-000000000012 type: components schema: $ref: "#/components/schemas/StatusPagesComponent" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get component tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read patch: description: Updates an existing component's attributes. operationId: UpdateComponent parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: The ID of the component. in: path name: component_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page, group." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: name: Metrics Intake Service position: 4 id: 1234abcd-12ab-34cd-56ef-123456abcdef type: components schema: $ref: "#/components/schemas/PatchComponentRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: Metrics Intake Service position: 4 status: operational type: component id: 00000000-0000-0000-0000-000000000011 type: components schema: $ref: "#/components/schemas/StatusPagesComponent" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update component tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_write /api/v2/statuspages/{page_id}/degradations: post: description: Creates a new degradation. operationId: CreateDegradation parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: Whether to notify page subscribers of the degradation. in: query name: notify_subscribers schema: default: true type: boolean - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: degraded description: Our API is experiencing elevated latency. We are investigating the issue. status: investigating title: Elevated API Latency type: degradations schema: $ref: "#/components/schemas/CreateDegradationRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: components_affected: - id: 00000000-0000-0000-0000-000000000019 status: degraded created_at: "2024-01-01T00:00:00+00:00" description: Our API is experiencing elevated latency. We are investigating the issue. modified_at: "2024-01-01T00:00:00+00:00" status: investigating title: Elevated API Latency updates: [] id: 00000000-0000-0000-0000-000000000010 type: degradations schema: $ref: "#/components/schemas/Degradation" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create degradation tags: - Status Pages x-permission: operator: AND permissions: - status_pages_incident_write /api/v2/statuspages/{page_id}/degradations/backfill: post: description: Creates a backfilled degradation with predefined updates. operationId: CreateBackfilledDegradation parameters: - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string - description: The ID of the status page. in: path name: page_id required: true schema: format: uuid type: string requestBody: content: application/json: examples: default: value: data: attributes: title: Past API Outage updates: - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: degraded description: We detected elevated error rates in the API. started_at: "2026-04-27T13:37:31Z" status: investigating - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational description: The issue has been resolved. started_at: "2026-04-27T14:37:31Z" status: resolved type: degradations schema: $ref: "#/components/schemas/CreateBackfilledDegradationRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational created_at: "2026-04-27T13:37:31+00:00" description: The issue has been resolved. modified_at: "2026-04-27T14:37:31+00:00" status: resolved title: Past API Outage updates: [] id: 00000000-0000-0000-0000-000000000010 type: degradations schema: $ref: "#/components/schemas/Degradation" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create backfilled degradation tags: - Status Pages x-permission: operator: AND permissions: - status_pages_incident_write /api/v2/statuspages/{page_id}/degradations/{degradation_id}: delete: description: Deletes a degradation by its ID. operationId: DeleteDegradation parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: The ID of the degradation. in: path name: degradation_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete degradation tags: - Status Pages x-permission: operator: AND permissions: - status_pages_incident_write get: description: Retrieves a specific degradation by its ID. operationId: GetDegradation parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: The ID of the degradation. in: path name: degradation_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: components_affected: - id: 00000000-0000-0000-0000-000000000018 status: degraded created_at: "2024-01-01T00:00:00+00:00" description: Our API is experiencing elevated latency. We are investigating the issue. modified_at: "2024-01-01T00:00:00+00:00" status: investigating title: Elevated API Latency updates: [] id: 00000000-0000-0000-0000-000000000004 type: degradations schema: $ref: "#/components/schemas/Degradation" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get degradation tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read patch: description: Updates an existing degradation's attributes. operationId: UpdateDegradation parameters: - description: The ID of the status page. in: path name: page_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: Whether to notify page subscribers of the degradation. in: query name: notify_subscribers schema: default: true type: boolean - description: The ID of the degradation. in: path name: degradation_id required: true schema: example: 1234abcd-12ab-34cd-56ef-123456abcdef format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational description: We've deployed a fix and latency has returned to normal. This issue has been resolved. status: resolved title: Elevated API Latency in US1 id: 1234abcd-12ab-34cd-56ef-123456abcdef type: degradations schema: $ref: "#/components/schemas/PatchDegradationRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: components_affected: - id: 00000000-0000-0000-0000-000000000017 status: operational created_at: "2024-01-01T00:00:00+00:00" description: We've deployed a fix and latency has returned to normal. modified_at: "2024-01-01T00:00:00+00:00" status: resolved title: Elevated API Latency updates: [] id: 00000000-0000-0000-0000-000000000003 type: degradations schema: $ref: "#/components/schemas/Degradation" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update degradation tags: - Status Pages x-permission: operator: AND permissions: - status_pages_incident_write /api/v2/statuspages/{page_id}/maintenances: post: description: Schedules a new maintenance. operationId: CreateMaintenance parameters: - description: The ID of the status page. in: path name: page_id required: true schema: format: uuid type: string - description: Whether to notify page subscribers of the maintenance. in: query name: notify_subscribers schema: default: true type: boolean - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: completed_date: "2026-02-18T19:51:13.332360075Z" completed_description: We have completed maintenance on the API to improve performance. components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational in_progress_description: We are currently performing maintenance on the API to improve performance. scheduled_description: We will be performing maintenance on the API to improve performance. start_date: "2026-02-18T19:21:13.332360075Z" title: API Maintenance type: maintenances schema: $ref: "#/components/schemas/CreateMaintenanceRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: completed_date: "2024-01-01T01:00:00+00:00" completed_description: We have completed maintenance on the API to improve performance. components_affected: [] in_progress_description: We are currently performing maintenance on the API to improve performance. scheduled_description: We will be performing maintenance on the API to improve performance. start_date: "2024-01-01T00:00:00+00:00" status: scheduled title: API Maintenance id: 00000000-0000-0000-0000-000000000015 type: maintenances schema: $ref: "#/components/schemas/Maintenance" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Schedule maintenance tags: - Status Pages x-permission: operator: AND permissions: - status_pages_incident_write /api/v2/statuspages/{page_id}/maintenances/backfill: post: description: Creates a backfilled maintenance with predefined updates. operationId: CreateBackfilledMaintenance parameters: - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string - description: The ID of the status page. in: path name: page_id required: true schema: format: uuid type: string requestBody: content: application/json: examples: default: value: data: attributes: title: Past Database Maintenance updates: - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: maintenance description: Database maintenance is in progress. started_at: "2026-04-27T13:37:31Z" status: in_progress - components_affected: - id: 1234abcd-12ab-34cd-56ef-123456abcdef status: operational description: Database maintenance has been completed. started_at: "2026-04-27T14:37:31Z" status: completed type: maintenances schema: $ref: "#/components/schemas/CreateBackfilledMaintenanceRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: completed_date: "2026-04-27T14:37:31+00:00" completed_description: "" components_affected: [] in_progress_description: "" scheduled_description: "" start_date: "2026-04-27T13:37:31+00:00" status: completed title: Past Database Maintenance id: 00000000-0000-0000-0000-000000000015 type: maintenances schema: $ref: "#/components/schemas/Maintenance" description: Created "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create backfilled maintenance tags: - Status Pages x-permission: operator: AND permissions: - status_pages_incident_write /api/v2/statuspages/{page_id}/maintenances/{maintenance_id}: get: description: Retrieves a specific maintenance by its ID. operationId: GetMaintenance parameters: - description: The ID of the status page. in: path name: page_id required: true schema: format: uuid type: string - description: The ID of the maintenance. in: path name: maintenance_id required: true schema: format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: completed_date: "2024-01-01T01:00:00+00:00" completed_description: We have completed maintenance on the API. components_affected: [] in_progress_description: We are currently performing maintenance on the API. scheduled_description: We will be performing maintenance on the API. start_date: "2024-01-01T00:00:00+00:00" status: scheduled title: API Maintenance id: 00000000-0000-0000-0000-000000000013 type: maintenances schema: $ref: "#/components/schemas/Maintenance" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get maintenance tags: - Status Pages x-permission: operator: AND permissions: - status_pages_settings_read patch: description: Updates an existing maintenance's attributes. operationId: UpdateMaintenance parameters: - description: The ID of the status page. in: path name: page_id required: true schema: format: uuid type: string - description: Whether to notify page subscribers of the maintenance. in: query name: notify_subscribers schema: default: true type: boolean - description: The ID of the maintenance. in: path name: maintenance_id required: true schema: format: uuid type: string - description: "Comma-separated list of resources to include. Supported values: created_by_user, last_modified_by_user, status_page." in: query name: include schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: completed_date: "2026-02-18T20:01:13.332360075Z" in_progress_description: We are currently performing maintenance on the API to improve performance for 40 minutes. scheduled_description: We will be performing maintenance on the API to improve performance for 40 minutes. start_date: "2026-02-18T19:21:13.332360075Z" title: API Maintenance id: 1234abcd-12ab-34cd-56ef-123456abcdef type: maintenances schema: $ref: "#/components/schemas/PatchMaintenanceRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: completed_date: "2024-01-01T01:00:00+00:00" completed_description: We have completed maintenance on the API. components_affected: [] in_progress_description: We are currently performing maintenance on the API to improve performance for 40 minutes. scheduled_description: We will be performing maintenance on the API to improve performance for 40 minutes. start_date: "2024-01-01T00:00:00+00:00" status: scheduled title: API Maintenance id: 00000000-0000-0000-0000-000000000014 type: maintenances schema: $ref: "#/components/schemas/Maintenance" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update maintenance tags: - Status Pages x-permission: operator: AND permissions: - status_pages_incident_write /api/v2/statuspages/{page_id}/publish: post: description: Publishes a status page. For pages of type `public`, makes the status page available on the public internet and requires the `status_pages_public_page_publish` permission. For pages of type `internal`, makes the status page available under the `status-pages/$domain_prefix/view` route within the Datadog organization and requires the `status_pages_internal_page_publish` permission. The `status_pages_settings_write` permission is temporarily honored as we migrate publishing functionality from the update status page endpoint to the publish status page endpoint. operationId: PublishStatusPage parameters: - description: The ID of the status page. in: path name: page_id required: true schema: format: uuid type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Publish status page tags: - Status Pages x-permission: operator: OR permissions: - status_pages_settings_write - status_pages_public_page_publish - status_pages_internal_page_publish /api/v2/statuspages/{page_id}/unpublish: post: description: Unpublishes a status page. For pages of type `public`, removes the status page from the public internet and requires the `status_pages_public_page_publish` permission. For pages of type `internal`, removes the `status-pages/$domain_prefix/view` route from the Datadog organization and requires the `status_pages_internal_page_publish` permission. The `status_pages_settings_write` permission is temporarily honored as we migrate unpublishing functionality from the update status page endpoint to the unpublish status page endpoint. operationId: UnpublishStatusPage parameters: - description: The ID of the status page. in: path name: page_id required: true schema: format: uuid type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Unpublish status page tags: - Status Pages x-permission: operator: OR permissions: - status_pages_settings_write - status_pages_public_page_publish - status_pages_internal_page_publish /api/v2/synthetics/api-multistep/subtests/{public_id}: get: description: |- Get the list of API tests that can be added as subtests to a given API multistep test. The current test is excluded from the list since a test cannot be a subtest of itself. operationId: GetApiMultistepSubtests parameters: - description: The public ID of the API multistep test. in: path name: public_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/SyntheticsApiMultistepSubtestsResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get available subtests for a multistep test tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/api-multistep/subtests/{public_id}/parents: get: description: |- Get the list of API multistep tests that include a given subtest, along with their monitor status. operationId: GetApiMultistepSubtestParents parameters: - description: The public ID of the subtest. in: path name: public_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/SyntheticsApiMultistepParentTestsResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get parent tests for a subtest tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/downtimes: get: description: Get a list of all Synthetics downtimes for your organization. operationId: ListSyntheticsDowntimes parameters: - description: Comma-separated list of Synthetics test public IDs to filter downtimes by. in: query name: filter[test_ids] required: false schema: example: abc-def-123,xyz-uvw-456 type: string - description: If set to `true`, return only downtimes that are currently active. in: query name: filter[active] required: false schema: example: "true" type: string responses: "200": content: application/json: examples: default: value: data: - attributes: createdAt: "2024-01-15T10:30:00Z" createdBy: "00000000-0000-0000-0000-000000000003" createdByName: Jane Doe description: Scheduled weekly maintenance window. isEnabled: true name: Weekly maintenance tags: [] testIds: - abc-def-123 timeSlots: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris updatedAt: "2024-01-15T10:30:00Z" updatedBy: "00000000-0000-0000-0000-000000000003" updatedByName: Jane Doe id: "00000000-0000-0000-0000-000000000001" type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List Synthetics downtimes tags: - Synthetics x-permission: operator: AND permissions: - synthetics_read post: description: Create a new Synthetics downtime. operationId: CreateSyntheticsDowntime requestBody: content: application/json: examples: default: value: data: attributes: isEnabled: true name: Weekly maintenance testIds: - abc-def-123 timeSlots: - duration: 3600 start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimeRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-15T10:30:00Z" createdBy: "00000000-0000-0000-0000-000000000003" createdByName: Jane Doe description: Scheduled weekly maintenance window. isEnabled: true name: Weekly maintenance tags: [] testIds: - abc-def-123 timeSlots: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris updatedAt: "2024-01-15T10:30:00Z" updatedBy: "00000000-0000-0000-0000-000000000003" updatedByName: Jane Doe id: "00000000-0000-0000-0000-000000000001" type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimeResponse" description: Created "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a Synthetics downtime tags: - Synthetics x-permission: operator: AND permissions: - synthetics_write /api/v2/synthetics/downtimes/{downtime_id}: delete: description: Delete a Synthetics downtime by its ID. operationId: DeleteSyntheticsDowntime parameters: - description: The ID of the downtime to delete. in: path name: downtime_id required: true schema: example: "00000000-0000-0000-0000-000000000001" type: string responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a Synthetics downtime tags: - Synthetics x-permission: operator: AND permissions: - synthetics_write get: description: Get a Synthetics downtime by its ID. operationId: GetSyntheticsDowntime parameters: - description: The ID of the downtime to retrieve. in: path name: downtime_id required: true schema: example: "00000000-0000-0000-0000-000000000001" type: string responses: "200": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-15T10:30:00Z" createdBy: "00000000-0000-0000-0000-000000000003" createdByName: Jane Doe description: Scheduled weekly maintenance window. isEnabled: true name: Weekly maintenance tags: [] testIds: - abc-def-123 timeSlots: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris updatedAt: "2024-01-15T10:30:00Z" updatedBy: "00000000-0000-0000-0000-000000000003" updatedByName: Jane Doe id: "00000000-0000-0000-0000-000000000001" type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimeResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a Synthetics downtime tags: - Synthetics x-permission: operator: AND permissions: - synthetics_read put: description: Update a Synthetics downtime by its ID. operationId: UpdateSyntheticsDowntime parameters: - description: The ID of the downtime to update. in: path name: downtime_id required: true schema: example: "00000000-0000-0000-0000-000000000001" type: string requestBody: content: application/json: examples: default: value: data: attributes: isEnabled: true name: Weekly maintenance testIds: - abc-def-123 timeSlots: - duration: 3600 start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimeRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-15T10:30:00Z" createdBy: "00000000-0000-0000-0000-000000000003" createdByName: Jane Doe description: Scheduled weekly maintenance window. isEnabled: true name: Weekly maintenance tags: [] testIds: - abc-def-123 timeSlots: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris updatedAt: "2024-01-15T10:30:00Z" updatedBy: "00000000-0000-0000-0000-000000000003" updatedByName: Jane Doe id: "00000000-0000-0000-0000-000000000001" type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimeResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a Synthetics downtime tags: - Synthetics x-permission: operator: AND permissions: - synthetics_write /api/v2/synthetics/downtimes/{downtime_id}/tests/{test_id}: delete: description: Disassociate a Synthetics test from a downtime. operationId: RemoveTestFromSyntheticsDowntime parameters: - description: The ID of the downtime. in: path name: downtime_id required: true schema: example: "00000000-0000-0000-0000-000000000001" type: string - description: The public ID of the Synthetics test to disassociate from the downtime. in: path name: test_id required: true schema: example: abc-def-123 type: string responses: "200": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-15T10:30:00Z" createdBy: "00000000-0000-0000-0000-000000000003" createdByName: Jane Doe description: Scheduled weekly maintenance window. isEnabled: true name: Weekly maintenance tags: [] testIds: - abc-def-123 timeSlots: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris updatedAt: "2024-01-15T10:30:00Z" updatedBy: "00000000-0000-0000-0000-000000000003" updatedByName: Jane Doe id: "00000000-0000-0000-0000-000000000001" type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimeResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Remove a test from a Synthetics downtime tags: - Synthetics x-permission: operator: AND permissions: - synthetics_write put: description: Associate a Synthetics test with a downtime. operationId: AddTestToSyntheticsDowntime parameters: - description: The ID of the downtime. in: path name: downtime_id required: true schema: example: "00000000-0000-0000-0000-000000000001" type: string - description: The public ID of the Synthetics test to associate with the downtime. in: path name: test_id required: true schema: example: abc-def-123 type: string responses: "200": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-15T10:30:00Z" createdBy: "00000000-0000-0000-0000-000000000003" createdByName: Jane Doe description: Scheduled weekly maintenance window. isEnabled: true name: Weekly maintenance tags: [] testIds: - abc-def-123 timeSlots: - duration: 3600 id: "00000000-0000-0000-0000-000000000002" start: day: 15 hour: 10 minute: 30 month: 1 year: 2024 timezone: Europe/Paris updatedAt: "2024-01-15T10:30:00Z" updatedBy: "00000000-0000-0000-0000-000000000003" updatedByName: Jane Doe id: "00000000-0000-0000-0000-000000000001" type: downtime schema: $ref: "#/components/schemas/SyntheticsDowntimeResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Add a test to a Synthetics downtime tags: - Synthetics x-permission: operator: AND permissions: - synthetics_write /api/v2/synthetics/settings/on_demand_concurrency_cap: get: description: Get the on-demand concurrency cap. operationId: GetOnDemandConcurrencyCap responses: "200": content: application/json: examples: default: value: data: attributes: on_demand_concurrency_cap: 20 type: on_demand_concurrency_cap schema: $ref: "#/components/schemas/OnDemandConcurrencyCapResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get the on-demand concurrency cap tags: - Synthetics "x-permission": operator: OR permissions: - billing_read post: description: Save new value for on-demand concurrency cap. operationId: SetOnDemandConcurrencyCap requestBody: content: application/json: examples: default: value: on_demand_concurrency_cap: 20 schema: $ref: "#/components/schemas/OnDemandConcurrencyCapAttributes" description: . required: true responses: "200": content: application/json: examples: default: value: data: attributes: on_demand_concurrency_cap: 20 type: on_demand_concurrency_cap schema: $ref: "#/components/schemas/OnDemandConcurrencyCapResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Save new value for on-demand concurrency cap tags: - Synthetics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - billing_edit /api/v2/synthetics/suites: post: operationId: CreateSyntheticsSuite requestBody: content: application/json: examples: default: value: data: attributes: message: Notification message monitor_id: 12345678 name: Example suite name public_id: 123-abc-456 tags: - env:production tests: - alerting_criticality: critical public_id: "" type: suite type: suites schema: $ref: "#/components/schemas/SuiteCreateEditRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: message: Notification message monitor_id: 12345678 name: Example suite name options: alerting_threshold: 0.5 public_id: 123-abc-456 tags: - env:production tests: - alerting_criticality: critical public_id: "" type: suite id: 123-abc-456 type: suites schema: $ref: "#/components/schemas/SyntheticsSuiteResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Create a test suite tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write - synthetics_create_edit_trigger /api/v2/synthetics/suites/bulk-delete: post: operationId: DeleteSyntheticsSuites requestBody: content: application/json: examples: default: value: data: attributes: public_ids: - "" type: delete_suites_request schema: $ref: "#/components/schemas/DeletedSuitesRequestDeleteRequest" required: true responses: "200": content: application/json: examples: default: value: data: - attributes: deleted_at: "2024-01-01T00:00:00+00:00" public_id: 123-abc-456 id: 123-abc-456 type: suites schema: $ref: "#/components/schemas/DeletedSuitesResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Bulk delete suites tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write /api/v2/synthetics/suites/search: get: description: Search for test suites. operationId: SearchSuites parameters: - description: The search query. in: query name: query required: false schema: type: string - description: The sort order for the results (e.g., `name,asc` or `name,desc`). in: query name: sort required: false schema: default: name,asc type: string - description: If true, return only facets instead of full test details. in: query name: facets_only required: false schema: default: false type: boolean - description: The offset from which to start returning results. in: query name: start required: false schema: default: 0 format: int64 type: integer - description: The maximum number of results to return. in: query name: count required: false schema: default: 50 format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: suites: - monitor_id: 12345678 name: Example suite name options: alerting_threshold: 0.5 public_id: 123-abc-456 tags: - env:production tests: [] type: suite total: 1 id: abc-123 type: suites_search schema: $ref: "#/components/schemas/SyntheticsSuiteSearchResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Search test suites tags: - Synthetics "x-permission": operator: OR permissions: - synthetics_read /api/v2/synthetics/suites/{public_id}: get: operationId: GetSyntheticsSuite parameters: - description: The public ID of the suite to get details from. in: path name: public_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: message: Notification message monitor_id: 12345678 name: Example suite name options: alerting_threshold: 0.5 public_id: 123-abc-456 tags: - env:production tests: - alerting_criticality: critical public_id: "" type: suite id: 123-abc-456 type: suites schema: $ref: "#/components/schemas/SyntheticsSuiteResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a suite tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read put: operationId: EditSyntheticsSuite parameters: - description: The public ID of the suite to edit. in: path name: public_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: message: Notification message monitor_id: 12345678 name: Example suite name public_id: 123-abc-456 tags: - env:production tests: - alerting_criticality: critical public_id: "" type: suite type: suites schema: $ref: "#/components/schemas/SuiteCreateEditRequest" description: New suite details to be saved. required: true responses: "200": content: application/json: examples: default: value: data: attributes: message: Notification message monitor_id: 12345678 name: Example suite name options: alerting_threshold: 0.5 public_id: 123-abc-456 tags: - env:production tests: - alerting_criticality: critical public_id: "" type: suite id: 123-abc-456 type: suites schema: $ref: "#/components/schemas/SyntheticsSuiteResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Edit a test suite tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write /api/v2/synthetics/suites/{public_id}/jsonpatch: patch: description: |- Patch a Synthetic test suite using JSON Patch (RFC 6902). Use partial updates to modify only specific fields of a test suite. Common operations include: - Replace field values: `{"op": "replace", "path": "/name", "value": "new_name"}` - Add/update tags: `{"op": "add", "path": "/tags/-", "value": "new_tag"}` - Remove fields: `{"op": "remove", "path": "/message"}` operationId: PatchTestSuite parameters: - description: The public ID of the Synthetic test suite to patch. in: path name: public_id required: true schema: example: 123-abc-456 type: string requestBody: content: application/json: examples: default: value: data: attributes: json_patch: - op: add path: /name type: suites_json_patch schema: $ref: "#/components/schemas/SuiteJsonPatchRequest" description: JSON Patch document with operations to apply. required: true responses: "200": content: application/json: examples: default: value: data: attributes: message: Notification message monitor_id: 12345678 name: Example suite name options: alerting_threshold: 0.5 public_id: 123-abc-456 tags: - env:production tests: - alerting_criticality: critical public_id: "" type: suite id: 123-abc-456 type: suites schema: $ref: "#/components/schemas/SyntheticsSuiteResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Patch a test suite tags: - Synthetics x-codegen-request-body-name: body x-permission: operator: OR permissions: - synthetics_write - synthetics_create_edit_trigger /api/v2/synthetics/tests/browser/{public_id}/results: get: description: Get the latest result summaries for a given Synthetic browser test. operationId: ListSyntheticsBrowserTestLatestResults parameters: - description: The public ID of the Synthetic browser test for which to search results. in: path name: public_id required: true schema: type: string - description: Timestamp in milliseconds from which to start querying results. in: query name: from_ts required: false schema: format: int64 type: integer - description: Timestamp in milliseconds up to which to query results. in: query name: to_ts required: false schema: format: int64 type: integer - description: Filter results by status. in: query name: status required: false schema: $ref: "#/components/schemas/SyntheticsTestResultStatus" - description: Filter results by run type. in: query name: runType required: false schema: $ref: "#/components/schemas/SyntheticsTestResultRunType" - description: Locations for which to query results. in: query name: probe_dc required: false schema: items: type: string type: array - description: Device IDs for which to query results. in: query name: device_id required: false schema: items: type: string type: array responses: "200": content: application/json: examples: default: value: data: - attributes: device: id: chrome.laptop_large name: "Chrome - Laptop Large" type: browser finished_at: 1679328005200 location: id: aws:eu-west-1 name: "Ireland (AWS)" run_type: scheduled started_at: 1679328000000 status: passed test_type: browser test_version: 2 id: "7291038456723891045" relationships: test: data: id: xyz-abc-789 type: test type: result_summary schema: $ref: "#/components/schemas/SyntheticsTestLatestResultsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a browser test's latest results tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/browser/{public_id}/results/{result_id}: get: description: Get a specific full result from a given Synthetic browser test. operationId: GetSyntheticsBrowserTestResult parameters: - description: The public ID of the Synthetic browser test to which the target result belongs. in: path name: public_id required: true schema: type: string - description: The ID of the result to get. in: path name: result_id required: true schema: type: string - description: The event ID used to look up the result in the event store. in: query name: event_id required: false schema: type: string - description: Timestamp in seconds to look up the result. in: query name: timestamp required: false schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: device: id: chrome.laptop_large name: "Chrome - Laptop Large" type: browser location: id: aws:eu-west-1 name: "Ireland (AWS)" result: duration: 5200.0 finished_at: 1679328005200 id: "7291038456723891045" started_at: 1679328000000 status: passed test_type: browser test_version: 2 id: "7291038456723891045" relationships: test: data: id: xyz-abc-789 type: test type: result schema: $ref: "#/components/schemas/SyntheticsTestResultResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a browser test result tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/bulk-delete: post: operationId: DeleteSyntheticsTests requestBody: content: application/json: examples: default: value: data: attributes: public_ids: - abc-def-123 - xyz-uvw-456 type: delete_tests_request schema: $ref: "#/components/schemas/DeletedTestsRequestDeleteRequest" required: true responses: "200": content: application/json: examples: default: value: data: - id: abc-def-123 type: delete_tests schema: $ref: "#/components/schemas/DeletedTestsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Bulk delete tests tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write /api/v2/synthetics/tests/fast/{id}: get: operationId: GetSyntheticsFastTestResult parameters: - description: The UUID of the fast test to retrieve the result for. in: path name: id required: true schema: example: abc12345-1234-1234-1234-abc123456789 type: string responses: "200": content: application/json: examples: default: value: data: attributes: location: id: aws:us-east-1 name: "N. Virginia (AWS)" result: duration: 150.5 finished_at: 1679328001000 id: abc12345-1234-1234-1234-abc123456789 resolved_ip: "1.2.3.4" run_type: fast started_at: 1679328000000 status: passed test_sub_type: http test_type: api test_version: 1 id: abc12345-1234-1234-1234-abc123456789 type: result schema: $ref: "#/components/schemas/SyntheticsFastTestResult" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a fast test result tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/network: post: operationId: CreateSyntheticsNetworkTest requestBody: content: application/json: examples: default: value: data: attributes: config: assertions: - operator: lessThan property: avg target: 500 type: latency request: e2e_queries: 50 host: "" max_ttl: 30 port: 443 tcp_method: prefer_sack traceroute_queries: 3 locations: - aws:us-east-1 - agent:my-agent-name message: Network Path test notification monitor_id: 12345678 name: Example Network Path test options: monitor_options: notification_preset_name: show_all scheduling: timeframes: - day: 1 from: 07:00 to: "16:00" - day: 3 from: 07:00 to: "16:00" timezone: America/New_York public_id: abc-def-123 status: live subtype: tcp tags: - env:production type: network type: network schema: $ref: "#/components/schemas/SyntheticsNetworkTestEditRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: config: {} locations: - aws:us-east-1 message: Network Path test notification name: Example Network Path test options: {} status: live type: network id: abc-def-123 type: network_test schema: $ref: "#/components/schemas/SyntheticsNetworkTestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Create a Network Path test tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write - synthetics_create_edit_trigger /api/v2/synthetics/tests/network/{public_id}: get: operationId: GetSyntheticsNetworkTest parameters: - description: The public ID of the Network Path test to get details from. in: path name: public_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: config: {} locations: - aws:us-east-1 message: Network Path test notification name: Example Network Path test options: {} status: live type: network id: abc-def-123 type: network_test schema: $ref: "#/components/schemas/SyntheticsNetworkTestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a Network Path test tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read put: operationId: UpdateSyntheticsNetworkTest parameters: - description: The public ID of the Network Path test to edit. in: path name: public_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: config: assertions: - operator: lessThan property: avg target: 500 type: latency request: e2e_queries: 50 host: "" max_ttl: 30 port: 443 tcp_method: prefer_sack traceroute_queries: 3 locations: - aws:us-east-1 - agent:my-agent-name message: Network Path test notification monitor_id: 12345678 name: Example Network Path test options: monitor_options: notification_preset_name: show_all scheduling: timeframes: - day: 1 from: 07:00 to: "16:00" - day: 3 from: 07:00 to: "16:00" timezone: America/New_York public_id: abc-def-123 status: live subtype: tcp tags: - env:production type: network type: network schema: $ref: "#/components/schemas/SyntheticsNetworkTestEditRequest" description: New Network Path test details to be saved. required: true responses: "200": content: application/json: examples: default: value: data: attributes: config: {} locations: - aws:us-east-1 message: Network Path test notification name: Example Network Path test options: {} status: live type: network id: abc-def-123 type: network_test schema: $ref: "#/components/schemas/SyntheticsNetworkTestResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Edit a Network Path test tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write - synthetics_create_edit_trigger /api/v2/synthetics/tests/poll_results: get: description: |- Poll for test results given a list of result IDs. This is typically used after triggering tests with CI/CD to retrieve results once they are available. operationId: PollSyntheticsTestResults parameters: - description: A JSON-encoded array of result IDs to poll for. example: '["id1","id2","id3"]' in: query name: result_ids required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: location: id: aws:us-east-1 name: "N. Virginia (AWS)" result: duration: 150.5 finished_at: 1679328001000 id: "5158904793181869365" started_at: 1679328000000 status: passed test_sub_type: http test_type: api test_version: 3 id: "5158904793181869365" relationships: test: data: id: abc-def-123 type: test type: result schema: $ref: "#/components/schemas/SyntheticsPollTestResultsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Poll for test results tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/{public_id}/files/download: post: description: |- Get a presigned URL to download a file attached to a Synthetic test. The returned URL is temporary and expires after a short period. operationId: GetTestFileDownloadUrl parameters: - description: The public ID of the Synthetic test. in: path name: public_id required: true schema: example: abc-def-123 type: string requestBody: content: application/json: examples: default: value: bucketKey: api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json schema: $ref: "#/components/schemas/SyntheticsTestFileDownloadRequest" required: true responses: "200": content: application/json: examples: default: value: presignedUrl: https://example.com/download schema: $ref: "#/components/schemas/SyntheticsTestFileDownloadResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a presigned URL for downloading a test file tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/{public_id}/files/multipart-presigned-urls: post: description: |- Get presigned URLs for uploading a file to a Synthetic test using multipart upload. Returns the presigned URLs for each part along with the bucket key that references the file. operationId: GetTestFileMultipartPresignedUrls parameters: - description: The public ID of the Synthetic test. in: path name: public_id required: true schema: example: abc-def-123 type: string requestBody: content: application/json: examples: default: value: bucketKeyPrefix: api-upload-file parts: - md5: 1B2M2Y8AsgTpgAmY7PhCfg== partNumber: 1 schema: $ref: "#/components/schemas/SyntheticsTestFileMultipartPresignedUrlsRequest" required: true responses: "200": content: application/json: examples: default: value: bucketKey: api-upload-file/abc-def-123/file.json presignedUrls: [] schema: $ref: "#/components/schemas/SyntheticsTestFileMultipartPresignedUrlsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Get presigned URLs for uploading a test file tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write - synthetics_create_edit_trigger /api/v2/synthetics/tests/{public_id}/files/multipart-upload-abort: post: description: |- Abort an in-progress multipart file upload for a Synthetic test. This cancels the upload and releases any storage used by already-uploaded parts. operationId: AbortTestFileMultipartUpload parameters: - description: The public ID of the Synthetic test. in: path name: public_id required: true schema: example: abc-def-123 type: string requestBody: content: application/json: examples: default: value: key: org-123/api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json uploadId: upload-id-abc123 schema: $ref: "#/components/schemas/SyntheticsTestFileAbortMultipartUploadRequest" required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Abort a multipart upload of a test file tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write - synthetics_create_edit_trigger /api/v2/synthetics/tests/{public_id}/files/multipart-upload-complete: post: description: |- Complete a multipart file upload for a Synthetic test. Call this endpoint after all parts have been uploaded using the presigned URLs obtained from the multipart presigned URLs endpoint. operationId: CompleteTestFileMultipartUpload parameters: - description: The public ID of the Synthetic test. in: path name: public_id required: true schema: example: abc-def-123 type: string requestBody: content: application/json: examples: default: value: key: org-123/api-upload-file/abc-def-123/2024-01-01T00:00:00_uuid.json parts: - ETag: '"d41d8cd98f00b204e9800998ecf8427e"' PartNumber: 1 uploadId: upload-id-abc123 schema: $ref: "#/components/schemas/SyntheticsTestFileCompleteMultipartUploadRequest" required: true responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_write summary: Complete a multipart upload of a test file tags: - Synthetics x-permission: operator: OR permissions: - synthetics_write - synthetics_create_edit_trigger /api/v2/synthetics/tests/{public_id}/parent-suites: get: description: Get the list of parent suites and their status for a given Synthetic test. operationId: GetTestParentSuites parameters: - description: The public ID of the Synthetic test. in: path name: public_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/SyntheticsTestParentSuitesResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get parent suites for a test tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/{public_id}/results: get: description: Get the latest result summaries for a given Synthetic test. operationId: ListSyntheticsTestLatestResults parameters: - description: The public ID of the Synthetic test for which to search results. in: path name: public_id required: true schema: type: string - description: Timestamp in milliseconds from which to start querying results. in: query name: from_ts required: false schema: format: int64 type: integer - description: Timestamp in milliseconds up to which to query results. in: query name: to_ts required: false schema: format: int64 type: integer - description: Filter results by status. in: query name: status required: false schema: $ref: "#/components/schemas/SyntheticsTestResultStatus" - description: Filter results by run type. in: query name: runType required: false schema: $ref: "#/components/schemas/SyntheticsTestResultRunType" - description: Locations for which to query results. in: query name: probe_dc required: false schema: items: type: string type: array - description: Device IDs for which to query results. in: query name: device_id required: false schema: items: type: string type: array responses: "200": content: application/json: examples: default: value: data: - attributes: finished_at: 1679328001000 location: id: aws:us-east-1 name: "N. Virginia (AWS)" run_type: scheduled started_at: 1679328000000 status: passed test_sub_type: http test_type: api test_version: 3 id: "5158904793181869365" relationships: test: data: id: abc-def-123 type: test type: result_summary schema: $ref: "#/components/schemas/SyntheticsTestLatestResultsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a test's latest results tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/{public_id}/results/{result_id}: get: description: Get a specific full result from a given Synthetic test. operationId: GetSyntheticsTestResult parameters: - description: The public ID of the Synthetic test to which the target result belongs. in: path name: public_id required: true schema: type: string - description: The ID of the result to get. in: path name: result_id required: true schema: type: string - description: The event ID used to look up the result in the event store. in: query name: event_id required: false schema: type: string - description: Timestamp in seconds to look up the result. in: query name: timestamp required: false schema: format: int64 type: integer responses: "200": content: application/json: examples: default: value: data: attributes: location: id: aws:us-east-1 name: "N. Virginia (AWS)" result: duration: 150.5 finished_at: 1679328001000 id: "5158904793181869365" started_at: 1679328000000 status: passed test_sub_type: http test_type: api test_version: 3 id: "5158904793181869365" relationships: test: data: id: abc-def-123 type: test type: result schema: $ref: "#/components/schemas/SyntheticsTestResultResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a test result tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/{public_id}/version_history: get: description: Get the paginated version history for a Synthetic test. operationId: ListSyntheticsTestVersions parameters: - description: The public ID of the Synthetic test. in: path name: public_id required: true schema: type: string - description: The version number of the last item from the previous page. Omit to get the first page. in: query name: last_version_number required: false schema: format: int64 type: integer - description: Maximum number of version records to return per page. in: query name: limit required: false schema: format: int64 maximum: 50 type: integer responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/SyntheticsTestVersionHistoryResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get version history of a test tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/tests/{public_id}/version_history/{version_number}: get: description: Get a specific version of a Synthetic test by its version number. operationId: GetSyntheticsTestVersion parameters: - description: The public ID of the Synthetic test. in: path name: public_id required: true schema: type: string - description: The version number to retrieve. in: path name: version_number required: true schema: format: int64 type: integer - description: If `true`, include change metadata in the response. in: query name: include_change_metadata required: false schema: type: boolean - description: |- If `true`, only check whether the version exists without returning its full payload. Returns an empty object if the version exists, or 404 if not. in: query name: only_check_existence required: false schema: type: boolean responses: "200": content: application/json: examples: default: value: data: public_id: abc-def-123 version_number: 1 schema: $ref: "#/components/schemas/SyntheticsTestVersionResponse" description: OK "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - synthetics_read summary: Get a specific version of a test tags: - Synthetics x-permission: operator: OR permissions: - synthetics_read /api/v2/synthetics/variables/{variable_id}/jsonpatch: patch: description: |- Patch a global variable using JSON Patch (RFC 6902). This endpoint allows partial updates to a global variable by specifying only the fields to modify. Common operations include: - Replace field values: `{"op": "replace", "path": "/name", "value": "new_name"}` - Update nested values: `{"op": "replace", "path": "/value/value", "value": "new_value"}` - Add/update tags: `{"op": "add", "path": "/tags/-", "value": "new_tag"}` - Remove fields: `{"op": "remove", "path": "/description"}` operationId: PatchGlobalVariable parameters: - description: The ID of the global variable. in: path name: variable_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: json_patch: - op: add path: /name type: global_variables_json_patch schema: $ref: "#/components/schemas/GlobalVariableJsonPatchRequest" description: JSON Patch document with operations to apply. required: true responses: "200": content: application/json: examples: default: value: data: attributes: description: Example description name: MY_VARIABLE tags: - "team:front" value: secure: false value: example-value id: abc-123 type: global_variables schema: $ref: "#/components/schemas/GlobalVariableResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Patch a global variable tags: - Synthetics x-codegen-request-body-name: body "x-permission": operator: OR permissions: - synthetics_global_variable_write /api/v2/tags/enrichment: get: description: List all tag pipeline rulesets - Retrieve a list of all tag pipeline rulesets for the organization operationId: ListTagPipelinesRulesets responses: "200": content: application/json: examples: default: value: data: - attributes: created: enabled: true last_modified_user_uuid: "" modified: name: Production Cost Allocation Rules position: 0 rules: - enabled: true mapping: metadata: name: AWS Production Account Tagging query: addition: key: environment value: production case_insensitivity: false if_tag_exists: do_not_apply query: billingcurrency:"USD" AND account_name:"prod-account" reference_table: version: 2 id: 00000000-0000-0000-0000-000000000001 type: ruleset schema: $ref: "#/components/schemas/RulesetRespArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List tag pipeline rulesets tags: - Cloud Cost Management post: description: Create a new tag pipeline ruleset with the specified rules and configuration operationId: CreateTagPipelinesRuleset requestBody: content: application/json: examples: default: value: data: attributes: enabled: true rules: - enabled: true name: Add Cost Center Tag query: addition: key: cost_center value: engineering case_insensitivity: false if_tag_exists: do_not_apply query: account_id:"123456789" AND service:"web-api" id: New Ruleset type: create_ruleset schema: $ref: "#/components/schemas/CreateRulesetRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created: enabled: true last_modified_user_uuid: "" modified: name: Example Ruleset position: 0 rules: - enabled: true mapping: metadata: name: Add Cost Center Tag query: addition: key: cost_center value: engineering case_insensitivity: false if_tag_exists: do_not_apply query: account_id:"123456789" AND service:"web-api" reference_table: version: 1 id: 00000000-0000-0000-0000-000000000002 type: ruleset schema: $ref: "#/components/schemas/RulesetResp" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create tag pipeline ruleset tags: - Cloud Cost Management /api/v2/tags/enrichment/reorder: post: description: Reorder tag pipeline rulesets - Change the execution order of tag pipeline rulesets operationId: ReorderTagPipelinesRulesets requestBody: content: application/json: examples: default: value: data: - id: 55ef2385-9ae1-4410-90c4-5ac1b60fec10 type: ruleset - id: a7b8c9d0-1234-5678-9abc-def012345678 type: ruleset - id: f1e2d3c4-b5a6-9780-1234-567890abcdef type: ruleset schema: $ref: "#/components/schemas/ReorderRulesetResourceArray" required: true responses: "204": description: Successfully reordered rulesets "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Reorder tag pipeline rulesets tags: - Cloud Cost Management /api/v2/tags/enrichment/status: get: description: List the processing status of all tag pipeline rulesets. Returns only the ID and processing status for each ruleset. operationId: ListTagPipelinesRulesetsStatus responses: "200": content: application/json: examples: default: value: data: - attributes: processing_status: processing id: 55ef2385-9ae1-4410-90c4-5ac1b60fec10 type: ruleset_status - attributes: processing_status: done id: a7b8c9d0-1234-5678-9abc-def012345678 type: ruleset_status schema: $ref: "#/components/schemas/RulesetStatusRespArray" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List tag pipeline ruleset statuses tags: - Cloud Cost Management /api/v2/tags/enrichment/validate-query: post: description: Validate a tag pipeline query - Validate the syntax and structure of a tag pipeline query operationId: ValidateQuery requestBody: content: application/json: examples: default: value: data: attributes: Query: example:query AND test:true type: validate_query schema: $ref: "#/components/schemas/RulesValidateQueryRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: Canonical: canonical query representation type: validate_response schema: $ref: "#/components/schemas/RulesValidateQueryResponse" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Validate query tags: - Cloud Cost Management /api/v2/tags/enrichment/{ruleset_id}: delete: description: Delete a tag pipeline ruleset - Delete an existing tag pipeline ruleset by its ID operationId: DeleteTagPipelinesRuleset parameters: - description: The unique identifier of the ruleset in: path name: ruleset_id required: true schema: type: string responses: "204": description: No Content "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete tag pipeline ruleset tags: - Cloud Cost Management get: description: Get a specific tag pipeline ruleset - Retrieve a specific tag pipeline ruleset by its ID operationId: GetTagPipelinesRuleset parameters: - description: The unique identifier of the ruleset in: path name: ruleset_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created: enabled: true last_modified_user_uuid: "" modified: name: Example Ruleset position: 0 rules: - enabled: true mapping: metadata: name: Add Cost Center Tag query: addition: key: cost_center value: engineering case_insensitivity: false if_tag_exists: do_not_apply query: account_id:"123456789" AND service:"web-api" reference_table: version: 1 id: 00000000-0000-0000-0000-000000000004 type: ruleset schema: $ref: "#/components/schemas/RulesetResp" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get a tag pipeline ruleset tags: - Cloud Cost Management patch: description: Update a tag pipeline ruleset - Update an existing tag pipeline ruleset with new rules and configuration operationId: UpdateTagPipelinesRuleset parameters: - description: The unique identifier of the ruleset in: path name: ruleset_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: enabled: true last_version: 1 name: Updated Ruleset rules: - enabled: true name: Add Cost Center Tag query: addition: key: cost_center value: engineering case_insensitivity: false if_tag_exists: do_not_apply query: account_id:"123456789" AND service:"web-api" - enabled: true mapping: destination_key: team_owner if_tag_exists: do_not_apply source_keys: - account_name - account_id name: Account Name Mapping query: - enabled: true name: New table rule with new UI query: reference_table: case_insensitivity: true field_pairs: - input_column: status_type output_key: status - input_column: status_description output_key: dess if_tag_exists: append source_keys: - http_status - status_description table_name: http_status_codes type: update_ruleset schema: $ref: "#/components/schemas/UpdateRulesetRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: enabled: true name: Example Ruleset position: 0 rules: - enabled: true name: Example Rule query: addition: key: env value: prod case_insensitivity: false if_tag_exists: do_not_apply query: account_id:"123456789" version: 1 id: 00000000-0000-0000-0000-000000000003 type: ruleset schema: $ref: "#/components/schemas/RulesetResp" description: OK "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Update tag pipeline ruleset tags: - Cloud Cost Management /api/v2/team: get: description: |- Get all teams. Can be used to search for teams using the `filter[keyword]` and `filter[me]` query parameters. operationId: ListTeams parameters: - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/PageSize" - description: Specifies the order of the returned teams in: query name: sort required: false schema: $ref: "#/components/schemas/ListTeamsSort" - description: |- Included related resources optionally requested. Allowed enum values: `team_links, user_team_permissions` in: query name: include required: false schema: items: $ref: "#/components/schemas/ListTeamsInclude" type: array - description: Search query. Can be team name, team handle, or email of team member in: query name: filter[keyword] required: false schema: type: string - description: When true, only returns teams the current user belongs to in: query name: filter[me] required: false schema: type: boolean - description: List of fields that need to be fetched. explode: false in: query name: fields[team] required: false schema: items: $ref: "#/components/schemas/TeamsField" type: array responses: "200": content: application/json: examples: default: value: data: - attributes: handle: example-team name: Example Team id: 00000000-0000-0000-0000-000000000001 type: team meta: pagination: offset: 0 total: 1 schema: $ref: "#/components/schemas/TeamsResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get all teams tags: - Teams x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data "x-permission": operator: OR permissions: - teams_read post: description: |- Create a new team. User IDs passed through the `users` relationship field are added to the team. operationId: CreateTeam requestBody: content: application/json: examples: default: value: data: attributes: avatar: 🥑 handle: example-team name: Example Team relationships: users: data: [] type: team schema: $ref: "#/components/schemas/TeamCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: handle: example-team name: Example Team id: 00000000-0000-0000-0000-000000000002 type: team schema: $ref: "#/components/schemas/TeamResponse" description: CREATED "403": $ref: "#/components/responses/ForbiddenResponse" "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read - teams_manage summary: Create a team tags: - Teams x-codegen-request-body-name: body "x-permission": operator: AND permissions: - teams_read - teams_manage /api/v2/team-hierarchy-links: get: description: List all team hierarchy links that match the provided filters. operationId: ListTeamHierarchyLinks parameters: - $ref: "#/components/parameters/PageNumber" - $ref: "#/components/parameters/PageSize" - description: Filter by parent team ID in: query name: filter[parent_team] required: false schema: type: string - description: Filter by sub team ID in: query name: filter[sub_team] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" provisioned_by: system id: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: team_hierarchy_links schema: $ref: "#/components/schemas/TeamHierarchyLinksResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get team hierarchy links tags: - Teams x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data "x-permission": operator: OR permissions: - teams_read post: description: Create a new team hierarchy link between a parent team and a sub team. operationId: AddTeamHierarchyLink requestBody: content: application/json: examples: default: value: data: relationships: parent_team: data: id: 692e8073-12c4-4c71-8408-5090bd44c9c8 type: team sub_team: data: id: 692e8073-12c4-4c71-8408-5090bd44c9c8 type: team type: team_hierarchy_links schema: $ref: "#/components/schemas/TeamHierarchyLinkCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" provisioned_by: system id: 00000000-0000-0000-0000-000000000001 type: team_hierarchy_links schema: $ref: "#/components/schemas/TeamHierarchyLinkResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Conflict "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read - teams_manage summary: Create a team hierarchy link tags: - Teams "x-permission": operator: AND permissions: - teams_read - teams_manage /api/v2/team-hierarchy-links/{link_id}: delete: description: Remove a team hierarchy link by the given link_id. operationId: RemoveTeamHierarchyLink parameters: - description: The team hierarchy link's identifier in: path name: link_id required: true schema: type: string responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read - teams_manage summary: Remove a team hierarchy link tags: - Teams "x-permission": operator: AND permissions: - teams_read - teams_manage get: description: Get a single team hierarchy link for the given link_id. operationId: GetTeamHierarchyLink parameters: - description: The team hierarchy link's identifier in: path name: link_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" provisioned_by: system id: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: team_hierarchy_links schema: $ref: "#/components/schemas/TeamHierarchyLinkResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get a team hierarchy link tags: - Teams "x-permission": operator: OR permissions: - teams_read /api/v2/team/connections: delete: description: Delete multiple team connections. operationId: DeleteTeamConnections requestBody: content: application/json: examples: default: value: data: - id: 12345678-1234-5678-9abc-123456789012 type: team_connection schema: $ref: "#/components/schemas/TeamConnectionDeleteRequest" required: true responses: "204": description: No Content "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Delete team connections tags: - Teams "x-permission": operator: OR permissions: - teams_read get: description: Returns all team connections. operationId: ListTeamConnections parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: Filter team connections by external source systems. explode: false in: query name: filter[sources] required: false schema: items: example: "github" type: string type: array style: form - description: Filter team connections by Datadog team IDs. explode: false in: query name: filter[team_ids] required: false schema: items: example: "12345678-1234-5678-9abc-123456789012" type: string type: array style: form - description: Filter team connections by connected team IDs from external systems. explode: false in: query name: filter[connected_team_ids] required: false schema: items: example: "@MyGitHubAccount/my-team-name" type: string type: array style: form - description: Filter team connections by connection IDs. explode: false in: query name: filter[connection_ids] required: false schema: items: example: "12345678-1234-5678-9abc-123456789012" type: string type: array style: form responses: "200": content: application/json: examples: default: value: data: - attributes: managed_by: github_sync source: github id: 00000000-0000-0000-0000-000000000001 type: team_connection schema: $ref: "#/components/schemas/TeamConnectionsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: List team connections tags: - Teams x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data "x-permission": operator: OR permissions: - teams_read post: description: Create multiple team connections. operationId: CreateTeamConnections requestBody: content: application/json: examples: default: value: data: - attributes: managed_by: github_sync source: github relationships: connected_team: data: id: "@GitHubOrg/team-handle" team: data: id: 87654321-4321-8765-dcba-210987654321 type: team_connection schema: $ref: "#/components/schemas/TeamConnectionCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: - attributes: managed_by: github_sync source: github id: 00000000-0000-0000-0000-000000000002 type: team_connection schema: $ref: "#/components/schemas/TeamConnectionsResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "409": $ref: "#/components/responses/ConflictResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Create team connections tags: - Teams "x-permission": operator: OR permissions: - teams_read /api/v2/team/sync: get: description: |- Get all team synchronization configurations. Returns a list of configurations used for linking or provisioning teams with external sources like GitHub. operationId: GetTeamSync parameters: - description: Filter by the external source platform for team synchronization in: query name: filter[source] required: true schema: $ref: "#/components/schemas/TeamSyncAttributesSource" responses: "200": content: application/json: examples: default: value: data: - attributes: frequency: once source: github sync_membership: false type: link type: team_sync_bulk schema: $ref: "#/components/schemas/TeamSyncResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get team sync configurations tags: - Teams x-permission: operator: OR permissions: - teams_read post: description: |- This endpoint configures synchronization between your existing Datadog teams and GitHub teams by matching their names. It evaluates all current Datadog teams and compares them against teams in the GitHub organization connected to your Datadog account, based on Datadog Team handle and GitHub Team slug (lowercased and kebab-cased). This operation is read-only on the GitHub side, no teams will be modified or created. Optionally, provide `selection_state` to limit synchronization to specific teams or organizations and their subtrees, instead of syncing all teams. [A GitHub organization must be connected to your Datadog account](https://docs.datadoghq.com/integrations/github/), and the GitHub App integrated with Datadog must have the `Members Read` permission. Matching is performed by comparing the Datadog team handle to the GitHub team slug using a normalized exact match; case is ignored and spaces are removed. No modifications are made to teams in GitHub. This only creates new teams in Datadog when type is set to `provision`. operationId: SyncTeams requestBody: content: application/json: examples: default: value: data: attributes: source: github type: link type: team_sync_bulk schema: $ref: "#/components/schemas/TeamSyncRequest" required: true responses: "200": description: OK "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" "500": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Internal Server Error - Unexpected error during linking. security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_manage summary: Link Teams with GitHub Teams tags: - Teams x-codegen-request-body-name: body x-permission: operator: AND permissions: - teams_manage /api/v2/team/{super_team_id}/member_teams: get: deprecated: true description: |- Get all member teams. **Note**: This API is deprecated. For team hierarchy relationships (parent-child teams), use the team hierarchy links API: `GET /api/v2/team-hierarchy-links`. operationId: ListMemberTeams parameters: - description: None in: path name: super_team_id required: true schema: type: string - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: List of fields that need to be fetched. explode: false in: query name: fields[team] required: false schema: items: $ref: "#/components/schemas/TeamsField" type: array responses: "200": content: application/json: examples: default: value: data: - attributes: handle: example-team name: Example Team id: 00000000-0000-0000-0000-000000000005 type: team meta: pagination: offset: 0 total: 1 schema: $ref: "#/components/schemas/TeamsResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get all member teams tags: - Teams x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data x-permission: operator: OR permissions: - teams_read x-sunset: "2026-06-01" x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). post: deprecated: true description: |- Add a member team. Adds the team given by the `id` in the body as a member team of the super team. **Note**: This API is deprecated. For creating team hierarchy links, use the team hierarchy links API: `POST /api/v2/team-hierarchy-links`. operationId: AddMemberTeam parameters: - description: None in: path name: super_team_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: id: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: member_teams schema: $ref: "#/components/schemas/AddMemberTeamRequest" required: true responses: "204": description: Added "403": $ref: "#/components/responses/ForbiddenResponse" "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Add a member team tags: - Teams x-permission: operator: OR permissions: - teams_read x-sunset: "2026-06-01" x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/team/{super_team_id}/member_teams/{member_team_id}: delete: deprecated: true description: |- Remove a super team's member team identified by `member_team_id`. **Note**: This API is deprecated. For deleting team hierarchy links, use the team hierarchy links API: `DELETE /api/v2/team-hierarchy-links/{link_id}`. operationId: RemoveMemberTeam parameters: - description: None in: path name: super_team_id required: true schema: type: string - description: None in: path name: member_team_id required: true schema: type: string responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Remove a member team tags: - Teams x-permission: operator: OR permissions: - teams_read x-sunset: "2026-06-01" x-unstable: |- **Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/team/{team_id}: delete: description: Remove a team using the team's `id`. operationId: DeleteTeam parameters: - description: None in: path name: team_id required: true schema: type: string responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read - teams_manage summary: Remove a team tags: - Teams "x-permission": operator: AND permissions: - teams_read - teams_manage get: description: Get a single team using the team's `id`. operationId: GetTeam parameters: - description: None in: path name: team_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: handle: example-team name: Example Team id: 00000000-0000-0000-0000-000000000003 type: team schema: $ref: "#/components/schemas/TeamResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get a team tags: - Teams "x-permission": operator: OR permissions: - teams_read patch: description: |- Update a team using the team's `id`. If the `team_links` relationship is present, the associated links are updated to be in the order they appear in the array, and any existing team links not present are removed. operationId: UpdateTeam parameters: - description: None in: path name: team_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: avatar: 🥑 handle: example-team name: Example Team relationships: team_links: data: - id: f9bb8444-af7f-11ec-ac2c-da7ad0900001 links: related: /api/v2/team/c75a4a8e-20c7-11ee-a3a5-da7ad0900002/links type: team schema: $ref: "#/components/schemas/TeamUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: handle: example-team name: Example Team id: 00000000-0000-0000-0000-000000000004 type: team schema: $ref: "#/components/schemas/TeamResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update a team tags: - Teams x-codegen-request-body-name: body "x-permission": operator: OR permissions: - teams_read /api/v2/team/{team_id}/links: get: description: Get all links for a given team. operationId: GetTeamLinks parameters: - description: None in: path name: team_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: label: Link label position: 0 url: "https://example.com" id: 00000000-0000-0000-0000-000000000001 type: team_links schema: $ref: "#/components/schemas/TeamLinksResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get links for a team tags: - Teams "x-permission": operator: OR permissions: - teams_read post: description: Add a new link to a team. operationId: CreateTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: label: Link label position: 0 url: https://example.com type: team_links schema: $ref: "#/components/schemas/TeamLinkCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: label: Link label url: https://example.com id: 00000000-0000-0000-0000-000000000002 type: team_links schema: $ref: "#/components/schemas/TeamLinkResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Create a team link tags: - Teams x-codegen-request-body-name: body "x-permission": operator: OR permissions: - teams_read /api/v2/team/{team_id}/links/{link_id}: delete: description: Remove a link from a team. operationId: DeleteTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: link_id required: true schema: type: string responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Remove a team link tags: - Teams "x-permission": operator: OR permissions: - teams_read get: description: Get a single link for a team. operationId: GetTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: link_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: label: Link label position: 0 url: "https://example.com" id: 00000000-0000-0000-0000-000000000003 type: team_links schema: $ref: "#/components/schemas/TeamLinkResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get a team link tags: - Teams "x-permission": operator: OR permissions: - teams_read patch: description: Update a team link. operationId: UpdateTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: link_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: label: Link label url: https://example.com type: team_links schema: $ref: "#/components/schemas/TeamLinkCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: label: Link label position: 0 url: "https://example.com" id: 00000000-0000-0000-0000-000000000004 type: team_links schema: $ref: "#/components/schemas/TeamLinkResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update a team link tags: - Teams x-codegen-request-body-name: body "x-permission": operator: OR permissions: - teams_read /api/v2/team/{team_id}/memberships: get: description: Get a paginated list of members for a team operationId: GetTeamMemberships parameters: - description: None in: path name: team_id required: true schema: type: string - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: Specifies the order of returned team memberships in: query name: sort required: false schema: $ref: "#/components/schemas/GetTeamMembershipsSort" - description: Search query, can be user email or name in: query name: filter[keyword] required: false schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: role: admin id: TeamMembership-aeadc05e-98a8-11ec-ac2c-da7ad0900001-38835 type: team_memberships schema: $ref: "#/components/schemas/UserTeamsResponse" description: Represents a user's association to a team "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get team memberships tags: - Teams x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data "x-permission": operator: OR permissions: - teams_read post: description: |- Add a user to a team. **Note**: Each team has a setting that determines who is allowed to modify membership of the team. The `user_access_manage` permission generally grants access to modify membership of any team. To get the full picture, see [Team Membership documentation](https://docs.datadoghq.com/account_management/teams/manage/#team-membership). operationId: CreateTeamMembership parameters: - description: None in: path name: team_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: role: admin relationships: team: data: id: d7e15d9d-d346-43da-81d8-3d9e71d9a5e9 type: team user: data: id: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: users type: team_memberships schema: $ref: "#/components/schemas/UserTeamRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: role: admin id: 00000000-0000-0000-0000-000000000001 type: team_memberships schema: $ref: "#/components/schemas/UserTeamResponse" description: Represents a user's association to a team "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Add a user to a team tags: - Teams x-codegen-request-body-name: body "x-permission": operator: OR permissions: - teams_read /api/v2/team/{team_id}/memberships/{user_id}: delete: description: |- Remove a user from a team. **Note**: Each team has a setting that determines who is allowed to modify membership of the team. The `user_access_manage` permission generally grants access to modify membership of any team. To get the full picture, see [Team Membership documentation](https://docs.datadoghq.com/account_management/teams/manage/#team-membership). operationId: DeleteTeamMembership parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: user_id required: true schema: type: string responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Remove a user from a team tags: - Teams "x-permission": operator: OR permissions: - teams_read patch: description: |- Update a user's membership attributes on a team. **Note**: Each team has a setting that determines who is allowed to modify membership of the team. The `user_access_manage` permission generally grants access to modify membership of any team. To get the full picture, see [Team Membership documentation](https://docs.datadoghq.com/account_management/teams/manage/#team-membership). operationId: UpdateTeamMembership parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: user_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: role: admin type: team_memberships schema: $ref: "#/components/schemas/UserTeamUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: role: admin id: TeamMembership-aeadc05e-98a8-11ec-ac2c-da7ad0900001-38835 type: team_memberships schema: $ref: "#/components/schemas/UserTeamResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update a user's membership attributes on a team tags: - Teams x-codegen-request-body-name: body "x-permission": operator: OR permissions: - teams_read /api/v2/team/{team_id}/notification-rules: get: operationId: GetTeamNotificationRules parameters: - description: None in: path name: team_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: email: enabled: true slack: channel: test-channel workspace: Datadog id: 00000000-0000-0000-0000-000000000001 type: team_notification_rules schema: $ref: "#/components/schemas/TeamNotificationRulesResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get team notification rules tags: - Teams x-permission: operator: OR permissions: - teams_read post: operationId: CreateTeamNotificationRule parameters: - description: None in: path name: team_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: email: enabled: true slack: channel: test-ops workspace: Datadog type: team_notification_rules schema: $ref: "#/components/schemas/TeamNotificationRuleRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: email: enabled: true slack: channel: test-channel workspace: Datadog id: 00000000-0000-0000-0000-000000000002 type: team_notification_rules schema: $ref: "#/components/schemas/TeamNotificationRuleResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "409": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Create team notification rule tags: - Teams x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/notification-rules/{rule_id}: delete: operationId: DeleteTeamNotificationRule parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: rule_id required: true schema: type: string responses: "204": description: No Content "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Delete team notification rule tags: - Teams x-permission: operator: OR permissions: - teams_read get: operationId: GetTeamNotificationRule parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: rule_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: email: enabled: true slack: channel: test-channel workspace: Datadog id: 00000000-0000-0000-0000-000000000003 type: team_notification_rules schema: $ref: "#/components/schemas/TeamNotificationRuleResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get team notification rule tags: - Teams x-permission: operator: OR permissions: - teams_read put: operationId: UpdateTeamNotificationRule parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: rule_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: pagerduty: service_name: Datadog-prod slack: channel: test-ops workspace: Datadog id: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: team_notification_rules schema: $ref: "#/components/schemas/TeamNotificationRuleRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: email: enabled: true slack: channel: test-channel workspace: Datadog id: 00000000-0000-0000-0000-000000000004 type: team_notification_rules schema: $ref: "#/components/schemas/TeamNotificationRuleResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update team notification rule tags: - Teams x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/permission-settings: get: description: Get all permission settings for a given team. operationId: GetTeamPermissionSettings parameters: - description: None in: path name: team_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: action: edit editable: true value: admins id: TeamPermission-abc-123-edit type: team_permission_settings schema: $ref: "#/components/schemas/TeamPermissionSettingsResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get permission settings for a team tags: - Teams "x-permission": operator: OR permissions: - teams_read /api/v2/team/{team_id}/permission-settings/{action}: put: description: Update a team permission setting for a given team. operationId: UpdateTeamPermissionSetting parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: action required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: value: admins type: team_permission_settings schema: $ref: "#/components/schemas/TeamPermissionSettingUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: action: edit editable: true value: admins id: TeamPermission-abc-123-edit type: team_permission_settings schema: $ref: "#/components/schemas/TeamPermissionSettingResponse" description: OK "403": $ref: "#/components/responses/ForbiddenResponse" "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update permission setting for team tags: - Teams x-codegen-request-body-name: body "x-permission": operator: OR permissions: - teams_read /api/v2/test/flaky-test-management/tests: patch: description: |- Update the state of multiple flaky tests in Flaky Test Management. operationId: UpdateFlakyTests requestBody: content: "application/json": examples: default: value: data: attributes: tests: - id: 4eb1887a8adb1847 new_state: active type: update_flaky_test_state_request schema: $ref: "#/components/schemas/UpdateFlakyTestsRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: has_errors: false results: - id: 4eb1887a8adb1847 success: true id: abc-123 type: update_flaky_test_state_response schema: $ref: "#/components/schemas/UpdateFlakyTestsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - test_optimization_write summary: Update flaky test states tags: ["Test Optimization"] x-codegen-request-body-name: body "x-permission": operator: OR permissions: - test_optimization_write post: description: |- List endpoint returning flaky tests from Flaky Test Management. Results are paginated. The response includes comprehensive test information including: - Test identification and metadata (module, suite, name) - Flaky state and categorization - First and last flake occurrences (timestamp, branch, commit SHA) - Test execution statistics from the last 7 days (failure rate) - Pipeline impact metrics (failed pipelines count, total lost time) - Complete status change history (optional, ordered from most recent to oldest) Set `include_history` to `true` in the request to receive the status change history for each test. History is disabled by default for better performance. Results support filtering by various facets including service, environment, repository, branch, and test state. operationId: SearchFlakyTests requestBody: content: "application/json": examples: default: value: data: attributes: filter: query: flaky_test_state:active @git.repository.id_v2:"github.com/datadog/test-service" page: cursor: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== limit: 25 sort: failure_rate type: search_flaky_tests_request schema: $ref: "#/components/schemas/FlakyTestsSearchRequest" required: false responses: "200": content: application/json: examples: default: value: data: - attributes: envs: - prod flaky_state: active module: TestModule name: TestName services: - test-service suite: TestSuite id: 4eb1887a8adb1847 type: flaky_test meta: pagination: next_page: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== schema: $ref: "#/components/schemas/FlakyTestsSearchResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/NotAuthorizedResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - test_optimization_read summary: Search flaky tests tags: ["Test Optimization"] x-codegen-request-body-name: body x-pagination: cursorParam: body.data.attributes.page.cursor cursorPath: meta.pagination.next_page limitParam: body.data.attributes.page.limit resultsPath: data "x-permission": operator: OR permissions: - test_optimization_read /api/v2/usage/application_security: get: deprecated: true description: |- Get hourly usage for application security . **Note:** This endpoint has been deprecated. Hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family) operationId: GetUsageApplicationSecurityMonitoring parameters: - description: "Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour." in: query name: start_hr required: true schema: format: date-time type: string - description: |- Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour. in: query name: end_hr required: false schema: format: date-time type: string responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/UsageApplicationSecurityMonitoringResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for application security tags: - Usage Metering "x-permission": operator: OR permissions: - usage_read /api/v2/usage/billing_dimension_mapping: get: description: |- Get a mapping of billing dimensions to the corresponding keys for the supported usage metering public API endpoints. Mapping data is updated on a monthly cadence. This endpoint is only accessible to [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). operationId: GetBillingDimensionMapping parameters: - description: "Datetime in ISO-8601 format, UTC, and for mappings beginning this month. Defaults to the current month." in: query name: filter[month] required: false schema: format: date-time type: string - description: "String to specify whether to retrieve active billing dimension mappings for the contract or for all available mappings. Allowed views have the string `active` or `all`. Defaults to `active`." in: query name: filter[view] required: false schema: default: active type: string responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/BillingDimensionsMappingResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get billing dimension mapping for usage endpoints tags: - Usage Metering "x-permission": operator: OR permissions: - usage_read /api/v2/usage/cost_by_org: get: deprecated: true description: |- Get cost across multi-org account. Cost by org data for a given month becomes available no later than the 16th of the following month. **Note:** This endpoint has been deprecated. Please use the new endpoint [`/historical_cost`](https://docs.datadoghq.com/api/latest/usage-metering/#get-historical-cost-across-your-account) instead. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). operationId: GetCostByOrg parameters: - description: "Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month." in: query name: start_month required: true schema: format: date-time type: string - description: "Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month." in: query name: end_month required: false schema: format: date-time type: string responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/CostByOrgResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get cost across multi-org account tags: - Usage Metering "x-permission": operator: AND permissions: - usage_read - billing_read /api/v2/usage/estimated_cost: get: description: |- Get estimated cost across multi-org and single root-org accounts. Estimated cost data is only available for the current month and previous month and is delayed by up to 72 hours from when it was incurred. To access historical costs prior to this, use the `/historical_cost` endpoint. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). operationId: GetEstimatedCostByOrg parameters: - description: "String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`." in: query name: view required: false schema: type: string - description: "Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month. **Either start_month or start_date should be specified, but not both.** (start_month cannot go beyond two months in the past). Provide an `end_month` to view month-over-month cost." in: query name: start_month required: false schema: format: date-time type: string - description: "Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month." in: query name: end_month required: false schema: format: date-time type: string - description: "Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost beginning this day. **Either start_month or start_date should be specified, but not both.** (start_date cannot go beyond two months in the past). Provide an `end_date` to view day-over-day cumulative cost." in: query name: start_date required: false schema: format: date-time type: string - description: "Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost ending this day." in: query name: end_date required: false schema: format: date-time type: string - description: "Controls how costs are aggregated when using `start_date`. The `cumulative` option returns month-to-date running totals." in: query name: cost_aggregation required: false schema: $ref: "#/components/schemas/CostAggregationType" - description: "Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`." in: query name: include_connected_accounts required: false schema: default: false type: boolean responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/CostByOrgResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get estimated cost across your account tags: - Usage Metering "x-permission": operator: AND permissions: - usage_read - billing_read /api/v2/usage/historical_cost: get: description: |- Get historical cost across multi-org and single root-org accounts. Cost data for a given month becomes available no later than the 16th of the following month. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). operationId: GetHistoricalCostByOrg parameters: - description: "Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month." in: query name: start_month required: true schema: format: date-time type: string - description: "String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`." in: query name: view required: false schema: type: string - description: "Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month." in: query name: end_month required: false schema: format: date-time type: string - description: "Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`." in: query name: include_connected_accounts required: false schema: default: false type: boolean responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/CostByOrgResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get historical cost across your account tags: - Usage Metering "x-permission": operator: AND permissions: - usage_read - billing_read /api/v2/usage/hourly_usage: get: description: Get hourly usage by product family. operationId: GetHourlyUsage parameters: - description: "Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage beginning at this hour." in: query name: filter[timestamp][start] required: true schema: format: date-time type: string - description: "Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage ending **before** this hour." in: query name: filter[timestamp][end] required: false schema: format: date-time type: string - description: |- Comma separated list of product families to retrieve. Available families are `all`, `analyzed_logs`, `application_security`, `audit_trail`, `bits_ai`, `serverless`, `ci_app`, `cloud_cost_management`, `cloud_siem`, `csm_container_enterprise`, `csm_host_enterprise`, `cspm`, `custom_events`, `cws`, `dbm`, `error_tracking`, `fargate`, `infra_hosts`, `incident_management`, `indexed_logs`, `indexed_spans`, `ingested_spans`, `iot`, `lambda_traced_invocations`, `llm_observability`, `logs`, `network_flows`, `network_hosts`, `network_monitoring`, `observability_pipelines`, `online_archive`, `profiling`, `product_analytics`, `rum`, `rum_browser_sessions`, `rum_mobile_sessions`, `sds`, `snmp`, `software_delivery`, `synthetics_api`, `synthetics_browser`, `synthetics_mobile`, `synthetics_parallel_testing`, `timeseries`, `vuln_management` and `workflow_executions`. The following product family has been **deprecated**: `audit_logs`. in: query name: filter[product_families] required: true schema: type: string - description: "Include child org usage in the response. Defaults to false." in: query name: filter[include_descendants] required: false schema: default: false type: boolean - description: "Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to false." in: query name: filter[include_connected_accounts] required: false schema: default: false type: boolean - description: "Include breakdown of usage by subcategories where applicable (for product family logs only). Defaults to false." in: query name: filter[include_breakdown] required: false schema: default: false type: boolean - description: |- Comma separated list of product family versions to use in the format `product_family:version`. For example, `infra_hosts:1.0.0`. If this parameter is not used, the API will use the latest version of each requested product family. Currently all families have one version `1.0.0`. in: query name: filter[versions] required: false schema: type: string - description: "Maximum number of results to return (between 1 and 500) - defaults to 500 if limit not specified." in: query name: page[limit] required: false schema: default: 500 format: int32 maximum: 500 minimum: 1 type: integer - description: "List following results with a next_record_id provided in the previous query." in: query name: page[next_record_id] required: false schema: type: string responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: - id: abc-123 type: usage_timeseries schema: $ref: "#/components/schemas/HourlyUsageResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage by product family tags: - Usage Metering "x-permission": operator: OR permissions: - usage_read /api/v2/usage/lambda_traced_invocations: get: deprecated: true description: |- Get hourly usage for Lambda traced invocations. **Note:** This endpoint has been deprecated.. Hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family) operationId: GetUsageLambdaTracedInvocations parameters: - description: "Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour." in: query name: start_hr required: true schema: format: date-time type: string - description: |- Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour. in: query name: end_hr required: false schema: format: date-time type: string responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/UsageLambdaTracedInvocationsResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for Lambda traced invocations tags: - Usage Metering "x-permission": operator: OR permissions: - usage_read /api/v2/usage/observability_pipelines: get: deprecated: true description: |- Get hourly usage for observability pipelines. **Note:** This endpoint has been deprecated. Hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family) operationId: GetUsageObservabilityPipelines parameters: - description: "Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour." in: query name: start_hr required: true schema: format: date-time type: string - description: |- Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour. in: query name: end_hr required: false schema: format: date-time type: string responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/UsageObservabilityPipelinesResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for observability pipelines tags: - Usage Metering "x-permission": operator: OR permissions: - usage_read /api/v2/usage/projected_cost: get: description: |- Get projected cost across multi-org and single root-org accounts. Projected cost data is only available for the current month and becomes available around the 12th of the month. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). operationId: GetProjectedCost parameters: - description: "String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`." in: query name: view required: false schema: type: string - description: "Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`." in: query name: include_connected_accounts required: false schema: default: false type: boolean responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: [] schema: $ref: "#/components/schemas/ProjectedCostResponse" description: OK "400": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get projected cost across your account tags: - Usage Metering "x-permission": operator: AND permissions: - usage_read - billing_read /api/v2/usage/usage-attribution-types: get: description: |- Get usage attribution types. operationId: GetUsageAttributionTypes responses: "200": content: application/json;datetime-format=rfc3339: examples: default: value: data: id: abc-123 type: usage_attribution_types schema: $ref: "#/components/schemas/UsageAttributionTypesResponse" description: OK "403": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden - User is not authorized "429": content: application/json;datetime-format=rfc3339: schema: $ref: "#/components/schemas/APIErrorResponse" description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get usage attribution types tags: - Usage Metering "x-permission": operator: OR permissions: - usage_read /api/v2/user_invitations: post: description: Sends emails to one or more users inviting them to join the organization. operationId: SendInvitations requestBody: content: application/json: examples: default: value: data: - relationships: user: data: id: 6cf192b6-d1d9-11ec-ad3d-da7ad0900002 type: users type: user_invitations schema: $ref: "#/components/schemas/UserInvitationsRequest" required: true responses: "201": content: application/json: examples: default: value: data: - attributes: created_at: "2024-01-01T00:00:00+00:00" expires_at: "2024-01-08T00:00:00+00:00" invite_type: email uuid: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000007 type: user_invitations schema: $ref: "#/components/schemas/UserInvitationsResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Send invitation emails tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_invite /api/v2/user_invitations/{user_invitation_uuid}: get: description: Returns a single user invitation by its UUID. operationId: GetInvitation parameters: - description: The UUID of the user invitation. in: path name: user_invitation_uuid required: true schema: example: "00000000-0000-0000-3456-000000000000" type: string responses: "200": content: application/json: examples: default: value: data: attributes: invite_type: email uuid: 00000000-0000-0000-0000-000000000001 id: 00000000-0000-0000-0000-000000000008 type: user_invitations schema: $ref: "#/components/schemas/UserInvitationResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Get a user invitation tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_invite /api/v2/users: get: description: |- Get the list of all users in the organization. This list includes all users even if they are deactivated or unverified. operationId: ListUsers parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" - description: |- User attribute to order results by. Sort order is ascending by default. Sort order is descending if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `modified_at`, `user_count`. in: query name: sort required: false schema: default: name example: name type: string - description: "Direction of sort. Options: `asc`, `desc`." in: query name: sort_dir required: false schema: $ref: "#/components/schemas/QuerySortOrder" - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string - description: |- Filter on status attribute. Comma separated list, with possible values `Active`, `Pending`, and `Disabled`. Defaults to no filtering. in: query name: filter[status] required: false schema: example: Active type: string responses: "200": content: application/json: examples: default: value: data: - attributes: email: test@example.com handle: example-handle name: Example Name status: Active id: 00000000-0000-0000-0000-000000000001 type: users included: [] meta: {} schema: $ref: "#/components/schemas/UsersResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List all users tags: - Users x-codegen-request-body-name: body x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data "x-permission": operator: OR permissions: - user_access_read post: description: Create a user for your organization. operationId: CreateUser requestBody: content: application/json: examples: default: value: data: attributes: email: jane.doe@example.com relationships: roles: data: - id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: users schema: $ref: "#/components/schemas/UserCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: email: test@example.com handle: example-handle name: Example Name status: Active id: 00000000-0000-0000-0000-000000000002 type: users included: [] schema: $ref: "#/components/schemas/UserResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Create a user tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_invite /api/v2/users/{user_id}: delete: description: |- Disable a user. Can only be used with an application key belonging to an administrator user. operationId: DisableUser parameters: - $ref: "#/components/parameters/UserID" responses: "204": description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Disable a user tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage - service_account_write get: description: Get a user in the organization specified by the user’s `user_id`. operationId: GetUser parameters: - $ref: "#/components/parameters/UserID" responses: "200": content: application/json: examples: default: value: data: attributes: email: test@example.com handle: example-handle name: Example Name status: Active id: 00000000-0000-0000-0000-000000000003 type: users included: [] schema: $ref: "#/components/schemas/UserResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get user details tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_read patch: description: |- Edit a user. Can only be used with an application key belonging to an administrator user. operationId: UpdateUser parameters: - $ref: "#/components/parameters/UserID" requestBody: content: application/json: examples: default: value: data: id: 00000000-0000-feed-0000-000000000000 type: users schema: $ref: "#/components/schemas/UserUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: email: test@example.com handle: example-handle name: Example Name status: Active id: 00000000-0000-0000-0000-000000000004 type: users included: [] schema: $ref: "#/components/schemas/UserResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "422": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unprocessable Entity "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a user tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_manage - service_account_write /api/v2/users/{user_id}/invitations: delete: description: |- Cancel all pending invitations for a specified user. Requires the `user_access_invite` permission. operationId: DeleteUserInvitations parameters: - description: The UUID of the user whose pending invitations should be canceled. in: path name: user_id required: true schema: example: "4dee724d-00cc-11ea-a77b-570c9d03c6c5" format: uuid type: string responses: "200": description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Delete a pending user's invitations tags: - Users "x-permission": operator: OR permissions: - user_access_invite /api/v2/users/{user_id}/orgs: get: description: |- Get a user organization. Returns the user information and all organizations joined by this user. operationId: ListUserOrganizations parameters: - $ref: "#/components/parameters/UserID" responses: "200": content: application/json: examples: default: value: data: attributes: email: test@example.com handle: example-handle name: Example Name status: Active id: 00000000-0000-0000-0000-000000000005 type: users included: [] schema: $ref: "#/components/schemas/UserResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a user organization tags: - Users x-codegen-request-body-name: body "x-permission": operator: OPEN permissions: [] /api/v2/users/{user_id}/permissions: get: description: |- Get a user permission set. Returns a list of the user’s permissions granted by the associated user's roles. operationId: ListUserPermissions parameters: - $ref: "#/components/parameters/UserID" responses: "200": content: application/json: examples: default: value: data: - attributes: display_name: Logs Read Data display_type: read name: logs_read_data restricted: false id: 00000000-0000-0000-0000-000000000006 type: permissions schema: $ref: "#/components/schemas/PermissionsResponse" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Authentication error "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get a user permissions tags: - Users x-codegen-request-body-name: body "x-permission": operator: OR permissions: - user_access_read /api/v2/users/{user_uuid}/memberships: get: description: Get a list of memberships for a user operationId: GetUserMemberships parameters: - description: None in: path name: user_uuid required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: role: admin id: 00000000-0000-0000-0000-000000000001 type: team_memberships schema: $ref: "#/components/schemas/UserTeamsResponse" description: Represents a user's association to a team "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: API error response. "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get user memberships tags: - Teams "x-permission": operator: OR permissions: - teams_read /api/v2/validate: get: description: Check if the API key is valid. Returns the organization UUID, API key ID, and associated scopes. operationId: Validate responses: "200": content: application/json: examples: default: value: data: attributes: api_key_id: "a1b2c3d4-e5f6-47a8-b9c0-d1e2f3a4b5c6" api_key_scopes: - "remote_config_read" valid: true id: "550e8400-e29b-41d4-a716-446655440000" type: "validate_v2" schema: $ref: "#/components/schemas/ValidateV2Response" description: OK "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] summary: Validate API key tags: - Key Management "x-permission": operator: OPEN permissions: [] x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/validate_keys: get: description: |- Check that the API key and application key used for the request are both valid. Returns `{"status": "ok"}` on success, `401` or `403` otherwise. Useful as a lightweight authentication probe before issuing other API calls that require full credentials. operationId: ValidateAPIKey responses: "200": content: application/json: examples: default: value: status: ok schema: $ref: "#/components/schemas/ValidateAPIKeyResponse" description: OK "401": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Unauthorized "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Validate API and application keys tags: - Key Management "x-permission": operator: OPEN permissions: [] /api/v2/web-integrations/{integration_name}/accounts: get: description: List accounts for a given web integration. operationId: ListWebIntegrationAccounts parameters: - description: The name of the integration (for example, `databricks`). in: path name: integration_name required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: - attributes: name: my-databricks-account settings: workspace_url: https://example.azuredatabricks.net id: abc123def456 type: Account schema: $ref: "#/components/schemas/WebIntegrationAccountsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: List web integration accounts tags: - Web Integrations "x-permission": operator: OR permissions: - integrations_read x-unstable: |- **Note**: This endpoint is for internal Datadog use only and is not part of the public API. It may change without notice. post: description: Create a new account for a given web integration. operationId: CreateWebIntegrationAccount parameters: - description: The name of the integration (for example, `databricks`). in: path name: integration_name required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: name: my-databricks-account secrets: client_secret: my-client-secret settings: workspace_url: https://example.azuredatabricks.net type: Account schema: $ref: "#/components/schemas/WebIntegrationAccountCreateRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: my-databricks-account settings: workspace_url: https://example.azuredatabricks.net id: abc123def456 type: Account schema: $ref: "#/components/schemas/WebIntegrationAccountResponse" description: CREATED "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "422": $ref: "#/components/responses/UnprocessableEntityResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Create a web integration account tags: - Web Integrations x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations x-unstable: |- **Note**: This endpoint is for internal Datadog use only and is not part of the public API. It may change without notice. /api/v2/web-integrations/{integration_name}/accounts/{account_id}: delete: description: Delete an account for a given web integration. operationId: DeleteWebIntegrationAccount parameters: - description: The name of the integration (for example, `databricks`). in: path name: integration_name required: true schema: type: string - description: The unique identifier of the web integration account. in: path name: account_id required: true schema: type: string responses: "204": description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Delete a web integration account tags: - Web Integrations "x-permission": operator: OR permissions: - manage_integrations x-unstable: |- **Note**: This endpoint is for internal Datadog use only and is not part of the public API. It may change without notice. get: description: Get a single account for a given web integration. operationId: GetWebIntegrationAccount parameters: - description: The name of the integration (for example, `databricks`). in: path name: integration_name required: true schema: type: string - description: The unique identifier of the web integration account. in: path name: account_id required: true schema: type: string responses: "200": content: application/json: examples: default: value: data: attributes: name: my-databricks-account settings: workspace_url: https://example.azuredatabricks.net id: abc123def456 type: Account schema: $ref: "#/components/schemas/WebIntegrationAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Get a web integration account tags: - Web Integrations "x-permission": operator: OR permissions: - integrations_read x-unstable: |- **Note**: This endpoint is for internal Datadog use only and is not part of the public API. It may change without notice. patch: description: Update an existing account for a given web integration. operationId: UpdateWebIntegrationAccount parameters: - description: The name of the integration (for example, `databricks`). in: path name: integration_name required: true schema: type: string - description: The unique identifier of the web integration account. in: path name: account_id required: true schema: type: string requestBody: content: application/json: examples: default: value: data: attributes: name: my-databricks-account secrets: client_secret: my-new-client-secret settings: workspace_url: https://updated.azuredatabricks.net type: Account schema: $ref: "#/components/schemas/WebIntegrationAccountUpdateRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: my-databricks-account settings: workspace_url: https://updated.azuredatabricks.net id: abc123def456 type: Account schema: $ref: "#/components/schemas/WebIntegrationAccountResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "422": $ref: "#/components/responses/UnprocessableEntityResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Update a web integration account tags: - Web Integrations x-codegen-request-body-name: body "x-permission": operator: OR permissions: - manage_integrations x-unstable: |- **Note**: This endpoint is for internal Datadog use only and is not part of the public API. It may change without notice. /api/v2/widgets/{experience_type}: get: description: |- Search and list widgets for a given experience type, with filtering, sorting, and pagination. **Response meta** carries totals scoped to the current filter: - `filtered_total` — widgets matching the filter. - `created_by_you_total` — among the matches, how many the current user created. - `favorited_by_you_total` — among the matches, how many the current user has favorited. - `created_by_anyone_total` — total widgets in the experience type, ignoring filters. Each returned widget includes `is_favorited` reflecting the current user's favorite status. Favoriting itself is performed through the shared favorites API, not this endpoint. operationId: SearchWidgets parameters: - description: The experience type for the widget. in: path name: experience_type required: true schema: $ref: "#/components/schemas/WidgetExperienceType" - description: Filter widgets by widget type. in: query name: filter[widgetType] schema: $ref: "#/components/schemas/WidgetType" - description: Filter widgets by the email handle of the creator. in: query name: filter[creatorHandle] schema: example: "john.doe@example.com" type: string - description: Filter to only widgets favorited by the current user. in: query name: filter[isFavorited] schema: type: boolean - description: Filter widgets by title (substring match). in: query name: filter[title] schema: type: string - description: Filter widgets by tags. Format as bracket-delimited CSV, e.g. `[tag1,tag2]`. in: query name: filter[tags] schema: type: string - description: |- Sort field for the results. **`title`, `created_at`, `modified_at`** — both ascending and descending are supported. Use the bare field name for ascending (e.g. `sort=title`) or prefix with `-` for descending (e.g. `sort=-modified_at`). **`is_favorited`** — returns favorites-first ordering (favorited widgets first, then the rest). Direction is fixed; the `-` prefix is ignored for this field. in: query name: sort schema: default: "-modified_at" example: "-modified_at" type: string - description: Page number for pagination (0-indexed). in: query name: page[number] schema: default: 0 minimum: 0 type: integer - description: Number of widgets per page. in: query name: page[size] schema: default: 50 maximum: 100 type: integer responses: "200": content: application/json: examples: default: value: data: [] schema: $ref: "#/components/schemas/WidgetListResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Search widgets tags: - Widgets x-permission: operator: OR permissions: - cloud_cost_management_read - generate_log_reports - manage_log_reports - product_analytics_saved_widgets_read post: description: Create a new widget for a given experience type. operationId: CreateWidget parameters: - description: The experience type for the widget. in: path name: experience_type required: true schema: $ref: "#/components/schemas/WidgetExperienceType" requestBody: content: application/json: examples: default: summary: CCM cost summary widget value: data: attributes: definition: graph_options: - type: query_value view: total - type: query_value view: change - display_type: bars type: timeseries - type: cloud_cost_table view: summary requests: - formulas: - formula: query1 queries: - data_source: cloud_cost name: query1 query: sum:aws.cost.amortized{*} by {aws_product}.rollup(sum, daily) response_format: timeseries time: type: live unit: day value: 30 title: AWS spend by service (last 30 days) type: cloud_cost_summary tags: ["finops", "aws"] type: widgets schema: $ref: "#/components/schemas/CreateOrUpdateWidgetRequest" description: |- Widget request body. The `definition` object's required fields vary by `widget.definition.type`: every type requires `requests`, and some types require additional fields (e.g. `cloud_cost_summary` requires `graph_options`, `geomap` requires `style` and `view`). The example below shows a complete `cloud_cost_summary` payload for the `ccm_reports` experience type. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" definition: title: My Widget type: bar_chart is_favorited: false modified_at: "2024-01-01T00:00:00+00:00" tags: - "team:my-team" id: abc-123 type: widgets schema: $ref: "#/components/schemas/WidgetResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Create a widget tags: - Widgets x-codegen-request-body-name: body x-permission: operator: OR permissions: - cloud_cost_management_write - generate_log_reports - manage_log_reports - product_analytics_saved_widgets_write /api/v2/widgets/{experience_type}/{uuid}: delete: description: Soft-delete a widget by its UUID for a given experience type. operationId: DeleteWidget parameters: - description: The experience type for the widget. in: path name: experience_type required: true schema: $ref: "#/components/schemas/WidgetExperienceType" - description: The UUID of the widget. in: path name: uuid required: true schema: format: uuid type: string responses: "204": description: No Content "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Delete a widget tags: - Widgets x-permission: operator: OR permissions: - cloud_cost_management_write - generate_log_reports - manage_log_reports - product_analytics_saved_widgets_write get: description: Retrieve a widget by its UUID for a given experience type. operationId: GetWidget parameters: - description: The experience type for the widget. in: path name: experience_type required: true schema: $ref: "#/components/schemas/WidgetExperienceType" - description: The UUID of the widget. in: path name: uuid required: true schema: format: uuid type: string responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" definition: title: My Widget type: bar_chart is_favorited: false modified_at: "2024-01-01T00:00:00+00:00" tags: - "team:my-team" id: abc-123 type: widgets schema: $ref: "#/components/schemas/WidgetResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a widget tags: - Widgets x-permission: operator: OR permissions: - cloud_cost_management_read - generate_log_reports - manage_log_reports - product_analytics_saved_widgets_read put: description: Update a widget by its UUID for a given experience type. This performs a full replacement of the widget definition. operationId: UpdateWidget parameters: - description: The experience type for the widget. in: path name: experience_type required: true schema: $ref: "#/components/schemas/WidgetExperienceType" - description: The UUID of the widget. in: path name: uuid required: true schema: format: uuid type: string requestBody: content: application/json: examples: default: summary: CCM cost summary widget value: data: attributes: definition: graph_options: - type: query_value view: total - type: query_value view: change - display_type: bars type: timeseries - type: cloud_cost_table view: summary requests: - formulas: - formula: query1 queries: - data_source: cloud_cost name: query1 query: sum:aws.cost.amortized{*} by {aws_product}.rollup(sum, daily) response_format: timeseries time: type: live unit: day value: 30 title: AWS spend by service (last 30 days) type: cloud_cost_summary tags: ["finops", "aws"] type: widgets schema: $ref: "#/components/schemas/CreateOrUpdateWidgetRequest" description: |- Widget request body. The `definition` object's required fields vary by `widget.definition.type`; see `CreateWidget` above for a complete worked payload. Update is a full replacement of the widget definition. required: true responses: "200": content: application/json: examples: default: value: data: attributes: created_at: "2024-01-01T00:00:00+00:00" definition: title: My Widget type: bar_chart is_favorited: false modified_at: "2024-01-01T00:00:00+00:00" tags: - "team:my-team" id: abc-123 type: widgets schema: $ref: "#/components/schemas/WidgetResponse" description: OK "400": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Bad Request "403": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/APIErrorResponse" description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] summary: Update a widget tags: - Widgets x-codegen-request-body-name: body x-permission: operator: OR permissions: - cloud_cost_management_write - generate_log_reports - manage_log_reports - product_analytics_saved_widgets_write /api/v2/workflows: post: description: Create a new workflow, returning the workflow ID. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: CreateWorkflow requestBody: content: application/json: examples: default: value: data: attributes: description: A sample workflow. name: Example Workflow published: true spec: annotations: - display: bounds: height: 150 width: 300 x: -375 y: -0.5 id: 99999999-9999-9999-9999-999999999999 markdownTextAnnotation: text: Example annotation. connectionEnvs: - connections: - connectionId: 11111111-1111-1111-1111-111111111111 label: INTEGRATION_DATADOG env: default handle: my-handle inputSchema: parameters: - defaultValue: default name: input type: STRING outputSchema: parameters: - name: output type: ARRAY_OBJECT value: "{{ Steps.Step1 }}" steps: - actionId: com.datadoghq.dd.monitor.listMonitors connectionLabel: INTEGRATION_DATADOG name: Step1 outboundEdges: - branchName: main nextStepName: Step2 parameters: - name: tags value: service:monitoring - actionId: com.datadoghq.core.noop name: Step2 triggers: - monitorTrigger: rateLimit: count: 1 interval: 3600s startStepNames: - Step1 - githubWebhookTrigger: {} startStepNames: - Step1 tags: - team:infra - service:monitoring type: workflows schema: $ref: "#/components/schemas/CreateWorkflowRequest" required: true responses: "201": content: application/json: examples: default: value: data: attributes: name: Example Workflow spec: {} id: 00000000-0000-0000-0000-000000000001 type: workflows schema: $ref: "#/components/schemas/CreateWorkflowResponse" description: Successfully created a workflow. "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: Create a Workflow tags: - Workflow Automation "x-permission": operator: OR permissions: - workflows_write /api/v2/workflows/{workflow_id}: delete: description: Delete a workflow by ID. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: DeleteWorkflow parameters: - $ref: "#/components/parameters/WorkflowId" responses: "204": description: Successfully deleted a workflow. "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: Delete an existing Workflow tags: - Workflow Automation "x-permission": operator: OR permissions: - workflows_write get: description: Get a workflow by ID. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: GetWorkflow parameters: - $ref: "#/components/parameters/WorkflowId" responses: "200": content: application/json: examples: default: value: data: attributes: createdAt: "2024-01-01T00:00:00+00:00" description: A sample workflow. name: Example Workflow published: true spec: {} tags: - team:infra updatedAt: "2024-01-01T00:00:00+00:00" id: 00000000-0000-0000-0000-000000000002 type: workflows schema: $ref: "#/components/schemas/GetWorkflowResponse" description: Successfully got a workflow. "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: Get an existing Workflow tags: - Workflow Automation "x-permission": operator: OR permissions: - workflows_read patch: description: Update a workflow by ID. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: UpdateWorkflow parameters: - $ref: "#/components/parameters/WorkflowId" requestBody: content: application/json: examples: default: value: data: attributes: description: A sample workflow. name: Example Workflow published: true spec: annotations: - display: bounds: height: 150 width: 300 x: -375 y: -0.5 id: 99999999-9999-9999-9999-999999999999 markdownTextAnnotation: text: Example annotation. connectionEnvs: - connections: - connectionId: 11111111-1111-1111-1111-111111111111 label: INTEGRATION_DATADOG env: default handle: my-handle inputSchema: parameters: - defaultValue: default name: input type: STRING outputSchema: parameters: - name: output type: ARRAY_OBJECT value: "{{ Steps.Step1 }}" steps: - actionId: com.datadoghq.dd.monitor.listMonitors connectionLabel: INTEGRATION_DATADOG name: Step1 outboundEdges: - branchName: main nextStepName: Step2 parameters: - name: tags value: service:monitoring - actionId: com.datadoghq.core.noop name: Step2 triggers: - monitorTrigger: rateLimit: count: 1 interval: 3600s startStepNames: - Step1 - githubWebhookTrigger: {} startStepNames: - Step1 tags: - team:infra - service:monitoring id: 22222222-2222-2222-2222-222222222222 type: workflows schema: $ref: "#/components/schemas/UpdateWorkflowRequest" required: true responses: "200": content: application/json: examples: default: value: data: attributes: name: Example Workflow id: 00000000-0000-0000-0000-000000000003 type: workflows schema: $ref: "#/components/schemas/UpdateWorkflowResponse" description: Successfully updated a workflow. "400": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Bad request "403": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Forbidden "404": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Not found "429": content: application/json: schema: $ref: "#/components/schemas/JSONAPIErrorResponse" description: Too many requests summary: Update an existing Workflow tags: - Workflow Automation "x-permission": operator: OR permissions: - workflows_write /api/v2/workflows/{workflow_id}/instances: get: description: List all instances of a given workflow. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: ListWorkflowInstances parameters: - $ref: "#/components/parameters/WorkflowId" - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" responses: "200": content: application/json: examples: default: value: data: - id: 00000000-0000-0000-0000-000000000004 meta: page: totalCount: 1 schema: $ref: "#/components/schemas/WorkflowListInstancesResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - workflows_read summary: List workflow instances tags: - Workflow Automation "x-permission": operator: OR permissions: - workflows_read post: description: Execute the given workflow. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: CreateWorkflowInstance parameters: - $ref: "#/components/parameters/WorkflowId" requestBody: content: application/json: examples: default: value: meta: payload: input: value schema: $ref: "#/components/schemas/WorkflowInstanceCreateRequest" required: true responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000005 schema: $ref: "#/components/schemas/WorkflowInstanceCreateResponse" description: Created "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - workflows_run summary: Execute a workflow tags: - Workflow Automation x-codegen-request-body-name: body "x-permission": operator: OR permissions: - workflows_run /api/v2/workflows/{workflow_id}/instances/{instance_id}: get: description: Get a specific execution of a given workflow. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: GetWorkflowInstance parameters: - $ref: "#/components/parameters/WorkflowId" - $ref: "#/components/parameters/InstanceId" responses: "200": content: application/json: examples: default: value: data: attributes: id: 00000000-0000-0000-0000-000000000006 schema: $ref: "#/components/schemas/WorklflowGetInstanceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - workflows_read summary: Get a workflow instance tags: - Workflow Automation "x-permission": operator: OR permissions: - workflows_read /api/v2/workflows/{workflow_id}/instances/{instance_id}/cancel: put: description: Cancels a specific execution of a given workflow. This API requires a [registered application key](https://docs.datadoghq.com/api/latest/action-connection/#register-a-new-app-key). Alternatively, you can configure these permissions [in the UI](https://docs.datadoghq.com/account_management/api-app-keys/#actions-api-access). operationId: CancelWorkflowInstance parameters: - $ref: "#/components/parameters/WorkflowId" - $ref: "#/components/parameters/InstanceId" responses: "200": content: application/json: examples: default: value: data: id: 00000000-0000-0000-0000-000000000007 schema: $ref: "#/components/schemas/WorklflowCancelInstanceResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" "403": $ref: "#/components/responses/ForbiddenResponse" "404": $ref: "#/components/responses/NotFoundResponse" "429": $ref: "#/components/responses/TooManyRequestsResponse" summary: Cancel a workflow instance tags: - Workflow Automation "x-permission": operator: OR permissions: - workflows_run security: - apiKeyAuth: [] appKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for Datadog customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - ap1.datadoghq.com - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com - us2.ddog-gov.com subdomain: default: api description: The subdomain where the API is deployed. - url: "{protocol}://{name}" variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. tags: - description: |- Configure your API endpoints through the Datadog API. name: API Management - description: Observe, troubleshoot, and improve cloud-scale applications with all telemetry in context name: APM - description: |- Manage configuration of [APM retention filters](https://app.datadoghq.com/apm/traces/retention-filters) for your organization. You need an API and application key with Admin rights to interact with this endpoint. See [retention filters](https://docs.datadoghq.com/tracing/trace_pipeline/trace_retention/#retention-filters) on the Trace Retention page for more information. externalDocs: description: Find out more at url: https://docs.datadoghq.com/tracing/trace_pipeline/trace_retention/ name: APM Retention Filters - description: |- Configure your Datadog-AWS integration directly through the Datadog API. For more information, see the [AWS integration page](https://docs.datadoghq.com/integrations/amazon_web_services). name: AWS Integration - description: |- Configure your Datadog-AWS-Logs integration directly through Datadog API. For more information, see the [AWS integration page](https://docs.datadoghq.com/integrations/amazon_web_services/#log-collection). externalDocs: url: https://docs.datadoghq.com/integrations/amazon_web_services/#log-collection name: AWS Logs Integration - description: |- Action connections extend your installed integrations and allow you to take action in your third-party systems (e.g. AWS, GitLab, and Statuspage) with Datadog’s Workflow Automation and App Builder products. Datadog’s Integrations automatically provide authentication for Slack, Microsoft Teams, PagerDuty, Opsgenie, JIRA, GitHub, and Statuspage. You do not need additional connections in order to access these tools within Workflow Automation and App Builder. We offer granular access control for editing and resolving connections. externalDocs: description: Find out more at url: https://docs.datadoghq.com/service_management/workflows/connections/ name: Action Connection - description: |- Leverage the Actions Datastore API to create, modify, and delete items in datastores owned by your organization. externalDocs: url: https://docs.datadoghq.com/actions/datastore name: Actions Datastores - description: |- Datadog Agentless Scanning provides visibility into risks and vulnerabilities within your hosts, running containers, and serverless functions—all without requiring teams to install Agents on every host or where Agents cannot be installed. Agentless offers also Sensitive Data Scanning capabilities on your storage. Go to https://www.datadoghq.com/blog/agentless-scanning/ to learn more. name: "Agentless Scanning" - description: |- Datadog App Builder provides a low-code solution to rapidly develop and integrate secure, customized applications into your monitoring stack that are built to accelerate remediation at scale. These API endpoints allow you to create, read, update, delete, and publish apps. name: App Builder - description: |- [Datadog Application Security](https://docs.datadoghq.com/security/application_security/) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate. externalDocs: description: Find out more at url: https://docs.datadoghq.com/security/application_security/ name: "Application Security" - description: |- Search your Audit Logs events over HTTP. name: Audit - description: |- [The AuthN Mappings API](https://docs.datadoghq.com/account_management/authn_mapping/?tab=example) is used to automatically map groups of users to roles in Datadog using attributes sent from Identity Providers. Use these endpoints to manage your AuthN Mappings. name: AuthN Mappings - description: |- Use the Bits AI endpoints to retrieve AI-powered investigations. name: Bits AI - description: |- Search or aggregate your CI Visibility pipeline events and send them to your Datadog site over HTTP. See the [CI Pipeline Visibility in Datadog page](https://docs.datadoghq.com/continuous_integration/pipelines/) for more information. name: CI Visibility Pipelines - description: |- Search or aggregate your CI Visibility test events over HTTP. See the [Test Visibility in Datadog page](https://docs.datadoghq.com/tests/) for more information. name: CI Visibility Tests - description: |- Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Go to https://docs.datadoghq.com/security/cloud_security_management to learn more name: "CSM Agents" - description: |- Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Go to https://docs.datadoghq.com/security/cloud_security_management to learn more. name: "CSM Coverage Analysis" - description: |- Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Workload Protection](https://docs.datadoghq.com/security/workload_protection/) for more information on setting up Workload Protection. **Note**: These endpoints are split based on whether you are using the US1-FED site or not. Please reference the specific resource for the site you are using. name: "CSM Threats" - description: View and manage cases and projects within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information. name: Case Management - description: >- View and configure custom attributes within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information. name: Case Management Attribute - description: >- View and configure case types within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information. name: Case Management Type - description: >- View and manage change requests within Change Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information. name: Change Management - description: |- Configure AWS cloud authentication mappings for persona and intake authentication through the Datadog API. name: Cloud Authentication - description: |- The Cloud Cost Management API allows you to set up, edit, and delete Cloud Cost Management accounts for AWS, Azure, and Google Cloud. You can query your cost data by using the [Metrics endpoint](https://docs.datadoghq.com/api/latest/metrics/#query-timeseries-data-across-multiple-products) and the `cloud_cost` data source. For more information, see the [Cloud Cost Management documentation](https://docs.datadoghq.com/cloud_cost_management/). name: Cloud Cost Management - description: |- The Cloud Network Monitoring API allows you to fetch aggregated connections and DNS traffic with their attributes. See the [Cloud Network Monitoring page](https://docs.datadoghq.com/network_monitoring/cloud_network_monitoring/) and [DNS Monitoring page](https://docs.datadoghq.com/network_monitoring/dns/) for more information. name: Cloud Network Monitoring - description: |- Manage your Datadog Cloudflare integration directly through the Datadog API. See the [Cloudflare integration page](https://docs.datadoghq.com/integrations/cloudflare/) for more information. name: Cloudflare Integration - description: |- Retrieve and analyze code coverage data from Code Coverage. See the [Code Coverage page](https://docs.datadoghq.com/code_coverage/) for more information. name: Code Coverage - description: |- Manage your Datadog Confluent Cloud integration accounts and account resources directly through the Datadog API. See the [Confluent Cloud page](https://docs.datadoghq.com/integrations/confluent_cloud/) for more information. name: Confluent Cloud - description: |- The Container Images API allows you to query Container Image data for your organization. See the [Container Images View page](https://docs.datadoghq.com/infrastructure/containers/container_images/) for more information. name: Container Images - description: |- The Containers API allows you to query container data for your organization. See the [Container Monitoring page](https://docs.datadoghq.com/containers/) for more information. name: Containers - description: |- Search, send, or delete events for DORA Metrics to measure and improve your software delivery performance. See the [DORA Metrics page](https://docs.datadoghq.com/dora_metrics/) for more information. **Note**: DORA Metrics are not available in the US1-FED site. name: DORA Metrics - description: |- Interact with your dashboard lists through the API to organize, find, and share all of your dashboards with your team and organization. name: Dashboard Lists - description: |- Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions for authentication, enabling customers to embed dashboards in their own applications with server-side auth control. Unlike public dashboards (open URL) or invite dashboards (email-based access), secure embeds provide programmatic access control. **Requirements:** - **Embed** sharing must be enabled under **Organization Settings** > **Public Sharing** > **Shared Dashboards**. - You need [an API key and an application key](https://docs.datadoghq.com/account_management/api-app-keys/) to interact with these endpoints. name: Dashboard Secure Embed - description: |- The Data Deletion API allows the user to target and delete data from the allowed products. It's currently enabled for Logs and RUM and depends on `logs_delete_data` and `rum_delete_data` permissions respectively. name: Data Deletion - description: |- Data Access Controls in Datadog is a feature that allows administrators and access managers to regulate access to sensitive data. By defining Restricted Datasets, you can ensure that only specific teams or roles can view certain types of telemetry (for example, logs, traces, metrics, and RUM data). name: Datasets - description: |- Manage Deployment Gates using this API to reduce the likelihood and impact of incidents caused by deployments. See the [Deployment Gates documentation](https://docs.datadoghq.com/deployment_gates/) for more information. name: Deployment Gates - description: |- Configure your Datadog Email Domain Allowlist directly through the Datadog API. The Email Domain Allowlist controls the domains that certain datadog emails can be sent to. For more information, see the [Domain Allowlist docs page](https://docs.datadoghq.com/account_management/org_settings/domain_allowlist) name: Domain Allowlist - description: |- **Note**: Downtime V2 is currently in private beta. To request access, contact [Datadog support](https://docs.datadoghq.com/help/). [Downtiming](https://docs.datadoghq.com/monitors/notify/downtimes) gives you greater control over monitor notifications by allowing you to globally exclude scopes from alerting. Downtime settings, which can be scheduled with start and end times, prevent all alerting related to specified Datadog tags. name: Downtimes - description: Endpoints for receiving email transport webhook events for audit trail processing. name: Email Transport - description: Retrieves security risk scores for entities in your organization. name: Entity Risk Scores - description: View and manage issues within Error Tracking. See the [Error Tracking page](https://docs.datadoghq.com/error_tracking/) for more information. name: Error Tracking - description: |- The Event Management API allows you to programmatically post events to the Events Explorer and fetch events from the Events Explorer. See the [Event Management page](https://docs.datadoghq.com/service_management/events/) for more information. **Update to Datadog monitor events `aggregation_key` starting March 1, 2025:** The Datadog monitor events `aggregation_key` is unique to each Monitor ID. Starting March 1st, this key will also include Monitor Group, making it unique per *Monitor ID and Monitor Group*. If you're using monitor events `aggregation_key` in dashboard queries or the Event API, you must migrate to use `@monitor.id`. Reach out to [support](https://www.datadoghq.com/support/) if you have any question. name: Events - description: |- Manage your Datadog Fastly integration accounts and services directly through the Datadog API. See the [Fastly integration page](https://docs.datadoghq.com/integrations/fastly/) for more information. name: Fastly Integration - description: Manage feature flags and environments. name: Feature Flags - description: |- Manage automated deployments across your fleet of hosts. Fleet Automation provides two types of deployments: Configuration Deployments (`/configure`): - Apply configuration file changes to target hosts - Support merge-patch operations to update specific configuration fields - Support delete operations to remove configuration files - Useful for updating Datadog Agent settings, integration configs, and more Package Upgrade Deployments (`/upgrade`): - Upgrade the Datadog Agent to specific versions name: Fleet Automation - description: |- Configure your Datadog-Google Cloud Platform (GCP) integration directly through the Datadog API. Read more about the [Datadog-Google Cloud Platform integration](https://docs.datadoghq.com/integrations/google_cloud_platform). externalDocs: url: https://docs.datadoghq.com/integrations/google_cloud_platform name: GCP Integration - description: |- Configure your [Datadog Google Chat integration](https://docs.datadoghq.com/integrations/google-hangouts-chat/) directly through the Datadog API. externalDocs: description: For more information about the Datadog Google Chat integration, see the integration page. url: https://docs.datadoghq.com/integrations/google-hangouts-chat/ name: Google Chat Integration - description: |- Configure High Availability Multi-Region (HAMR) connections between Datadog organizations. HAMR provides disaster recovery capabilities by maintaining synchronized data between primary and secondary organizations across different datacenters. name: High Availability MultiRegion - description: |- The IP allowlist API is used to manage the IP addresses that can access the Datadog API and web UI. It does not block access to intake APIs or public dashboards. This is an enterprise-only feature. Request access by contacting Datadog support, or see the [IP Allowlist page](https://docs.datadoghq.com/account_management/org_settings/ip_allowlist/) for more information. name: IP Allowlist - description: Create, update, delete, and retrieve services which can be associated with incidents. See the [Incident Management page](https://docs.datadoghq.com/service_management/incident_management/) for more information. name: Incident Services - description: Manage incident response, as well as associated attachments, metadata, and todos. See the [Incident Management page](https://docs.datadoghq.com/service_management/incident_management/) for more information. name: Incidents - description: |- The Integrations API is used to list available integrations and retrieve information about their installation status. name: Integrations - description: Manage your Jira Integration. Atlassian Jira is a project management and issue tracking tool for teams to coordinate work and handle tasks efficiently. name: Jira Integration - description: |- Manage your Datadog API and application keys. You need an API key and an application key for a user with the required permissions to interact with these endpoints. Consult the following pages to view and manage your keys: - [API Keys](https://app.datadoghq.com/organization-settings/api-keys) - [Application Keys](https://app.datadoghq.com/personal-settings/application-keys) externalDocs: description: Find out more at url: "https://docs.datadoghq.com/account_management/api-app-keys/" name: Key Management - description: Manage LLM Observability projects, datasets, dataset records, experiments, and annotations. name: LLM Observability - description: |- Search your logs and send them to your Datadog platform over HTTP. See the [Log Management page](https://docs.datadoghq.com/logs/) for more information. name: Logs - description: |- Archives forward all the logs ingested to a cloud storage system. See the [Archives Page](https://app.datadoghq.com/logs/pipelines/archives) for a list of the archives currently configured in Datadog. externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/archives/ name: Logs Archives - description: |- Custom Destinations forward all the logs ingested to an external destination. **Note**: Log forwarding is not available for the Government (US1-FED) site. Contact your account representative for more information. See the [Custom Destinations Page](https://app.datadoghq.com/logs/pipelines/log-forwarding/custom-destinations) for a list of the custom destinations currently configured in web UI. externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/log_configuration/forwarding_custom_destinations/ name: Logs Custom Destinations - description: |- Manage configuration of [log-based metrics](https://app.datadoghq.com/logs/pipelines/generate-metrics) for your organization. externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/logs_to_metrics/ name: Logs Metrics - description: |- **Note: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).** A Restriction Query is a logs query that restricts which logs the `logs_read_data` permission grants read access to. For users whose roles have Restriction Queries, any log query they make only returns those log events that also match one of their Restriction Queries. This is true whether the user queries log events from any log-related feature, including the log explorer, Live Tail, re-hydration, or a dashboard widget. Restriction Queries currently only support use of the following components of log events: - Reserved attributes - The log message - Tags To restrict read access on log data, add a team tag to log events to indicate which teams own them, and then scope Restriction Queries to the relevant values of the team tag. Tags can be applied to log events in many ways, and a log event can have multiple tags with the same key (like team) and different values. This means the same log event can be visible to roles whose restriction queries are scoped to different team values. See [How to Set Up RBAC for Logs](https://docs.datadoghq.com/logs/guide/logs-rbac/?tab=api#restrict-access-to-logs) for details on how to add restriction queries. name: Logs Restriction Queries - description: |- The metrics endpoint allows you to: - Post metrics data so it can be graphed on Datadog’s dashboards - Query metrics from any time period (timeseries and scalar) - Modify tag configurations for metrics - View tags and volumes for metrics **Note**: A graph can only contain a set number of points and as the timeframe over which a metric is viewed increases, aggregation between points occurs to stay below that set number. The Post, Patch, and Delete `manage_tags` API methods can only be performed by a user who has the `Manage Tags for Metrics` permission. See the [Metrics page](https://docs.datadoghq.com/metrics/) for more information. name: Metrics - description: |- Configure your [Datadog Microsoft Teams integration](https://docs.datadoghq.com/integrations/microsoft_teams/) directly through the Datadog API. Note: These endpoints do not support legacy connector handles. externalDocs: description: For more information about the Datadog Microsoft Teams integration, see the integration page. url: https://docs.datadoghq.com/integrations/microsoft_teams/ name: Microsoft Teams Integration - description: |- [Monitors](https://docs.datadoghq.com/monitors) allow you to watch a metric or check that you care about and notifies your team when a defined threshold has exceeded. For more information, see [Creating Monitors](https://docs.datadoghq.com/monitors/create/types/) and [Tag Policies](https://docs.datadoghq.com/monitors/settings/). externalDocs: description: Find out more at url: https://docs.datadoghq.com/monitors/create/types/ name: Monitors - description: |- The Network Device Monitoring API allows you to fetch devices and interfaces and their attributes. See the [Network Device Monitoring page](https://docs.datadoghq.com/network_monitoring/) for more information. name: Network Device Monitoring - description: Auto-generated tag OCI Integration name: OCI Integration - description: |- Observability Pipelines allows you to collect and process logs within your own infrastructure, and then route them to downstream integrations. externalDocs: description: Find out more at url: https://docs.datadoghq.com/observability_pipelines/ name: Observability Pipelines - description: |- Configure your [Datadog Okta integration](https://docs.datadoghq.com/integrations/okta/) directly through the Datadog API. name: Okta Integration - description: |- Configure your [Datadog On-Call](https://docs.datadoghq.com/service_management/on-call/) directly through the Datadog API. externalDocs: url: https://docs.datadoghq.com/service_management/on-call/ name: On-Call - description: |- Trigger and manage [Datadog On-Call](https://docs.datadoghq.com/service_management/on-call/) pages directly through the Datadog API. externalDocs: url: https://docs.datadoghq.com/service_management/on-call/ name: On-Call Paging - description: |- Configure your [Datadog Opsgenie integration](https://docs.datadoghq.com/integrations/opsgenie/) directly through the Datadog API. externalDocs: url: https://docs.datadoghq.com/api/latest/opsgenie-integration name: Opsgenie Integration - description: |- Manage connections between organizations. Org connections allow for controlled sharing of data between different Datadog organizations. See the [Cross-Organization Visibiltiy](https://docs.datadoghq.com/account_management/org_settings/cross_org_visibility/) page for more information. name: Org Connections - description: >- Manage organization groups, memberships, policies, policy overrides, and policy configurations. name: Org Groups - description: Create, edit, and manage your organizations. Read more about [multi-org accounts](https://docs.datadoghq.com/account_management/multi_organization). externalDocs: description: Find out more at url: "https://docs.datadoghq.com/account_management/multi_organization" name: Organizations - description: |- The Powerpack endpoints allow you to: - Get a Powerpack - Create a Powerpack - Delete a Powerpack - Get a list of all Powerpacks The Patch and Delete API methods can only be performed on a Powerpack by a user who has the powerpack create permission for that specific Powerpack. Read [Scale Graphing Expertise with Powerpacks](https://docs.datadoghq.com/dashboards/guide/powerpacks-best-practices/) for more information. name: Powerpack - description: |- The processes API allows you to query processes data for your organization. See the [Live Processes page](https://docs.datadoghq.com/infrastructure/process/) for more information. name: Processes - description: |- Send server-side events to Product Analytics. Server-Side Events Ingestion allows you to collect custom events from any server-side source, and retains events for 15 months. Server-side events are helpful for understanding causes of a funnel drop-off which are external to the client-side (for example, payment processing error). **Note**: Sending server-side events impacts billing. Review the [pricing page](https://www.datadoghq.com/pricing/?product=product-analytics#products) and contact your Customer Success Manager for more information. name: Product Analytics - description: |- Manage your Real User Monitoring (RUM) applications, and search or aggregate your RUM events over HTTP. See the [RUM & Session Replay page](https://docs.datadoghq.com/real_user_monitoring/) for more information name: RUM - description: View and manage Reference Tables in your organization. name: Reference Tables - description: |- A restriction policy defines the access control rules for a resource, mapping a set of relations (such as editor and viewer) to a set of allowed principals (such as roles, teams, or users). The restriction policy determines who is authorized to perform what actions on the resource. name: Restriction Policies - description: |- The Roles API is used to create and manage Datadog roles, what [global permissions](https://docs.datadoghq.com/account_management/rbac/) they grant, and which users belong to them. Permissions related to specific account assets can be granted to roles in the Datadog application without using this API. For example, granting read access on a specific log index to a role can be done in Datadog from the [Pipelines page](https://app.datadoghq.com/logs/pipelines). Roles can also be managed in bulk through the Datadog UI, which provides the capability to assign a single permission to multiple roles simultaneously. name: Roles - description: Auto-generated tag Rum Audience Management name: Rum Audience Management - description: |- Manage configuration of [rum-based metrics](https://app.datadoghq.com/rum/generate-metrics) for your organization. externalDocs: description: Find out more at url: https://docs.datadoghq.com/real_user_monitoring/platform/generate_metrics/ name: Rum Metrics - description: Manage heatmap snapshots for RUM replay sessions. Create, update, delete, and retrieve snapshots to visualize user interactions on specific views. name: Rum Replay Heatmaps - description: Create and manage playlists of RUM replay sessions. Organize, categorize, and share collections of replay sessions for analysis and collaboration. name: Rum Replay Playlists - description: Retrieve segments for RUM replay sessions. Access session replay data stored in event platform or blob storage. name: Rum Replay Sessions - description: Track and manage RUM replay session viewership. Monitor who watches replay sessions and maintain watch history for audit and analytics purposes. name: Rum Replay Viewership - description: |- Manage retention filters through [Manage Applications](https://app.datadoghq.com/rum/list) of RUM for your organization. name: Rum Retention Filters - description: |- API to create and update scorecard rules and outcomes. See [Scorecards](https://docs.datadoghq.com/service_catalog/scorecards) for more information. name: Scorecards - description: |- The seats API allows you to view, assign, and unassign seats for your organization. name: Seats - description: |- Create and manage your security rules, signals, filters, and more. See the [Datadog Security page](https://docs.datadoghq.com/security/) for more information. name: "Security Monitoring" - description: Create, update, delete, and retrieve sensitive data scanner groups and rules. See the [Sensitive Data Scanner page](https://docs.datadoghq.com/sensitive_data_scanner/) for more information. name: Sensitive Data Scanner - description: Create, edit, and disable service accounts. See the [Service Accounts page](https://docs.datadoghq.com/account_management/org_settings/service_accounts/) for more information. name: Service Accounts - description: |- API to create, update, retrieve and delete service definitions. Note: Service Catalog [v3.0 schema](https://docs.datadoghq.com/service_catalog/service_definitions/v3-0/) has new API endpoints documented under [Software Catalog](https://docs.datadoghq.com/api/latest/software-catalog/). Use the following Service Definition endpoints for v2.2 and earlier. externalDocs: url: https://docs.datadoghq.com/tracing/service_catalog/ name: Service Definition - description: |- [Service Level Objectives](https://docs.datadoghq.com/monitors/service_level_objectives/#configuration) (SLOs) are a key part of the site reliability engineering toolkit. SLOs provide a framework for defining clear targets around application performance, which ultimately help teams provide a consistent customer experience, balance feature development with platform stability, and improve communication with internal and external users. name: Service Level Objectives - description: Manage your ServiceNow Integration. ServiceNow is a cloud-based platform that helps organizations manage digital workflows for enterprise operations. name: ServiceNow Integration - description: |- API to create, update, retrieve, and delete Software Catalog entities. externalDocs: url: https://docs.datadoghq.com/service_catalog/service_definitions#metadata-schema-v30-beta name: Software Catalog - description: SPA (Spark Pod Autosizing) API. Provides resource recommendations and cost insights to help optimize Spark job configurations. name: Spa - description: |- Search and aggregate your spans from your Datadog platform over HTTP. name: Spans - description: |- Manage configuration of [span-based metrics](https://app.datadoghq.com/apm/traces/generate-metrics) for your organization. See [Generate Metrics from Spans](https://docs.datadoghq.com/tracing/trace_pipeline/generate_metrics/) for more information. externalDocs: description: Find out more at url: https://docs.datadoghq.com/tracing/metrics/metrics_namespace/ name: Spans Metrics - description: API for static analysis name: Static Analysis - description: Manage your status pages and communicate service disruptions to stakeholders via Datadog's API. See the [Status Pages documentation](https://docs.datadoghq.com/incident_response/status_pages/) for more information. name: Status Pages - description: |- Enable Storage Management for S3 buckets, GCS buckets, and Azure containers. Each configuration registers the destination that holds inventory reports for the storage being monitored. name: Storage Management - description: |- Synthetic tests use simulated requests and actions so you can monitor the availability and performance of systems and applications. Datadog supports the following types of synthetic tests: - [API tests](https://docs.datadoghq.com/synthetics/api_tests/) - [Browser tests](https://docs.datadoghq.com/synthetics/browser_tests) - [Network Path tests](https://docs.datadoghq.com/synthetics/network_path_tests/) - [Mobile Application tests](https://docs.datadoghq.com/synthetics/mobile_app_testing) You can use the Datadog API to create, manage, and organize tests and test suites programmatically. For more information, see the [Synthetic Monitoring documentation](https://docs.datadoghq.com/synthetics/). name: Synthetics - description: View and manage teams within Datadog. See the [Teams page](https://docs.datadoghq.com/account_management/teams/) for more information. name: Teams - description: |- Search and manage flaky tests through Test Optimization. See the [Test Optimization page](https://docs.datadoghq.com/tests/) for more information. name: Test Optimization - description: |- The usage metering API allows you to get hourly, daily, and monthly usage across multiple facets of Datadog. This API is available to all Pro and Enterprise customers. **Note**: Usage data is delayed by up to 72 hours from when it was incurred. It is retained for 15 months. You can retrieve up to 24 hours of hourly usage data for multiple organizations, and up to two months of hourly usage data for a single organization in one request. Learn more on the [usage details documentation](https://docs.datadoghq.com/account_management/billing/usage_details/). externalDocs: description: Find out more at url: "https://docs.datadoghq.com/account_management/billing/usage_details/" name: Usage Metering - description: Create, edit, and disable users. externalDocs: url: https://docs.datadoghq.com/account_management/users name: Users - description: |- Manage web integration accounts programmatically through the Datadog API. See the [Web Integrations page](https://app.datadoghq.com/integrations) for more information. name: Web Integrations - description: |- Create, read, update, and delete saved widgets. Widgets are reusable visualization components stored independently from any dashboard or notebook, partitioned by experience type and identified by a UUID. name: Widgets - description: |- Datadog Workflow Automation allows you to automate your end-to-end processes by connecting Datadog with the rest of your tech stack. Build workflows to auto-remediate your alerts, streamline your incident and security processes, and reduce manual toil. Workflow Automation supports over 1,000+ OOTB actions, including AWS, JIRA, ServiceNow, GitHub, and OpenAI. Learn more in our Workflow Automation docs [here](https://docs.datadoghq.com/service_management/workflows/). externalDocs: description: Find out more at url: "https://docs.datadoghq.com/service_management/workflows/" name: Workflow Automation x-group-parameters: true