Skip to main content
POST
/
api
/
v1
/
ssf-receiver-streams
Create
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.SSFReceiverStream.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.SSFReceiverStreamServiceCreateResponse != nil {
        // handle response
    }
}
{
  "pushAuthTokenPlaintext": "<string>",
  "ssfReceiverStream": {
    "createdAt": "2023-11-07T05:31:56Z",
    "deletedAt": "2023-11-07T05:31:56Z",
    "description": "<string>",
    "displayName": "<string>",
    "enabled": true,
    "eventTypesEnabled": [
      "<string>"
    ],
    "expectedAudience": "<string>",
    "id": "<string>",
    "issuerUrl": "<string>",
    "jwksUrl": "<string>",
    "lastErrorAt": "2023-11-07T05:31:56Z",
    "lastErrorMessage": "<string>",
    "lastVerifiedAt": "2023-11-07T05:31:56Z",
    "outboundAuthBearer": {
      "token": "<string>"
    },
    "outboundAuthOauth2": {
      "clientId": "<string>",
      "clientSecret": "<string>",
      "scopes": [
        "<string>"
      ],
      "tokenUrl": "<string>"
    },
    "pollEndpointUrl": "<string>",
    "pollInterval": "<string>",
    "pushAuthToken": "<string>",
    "pushEndpointUrl": "<string>",
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

SSFReceiverStreamServiceCreateRequest contains the configuration for a new SSF receiver stream.

displayName
string | null
required

Human-readable name for the stream.

issuerUrl
string | null
required

The issuer URL of the upstream SSF transmitter, used for token validation.

accountDisabledAction
enum<string> | null

Action to take when an account-disabled event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY
credentialChangeAction
enum<string> | null

Action to take when a credential-change event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY
credentialCompromiseAction
enum<string> | null

Action to take when a credential-compromise event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY
deliveryMethod
enum<string> | null

Controls whether events are received via push or poll delivery.

Available options:
SSF_DELIVERY_METHOD_UNSPECIFIED,
SSF_DELIVERY_METHOD_PUSH,
SSF_DELIVERY_METHOD_POLL
description
string | null

Optional description of the stream's purpose or source.

enabled
boolean | null

Controls whether the stream starts processing events immediately after creation.

expectedAudience
string | null

Expected audience claim in incoming SETs. If set, SETs with a different audience are rejected.

jwksUrl
string | null

URL to fetch the transmitter's JSON Web Key Set for SET signature verification.

pollEndpointUrl
string | null

URL of the transmitter's poll endpoint. Required when delivery_method is POLL.

pollInterval
string<duration> | null
sessionRevokedAction
enum<string> | null

Per-event-type action configuration. Action to take when a session-revoked event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY

Response

200 - application/json

SSFReceiverStreamServiceCreateResponse returns the created stream and the push auth token in plaintext.

SSFReceiverStreamServiceCreateResponse returns the created stream and the push auth token in plaintext.

pushAuthTokenPlaintext
string | null

Push auth token returned in plaintext ONLY on create.

ssfReceiverStream
Ssf Receiver Stream · object

SSFReceiverStream is the public API representation. Secrets (push_auth_token, outbound credentials) are write-only.

This message contains a oneof named outbound_auth. Only a single field of the following list may be set at a time:

  • outboundAuthBearer
  • outboundAuthOauth2