Skip to main content
POST
/
api
/
v1
/
ssf-receiver-streams
Create
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.SSFReceiverStream.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.SSFReceiverStreamServiceCreateResponse != nil {
        // handle response
    }
}
{
  "pushAuthTokenPlaintext": "<string>",
  "ssfReceiverStream": {
    "accountDisabledAction": "SSF_REVOCATION_ACTION_UNSPECIFIED",
    "createdAt": "2023-11-07T05:31:56Z",
    "credentialChangeAction": "SSF_REVOCATION_ACTION_UNSPECIFIED",
    "credentialCompromiseAction": "SSF_REVOCATION_ACTION_UNSPECIFIED",
    "deletedAt": "2023-11-07T05:31:56Z",
    "deliveryMethod": "SSF_DELIVERY_METHOD_UNSPECIFIED",
    "description": "<string>",
    "displayName": "<string>",
    "enabled": true,
    "eventTypesEnabled": [
      "<string>"
    ],
    "expectedAudience": "<string>",
    "id": "<string>",
    "issuerUrl": "<string>",
    "jwksUrl": "<string>",
    "lastErrorAt": "2023-11-07T05:31:56Z",
    "lastErrorMessage": "<string>",
    "lastVerifiedAt": "2023-11-07T05:31:56Z",
    "outboundAuthBearer": {
      "token": "<string>"
    },
    "outboundAuthOauth2": {
      "clientId": "<string>",
      "clientSecret": "<string>",
      "scopes": [
        "<string>"
      ],
      "tokenUrl": "<string>"
    },
    "pollEndpointUrl": "<string>",
    "pollInterval": "<string>",
    "pushAuthToken": "<string>",
    "pushEndpointUrl": "<string>",
    "sessionRevokedAction": "SSF_REVOCATION_ACTION_UNSPECIFIED",
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}

Documentation Index

Fetch the complete documentation index at: https://conductorone-ian-account-to-user-pipeline.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

SSFReceiverStreamServiceCreateRequest contains the configuration for a new SSF receiver stream.

displayName
string
required

Human-readable name for the stream.

issuerUrl
string
required

The issuer URL of the upstream SSF transmitter, used for token validation.

accountDisabledAction
enum<string>

Action to take when an account-disabled event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY
credentialChangeAction
enum<string>

Action to take when a credential-change event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY
credentialCompromiseAction
enum<string>

Action to take when a credential-compromise event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY
deliveryMethod
enum<string>

Controls whether events are received via push or poll delivery.

Available options:
SSF_DELIVERY_METHOD_UNSPECIFIED,
SSF_DELIVERY_METHOD_PUSH,
SSF_DELIVERY_METHOD_POLL
description
string

Optional description of the stream's purpose or source.

enabled
boolean

Controls whether the stream starts processing events immediately after creation.

expectedAudience
string

Expected audience claim in incoming SETs. If set, SETs with a different audience are rejected.

jwksUrl
string

URL to fetch the transmitter's JSON Web Key Set for SET signature verification.

pollEndpointUrl
string

URL of the transmitter's poll endpoint. Required when delivery_method is POLL.

pollInterval
string<duration>
sessionRevokedAction
enum<string>

Per-event-type action configuration. Action to take when a session-revoked event is received.

Available options:
SSF_REVOCATION_ACTION_UNSPECIFIED,
SSF_REVOCATION_ACTION_REVOKE_ALL,
SSF_REVOCATION_ACTION_LOG_ONLY

Response

200 - application/json

SSFReceiverStreamServiceCreateResponse returns the created stream and the push auth token in plaintext.

SSFReceiverStreamServiceCreateResponse returns the created stream and the push auth token in plaintext.

pushAuthTokenPlaintext
string

Push auth token returned in plaintext ONLY on create.

ssfReceiverStream
Ssf Receiver Stream · object

SSFReceiverStream is the public API representation. Secrets (push_auth_token, outbound credentials) are write-only.

This message contains a oneof named outbound_auth. Only a single field of the following list may be set at a time:

  • outboundAuthBearer
  • outboundAuthOauth2