POST /v1/config/log-sources

Adds a new log source to the current project. Credentials are encrypted at rest.

Authentication

API key with config:write permission. Project-scoped or tenant-scoped (with X-Project-Id).

Endpoint

POST /v1/config/log-sources

Request body

Field	Type	Required	Notes
`type`	enum	✓	One of `cloudwatch`, `datadog`, `loki`, `splunk`, `elastic`, `gcp_logging`
`name`	`string` (1–255 chars)	✓	Human-readable label, e.g. `prod-cloudwatch`
`credentials`	`object<string,string>`	✓	Platform-specific credential keys (see below)
`sources`	`string[]` (≥ 1)	✓	Log groups, indexes, indices, or label selectors to query

Credentials by type

Type	Required keys	Optional keys
`cloudwatch`	`accessKeyId`, `secretAccessKey`	`sessionToken`
`datadog`	`apiKey`, `appKey`	—
`loki`	`host`	`apiKey`, `orgId`
`splunk`	`host`, `token`	—
`elastic`	`host`, plus `username`+`password` or `apiKey`	—
`gcp_logging`	`serviceAccountJson`	—

For platform-specific guidance on how to issue these credentials, see the per-platform setup guides.

{
  "type": "cloudwatch",
  "name": "prod-cloudwatch",
  "credentials": {
    "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
    "secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
  },
  "sources": [
    "/aws/lambda/checkout-api",
    "/aws/lambda/billing-worker"
  ]
}

Response

201 Created

{
  "success": true,
  "data": {
    "id": "ls_a1b2c3d4-...",
    "tenantId": "tnt_x1y2...",
    "type": "cloudwatch",
    "name": "prod-cloudwatch",
    "sources": [
      "/aws/lambda/checkout-api",
      "/aws/lambda/billing-worker"
    ],
    "isActive": true,
    "createdAt": "2026-04-25T14:30:12Z"
  }
}

Field	Type	Notes
`id`	UUID	Use this id for update, delete, test, and source-discovery
`isActive`	boolean	New sources are active by default

Credentials are not echoed back in the response.

Error responses

Status	`error.code`	When
400	`VALIDATION_ERROR`	`type`, `name`, `credentials`, or `sources` failed validation
401	`UNAUTHORIZED`	Missing or invalid API key
403	`FORBIDDEN`	Key lacks `config:write`
403	`QUOTA_EXCEEDED`	Plan's `logSourcesPerProject` quota reached

Example

curl -X POST https://api.sigsentry.com/v1/config/log-sources \
  -H "Authorization: Bearer ss_secret_..." \
  -H "Content-Type: application/json" \
  -d '{
    "type": "datadog",
    "name": "datadog-prod",
    "credentials": {
      "apiKey": "...",
      "appKey": "..."
    },
    "sources": ["service:checkout-api", "service:billing-worker"]
  }'

After creation, validate credentials and preview log lines via POST /v1/config/log-sources/{id}/test. To browse what's available before you save (autocomplete log groups, indexes, etc.), use the Add source flow in the dashboard.

Idempotency

POST /v1/config/log-sources honors the Idempotency-Key header — see Idempotency.