PUT /v1/config/log-sources/{id}

Updates an existing log source. All fields are optional — submit only what you want to change. The type cannot be changed; create a new source if you need a different platform.

Authentication

API key with config:write permission.

Endpoint

PUT /v1/config/log-sources/{id}

Path parameters

Param	Type	Notes
`id`	UUID	The log source id

Request body

Field	Type	Required	Notes
`name`	`string` (1–255 chars)	—	Rename the source
`credentials`	`object<string,string>`	—	Replace credentials wholesale (see credential keys per type)
`sources`	`string[]` (≥ 1)	—	Replace the array of log groups, indexes, or selectors
`isActive`	`boolean`	—	Toggle active state. Inactive sources are skipped during analyses

Submitting credentials replaces the entire credential set. To rotate just one key, you must include all required keys for the type.

{
  "name": "prod-cloudwatch-renamed",
  "sources": [
    "/aws/lambda/checkout-api",
    "/aws/lambda/billing-worker",
    "/aws/ecs/api-gateway"
  ],
  "isActive": true
}

Response

200 OK

{
  "success": true,
  "data": {
    "updated": true
  }
}

The full updated record is not returned. Call GET /v1/config/log-sources afterward if you need to confirm the new state.

Error responses

Status	`error.code`	When
400	`VALIDATION_ERROR`	`id` is not a UUID, or one of the body fields failed validation
401	`UNAUTHORIZED`	Missing or invalid API key
403	`FORBIDDEN`	Key lacks `config:write`
404	`NOT_FOUND`	No log source with that id in your tenant

Example

curl -X PUT https://api.sigsentry.com/v1/config/log-sources/ls_a1b2c3 \
  -H "Authorization: Bearer ss_secret_..." \
  -H "Content-Type: application/json" \
  -d '{ "isActive": false }'

Common patterns

Goal	What to send
Rotate credentials	`credentials` with the full new key set for the type
Add a log group / index	`sources` containing the full updated list (additions + existing entries)
Pause a source	`{ "isActive": false }`
Resume a source	`{ "isActive": true }`

PUT /v1/config/log-sources/{id}

On this page