x-cpod-domain: integration
Integrations
External apps, connectors, API keys, and webhooks.
Try in explorer
client.integrationApplication
A registered app integrating with cPod.
REST path
/api/v1/integration/applicationsOperations
listgetcreateupdateSDK
// list — returns only your records; add filters/search:
await client.integration.applications.list()
// create:
await client.integration.applications.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
app_id: "example app_id",
created_by: "rec_01HXEXAMPLE",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| display_name | string | Human-readable name, e.g. CRM 360. |
| slug | string | Stable lowercase app slug; the value stamped into app_id. |
| kind | string | app = user-facing; platform-service = cpod-backend/cpod-arai/coreiq/core-sdk; library = no runtime identity. |
| primary_domain | string | Model domain primarily served. |
| description | string | What the app does. |
| oauth_client_id | string | Registered OAuth client id. core-sdk maps a validated token's client_id to this id to stamp appId on every write. |
| status | string | Lifecycle status of the application. |
| canonical_owner_of | json | Entity types this app is the canonical owner of; empty for pure consumers. |
| api_base_path | string | Base path the app serves or is reached at, e.g. /v1/deals. |
| repository | string | Source repository. |
| version | number | Optimistic concurrency version counter. |
Connector
A data source/sink connector instance.
REST path
/api/v1/integration/connectorsOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.integration.connectors.list()
// create:
await client.integration.connectors.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
app_id: "example app_id",
created_by: "rec_01HXEXAMPLE",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| type | string | Integration type category. |
| provider | string | Vendor, e.g. defender_for_endpoint, splunk, jira, okta. |
| name | string | Human-readable connector name. |
| scope | string | org = tenant-wide; user = personal; group = group-scoped. |
| owner_id | string | usr-<uuid> of the owning user. |
| group_id | string | Group ID if scope=group. |
| user_id | string | User ID if scope=user. |
| config | json | Non-secret configuration: baseUrl, region, accountId, etc. |
| vault_path | string | KV v2 Vault path to secrets, e.g. secret/data/tnt-.../connectors/cnn-.../credentials. |
| auth_type | string | Authentication mechanism. |
| oauth_refresh_needed | boolean | Whether the OAuth token needs refreshing. |
| oauth_token_expires_at | date-time | When the OAuth access token expires. |
| enabled | boolean | Whether the connector is active. |
| sync_status | string | Current sync health. |
| last_sync_at | date-time | Timestamp of the last successful sync. |
| consecutive_errors | number | Count of consecutive sync errors. |
| last_error | string | Last error message. |
| metrics | json | { totalSynced, last24h, avgLatencyMs } |
| event_types | json | Event types this connector emits. |
| webhook_endpoint_id | string | ID of the outbound Webhook endpoint, if applicable. |
| credential_last_rotated_at | date-time | When credentials were last rotated. |
| next_rotation_due | date-time | When credentials are next due for rotation. |
| tags | json | Free-form tags. |
| version | number | Optimistic concurrency version counter. |
| application_id | uuid | Owning application id (FK to Application). |
IntegrationApiKey
An API key issued to an Application.
REST path
/api/v1/integration/api-keysOperations
listgetcreaterevokeSDK
// list — returns only your records; add filters/search:
await client.integration.apiKeys.list()
// create:
await client.integration.apiKeys.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
app_id: "example app_id",
created_by: "rec_01HXEXAMPLE",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| name | string | Human-readable label for this key. |
| key_hash | string | SHA-256 hash of the raw key (unique). Never returned after initial creation. |
| prefix | string | First 8 chars of raw key for UI display, e.g. sk-acme-. |
| kind | string | Key classification. |
| issued_to_user_id | string | User this key was issued to, if kind=user. |
| issued_to_service | string | Service name this key was issued to, if kind=service. |
| scopes | json | Permission scopes granted to this key. |
| allowed_models | json | If kind=virtual_llm, allowlist of model identifiers. |
| tpm_limit | number | Tokens per minute rate limit. |
| rpm_limit | number | Requests per minute rate limit. |
| max_budget_usd | number | Maximum spend cap in USD. |
| spend_usd | number | Cached spend counter in USD. |
| blocked | boolean | Whether this key is blocked from making requests. |
| blocked_reason | string | Reason the key was blocked. |
| last_used_at | date-time | Timestamp of the last successful use of this key. |
| expires_at | date-time | Expiry timestamp; null for non-expiring keys. |
| rotated_from_key_id | string | ID of the key this was rotated from. |
| created_by_user_id | string | ID of the user who created this key. |
| tags | json | Free-form tags. |
| version | number | Optimistic concurrency version counter. |
| application_id | uuid | Owning application id. |
| key_fingerprint | string | SHA-256 hash of the raw key. Raw key is never stored. |
| key_prefix | string | First chars of the raw key for UI display only. |
| status | enum | Operational status of the key.activerevokedexpired |
Webhook
An outbound webhook endpoint.
REST path
/api/v1/integration/webhooksOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.integration.webhooks.list()
// create:
await client.integration.webhooks.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
app_id: "example app_id",
created_by: "rec_01HXEXAMPLE",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| name | string | Human-readable webhook name. |
| direction | string | outbound = cPod pushes to url; inbound = external system calls cPod. |
| url | string | Target URL (outbound) or callback URL (inbound). |
| event_types | json | Event type filters, e.g. rfp.created, rfp.status_changed. |
| signature_scheme | string | Payload signing scheme. |
| vault_path | string | Vault KV v2 path where the HMAC secret lives; never stored inline. |
| headers | json | Static custom headers (non-secret) sent with every delivery. |
| enabled | boolean | Whether this webhook is active. |
| retry_policy | json | { maxAttempts, backoff: 'exponential', timeoutMs } |
| last_delivery_at | date-time | Timestamp of the last delivery attempt. |
| last_delivery_status | string | Outcome of the last delivery attempt. |
| consecutive_failures | number | Count of consecutive delivery failures. |
| paused_at | date-time | Timestamp when the webhook was auto-paused after N consecutive failures. |
| connector_id | string | ID of the owning Connector, if this webhook is connector-owned. |
| tags | json | Free-form tags. |
| version | number | Optimistic concurrency version counter. |
| application_id | uuid | Owning application id. |
| secret_fingerprint | string | Hash of the signing secret; raw secret is never stored. |
| is_active | boolean | Whether this webhook is active. |