DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 109 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-HTTP-server-source-valid_tokens-returns-OK-respon_1882871390/frozen.json‎
Lines changed: 1 addition & 0 deletions b/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-HTTP-server-source-valid_tokens-returns-OK-respon_1882871390/frozen.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-HTTP-server-source-valid_tokens-returns-OK-respon_1882871390/recording.har‎
Lines changed: 67 additions & 0 deletions b/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-HTTP-server-source-valid_tokens-returns-OK-respon_1882871390/recording.har‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-Splunk-HEC-source-valid_tokens-returns-OK-respons_1977739652/frozen.json‎
Lines changed: 1 addition & 0 deletions b/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-Splunk-HEC-source-valid_tokens-returns-OK-respons_1977739652/frozen.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-Splunk-HEC-source-valid_tokens-returns-OK-respons_1977739652/recording.har‎
Lines changed: 67 additions & 0 deletions b/‎cassettes/v2/Observability-Pipelines_4170000189/Validate-an-observability-pipeline-with-Splunk-HEC-source-valid_tokens-returns-OK-respons_1977739652/recording.har‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎examples/v2/observability-pipelines/ValidatePipeline_1130701356.ts‎
Lines changed: 73 additions & 0 deletions b/‎examples/v2/observability-pipelines/ValidatePipeline_1130701356.ts‎
Lines changed: 73 additions & 0 deletions
@@ -54251,6 +54251,16 @@ components:
           description: Name of the environment variable or secret that holds the username (used when `auth_strategy` is `plain`).
           example: HTTP_AUTH_USERNAME
           type: string
+        valid_tokens:
+          description: |-
+            A list of tokens that are accepted for authenticating incoming HTTP requests. When set,
+            the source rejects any request whose token does not match an enabled entry in this list.
+            Cannot be combined with the `plain` auth strategy.
+          items:
+            $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidToken"
+          maxItems: 1000
+          minItems: 1
+          type: array
       required:
         - id
         - type
@@ -54276,6 +54286,55 @@ components:
       type: string
       x-enum-varnames:
         - HTTP_SERVER
+    ObservabilityPipelineHttpServerSourceValidToken:
+      description: An accepted token used to authenticate incoming HTTP server requests.
+      properties:
+        enabled:
+          default: true
+          description: |-
+            Indicates whether this token is currently accepted. Disabled tokens are rejected without
+            being removed from the configuration.
+          example: true
+          type: boolean
+        field_to_add:
+          $ref: "#/components/schemas/ObservabilityPipelineSourceValidTokenFieldToAdd"
+        path_to_token:
+          $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToToken"
+        token_key:
+          description: Name of the environment variable or secret that holds the expected token value.
+          example: HTTP_SERVER_TOKEN
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - token_key
+      type: object
+    ObservabilityPipelineHttpServerSourceValidTokenPathToToken:
+      description: |-
+        Specifies where the worker extracts the token from in the incoming HTTP request.
+        This can be either a built-in location (`path` or `address`) or an HTTP header object.
+      oneOf:
+        - $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToTokenLocation"
+        - $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToTokenHeader"
+    ObservabilityPipelineHttpServerSourceValidTokenPathToTokenHeader:
+      description: Extract the token from a specific HTTP request header.
+      properties:
+        header:
+          description: The name of the HTTP header that carries the token.
+          example: X-Token
+          type: string
+      required:
+        - header
+      type: object
+    ObservabilityPipelineHttpServerSourceValidTokenPathToTokenLocation:
+      description: Built-in token location on the incoming HTTP request.
+      enum:
+        - path
+        - address
+      example: path
+      type: string
+      x-enum-varnames:
+        - PATH
+        - ADDRESS
     ObservabilityPipelineKafkaDestination:
       description: |-
         The `kafka` destination sends logs to Apache Kafka topics.
@@ -56299,6 +56358,27 @@ components:
       type: string
       x-enum-varnames:
         - SOCKET
+    ObservabilityPipelineSourceValidTokenFieldToAdd:
+      description: |-
+        An optional metadata field that is attached to every event authenticated by the
+        associated token. Both `key` and `value` must match `^[A-Za-z0-9_]+$`.
+      properties:
+        key:
+          description: The metadata field name to add to incoming events.
+          example: token_name
+          maxLength: 256
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+        value:
+          description: The metadata field value to add to incoming events.
+          example: my_token
+          maxLength: 1024
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - key
+        - value
+      type: object
     ObservabilityPipelineSpec:
       description: Input schema representing an observability pipeline configuration. Used in create and validate requests.
       properties:
@@ -56495,6 +56575,15 @@ components:
           $ref: "#/components/schemas/ObservabilityPipelineTls"
         type:
           $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSourceType"
+        valid_tokens:
+          description: |-
+            A list of tokens that are accepted for authenticating incoming HEC requests. When set, the source
+            rejects any request whose HEC token does not match an enabled entry in this list.
+          items:
+            $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSourceValidToken"
+          maxItems: 1000
+          minItems: 1
+          type: array
       required:
         - id
         - type
@@ -56509,6 +56598,26 @@ components:
       type: string
       x-enum-varnames:
         - SPLUNK_HEC
+    ObservabilityPipelineSplunkHecSourceValidToken:
+      description: An accepted HEC token used to authenticate incoming Splunk HEC requests.
+      properties:
+        enabled:
+          default: true
+          description: |-
+            Indicates whether this token is currently accepted. Disabled tokens are rejected without
+            being removed from the configuration.
+          example: true
+          type: boolean
+        field_to_add:
+          $ref: "#/components/schemas/ObservabilityPipelineSourceValidTokenFieldToAdd"
+        token_key:
+          description: Name of the environment variable or secret that holds the expected HEC token value.
+          example: SPLUNK_HEC_TOKEN
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - token_key
+      type: object
     ObservabilityPipelineSplunkTcpSource:
       description: |-
         The `splunk_tcp` source receives logs from a Splunk Universal Forwarder over TCP.
 
@@ -0,0 +1 @@
+"2026-05-18T16:51:43.688Z"
@@ -0,0 +1,67 @@
+{
+  "log": {
+    "_recordingName": "Observability Pipelines/Validate an observability pipeline with HTTP server source valid_tokens returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "995eaf3b9758c2e80411db3be2ac2ed4",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 776,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 581,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"data\":{\"attributes\":{\"config\":{\"destinations\":[{\"id\":\"datadog-logs-destination\",\"inputs\":[\"my-processor-group\"],\"type\":\"datadog_logs\"}],\"processor_groups\":[{\"enabled\":true,\"id\":\"my-processor-group\",\"include\":\"service:my-service\",\"inputs\":[\"http-server-source\"],\"processors\":[{\"enabled\":true,\"id\":\"filter-processor\",\"include\":\"status:error\",\"type\":\"filter\"}]}],\"sources\":[{\"auth_strategy\":\"none\",\"decoding\":\"json\",\"id\":\"http-server-source\",\"type\":\"http_server\",\"valid_tokens\":[{\"enabled\":true,\"field_to_add\":{\"key\":\"token_name\",\"value\":\"primary_token\"},\"path_to_token\":{\"header\":\"X-Token\"},\"token_key\":\"HTTP_SERVER_TOKEN\"},{\"enabled\":true,\"path_to_token\":\"path\",\"token_key\":\"HTTP_SERVER_TOKEN_BACKUP\"}]}]},\"name\":\"Pipeline with HTTP server valid_tokens\"},\"type\":\"pipelines\"}}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/obs-pipelines/pipelines/validate"
+        },
+        "response": {
+          "bodySize": 14,
+          "content": {
+            "mimeType": "application/vnd.api+json",
+            "size": 14,
+            "text": "{\"errors\":[]}\n"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/vnd.api+json"
+            }
+          ],
+          "headersSize": 370,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 200,
+          "statusText": "OK"
+        },
+        "startedDateTime": "2026-05-18T16:51:43.693Z",
+        "time": 378
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
@@ -0,0 +1 @@
+"2026-05-18T16:51:43.307Z"
@@ -0,0 +1,67 @@
+{
+  "log": {
+    "_recordingName": "Observability Pipelines/Validate an observability pipeline with Splunk HEC source valid_tokens returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "9683c2e56c7f303034c83c3f319a7454",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 670,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 581,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"data\":{\"attributes\":{\"config\":{\"destinations\":[{\"id\":\"datadog-logs-destination\",\"inputs\":[\"my-processor-group\"],\"type\":\"datadog_logs\"}],\"processor_groups\":[{\"enabled\":true,\"id\":\"my-processor-group\",\"include\":\"service:my-service\",\"inputs\":[\"splunk-hec-source\"],\"processors\":[{\"enabled\":true,\"id\":\"filter-processor\",\"include\":\"status:error\",\"type\":\"filter\"}]}],\"sources\":[{\"id\":\"splunk-hec-source\",\"type\":\"splunk_hec\",\"valid_tokens\":[{\"enabled\":true,\"field_to_add\":{\"key\":\"token_name\",\"value\":\"primary_token\"},\"token_key\":\"SPLUNK_HEC_TOKEN\"},{\"enabled\":false,\"token_key\":\"SPLUNK_HEC_TOKEN_BACKUP\"}]}]},\"name\":\"Pipeline with Splunk HEC valid_tokens\"},\"type\":\"pipelines\"}}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/obs-pipelines/pipelines/validate"
+        },
+        "response": {
+          "bodySize": 14,
+          "content": {
+            "mimeType": "application/vnd.api+json",
+            "size": 14,
+            "text": "{\"errors\":[]}\n"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/vnd.api+json"
+            }
+          ],
+          "headersSize": 370,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 200,
+          "statusText": "OK"
+        },
+        "startedDateTime": "2026-05-18T16:51:43.310Z",
+        "time": 371
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
@@ -0,0 +1,73 @@
+/**
+ * Validate an observability pipeline with Splunk HEC source valid_tokens returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+const apiInstance = new v2.ObservabilityPipelinesApi(configuration);
+
+const params: v2.ObservabilityPipelinesApiValidatePipelineRequest = {
+  body: {
+    data: {
+      attributes: {
+        config: {
+          destinations: [
+            {
+              id: "datadog-logs-destination",
+              inputs: ["my-processor-group"],
+              type: "datadog_logs",
+            },
+          ],
+          processorGroups: [
+            {
+              enabled: true,
+              id: "my-processor-group",
+              include: "service:my-service",
+              inputs: ["splunk-hec-source"],
+              processors: [
+                {
+                  enabled: true,
+                  id: "filter-processor",
+                  include: "status:error",
+                  type: "filter",
+                },
+              ],
+            },
+          ],
+          sources: [
+            {
+              id: "splunk-hec-source",
+              type: "splunk_hec",
+              validTokens: [
+                {
+                  tokenKey: "SPLUNK_HEC_TOKEN",
+                  enabled: true,
+                  fieldToAdd: {
+                    key: "token_name",
+                    value: "primary_token",
+                  },
+                },
+                {
+                  tokenKey: "SPLUNK_HEC_TOKEN_BACKUP",
+                  enabled: false,
+                },
+              ],
+            },
+          ],
+        },
+        name: "Pipeline with Splunk HEC valid_tokens",
+      },
+      type: "pipelines",
+    },
+  },
+};
+
+apiInstance
+  .validatePipeline(params)
+  .then((data: v2.ValidationResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));