DataDog · api-clients-generation-pipeline · May 12, 2026
@@ -48659,6 +48659,16 @@ components:
           description: Name of the environment variable or secret that holds the username (used when `auth_strategy` is `plain`).
           example: HTTP_AUTH_USERNAME
           type: string
+        valid_tokens:
+          description: |-
+            A list of tokens that are accepted for authenticating incoming HTTP requests. When set,
+            the source rejects any request whose token does not match an enabled entry in this list.
+            Cannot be combined with the `plain` auth strategy.
+          items:
+            $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidToken"
+          maxItems: 1000
+          minItems: 1
+          type: array
       required:
         - id
         - type
@@ -48684,6 +48694,55 @@ components:
       type: string
       x-enum-varnames:
         - HTTP_SERVER
+    ObservabilityPipelineHttpServerSourceValidToken:
+      description: An accepted token used to authenticate incoming HTTP server requests.
+      properties:
+        enabled:
+          default: true
+          description: |-
+            Whether this token is currently accepted. Disabled tokens are rejected without
+            being removed from the configuration.
+          example: true
+          type: boolean
+        field_to_add:
+          $ref: "#/components/schemas/ObservabilityPipelineSourceValidTokenFieldToAdd"
+        path_to_token:
+          $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToToken"
+        token_key:
+          description: Name of the environment variable or secret that holds the expected token value.
+          example: HTTP_SERVER_TOKEN
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - token_key
+      type: object
+    ObservabilityPipelineHttpServerSourceValidTokenPathToToken:
+      description: |-
+        Specifies where the worker extracts the token from in the incoming HTTP request.
+        Either a built-in location (`path` or `address`) or an HTTP header object.
+      oneOf:
+        - $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToTokenLocation"
+        - $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToTokenHeader"
+    ObservabilityPipelineHttpServerSourceValidTokenPathToTokenHeader:
+      description: Extract the token from a specific HTTP request header.
+      properties:
+        header:
+          description: The name of the HTTP header that carries the token.
+          example: X-Token
+          type: string
+      required:
+        - header
+      type: object
+    ObservabilityPipelineHttpServerSourceValidTokenPathToTokenLocation:
+      description: Built-in token location on the incoming HTTP request.
+      enum:
+        - path
+        - address
+      example: path
+      type: string
+      x-enum-varnames:
+        - PATH
+        - ADDRESS
     ObservabilityPipelineKafkaDestination:
       description: |-
         The `kafka` destination sends logs to Apache Kafka topics.
@@ -50707,6 +50766,27 @@ components:
       type: string
       x-enum-varnames:
         - SOCKET
+    ObservabilityPipelineSourceValidTokenFieldToAdd:
+      description: |-
+        An optional metadata field that is attached to every event authenticated by the
+        associated token. Both `key` and `value` must match `^[A-Za-z0-9_]+$`.
+      properties:
+        key:
+          description: The metadata field name to add to incoming events.
+          example: token_name
+          maxLength: 256
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+        value:
+          description: The metadata field value to add to incoming events.
+          example: my_token
+          maxLength: 1024
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - key
+        - value
+      type: object
     ObservabilityPipelineSpec:
       description: Input schema representing an observability pipeline configuration. Used in create and validate requests.
       properties:
@@ -50903,6 +50983,15 @@ components:
           $ref: "#/components/schemas/ObservabilityPipelineTls"
         type:
           $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSourceType"
+        valid_tokens:
+          description: |-
+            A list of tokens that are accepted for authenticating incoming HEC requests. When set, the source
+            rejects any request whose HEC token does not match an enabled entry in this list.
+          items:
+            $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSourceValidToken"
+          maxItems: 1000
+          minItems: 1
+          type: array
       required:
         - id
         - type
@@ -50917,6 +51006,26 @@ components:
       type: string
       x-enum-varnames:
         - SPLUNK_HEC
+    ObservabilityPipelineSplunkHecSourceValidToken:
+      description: An accepted HEC token used to authenticate incoming Splunk HEC requests.
+      properties:
+        enabled:
+          default: true
+          description: |-
+            Whether this token is currently accepted. Disabled tokens are rejected without
+            being removed from the configuration.
+          example: true
+          type: boolean
+        field_to_add:
+          $ref: "#/components/schemas/ObservabilityPipelineSourceValidTokenFieldToAdd"
+        token_key:
+          description: Name of the environment variable or secret that holds the expected HEC token value.
+          example: SPLUNK_HEC_TOKEN
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - token_key
+      type: object
     ObservabilityPipelineSplunkTcpSource:
       description: |-
         The `splunk_tcp` source receives logs from a Splunk Universal Forwarder over TCP.

@@ -4098,6 +4098,10 @@ def overrides
           "v2.observability_pipeline_http_server_source" => "ObservabilityPipelineHttpServerSource",
           "v2.observability_pipeline_http_server_source_auth_strategy" => "ObservabilityPipelineHttpServerSourceAuthStrategy",
           "v2.observability_pipeline_http_server_source_type" => "ObservabilityPipelineHttpServerSourceType",
+          "v2.observability_pipeline_http_server_source_valid_token" => "ObservabilityPipelineHttpServerSourceValidToken",
+          "v2.observability_pipeline_http_server_source_valid_token_path_to_token" => "ObservabilityPipelineHttpServerSourceValidTokenPathToToken",
+          "v2.observability_pipeline_http_server_source_valid_token_path_to_token_header" => "ObservabilityPipelineHttpServerSourceValidTokenPathToTokenHeader",
+          "v2.observability_pipeline_http_server_source_valid_token_path_to_token_location" => "ObservabilityPipelineHttpServerSourceValidTokenPathToTokenLocation",
           "v2.observability_pipeline_kafka_destination" => "ObservabilityPipelineKafkaDestination",
           "v2.observability_pipeline_kafka_destination_compression" => "ObservabilityPipelineKafkaDestinationCompression",
           "v2.observability_pipeline_kafka_destination_encoding" => "ObservabilityPipelineKafkaDestinationEncoding",
@@ -4223,6 +4227,7 @@ def overrides
           "v2.observability_pipeline_socket_source_framing_octet_counting_method" => "ObservabilityPipelineSocketSourceFramingOctetCountingMethod",
           "v2.observability_pipeline_socket_source_mode" => "ObservabilityPipelineSocketSourceMode",
           "v2.observability_pipeline_socket_source_type" => "ObservabilityPipelineSocketSourceType",
+          "v2.observability_pipeline_source_valid_token_field_to_add" => "ObservabilityPipelineSourceValidTokenFieldToAdd",
           "v2.observability_pipeline_spec" => "ObservabilityPipelineSpec",
           "v2.observability_pipeline_spec_data" => "ObservabilityPipelineSpecData",
           "v2.observability_pipeline_split_array_processor" => "ObservabilityPipelineSplitArrayProcessor",
@@ -4234,6 +4239,7 @@ def overrides
           "v2.observability_pipeline_splunk_hec_destination_type" => "ObservabilityPipelineSplunkHecDestinationType",
           "v2.observability_pipeline_splunk_hec_source" => "ObservabilityPipelineSplunkHecSource",
           "v2.observability_pipeline_splunk_hec_source_type" => "ObservabilityPipelineSplunkHecSourceType",
+          "v2.observability_pipeline_splunk_hec_source_valid_token" => "ObservabilityPipelineSplunkHecSourceValidToken",
           "v2.observability_pipeline_splunk_tcp_source" => "ObservabilityPipelineSplunkTcpSource",
           "v2.observability_pipeline_splunk_tcp_source_type" => "ObservabilityPipelineSplunkTcpSourceType",
           "v2.observability_pipeline_sumo_logic_destination" => "ObservabilityPipelineSumoLogicDestination",

@@ -50,6 +50,11 @@ class ObservabilityPipelineHttpServerSource
     # Name of the environment variable or secret that holds the username (used when `auth_strategy` is `plain`).
     attr_accessor :username_key
 
+    # A list of tokens that are accepted for authenticating incoming HTTP requests. When set,
+    # the source rejects any request whose token does not match an enabled entry in this list.
+    # Cannot be combined with the `plain` auth strategy.
+    attr_reader :valid_tokens
+
     attr_accessor :additional_properties
 
     # Attribute mapping from ruby-style variable name to JSON key.
@@ -64,7 +69,8 @@ def self.attribute_map
         :'password_key' => :'password_key',
         :'tls' => :'tls',
         :'type' => :'type',
-        :'username_key' => :'username_key'
+        :'username_key' => :'username_key',
+        :'valid_tokens' => :'valid_tokens'
       }
     end
 
@@ -80,7 +86,8 @@ def self.openapi_types
         :'password_key' => :'String',
         :'tls' => :'ObservabilityPipelineTls',
         :'type' => :'ObservabilityPipelineHttpServerSourceType',
-        :'username_key' => :'String'
+        :'username_key' => :'String',
+        :'valid_tokens' => :'Array<ObservabilityPipelineHttpServerSourceValidToken>'
       }
     end
 
@@ -137,6 +144,12 @@ def initialize(attributes = {})
       if attributes.key?(:'username_key')
         self.username_key = attributes[:'username_key']
       end
+
+      if attributes.key?(:'valid_tokens')
+        if (value = attributes[:'valid_tokens']).is_a?(Array)
+          self.valid_tokens = value
+        end
+      end
     end
 
     # Check to see if the all the properties in the model are valid
@@ -147,6 +160,8 @@ def valid?
       return false if @decoding.nil?
       return false if @id.nil?
       return false if @type.nil?
+      return false if !@valid_tokens.nil? && @valid_tokens.length > 1000
+      return false if !@valid_tokens.nil? && @valid_tokens.length < 1
       true
     end
 
@@ -190,6 +205,19 @@ def type=(type)
       @type = type
     end
 
+    # Custom attribute writer method with validation
+    # @param valid_tokens [Object] Object to be assigned
+    # @!visibility private
+    def valid_tokens=(valid_tokens)
+      if !valid_tokens.nil? && valid_tokens.length > 1000
+        fail ArgumentError, 'invalid value for "valid_tokens", number of items must be less than or equal to 1000.'
+      end
+      if !valid_tokens.nil? && valid_tokens.length < 1
+        fail ArgumentError, 'invalid value for "valid_tokens", number of items must be greater than or equal to 1.'
+      end
+      @valid_tokens = valid_tokens
+    end
+
     # Returns the object in the form of hash, with additionalProperties support.
     # @return [Hash] Returns the object in the form of hash
     # @!visibility private
@@ -225,14 +253,15 @@ def ==(o)
           tls == o.tls &&
           type == o.type &&
           username_key == o.username_key &&
+          valid_tokens == o.valid_tokens &&
           additional_properties == o.additional_properties
     end
 
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     # @!visibility private
     def hash
-      [address_key, auth_strategy, custom_key, decoding, id, password_key, tls, type, username_key, additional_properties].hash
+      [address_key, auth_strategy, custom_key, decoding, id, password_key, tls, type, username_key, valid_tokens, additional_properties].hash
     end
   end
 end