Create an entity context sync configuration

v2 (latest)

Note: This endpoint is in preview and is subject to change. If you have any feedback, contact Datadog support.

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/integration_confighttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/integration_confighttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/integration_confighttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/integration_confighttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/integration_confighttps://api.datadoghq.com/api/v2/security_monitoring/configuration/integration_confighttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/integration_confighttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/integration_config

Overview

Create a new entity context sync configuration so Cloud SIEM can ingest entities from an external source. The credentials provided in secrets are validated against the source before the configuration is stored and never returned in subsequent responses. This endpoint requires the manage_integrations permission.

OAuth apps require the manage_integrations authorization scope to access this endpoint.

Request

Body Data (required)

The definition of the new integration configuration.

Expand All

Field

Type

Description

data [required]

object

The entity context sync configuration to create.

{
  "data": {
    "attributes": {
      "domain": "siem-test.com",
      "integration_type": "GOOGLE_WORKSPACE",
      "name": "My GWS Integration",
      "secrets": {
        "admin_email": "test@example.com"
      },
      "settings": {
        "setting1": "value1"
      }
    },
    "type": "integration_config"
  }
}

Response

Response containing a single entity context sync configuration.

Expand All

Field

Type

Description

data [required]

object

An entity context sync configuration.

{
  "data": {
    "attributes": {
      "created_at": "2026-05-01T12:00:00Z",
      "domain": "siem-test.com",
      "enabled": true,
      "integration_type": "GOOGLE_WORKSPACE",
      "modified_at": "2026-05-01T12:00:00Z",
      "name": "My GWS Integration",
      "settings": {
        "setting1": "value1"
      },
      "state": "valid"
    },
    "id": "11111111-2222-3333-4444-555555555555",
    "type": "integration_config"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  ## default
# 

# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/integration_config" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "domain": "siem-test.com",
      "integration_type": "GOOGLE_WORKSPACE",
      "name": "My GWS Integration",
      "secrets": {
        "admin_email": "test@example.com"
      },
      "settings": {
        "setting1": "value1"
      }
    },
    "type": "integration_config"
  }
}
EOF

                

Create an entity context sync configuration

Overview

Request

Body Data (required)

Response

Code Example

Create an entity context sync configuration

How can I help you today?