Skip to content

Configure Partner

Note: This is a draft API and is subject to change.

Partners can create or update a k9 partner configuration using the k9 API with:

PUT /partner/{partnerId}

Once you successfully store a partner configuration, you can configure accounts to monitor for the partner's customers.

Request Headers

Set the Content-Type header to application/json

Request Path Parameters

The partner configuration API requires one path parameter:

partnerId: the k9 Partner ID that manages customer cloud deployments, e.g. P123456. k9 Security will provide the Partner ID to the partner.

Type: String

Pattern: P[\d]{6}

Request Body

Populate the request body with a json document specifying auditor principal configuration information like:

{
  "partnerId": "P123456",
  "configs": {
    "key": "value"
  },
  "awsEncryptionKeyId": "arn:aws:kms:us-east-1:123456789012:key/abcd-1234",
  "deliveryDestinations": {
    "DeliverToS3": {
      "bucketName": "bucket-abcd-1234-efgh"
    }
  }
}

Request Body Elements

The request body contains several elements:

partnerId: (required) the k9 Partner ID; same as defined in the request path

configs: (optional) a dictionary of configurations used to integrate k9 with the Partner's software; see the OEM integration guide for configuration options

awsEncryptionKeyId: (optional) An AWS encryption key id (ARN) that k9 will use to encrypt the partner customer report data.

deliveryDestinations: (optional) a dictionary of delivery destinations where k9 should deliver reports; keys are delivery method names and values are delivery method configurations.

Each delivery destination entry is keyed by the delivery method name, e.g. DeliverToS3, and the value is a JSON object with the delivery method's specific configurations.

Currently, one type of destination is supported for the partner API, DeliverToS3.

DeliverToS3 delivery destination

The DeliverToS3 delivery destination will encrypt the customer's reports with the partner's encryption key and deliver the reports to the partner's secure inbox. The awsEncryptionKeyId must be specified to use DeliverToS3.

The partner DeliverToS3 configuration supports the following configuration keys:

bucketName: (required) the name of the partner's secure inbox S3 bucket where reports will be delivered..

Note: latestReportEnabled and hiveEnabled are not currently supported for a partner DeliverToS3 method.

Response

Success

When you successfully store a partner configuration, the API will respond with:

Response Status Code: 200 (Success)

Response Body (Example):

{
  "partnerId": "P123456"
}

Not Authorized

If the calling principal is not authorized to create the partner configuration, the API will respond with:

Response Status Code: 403 (Forbidden)

Response Body (Example):

{
  "message": "Caller is not authorized to create the partner configuration."
}

Last update: May 21, 2025