Configure Partner
Note: This is a draft API and is subject to change.
Partners can create or update a k9 partner configuration using the k9 API with:
PUT /partner/{partnerId}
Once you successfully store a partner configuration, you can configure accounts to monitor for the partner's customers.
Request Headers
Set the Content-Type
header to application/json
Request Path Parameters
The partner configuration API requires one path parameter:
partnerId
: the k9 Partner ID that manages customer cloud deployments, e.g. P123456
. k9 Security will provide the Partner ID to the partner.
Type: String
Pattern: P[\d]{6}
Request Body
Populate the request body with a json
document specifying auditor principal configuration information like:
{
"partnerId": "P123456",
"configs": {
"key": "value"
},
"awsEncryptionKeyId": "arn:aws:kms:us-east-1:123456789012:key/abcd-1234",
"deliveryDestinations": {
"DeliverToS3": {
"bucketName": "bucket-abcd-1234-efgh"
}
}
}
Request Body Elements
The request body contains several elements:
partnerId
: (required) the k9 Partner ID; same as defined in the request path
configs
: (optional) a dictionary of configurations used to integrate k9 with the Partner's software; see the OEM integration guide for configuration options
awsEncryptionKeyId
: (optional) An AWS encryption key id (ARN) that k9 will use to encrypt the partner customer report data.
deliveryDestinations
: (optional) a dictionary of delivery destinations where k9 should deliver reports; keys are delivery method names and values are delivery method configurations.
Each delivery destination entry is keyed by the delivery method name, e.g. DeliverToS3
, and the value is a JSON object with the delivery method's specific configurations.
Currently, one type of destination is supported for the partner API, DeliverToS3
.
DeliverToS3 delivery destination
The DeliverToS3
delivery destination will encrypt the customer's reports with the partner's encryption key and deliver the reports to the partner's secure inbox.
The awsEncryptionKeyId
must be specified to use DeliverToS3
.
The partner DeliverToS3
configuration supports the following configuration keys:
bucketName
: (required) the name of the partner's secure inbox S3 bucket where reports will be delivered..
Note: latestReportEnabled
and hiveEnabled
are not currently supported for a partner DeliverToS3
method.
Response
Success
When you successfully store a partner configuration, the API will respond with:
Response Status Code: 200 (Success)
Response Body (Example):
{
"partnerId": "P123456"
}
Not Authorized
If the calling principal is not authorized to create the partner configuration, the API will respond with:
Response Status Code: 403 (Forbidden)
Response Body (Example):
{
"message": "Caller is not authorized to create the partner configuration."
}