Skip to content

Configure Partner Customer

Note: This is a draft API and is subject to change.

Partners can create or update a k9 customer configuration using the k9 API with:

PUT /partner/{partnerId}/customer/{partnerCustomerId}

When you successfully store a customer configuration, you can configure accounts to monitor for that customer.

Request Headers

Set the Content-Type header to application/json

Request Path Parameters

The create account configuration API requires two path parameters:

partnerId: the k9 Partner ID that manages customer cloud deployments, e.g. P123456. k9 Security will provide the Partner ID to the partner.

Type: String

Pattern: P[\d]{6}

partnerCustomerId: the partner's own unique customer or tenant identifier for the managed customer environment, e.g. a UUID, AWS Organization ID, SHA256 digest

Type: String

Pattern: [\w-_.]{6,64}

Request Body

Populate the request body with a json document specifying auditor principal configuration information like:

{
  "partnerId": "P123456",
  "partnerCustomerId": "abcd-1234-defg-5678",
  "subscriptionPlanName": "Enterprise",
  "deliveryDestinations": [
    {
      "methodName": "DeliverToPartner"
    }
  ],
  "featureFlags": {
    "latestReportEnabled": true,
    "hiveEnabled": true
  }
}

Request Body Elements

The request body contains several elements:

partnerId: (required) the k9 Partner ID; same as defined in the request path

partnerCustomerId: (required) the Partner's unique identifier for the customer; same as defined in the request path

subscriptionPlanName: (required) k9 subscription plan name the customer will operate with, determining limits and billing. Allowed values: Starter, Team, Enterprise

deliveryDestinations: (required) a list of destinations where k9 should deliver reports.

Each delivery destination is described as a JSON object with a methodName identifying the delivery method and additional keys specific to the method.

Currently, one type of destination is supported for the partner customer configuration API, DeliverToPartner.

DeliverToPartner delivery destination

* **methodName**: (required)DeliverToPartner`

The DeliverToPartner delivery destination will encrypt the customer's reports with the partner's encryption key and deliver the reports to the partner's secure inbox.

featureFlags: (optional) a map of feature flag configurations

  • latestReportEnabled: (optional) configure delivery of a copy of the latest reports to a 'latest' key within the account report delivery structure so that the latest reports are always available in a known location; default: false
  • hiveEnabled: (optional) configure delivery of a copy of the latest reports to a parallel Hive-partitioned key structure suitable for query by AWS Athena and other Hive-compatible systems.

Response

Success

When you successfully store a customer configuration, the API will respond with:

Response Status Code: 200 (Success)

Response Body (Example):

{
  "partnerId": "P123456",
  "partnerCustomerId": "abcd-1234-defg-5678",
  "customerId": "P123456-430363089266"
}

The customerId is the automatically managed k9 Customer ID that the partner's Customer ID is mapped to within k9. The customerId for partner-managed accounts has the form {partner_id}-{12-digit zero-padded number}

Example customerId: P123456-430363089266

Not Authorized

If the calling principal is not authorized to create the account configuration, the API will respond with:

Response Status Code: 403 (Forbidden)

Response Body (Example):

{
  "message": "Caller is not authorized to create the customer configuration."
}
Last update: November 12, 2024