The Cribl As Code API enables developers to manage Cribl configurations programmatically using infrastructure-as-code principles. It supports exporting and importing configurations across deployments, enabling version control, CI/CD integration, and reproducible infrastructure management. Developers can use the API alongside SDKs for Python, Go, and TypeScript or through Terraform providers.
openapi: 3.1.0
info:
title: Cribl As Code API
description: >-
The Cribl As Code API enables developers to manage Cribl configurations
programmatically using infrastructure-as-code principles. The management
plane API provides endpoints for administrative tasks in Cribl Cloud
including managing organizations, workspaces, and API credentials.
Developers can use this API alongside SDKs for Python, Go, and
TypeScript, or through Terraform providers, to onboard sources, build
and maintain pipelines, and standardize workflows at scale. The
management plane supports creating and configuring Cribl Cloud
workspaces, managing API credentials, and controlling access to
organizational resources.
version: '1.0'
contact:
name: Cribl Support
url: https://cribl.io/support/
termsOfService: https://cribl.io/terms-of-service/
externalDocs:
description: Cribl As Code Documentation
url: https://docs.cribl.io/cribl-as-code/api/
servers:
- url: https://gateway.cribl.cloud
description: Cribl Cloud Management Plane
tags:
- name: API Credentials
description: >-
Manage API credentials used for OAuth 2.0 client credentials
authentication. Credentials consist of a client ID and client
secret used to obtain bearer tokens for API access.
- name: Health
description: >-
Check the health and availability of the Cribl Cloud management
plane services.
- name: Workspaces
description: >-
Manage Cribl Cloud workspaces which are unique VPC containers
each isolating an instance of the Cribl Product Suite including
Stream, Edge, Search, and Lake.
security:
- bearerAuth: []
paths:
/health:
get:
operationId: getManagementHealth
summary: Check management plane health
description: >-
Returns the health status of the Cribl Cloud management plane
services including availability and version information.
tags:
- Health
security: []
responses:
'200':
description: Management plane is healthy
content:
application/json:
schema:
type: object
properties:
status:
type: string
description: The health status
enum:
- healthy
- degraded
- unhealthy
version:
type: string
description: The management plane version
/v1/organizations/{organizationId}/workspaces:
get:
operationId: listWorkspaces
summary: List all workspaces
description: >-
Retrieves all workspaces for the specified Cribl Cloud
organization. Each workspace is an isolated VPC container
running an instance of the Cribl Product Suite.
tags:
- Workspaces
parameters:
- $ref: '#/components/parameters/organizationId'
responses:
'200':
description: Successfully retrieved workspaces
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/Workspace'
count:
type: integer
description: Total number of workspaces
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
post:
operationId: createWorkspace
summary: Create a workspace
description: >-
Creates a new workspace within the specified Cribl Cloud
organization. The workspace provisions an isolated VPC
container with the Cribl Product Suite.
tags:
- Workspaces
parameters:
- $ref: '#/components/parameters/organizationId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WorkspaceCreate'
responses:
'200':
description: Workspace created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/Workspace'
'400':
description: Invalid workspace configuration
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
/v1/organizations/{organizationId}/workspaces/{workspaceId}:
get:
operationId: getWorkspace
summary: Get a workspace by ID
description: >-
Retrieves the configuration and status of a specific workspace
within the organization.
tags:
- Workspaces
parameters:
- $ref: '#/components/parameters/organizationId'
- $ref: '#/components/parameters/workspaceId'
responses:
'200':
description: Successfully retrieved workspace
content:
application/json:
schema:
$ref: '#/components/schemas/Workspace'
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
'404':
description: Workspace not found
patch:
operationId: updateWorkspace
summary: Update a workspace
description: >-
Updates the configuration of an existing workspace within the
organization.
tags:
- Workspaces
parameters:
- $ref: '#/components/parameters/organizationId'
- $ref: '#/components/parameters/workspaceId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WorkspaceUpdate'
responses:
'200':
description: Workspace updated successfully
content:
application/json:
schema:
$ref: '#/components/schemas/Workspace'
'400':
description: Invalid workspace configuration
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
'404':
description: Workspace not found
delete:
operationId: deleteWorkspace
summary: Delete a workspace
description: >-
Deletes a workspace and all its contained resources from the
organization. This operation is irreversible.
tags:
- Workspaces
parameters:
- $ref: '#/components/parameters/organizationId'
- $ref: '#/components/parameters/workspaceId'
responses:
'200':
description: Workspace deleted successfully
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
'404':
description: Workspace not found
/v1/organizations/{organizationId}/api-credentials:
get:
operationId: listApiCredentials
summary: List API credentials
description: >-
Retrieves all API credentials configured for the specified
organization. Each credential consists of a client ID and
client secret used for OAuth 2.0 client credentials
authentication.
tags:
- API Credentials
parameters:
- $ref: '#/components/parameters/organizationId'
responses:
'200':
description: Successfully retrieved API credentials
content:
application/json:
schema:
type: object
properties:
items:
type: array
items:
$ref: '#/components/schemas/ApiCredential'
count:
type: integer
description: Total number of API credentials
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
post:
operationId: createApiCredential
summary: Create an API credential
description: >-
Creates a new API credential for the specified organization.
The response includes the client secret which is only shown
once and must be stored securely.
tags:
- API Credentials
parameters:
- $ref: '#/components/parameters/organizationId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ApiCredentialCreate'
responses:
'200':
description: API credential created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/ApiCredentialWithSecret'
'400':
description: Invalid credential configuration
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
/v1/organizations/{organizationId}/api-credentials/{credentialId}:
get:
operationId: getApiCredential
summary: Get an API credential by ID
description: >-
Retrieves the metadata of a specific API credential. The
client secret is not included in the response.
tags:
- API Credentials
parameters:
- $ref: '#/components/parameters/organizationId'
- $ref: '#/components/parameters/credentialId'
responses:
'200':
description: Successfully retrieved API credential
content:
application/json:
schema:
$ref: '#/components/schemas/ApiCredential'
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
'404':
description: API credential not found
patch:
operationId: updateApiCredential
summary: Update an API credential
description: >-
Updates the metadata of an existing API credential such as
its description or permissions scope.
tags:
- API Credentials
parameters:
- $ref: '#/components/parameters/organizationId'
- $ref: '#/components/parameters/credentialId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ApiCredentialUpdate'
responses:
'200':
description: API credential updated successfully
content:
application/json:
schema:
$ref: '#/components/schemas/ApiCredential'
'400':
description: Invalid credential configuration
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
'404':
description: API credential not found
delete:
operationId: deleteApiCredential
summary: Delete an API credential
description: >-
Deletes an API credential by its unique ID. Any applications
using this credential will lose API access.
tags:
- API Credentials
parameters:
- $ref: '#/components/parameters/organizationId'
- $ref: '#/components/parameters/credentialId'
responses:
'200':
description: API credential deleted successfully
'401':
description: Unauthorized
'403':
description: Forbidden - insufficient permissions
'404':
description: API credential not found
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
Bearer token obtained via OAuth 2.0 client credentials grant
from https://login.cribl.cloud/oauth/token. Tokens expire
after 24 hours (86400 seconds).
oauth2:
type: oauth2
description: >-
OAuth 2.0 client credentials flow for Cribl Cloud management
plane authentication.
flows:
clientCredentials:
tokenUrl: https://login.cribl.cloud/oauth/token
scopes: {}
parameters:
organizationId:
name: organizationId
in: path
required: true
description: The Cribl Cloud organization identifier
schema:
type: string
workspaceId:
name: workspaceId
in: path
required: true
description: The workspace identifier
schema:
type: string
credentialId:
name: credentialId
in: path
required: true
description: The API credential identifier
schema:
type: string
schemas:
Workspace:
type: object
properties:
id:
type: string
description: Unique identifier for the workspace
name:
type: string
description: Display name of the workspace
description:
type: string
description: A human-readable description
organizationId:
type: string
description: The parent organization identifier
status:
type: string
description: The current workspace status
enum:
- active
- provisioning
- deprovisioning
- error
region:
type: string
description: The cloud region where the workspace is deployed
url:
type: string
description: The workspace access URL
format: uri
createdAt:
type: string
description: Workspace creation timestamp
format: date-time
updatedAt:
type: string
description: Workspace last update timestamp
format: date-time
WorkspaceCreate:
type: object
required:
- name
properties:
name:
type: string
description: Display name for the new workspace
minLength: 1
maxLength: 64
description:
type: string
description: A human-readable description
maxLength: 256
region:
type: string
description: The cloud region for the workspace
WorkspaceUpdate:
type: object
properties:
name:
type: string
description: Updated display name
minLength: 1
maxLength: 64
description:
type: string
description: Updated description
maxLength: 256
ApiCredential:
type: object
properties:
id:
type: string
description: Unique identifier for the API credential
clientId:
type: string
description: The OAuth 2.0 client ID
description:
type: string
description: A human-readable description of the credential
organizationId:
type: string
description: The parent organization identifier
createdAt:
type: string
description: Credential creation timestamp
format: date-time
updatedAt:
type: string
description: Credential last update timestamp
format: date-time
ApiCredentialCreate:
type: object
required:
- description
properties:
description:
type: string
description: A human-readable description for the credential
maxLength: 256
ApiCredentialUpdate:
type: object
properties:
description:
type: string
description: Updated description
maxLength: 256
ApiCredentialWithSecret:
type: object
properties:
id:
type: string
description: Unique identifier for the API credential
clientId:
type: string
description: The OAuth 2.0 client ID
clientSecret:
type: string
description: >-
The OAuth 2.0 client secret. This value is only returned
once at creation time and cannot be retrieved again.
description:
type: string
description: A human-readable description
organizationId:
type: string
description: The parent organization identifier
createdAt:
type: string
description: Credential creation timestamp
format: date-time