DataDog · api-clients-generation-pipeline · May 12, 2026
@@ -48659,6 +48659,16 @@ components:
           description: Name of the environment variable or secret that holds the username (used when `auth_strategy` is `plain`).
           example: HTTP_AUTH_USERNAME
           type: string
+        valid_tokens:
+          description: |-
+            A list of tokens that are accepted for authenticating incoming HTTP requests. When set,
+            the source rejects any request whose token does not match an enabled entry in this list.
+            Cannot be combined with the `plain` auth strategy.
+          items:
+            $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidToken"
+          maxItems: 1000
+          minItems: 1
+          type: array
       required:
         - id
         - type
@@ -48684,6 +48694,55 @@ components:
       type: string
       x-enum-varnames:
         - HTTP_SERVER
+    ObservabilityPipelineHttpServerSourceValidToken:
+      description: An accepted token used to authenticate incoming HTTP server requests.
+      properties:
+        enabled:
+          default: true
+          description: |-
+            Whether this token is currently accepted. Disabled tokens are rejected without
+            being removed from the configuration.
+          example: true
+          type: boolean
+        field_to_add:
+          $ref: "#/components/schemas/ObservabilityPipelineSourceValidTokenFieldToAdd"
+        path_to_token:
+          $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToToken"
+        token_key:
+          description: Name of the environment variable or secret that holds the expected token value.
+          example: HTTP_SERVER_TOKEN
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - token_key
+      type: object
+    ObservabilityPipelineHttpServerSourceValidTokenPathToToken:
+      description: |-
+        Specifies where the worker extracts the token from in the incoming HTTP request.
+        Either a built-in location (`path` or `address`) or an HTTP header object.
+      oneOf:
+        - $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToTokenLocation"
+        - $ref: "#/components/schemas/ObservabilityPipelineHttpServerSourceValidTokenPathToTokenHeader"
+    ObservabilityPipelineHttpServerSourceValidTokenPathToTokenHeader:
+      description: Extract the token from a specific HTTP request header.
+      properties:
+        header:
+          description: The name of the HTTP header that carries the token.
+          example: X-Token
+          type: string
+      required:
+        - header
+      type: object
+    ObservabilityPipelineHttpServerSourceValidTokenPathToTokenLocation:
+      description: Built-in token location on the incoming HTTP request.
+      enum:
+        - path
+        - address
+      example: path
+      type: string
+      x-enum-varnames:
+        - PATH
+        - ADDRESS
     ObservabilityPipelineKafkaDestination:
       description: |-
         The `kafka` destination sends logs to Apache Kafka topics.
@@ -50707,6 +50766,27 @@ components:
       type: string
       x-enum-varnames:
         - SOCKET
+    ObservabilityPipelineSourceValidTokenFieldToAdd:
+      description: |-
+        An optional metadata field that is attached to every event authenticated by the
+        associated token. Both `key` and `value` must match `^[A-Za-z0-9_]+$`.
+      properties:
+        key:
+          description: The metadata field name to add to incoming events.
+          example: token_name
+          maxLength: 256
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+        value:
+          description: The metadata field value to add to incoming events.
+          example: my_token
+          maxLength: 1024
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - key
+        - value
+      type: object
     ObservabilityPipelineSpec:
       description: Input schema representing an observability pipeline configuration. Used in create and validate requests.
       properties:
@@ -50903,6 +50983,15 @@ components:
           $ref: "#/components/schemas/ObservabilityPipelineTls"
         type:
           $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSourceType"
+        valid_tokens:
+          description: |-
+            A list of tokens that are accepted for authenticating incoming HEC requests. When set, the source
+            rejects any request whose HEC token does not match an enabled entry in this list.
+          items:
+            $ref: "#/components/schemas/ObservabilityPipelineSplunkHecSourceValidToken"
+          maxItems: 1000
+          minItems: 1
+          type: array
       required:
         - id
         - type
@@ -50917,6 +51006,26 @@ components:
       type: string
       x-enum-varnames:
         - SPLUNK_HEC
+    ObservabilityPipelineSplunkHecSourceValidToken:
+      description: An accepted HEC token used to authenticate incoming Splunk HEC requests.
+      properties:
+        enabled:
+          default: true
+          description: |-
+            Whether this token is currently accepted. Disabled tokens are rejected without
+            being removed from the configuration.
+          example: true
+          type: boolean
+        field_to_add:
+          $ref: "#/components/schemas/ObservabilityPipelineSourceValidTokenFieldToAdd"
+        token_key:
+          description: Name of the environment variable or secret that holds the expected HEC token value.
+          example: SPLUNK_HEC_TOKEN
+          pattern: "^[A-Za-z0-9_]+$"
+          type: string
+      required:
+        - token_key
+      type: object
     ObservabilityPipelineSplunkTcpSource:
       description: |-
         The `splunk_tcp` source receives logs from a Splunk Universal Forwarder over TCP.

@@ -13,7 +13,9 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
@@ -31,7 +33,8 @@
   ObservabilityPipelineHttpServerSource.JSON_PROPERTY_PASSWORD_KEY,
   ObservabilityPipelineHttpServerSource.JSON_PROPERTY_TLS,
   ObservabilityPipelineHttpServerSource.JSON_PROPERTY_TYPE,
-  ObservabilityPipelineHttpServerSource.JSON_PROPERTY_USERNAME_KEY
+  ObservabilityPipelineHttpServerSource.JSON_PROPERTY_USERNAME_KEY,
+  ObservabilityPipelineHttpServerSource.JSON_PROPERTY_VALID_TOKENS
 })
 @jakarta.annotation.Generated(
     value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator")
@@ -65,6 +68,9 @@ public class ObservabilityPipelineHttpServerSource {
   public static final String JSON_PROPERTY_USERNAME_KEY = "username_key";
   private String usernameKey;
 
+  public static final String JSON_PROPERTY_VALID_TOKENS = "valid_tokens";
+  private List<ObservabilityPipelineHttpServerSourceValidToken> validTokens = null;
+
   public ObservabilityPipelineHttpServerSource() {}
 
   @JsonCreator
@@ -288,6 +294,43 @@ public void setUsernameKey(String usernameKey) {
     this.usernameKey = usernameKey;
   }
 
+  public ObservabilityPipelineHttpServerSource validTokens(
+      List<ObservabilityPipelineHttpServerSourceValidToken> validTokens) {
+    this.validTokens = validTokens;
+    for (ObservabilityPipelineHttpServerSourceValidToken item : validTokens) {
+      this.unparsed |= item.unparsed;
+    }
+    return this;
+  }
+
+  public ObservabilityPipelineHttpServerSource addValidTokensItem(
+      ObservabilityPipelineHttpServerSourceValidToken validTokensItem) {
+    if (this.validTokens == null) {
+      this.validTokens = new ArrayList<>();
+    }
+    this.validTokens.add(validTokensItem);
+    this.unparsed |= validTokensItem.unparsed;
+    return this;
+  }
+
+  /**
+   * A list of tokens that are accepted for authenticating incoming HTTP requests. When set, the
+   * source rejects any request whose token does not match an enabled entry in this list. Cannot be
+   * combined with the <code>plain</code> auth strategy.
+   *
+   * @return validTokens
+   */
+  @jakarta.annotation.Nullable
+  @JsonProperty(JSON_PROPERTY_VALID_TOKENS)
+  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+  public List<ObservabilityPipelineHttpServerSourceValidToken> getValidTokens() {
+    return validTokens;
+  }
+
+  public void setValidTokens(List<ObservabilityPipelineHttpServerSourceValidToken> validTokens) {
+    this.validTokens = validTokens;
+  }
+
   /**
    * A container for additional, undeclared properties. This is a holder for any undeclared
    * properties as specified with the 'additionalProperties' keyword in the OAS document.
@@ -354,6 +397,7 @@ public boolean equals(Object o) {
         && Objects.equals(this.tls, observabilityPipelineHttpServerSource.tls)
         && Objects.equals(this.type, observabilityPipelineHttpServerSource.type)
         && Objects.equals(this.usernameKey, observabilityPipelineHttpServerSource.usernameKey)
+        && Objects.equals(this.validTokens, observabilityPipelineHttpServerSource.validTokens)
         && Objects.equals(
             this.additionalProperties, observabilityPipelineHttpServerSource.additionalProperties);
   }
@@ -370,6 +414,7 @@ public int hashCode() {
         tls,
         type,
         usernameKey,
+        validTokens,
         additionalProperties);
   }
 
@@ -386,6 +431,7 @@ public String toString() {
     sb.append("    tls: ").append(toIndentedString(tls)).append("\n");
     sb.append("    type: ").append(toIndentedString(type)).append("\n");
     sb.append("    usernameKey: ").append(toIndentedString(usernameKey)).append("\n");
+    sb.append("    validTokens: ").append(toIndentedString(validTokens)).append("\n");
     sb.append("    additionalProperties: ")
         .append(toIndentedString(additionalProperties))
         .append("\n");