Receive SSF/CAEP security event
POST
/v1/signals/events
const url = 'http://localhost:8693/v1/signals/events';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"iss":"siem.example.com","jti":"caep-001","iat":1709827200,"aud":"starfly","sub_id":{"format":"spiffe_id","spiffe_id":"spiffe://example.com/workload/api"},"events":{"https://schemas.openid.net/secevent/caep/event-type/session-revoked":{"reason":"compromised_credential","initiating_entity":"siem"}}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url http://localhost:8693/v1/signals/events \ --header 'Content-Type: application/json' \ --data '{ "iss": "siem.example.com", "jti": "caep-001", "iat": 1709827200, "aud": "starfly", "sub_id": { "format": "spiffe_id", "spiffe_id": "spiffe://example.com/workload/api" }, "events": { "https://schemas.openid.net/secevent/caep/event-type/session-revoked": { "reason": "compromised_credential", "initiating_entity": "siem" } } }'Receives a Security Event Token (SET) per OpenID SSF/CAEP specification. Events may trigger revocation index updates.
Protected by mTLS when TLS is enabled.
Request Body required
Section titled “Request Body required ” Media type application/json
Security Event Token (SET) per OpenID SSF/CAEP
object
iss
required
Event issuer
string
jti
required
Unique event ID
string
iat
required
Issued-at timestamp (Unix)
integer format: int64
aud
required
Target audience
string
sub_id
required
object
format
required
Identifier format (spiffe_id, email, uri)
string
spiffe_id
SPIFFE ID (when format=spiffe_id)
string
email
Email address (when format=email)
string
uri
WIMSE URI (when format=uri)
string
events
required
Map of event type URI to event-specific claims
object
key
additional properties
object
key
additional properties
any
txn
Transaction ID for correlation
string
Example
{ "iss": "siem.example.com", "jti": "caep-001", "iat": 1709827200, "aud": "starfly", "sub_id": { "format": "spiffe_id", "spiffe_id": "spiffe://example.com/workload/api" }, "events": { "https://schemas.openid.net/secevent/caep/event-type/session-revoked": { "reason": "compromised_credential", "initiating_entity": "siem" } }}Responses
Section titled “ Responses ”Event accepted
Media type application/json
object
status
string
Example
{ "status": "accepted"}Invalid SET
Media type application/json
object
error
required
Error code (RFC 8693 compatible)
string
error_description
Human-readable error detail
string
Example
{ "error": "invalid_request"}Signal denied by policy
Media type application/json
object
error
required
Error code (RFC 8693 compatible)
string
error_description
Human-readable error detail
string
Example
{ "error": "invalid_request"}Signal receiver not configured
Media type application/json
object
error
required
Error code (RFC 8693 compatible)
string
error_description
Human-readable error detail
string
Example
{ "error": "invalid_request"}