Integrations

Trust Connectors

Integrate DRD with external services through API, OAuth, webhook, and SDK connectors. Connectors enable automated trust signal exchange, event forwarding, and cross-platform agent governance.

Connector Types

DRD supports four connector types, each designed for different integration patterns and authentication models.

API Connector

Connect to REST or GraphQL APIs with configurable authentication and request mapping.

OAuth Connector

Integrate with services using OAuth 2.0 flows including PKCE, client credentials, and authorization code.

Webhook Connector

Receive real-time events from external services via HMAC-signed webhook endpoints.

SDK Connector

Deep integration using platform-specific SDKs for Slack, GitHub, Jira, and more.

Creating Connectors

Create a connector by specifying its type, target service, and configuration. The config field accepts a flexible JSON structure tailored to each connector type.

POST /api/connectors

{
  "name": "Slack Notifications",
  "type": "sdk",
  "service": "slack",
  "config": {
    "workspace": "acme-corp",
    "defaultChannel": "#drd-alerts",
    "eventTypes": ["monitoring", "compliance", "security"],
    "mentionOnCritical": true
  },
  "credentials": {
    "botToken": "your-bot-token",
    "signingSecret": "..."
  },
  "enabled": true
}

// Response
{
  "connectorId": "conn_abc123",
  "name": "Slack Notifications",
  "type": "sdk",
  "service": "slack",
  "status": "connected",
  "createdAt": "2026-02-12T10:00:00Z",
  "lastTestedAt": null
}

create-connector.ts

import { DRD } from '@drd/sdk';

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

// Create an API connector
const connector = await drd.connectors.create({
  name: 'Internal SIEM',
  type: 'api',
  service: 'custom',
  config: {
    baseUrl: 'https://siem.acme.com/api/v2',
    headers: { 'X-Source': 'drd-platform' },
    retryPolicy: { maxRetries: 3, backoff: 'exponential' },
  },
  credentials: {
    apiKey: process.env.SIEM_API_KEY,
  },
});

console.log(connector.connectorId);   // 'conn_def456'
console.log(connector.status);        // 'connected'

Connector Features

Each connector type supports specific capabilities for different integration patterns.

API Connector

•Bearer token or API key authentication
•Custom header and query parameter support
•Request/response transformation rules
•Automatic retry with exponential backoff

OAuth Connector

•Authorization Code, Client Credentials, PKCE flows
•Automatic token refresh before expiry
•Scope-based permission management
•OIDC discovery endpoint support

Webhook Connector

•HMAC-SHA256 signature verification
•Configurable retry policy (up to 5 retries)
•Dead letter queue for failed deliveries
•Event filtering by type and severity

SDK Connector

•Zero-latency policy checks (local cache)
•Automatic event emission on every action
•Middleware pattern for Express, Fastify, etc.
•Supports Node.js, Python, Go, and Java runtimes

Credential Management

Connector credentials are encrypted at rest using AES-256-GCM and never exposed in API responses. You can rotate keys without downtime.

Encrypted Storage

All credentials are encrypted with organization-scoped keys. Secrets are never logged or included in API responses.

Key Rotation

Rotate credentials with zero-downtime. DRD validates the new credentials before deactivating the old ones.

rotate-credentials.ts

// Rotate connector credentials
await drd.connectors.rotateCredentials('conn_abc123', {
  credentials: {
    botToken: 'your-new-bot-token',
    signingSecret: 'new-secret-...',
  },
  validateBeforeSwap: true,
});

// The old credentials are invalidated after successful validation

Testing Connections

Validate that a connector is properly configured and can communicate with the target service before enabling it in production.

test-connection.ts

// Test a connector
const result = await drd.connectors.test('conn_abc123');

console.log(result.success);          // true
console.log(result.latency);          // 142 (ms)
console.log(result.details);          // 'Successfully posted to #drd-alerts'

// Test with a sample payload
const payloadTest = await drd.connectors.test('conn_abc123', {
  sampleEvent: {
    type: 'security.finding',
    severity: 'critical',
    message: 'Test alert from DRD',
  },
});

console.log(payloadTest.success);      // true
console.log(payloadTest.responseCode); // 200

POST /api/connectors/{id}/test

// Response
{
  "connectorId": "conn_abc123",
  "success": true,
  "latency": 142,
  "details": "Successfully posted to #drd-alerts",
  "testedAt": "2026-02-12T10:05:00Z"
}

Activity Logs

Every connector action is logged with details including the action type, status, duration, and any error information.

success

Action completed successfully

failed

Action failed with error details

timeout

Action exceeded configured timeout

retrying

Action failed and is being retried

GET /api/connectors/{id}/logs

// Response
{
  "logs": [
    {
      "logId": "log_001",
      "connectorId": "conn_abc123",
      "action": "send_alert",
      "status": "success",
      "duration": 234,
      "metadata": {
        "channel": "#drd-alerts",
        "eventType": "security.finding"
      },
      "timestamp": "2026-02-12T10:30:00Z"
    },
    {
      "logId": "log_002",
      "connectorId": "conn_abc123",
      "action": "send_alert",
      "status": "failed",
      "duration": 5000,
      "error": "Connection timeout after 5000ms",
      "retryCount": 2,
      "timestamp": "2026-02-12T10:31:00Z"
    }
  ],
  "total": 156,
  "successRate": 0.97
}

Connector Lifecycle

Connectors progress through defined states. Understanding the lifecycle helps with monitoring and troubleshooting integration issues.

pending

Created but awaiting authorization (OAuth connectors)

active, error

active

Connector is operational and processing events

paused, error, deleted

paused

Manually paused by user; no events processed

active, deleted

error

Health check failed; automatic retries in progress

active, paused, deleted

deleted

Permanently removed; credentials destroyed

(terminal)

connector-lifecycle.ts

// Pause a connector
await drd.connectors.update('conn_abc123', { enabled: false });

// Resume a connector
await drd.connectors.update('conn_abc123', { enabled: true });

// Delete a connector (destroys credentials)
await drd.connectors.delete('conn_abc123');

API Endpoints

Complete list of connector API endpoints.

POST

/api/connectors

Create a new connector

GET

/api/connectors

List all connectors

GET

/api/connectors/{id}

Get connector details

PATCH

/api/connectors/{id}

Update connector config

POST

/api/connectors/{id}/test

Test a connector

POST

/api/connectors/{id}/rotate

Rotate credentials

GET

/api/connectors/{id}/logs

Get activity logs

DELETE

/api/connectors/{id}

Delete a connector

Next Steps

Webhooks

Event delivery and webhook setup

Learn more →

Security Audit

Scan agents for vulnerabilities

Learn more →

Trust Automation

Automate workflows with connectors

Learn more →

API Gateway

Rate limiting and traffic management for connectors

Learn more →

Integrations

Trust Connectors

Integrate DRD with external services through API, OAuth, webhook, and SDK connectors. Connectors enable automated trust signal exchange, event forwarding, and cross-platform agent governance.

Connector Types

DRD supports four connector types, each designed for different integration patterns and authentication models.

API Connector

Connect to REST or GraphQL APIs with configurable authentication and request mapping.

OAuth Connector

Integrate with services using OAuth 2.0 flows including PKCE, client credentials, and authorization code.

Webhook Connector

Receive real-time events from external services via HMAC-signed webhook endpoints.

SDK Connector

Deep integration using platform-specific SDKs for Slack, GitHub, Jira, and more.

Creating Connectors

Create a connector by specifying its type, target service, and configuration. The config field accepts a flexible JSON structure tailored to each connector type.

POST /api/connectors

{
  "name": "Slack Notifications",
  "type": "sdk",
  "service": "slack",
  "config": {
    "workspace": "acme-corp",
    "defaultChannel": "#drd-alerts",
    "eventTypes": ["monitoring", "compliance", "security"],
    "mentionOnCritical": true
  },
  "credentials": {
    "botToken": "your-bot-token",
    "signingSecret": "..."
  },
  "enabled": true
}

// Response
{
  "connectorId": "conn_abc123",
  "name": "Slack Notifications",
  "type": "sdk",
  "service": "slack",
  "status": "connected",
  "createdAt": "2026-02-12T10:00:00Z",
  "lastTestedAt": null
}

create-connector.ts

import { DRD } from '@drd/sdk';

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

// Create an API connector
const connector = await drd.connectors.create({
  name: 'Internal SIEM',
  type: 'api',
  service: 'custom',
  config: {
    baseUrl: 'https://siem.acme.com/api/v2',
    headers: { 'X-Source': 'drd-platform' },
    retryPolicy: { maxRetries: 3, backoff: 'exponential' },
  },
  credentials: {
    apiKey: process.env.SIEM_API_KEY,
  },
});

console.log(connector.connectorId);   // 'conn_def456'
console.log(connector.status);        // 'connected'

Connector Features

Each connector type supports specific capabilities for different integration patterns.

API Connector

•Bearer token or API key authentication
•Custom header and query parameter support
•Request/response transformation rules
•Automatic retry with exponential backoff

OAuth Connector

•Authorization Code, Client Credentials, PKCE flows
•Automatic token refresh before expiry
•Scope-based permission management
•OIDC discovery endpoint support

Webhook Connector

•HMAC-SHA256 signature verification
•Configurable retry policy (up to 5 retries)
•Dead letter queue for failed deliveries
•Event filtering by type and severity

SDK Connector

•Zero-latency policy checks (local cache)
•Automatic event emission on every action
•Middleware pattern for Express, Fastify, etc.
•Supports Node.js, Python, Go, and Java runtimes

Credential Management

Connector credentials are encrypted at rest using AES-256-GCM and never exposed in API responses. You can rotate keys without downtime.

Encrypted Storage

All credentials are encrypted with organization-scoped keys. Secrets are never logged or included in API responses.

Key Rotation

Rotate credentials with zero-downtime. DRD validates the new credentials before deactivating the old ones.

rotate-credentials.ts

// Rotate connector credentials
await drd.connectors.rotateCredentials('conn_abc123', {
  credentials: {
    botToken: 'your-new-bot-token',
    signingSecret: 'new-secret-...',
  },
  validateBeforeSwap: true,
});

// The old credentials are invalidated after successful validation

Testing Connections

Validate that a connector is properly configured and can communicate with the target service before enabling it in production.

test-connection.ts

// Test a connector
const result = await drd.connectors.test('conn_abc123');

console.log(result.success);          // true
console.log(result.latency);          // 142 (ms)
console.log(result.details);          // 'Successfully posted to #drd-alerts'

// Test with a sample payload
const payloadTest = await drd.connectors.test('conn_abc123', {
  sampleEvent: {
    type: 'security.finding',
    severity: 'critical',
    message: 'Test alert from DRD',
  },
});

console.log(payloadTest.success);      // true
console.log(payloadTest.responseCode); // 200

POST /api/connectors/{id}/test

// Response
{
  "connectorId": "conn_abc123",
  "success": true,
  "latency": 142,
  "details": "Successfully posted to #drd-alerts",
  "testedAt": "2026-02-12T10:05:00Z"
}

Activity Logs

Every connector action is logged with details including the action type, status, duration, and any error information.

success

Action completed successfully

failed

Action failed with error details

timeout

Action exceeded configured timeout

retrying

Action failed and is being retried

GET /api/connectors/{id}/logs

// Response
{
  "logs": [
    {
      "logId": "log_001",
      "connectorId": "conn_abc123",
      "action": "send_alert",
      "status": "success",
      "duration": 234,
      "metadata": {
        "channel": "#drd-alerts",
        "eventType": "security.finding"
      },
      "timestamp": "2026-02-12T10:30:00Z"
    },
    {
      "logId": "log_002",
      "connectorId": "conn_abc123",
      "action": "send_alert",
      "status": "failed",
      "duration": 5000,
      "error": "Connection timeout after 5000ms",
      "retryCount": 2,
      "timestamp": "2026-02-12T10:31:00Z"
    }
  ],
  "total": 156,
  "successRate": 0.97
}

Connector Lifecycle

Connectors progress through defined states. Understanding the lifecycle helps with monitoring and troubleshooting integration issues.

pending

Created but awaiting authorization (OAuth connectors)

active, error

active

Connector is operational and processing events

paused, error, deleted

paused

Manually paused by user; no events processed

active, deleted

error

Health check failed; automatic retries in progress

active, paused, deleted

deleted

Permanently removed; credentials destroyed

(terminal)

connector-lifecycle.ts

// Pause a connector
await drd.connectors.update('conn_abc123', { enabled: false });

// Resume a connector
await drd.connectors.update('conn_abc123', { enabled: true });

// Delete a connector (destroys credentials)
await drd.connectors.delete('conn_abc123');

API Endpoints

Complete list of connector API endpoints.

POST

/api/connectors

Create a new connector

GET

/api/connectors

List all connectors

GET

/api/connectors/{id}

Get connector details

PATCH

/api/connectors/{id}

Update connector config

POST

/api/connectors/{id}/test

Test a connector

POST

/api/connectors/{id}/rotate

Rotate credentials

GET

/api/connectors/{id}/logs

Get activity logs

DELETE

/api/connectors/{id}

Delete a connector

Next Steps

Webhooks

Event delivery and webhook setup

Learn more →

Security Audit

Scan agents for vulnerabilities

Learn more →

Trust Automation

Automate workflows with connectors

Learn more →

API Gateway

Rate limiting and traffic management for connectors

Learn more →