Skip to main content

Targets API

Targets are delivery destinations — where validated events are sent after ingestion and processing.

Status: WIRED_SANDBOX. This page describes the current contract surface and known non-claims. It is not a production-live availability claim.

Terminology

Customer termInternal API/model termAPI path
Targetdestination/destinations

Note: API paths and some legacy documentation use the internal term "destination." Customer-facing docs and the UI use "target."

Audience

Customer / developer integrating delivery endpoints.

Base path

/api/bff/v1/tenants/{tenant_id}/destinations (dashboard/BFF — app-facing, INTERNAL_ONLY)
/v1/tenants/{tenant_id}/destinations (backend API — WIRED_SANDBOX)

Endpoint table

MethodPathDescriptionRead/WriteStatusAuth/scopesIdempotencyOpenAPI
GET/tenants/{tid}/destinationsList targetsReadWIRED_SANDBOXread:destinationsNot requiredPartial (zen-back)
POST/tenants/{tid}/destinationsCreate a targetWriteWIRED_SANDBOXwrite:destinationsRecommendedPartial (zen-back)
GET/tenants/{tid}/destinations/{did}Get target detailsReadWIRED_SANDBOXread:destinationsNot requiredPartial (zen-back)
PATCH/tenants/{tid}/destinations/{did}Update a targetWriteWIRED_SANDBOXwrite:destinationsRecommendedPartial (zen-back)
DELETE/tenants/{tid}/destinations/{did}Delete a targetWriteWIRED_SANDBOXwrite:destinationsRecommendedPartial (zen-back)

Read/write status

OperationReadWriteStatus
List targetsYesWIRED_SANDBOX
Create targetYesWIRED_SANDBOX
Get target detailsYesWIRED_SANDBOX
Update targetYesWIRED_SANDBOX
Delete targetYesWIRED_SANDBOX

Write operations require tenant authorization, appropriate scopes, and audit logging. See Write Safety Model for details.

Request example

{
"name": "production-app-server",
"url": "https://app.example.com/webhooks"
}

Create example

curl -X POST \
-H "Authorization: Bearer <api_key>" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: <unique_key>" \
-d '{"name": "production-app-server", "url": "https://app.example.com/webhooks"}' \
"https://api.zen-mesh.io/v1/tenants/<tenant_id>/destinations"

Response fields

FieldTypeDescription
idstringUnique destination identifier
namestringHuman-readable name
urlstringTarget URL for delivery
statusstringactive, error, disabled
created_atdatetimeCreation timestamp
updated_atdatetimeLast update timestamp

Error examples

400 Validation error

{
"type": "https://api.zen-mesh.io/errors/validation-error",
"title": "Validation Error",
"status": 400,
"detail": "url: must not be empty",
"instance": "req_abc123"
}

403 Insufficient scope

{
"type": "https://api.zen-mesh.io/errors/insufficient-scope",
"title": "Insufficient Scope",
"status": 403,
"detail": "API key does not have write:destinations scope.",
"required_scope": "write:destinations"
}

409 Conflict

{
"type": "https://api.zen-mesh.io/errors/conflict",
"title": "Conflict",
"status": 409,
"detail": "A destination with name 'production-app-server' already exists."
}

Pagination

List targets supports cursor-based pagination with limit and cursor parameters. See Pagination and Filtering.

Auth

Bearer JWT or API key in Authorization header. Tenant-scoped via path parameter. See Authentication for scope model.

OpenAPI coverage

Partially covered in zen-back.v1.yaml (destinations CRUD). See OpenAPI Spec Index.

UI mapping

Connect → Targets

Non-claims

  • WIRED_SANDBOX: implemented in local/sandbox runtime. Not production-live.
  • Target delivery to private NAT/firewalled networks requires Edge Lite or zen-agent.
  • Delete is not reversible — removed targets must be recreated.