> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create > Create registers a new SSF receiver stream with the specified configuration and returns the created stream along with the push auth token (if push delivery). ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/ssf-receiver-streams openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/ssf-receiver-streams: post: tags: - SSF Receiver summary: Create description: >- Create registers a new SSF receiver stream with the specified configuration and returns the created stream along with the push auth token (if push delivery). operationId: c1.api.ssf_receiver.v1.SSFReceiverStreamService.Create requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.ssf_receiver.v1.SSFReceiverStreamServiceCreateRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.ssf_receiver.v1.SSFReceiverStreamServiceCreateResponse description: >- SSFReceiverStreamServiceCreateResponse returns the created stream and the push auth token in plaintext. x-codeSamples: - lang: go label: Create source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.SSFReceiverStream.Create(ctx, nil)\n if err != nil {\n log.Fatal(err)\n }\n if res.SSFReceiverStreamServiceCreateResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.ssfReceiverStream.create(); console.log(result); } run(); components: schemas: c1.api.ssf_receiver.v1.SSFReceiverStreamServiceCreateRequest: description: >- SSFReceiverStreamServiceCreateRequest contains the configuration for a new SSF receiver stream. properties: accountDisabledAction: description: Action to take when an account-disabled event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow credentialChangeAction: description: Action to take when a credential-change event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow credentialCompromiseAction: description: Action to take when a credential-compromise event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow deliveryMethod: description: Controls whether events are received via push or poll delivery. enum: - SSF_DELIVERY_METHOD_UNSPECIFIED - SSF_DELIVERY_METHOD_PUSH - SSF_DELIVERY_METHOD_POLL readOnly: false type: string x-speakeasy-unknown-values: allow description: description: Optional description of the stream's purpose or source. readOnly: false type: string displayName: description: Human-readable name for the stream. readOnly: false type: string enabled: description: >- Controls whether the stream starts processing events immediately after creation. readOnly: false type: boolean expectedAudience: description: >- Expected audience claim in incoming SETs. If set, SETs with a different audience are rejected. readOnly: false type: string issuerUrl: description: >- The issuer URL of the upstream SSF transmitter, used for token validation. readOnly: false type: string jwksUrl: description: >- URL to fetch the transmitter's JSON Web Key Set for SET signature verification. readOnly: false type: string pollEndpointUrl: description: >- URL of the transmitter's poll endpoint. Required when delivery_method is POLL. readOnly: false type: string pollInterval: format: duration readOnly: false type: string sessionRevokedAction: description: |- Per-event-type action configuration. Action to take when a session-revoked event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow required: - displayName - issuerUrl title: Ssf Receiver Stream Service Create Request type: object x-speakeasy-name-override: SSFReceiverStreamServiceCreateRequest c1.api.ssf_receiver.v1.SSFReceiverStreamServiceCreateResponse: description: >- SSFReceiverStreamServiceCreateResponse returns the created stream and the push auth token in plaintext. properties: pushAuthTokenPlaintext: description: Push auth token returned in plaintext ONLY on create. readOnly: false type: string ssfReceiverStream: $ref: '#/components/schemas/c1.api.ssf_receiver.v1.SSFReceiverStream' title: Ssf Receiver Stream Service Create Response type: object x-speakeasy-name-override: SSFReceiverStreamServiceCreateResponse c1.api.ssf_receiver.v1.SSFReceiverStream: description: > SSFReceiverStream is the public API representation. Secrets (push_auth_token, outbound credentials) are write-only. This message contains a oneof named outbound_auth. Only a single field of the following list may be set at a time: - outboundAuthBearer - outboundAuthOauth2 properties: accountDisabledAction: description: Action to take when an account-disabled event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow createdAt: format: date-time readOnly: true type: string credentialChangeAction: description: Action to take when a credential-change event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow credentialCompromiseAction: description: Action to take when a credential-compromise event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow deletedAt: format: date-time readOnly: true type: string deliveryMethod: description: >- Controls whether events are received via push (transmitter POSTs to C1) or poll (C1 fetches from transmitter). enum: - SSF_DELIVERY_METHOD_UNSPECIFIED - SSF_DELIVERY_METHOD_PUSH - SSF_DELIVERY_METHOD_POLL readOnly: false type: string x-speakeasy-unknown-values: allow description: description: Optional description of the stream's purpose or source. readOnly: false type: string displayName: description: Human-readable name for the stream shown in the UI. readOnly: false type: string enabled: description: >- Controls whether this stream actively processes incoming events. When false, events are ignored. readOnly: false type: boolean eventTypesEnabled: description: >- SSF/CAEP/RISC event type URIs that this stream is configured to accept. items: type: string nullable: true readOnly: false type: array expectedAudience: description: Expected audience (aud) claim in incoming SETs. Optional. readOnly: false type: string id: description: The unique identifier of this SSF receiver stream. readOnly: false type: string issuerUrl: description: Upstream IdP identification. readOnly: false type: string jwksUrl: description: The jwksUrl field. readOnly: false type: string lastErrorAt: format: date-time readOnly: false type: string lastErrorMessage: description: The lastErrorMessage field. readOnly: false type: string lastVerifiedAt: format: date-time readOnly: false type: string outboundAuthBearer: $ref: '#/components/schemas/c1.api.ssf_receiver.v1.SSFOutboundAuthBearer' outboundAuthOauth2: $ref: '#/components/schemas/c1.api.ssf_receiver.v1.SSFOutboundAuthOAuth2' pollEndpointUrl: description: URL of the transmitter's poll endpoint where C1 fetches events from. readOnly: false type: string pollInterval: format: duration readOnly: false type: string pushAuthToken: description: >- Push auth token: write-only. Accepted on create, never returned in get/list. readOnly: false type: string pushEndpointUrl: description: 'Push delivery: C1 generates a unique endpoint URL.' readOnly: true type: string sessionRevokedAction: description: |- Per-canonical-type action configuration. Event types without a config here default to LOG_ONLY. Action to take when a session-revoked event is received. enum: - SSF_REVOCATION_ACTION_UNSPECIFIED - SSF_REVOCATION_ACTION_REVOKE_ALL - SSF_REVOCATION_ACTION_LOG_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow updatedAt: format: date-time readOnly: true type: string title: Ssf Receiver Stream type: object x-speakeasy-name-override: SSFReceiverStream c1.api.ssf_receiver.v1.SSFOutboundAuthBearer: description: |- SSFOutboundAuthBearer is a static bearer token for outbound auth. Token is write-only: accepted on create/update, never returned. nullable: true properties: token: description: The token field. readOnly: false type: string title: Ssf Outbound Auth Bearer type: object x-speakeasy-name-override: SSFOutboundAuthBearer c1.api.ssf_receiver.v1.SSFOutboundAuthOAuth2: description: |- SSFOutboundAuthOAuth2 uses OAuth2 client credentials for outbound auth. client_secret is write-only: accepted on create/update, never returned. nullable: true properties: clientId: description: The clientId field. readOnly: false type: string clientSecret: description: The clientSecret field. readOnly: false type: string scopes: description: The scopes field. items: type: string nullable: true readOnly: false type: array tokenUrl: description: The tokenUrl field. readOnly: false type: string title: Ssf Outbound Auth O Auth 2 type: object x-speakeasy-name-override: SSFOutboundAuthOAuth2 securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````