Skip to main content
Baton-HTTP is a configuration-driven connector that lets you write YAML instead of Go code. Instead of implementing the ResourceSyncer interface, you describe how to map an API to C1’s resource model. Your ops team can own integrations directly — no engineering queue.

Resources

When to use baton-http

Use baton-http when:
  • The target system has a REST API
  • You need a quick integration without writing Go
  • The access model maps to user/group/resource patterns
  • You want non-developers to maintain the integration
Use a custom connector when:
  • The API requires authentication not supported by baton-http (e.g., Kerberos, SAML)
  • You need heavy data transformation or business logic
  • You need maximum performance optimization

Command-line options

Authentication credentials for the target API are configured in the YAML file using environment variable interpolation (e.g., ${API_TOKEN}), not via command-line flags.

Configuration structure

Every baton-http configuration file must include these core elements:

Top-level fields

Connection configuration

The connect section defines how to connect to your HTTP API:

Authentication methods

Baton-HTTP supports multiple authentication methods. Configure authentication under connect.auth.

No authentication

Bearer token

Basic authentication

API key

OAuth2 client credentials

OAuth2 password (ROPC)

Bearer dynamic

Use for APIs that issue tokens via a login endpoint:

Resource type configuration

Resource types define the entities you want to sync. Each resource type specifies how to list resources and map API responses to C1 resources.

Basic structure

Resource type fields

Data mapping with CEL expressions

Baton-HTTP uses Common Expression Language (CEL) for data mapping. CEL expressions are prefixed with cel:.

Response mapping

Common CEL patterns

URL templates

Use Go template syntax (prefixed with tmpl:) for dynamic URLs:

Available template variables

Pagination

Configure pagination under connect.pagination (global) or per-resource under list.pagination.

Offset-based

Cursor-based

Page-based

No pagination

Entitlements

Entitlements define permissions that can be granted to resources.

Static entitlements

Use for predefined entitlements like group membership:

Dynamic entitlements

Fetch entitlements from an API:

Grants

Grants define which principals have which entitlements:

Conditional grants

Use skip_if to filter grants:

Provisioning

Enable provisioning to grant and revoke access through C1.

Grant and revoke

Pre-requests

Use pre-requests when you need data from another API call:

HTTP client settings

Configure timeouts and retries under the http section:

Error handling

Configure error handling globally or per-request:
Error actions: fail (default), retry, warn, ignore

Running baton-http

Validate configuration

One-shot mode (local testing)

Service mode (production)

Deploying to Kubernetes

Step 1: Set up a new connector in C1

1
In C1, navigate to Connectors > Add connector.
2
Search for Baton and click Add.
3
Choose how to set up the new connector:
  • Add the connector to a currently unmanaged app
  • Add the connector to a managed app
  • Create a new managed app
4
Set the owner for this connector and click Next.
5
In the Settings area, click Edit, then click Rotate to generate a new Client ID and Secret. Save these credentials.

Step 2: Create Kubernetes configuration

Secret

ConfigMap

Deployment

Step 3: Deploy

Apply the configuration files to your Kubernetes cluster and verify the connector appears in C1 under Applications > Managed apps.

Example: GitHub integration

Example: OAuth2 with provisioning

Troubleshooting

Authentication errors

  • Verify credentials are correct and environment variables are set
  • Check token hasn’t expired
  • For OAuth2, verify token URL and scopes

Resources not syncing

  • Use --validate-config-only to check configuration
  • Verify items_path matches your API response structure
  • Check CEL expressions with sample data

Pagination issues

  • Confirm pagination strategy matches your API
  • Verify parameter names (limit_param, offset_param, etc.)
  • Check cursor_path or link_next_path for cursor/link pagination

Mapping errors

  • Test CEL expressions against sample API responses
  • Use has() for optional fields to avoid null errors
  • Check for typos in field names
For more information, see the official download center.