L1
Telemetry Sources Reference
Overview
This document provides detailed specifications for all telemetry sources used by XOPS to collect software lifecycle data. Each source includes API endpoints, authentication methods, data refresh frequencies, and sample payloads.
TODO: Sources to Document
Identity Provider (IDP)
Microsoft Entra ID (Azure AD)
- Authentication: OAuth 2.0 / Microsoft Graph API
- Key Endpoints:
/users- User directory/users/{id}/licenseDetails- License assignments/subscribedSkus- Tenant SKU information/auditLogs/signIns- Sign-in activity
- Refresh Frequency: Hourly for assignments, Real-time for sign-ins
- Rate Limits: 5000 requests per minute
Okta
- Authentication: API Token
- Key Endpoints:
/api/v1/users- User directory/api/v1/apps/{appId}/users- Application assignments/api/v1/logs- System logs
- Refresh Frequency: Hourly
- Rate Limits: 1000 requests per minute
Unified Endpoint Management (UEM)
Microsoft Intune
- Authentication: Microsoft Graph API
- Key Endpoints:
/deviceManagement/managedDevices- Device inventory/deviceManagement/detectedApps- Installed applications/deviceManagement/deviceManagementScripts- Deployment scripts
- Refresh Frequency: Real-time via webhooks, Hourly polling
- Rate Limits: 5000 requests per minute
VMware Workspace ONE
- Authentication: OAuth 2.0
- Key Endpoints:
/API/mdm/devices- Device inventory/API/mdm/apps- Application catalog/API/mdm/reports- Usage reports
- Refresh Frequency: Real-time via webhooks, Hourly polling
- Rate Limits: 2000 requests per minute
Procurement Systems
SAP Ariba
- Authentication: OAuth 2.0
- Key Endpoints:
/api/procurement/v2/purchaseOrders- Purchase orders/api/procurement/v2/contracts- Contracts/api/procurement/v2/invoices- Invoices
- Refresh Frequency: Daily
- Rate Limits: 500 requests per hour
Coupa
- Authentication: API Key
- Key Endpoints:
/api/purchase_orders- Purchase orders/api/contracts- Contracts/api/invoices- Invoices
- Refresh Frequency: Daily
- Rate Limits: 1000 requests per hour
Vendor APIs
Microsoft Graph
- Subscription data
- License assignments
- Usage reports (Microsoft 365)
Adobe User Management API
- License assignments
- Product configurations
- Usage analytics
Salesforce
- License usage
- User activity
- Feature adoption
ServiceNow
- License assignments
- Module activation
- Usage metrics
Finance Systems
ERP Integrations
- General ledger entries
- Payment history
- Accruals and adjustments
- Cost center allocations
SIEM and Log Aggregation
Splunk
- Application access logs
- Security events
- Performance metrics
Datadog
- Application performance monitoring
- Usage telemetry
- Custom events
HR Systems
Workday
- Employee directory
- Organizational hierarchy
- Employment status
- Role changes
BambooHR
- Employee information
- Department assignments
- Manager relationships
Data Integration Patterns
Pull-Based Integration
- Scheduled polling (hourly, daily, monthly)
- REST API queries
- Batch file transfers (SFTP, S3)
Push-Based Integration
- Webhooks for real-time events
- Event streaming (Kafka, EventBridge)
- Database change data capture (CDC)
Hybrid Integration
- Initial bulk load via batch
- Incremental updates via webhooks
- Periodic full reconciliation
Authentication and Security
OAuth 2.0 Flow
1. Obtain authorization code
2. Exchange for access token
3. Refresh token before expiration
4. Secure token storage in secrets manager
API Key Management
- Rotation schedule: Every 90 days
- Storage: AWS Secrets Manager / Azure Key Vault
- Access control: Principle of least privilege
Rate Limiting Strategy
- Exponential backoff on 429 responses
- Request queuing and throttling
- Circuit breaker pattern for failures
Data Quality and Validation
Source Data Quality Checks
- Completeness: Required fields present
- Consistency: Data matches expected formats
- Timeliness: Data freshness within SLA
- Accuracy: Spot checks against source systems
Error Handling
- Retry logic for transient failures
- Dead letter queue for failed messages
- Alerting for data quality issues
- Manual review queue for anomalies
Monitoring and Observability
Integration Health Metrics
- API availability and response times
- Data ingestion volumes and trends
- Error rates and types
- Data freshness lag
Alerting Thresholds
- Critical: No data received in 2x expected interval
- Warning: Error rate > 5%
- Info: New data sources detected