> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flashduty.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update datasource

> Update an existing data source. Supply `id` plus the fields to change.

## Restrictions

| Aspect      | Value                                                         |
| ----------- | ------------------------------------------------------------- |
| Rate limits | **1,000 requests/minute**; **50 requests/second** per account |
| Permissions | **Datasources Manage** (`monit`)                              |

## Usage

* Every call is recorded in the account audit log. Don't put secrets in request fields.


## OpenAPI

````yaml /api-reference/monitors.openapi.en.json post /monit/datasource/update
openapi: 3.1.0
info:
  title: Flashduty Open API
  description: >-
    Public HTTP API for the Flashduty incident management platform — incidents,
    notification templates, channels, schedules, monitors, RUM, and platform
    administration. Every operation is authenticated with an `app_key` query
    parameter issued from the Flashduty console under Account → APP Keys.
    Responses follow a uniform envelope: `{ request_id, data }` on success, `{
    request_id, error }` on failure.
  version: 1.0.0
servers:
  - url: https://api.flashcat.cloud
    description: Flashduty Open API
security:
  - AppKeyAuth: []
tags:
  - name: Monitors/Alert rules
    description: >-
      Create, manage, and export monitor alert rules. Query rule counters and
      audit history.
  - name: Monitors/Data sources
    description: Manage monitoring data sources used by alert rules to query metrics.
  - name: Monitors/Rule sets
    description: >-
      Manage shared rule sets (rulesets) in the Monitors rule repository.
      Rulesets can be shared publicly or within an account.
  - name: Monitors/Diagnostics
    description: >-
      Diagnostic and query endpoints used by Flashduty AI SRE — ad-hoc data
      source queries, log/metric diagnostics, and target-side tool invocation.
  - name: Monitors/Monitor utilities
    description: Monitors service activation and data preview utilities.
paths:
  /monit/datasource/update:
    post:
      tags:
        - Monitors/Data sources
      summary: Update datasource
      description: Update an existing data source. Supply `id` plus the fields to change.
      operationId: monit-datasource-write-update
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DataSourceUpsertRequest'
            example:
              id: 10
              type_ident: prometheus
              name: Prometheus Prod v2
              note: Updated
              address: http://prometheus-v2.example.com:9090
              edge_cluster_name: default
              payload:
                prometheus:
                  basic_auth_enabled: false
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                allOf:
                  - $ref: '#/components/schemas/SuccessEnvelope'
                  - type: object
                    properties:
                      data:
                        $ref: '#/components/schemas/DataSourceItem'
              example:
                request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4
                data:
                  id: 10
                  type_ident: prometheus
                  name: Prometheus Prod v2
                  enabled: true
                  edge_cluster_name: default
                  updated_at: 1712100000
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/ServerError'
components:
  schemas:
    DataSourceUpsertRequest:
      type: object
      description: >-
        Request body for creating or updating a datasource. `id` is required
        only for update. `address` is required for all types except
        Elasticsearch with `deployment=cloud`.
      required:
        - type_ident
        - name
        - edge_cluster_name
        - payload
      properties:
        id:
          type: integer
          format: uint64
          description: Datasource ID. Required for update; omit for create.
        type_ident:
          type: string
          description: >-
            Datasource type identifier. Allowed: `prometheus`, `loki`, `mysql`,
            `oracle`, `postgres`, `clickhouse`, `elasticsearch`, `sls`,
            `victorialogs`.
        name:
          type: string
          description: Datasource display name.
        note:
          type: string
          description: Optional description.
        address:
          type: string
          description: >-
            Connection address. For Prometheus/Loki/VictoriaLogs: HTTP URL. For
            MySQL/Oracle/Postgres/ClickHouse: `host:port`. For SLS: endpoint
            without http/https prefix. Not required for Elasticsearch cloud
            deployment.
        payload:
          $ref: '#/components/schemas/DSPayload'
          description: >-
            Type-specific configuration block. Must include the key matching
            `type_ident`.
        edge_cluster_name:
          type: string
          description: >-
            Monitors edge cluster name responsible for evaluating rules using
            this datasource.
    SuccessEnvelope:
      type: object
      description: >-
        Success response envelope. On every 2xx response, `request_id`
        identifies the call (also mirrored in the `Flashcat-Request-Id` header)
        and `data` holds the endpoint-specific payload. Failure responses use a
        different shape — see `ErrorResponse`.
      properties:
        request_id:
          type: string
          description: >-
            Unique ID for this request. Mirrored in the Flashcat-Request-Id
            response header. Include it when reporting issues.
          example: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4
        data:
          description: Endpoint-specific payload. See each operation's 200 response schema.
      required:
        - request_id
        - data
    DataSourceItem:
      type: object
      description: A monitoring datasource.
      required:
        - id
        - account_id
        - type_ident
        - name
        - enabled
        - note
        - address
        - edge_cluster_name
        - updated_at
      properties:
        id:
          type: integer
          format: uint64
          description: Unique datasource ID.
        account_id:
          type: integer
          format: uint64
          description: Account ID.
        type_ident:
          type: string
          description: >-
            Datasource type identifier. Allowed: `prometheus`, `loki`, `mysql`,
            `oracle`, `postgres`, `clickhouse`, `elasticsearch`, `sls`,
            `victorialogs`.
        name:
          type: string
          description: Datasource display name.
        enabled:
          type: boolean
          description: Whether the datasource is active.
        note:
          type: string
          description: Optional description.
        address:
          type: string
          description: >-
            Connection address. For Prometheus/Loki/VictoriaLogs: HTTP URL. For
            MySQL/Oracle/Postgres/ClickHouse: `host:port`. For SLS: endpoint
            without http/https prefix.
        payload:
          $ref: '#/components/schemas/DSPayload'
        edge_cluster_name:
          type: string
          description: >-
            Monitors edge cluster name responsible for evaluating rules using
            this datasource.
        updated_at:
          type: integer
          format: int64
          description: Last update timestamp, Unix epoch seconds.
    DSPayload:
      type: object
      description: >-
        Type-specific datasource configuration. Include only the block matching
        `type_ident`.
      properties:
        prometheus:
          $ref: '#/components/schemas/DSPrometheusConfig'
        loki:
          $ref: '#/components/schemas/DSLokiConfig'
        mysql:
          $ref: '#/components/schemas/DSMySQLConfig'
        oracle:
          $ref: '#/components/schemas/DSOracleConfig'
        postgres:
          $ref: '#/components/schemas/DSPostgresConfig'
        clickhouse:
          $ref: '#/components/schemas/DSClickHouseConfig'
        elasticsearch:
          $ref: '#/components/schemas/DSElasticSearchConfig'
        sls:
          $ref: '#/components/schemas/DSSLSConfig'
        victorialogs:
          $ref: '#/components/schemas/DSVictoriaLogsConfig'
    ErrorResponse:
      type: object
      description: Response envelope for errors. `error` is required; `data` is absent.
      properties:
        request_id:
          type: string
          example: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4
        error:
          $ref: '#/components/schemas/DutyError'
      required:
        - request_id
        - error
    DSPrometheusConfig:
      type: object
      description: >-
        Prometheus datasource configuration. TLS fields are inherited from
        TLSClientConfig.
      properties:
        basic_auth_enabled:
          type: boolean
          description: Enable HTTP Basic Auth.
        basic_auth_username:
          type: string
          description: Basic auth username.
        basic_auth_password:
          type: string
          description: Basic auth password.
        headers:
          type: array
          items:
            type: string
          description: 'Custom HTTP headers in `Key: Value` format.'
        params:
          type: array
          items:
            type: string
          description: Custom query parameters in `key=value` format.
        tls_ca:
          type: string
        tls_cert:
          type: string
        tls_key:
          type: string
        tls_key_pwd:
          type: string
        tls_skip_verify:
          type: boolean
        tls_server_name:
          type: string
        tls_min_version:
          type: string
        tls_max_version:
          type: string
    DSLokiConfig:
      type: object
      description: >-
        Loki datasource configuration. TLS fields are inherited from
        TLSClientConfig.
      properties:
        basic_auth_enabled:
          type: boolean
        basic_auth_username:
          type: string
        basic_auth_password:
          type: string
        headers:
          type: array
          items:
            type: string
        params:
          type: array
          items:
            type: string
        tls_ca:
          type: string
        tls_cert:
          type: string
        tls_key:
          type: string
        tls_key_pwd:
          type: string
        tls_skip_verify:
          type: boolean
        tls_server_name:
          type: string
        tls_min_version:
          type: string
        tls_max_version:
          type: string
    DSMySQLConfig:
      type: object
      description: >-
        MySQL datasource configuration. TLS fields are inherited from
        TLSClientConfig.
      properties:
        username:
          type: string
        password:
          type: string
        open_conns:
          type: integer
          description: Maximum open connections.
        idle_conns:
          type: integer
          description: Maximum idle connections.
        lifetime_seconds:
          type: integer
          format: int64
          description: Connection maximum lifetime in seconds.
        timeout_mills:
          type: integer
          format: int64
          description: Query timeout in milliseconds.
        tls_ca:
          type: string
        tls_cert:
          type: string
        tls_key:
          type: string
        tls_key_pwd:
          type: string
        tls_skip_verify:
          type: boolean
        tls_server_name:
          type: string
        tls_min_version:
          type: string
        tls_max_version:
          type: string
    DSOracleConfig:
      type: object
      description: Oracle datasource configuration.
      properties:
        username:
          type: string
        password:
          type: string
        options:
          type: object
          additionalProperties:
            type: string
          description: Extra connection options as key-value pairs.
        open_conns:
          type: integer
        idle_conns:
          type: integer
        lifetime_seconds:
          type: integer
          format: int64
        timeout_mills:
          type: integer
          format: int64
    DSPostgresConfig:
      type: object
      description: PostgreSQL datasource configuration.
      properties:
        username:
          type: string
        password:
          type: string
        open_conns:
          type: integer
        idle_conns:
          type: integer
        lifetime_seconds:
          type: integer
          format: int64
        timeout_mills:
          type: integer
          format: int64
        tls_ca:
          type: string
        tls_cert:
          type: string
        tls_key:
          type: string
    DSClickHouseConfig:
      type: object
      description: >-
        ClickHouse datasource configuration. TLS fields are inherited from
        TLSClientConfig.
      properties:
        database:
          type: string
          description: Default database for authentication.
        username:
          type: string
        password:
          type: string
        open_conns:
          type: integer
        idle_conns:
          type: integer
        lifetime_seconds:
          type: integer
          format: int64
        timeout_mills:
          type: integer
          format: int64
        max_execution_seconds:
          type: integer
          format: int64
          description: Max query execution time in seconds.
        dial_timeout_mills:
          type: integer
          format: int64
          description: Dial timeout in milliseconds.
        tls_enabled:
          type: boolean
        tls_ca:
          type: string
        tls_cert:
          type: string
        tls_key:
          type: string
        tls_key_pwd:
          type: string
        tls_skip_verify:
          type: boolean
        tls_server_name:
          type: string
        tls_min_version:
          type: string
        tls_max_version:
          type: string
    DSElasticSearchConfig:
      type: object
      description: Elasticsearch datasource configuration.
      properties:
        deployment:
          type: string
          enum:
            - cloud
            - self-managed
          description: >-
            Deployment type. `cloud` uses Elastic Cloud; `self-managed` uses a
            self-hosted cluster.
        timeout_mills:
          type: integer
          format: int64
        cloud_id:
          type: string
          description: Elastic Cloud deployment ID. Only for `cloud` deployment.
        api_key:
          type: string
          description: Elastic Cloud API key. Only for `cloud` deployment.
        username:
          type: string
          description: Username for `self-managed` deployment.
        password:
          type: string
        service_token:
          type: string
          description: Service token; overrides username/password if set.
        tls_ca:
          type: string
        certificate_fingerprint:
          type: string
        headers:
          type: array
          items:
            type: string
    DSSLSConfig:
      type: object
      description: Alibaba Cloud SLS datasource configuration.
      properties:
        access_key_id:
          type: string
          description: Alibaba Cloud Access Key ID.
        access_key_secret:
          type: string
          description: Alibaba Cloud Access Key Secret.
        headers:
          type: array
          items:
            type: string
          description: Custom HTTP headers.
    DSVictoriaLogsConfig:
      type: object
      description: >-
        VictoriaLogs datasource configuration. TLS fields are inherited from
        TLSClientConfig.
      properties:
        basic_auth_enabled:
          type: boolean
        basic_auth_username:
          type: string
        basic_auth_password:
          type: string
        headers:
          type: array
          items:
            type: string
        params:
          type: array
          items:
            type: string
        tls_ca:
          type: string
        tls_cert:
          type: string
        tls_key:
          type: string
        tls_key_pwd:
          type: string
        tls_skip_verify:
          type: boolean
        tls_server_name:
          type: string
        tls_min_version:
          type: string
        tls_max_version:
          type: string
    DutyError:
      type: object
      description: >-
        Error payload inside the response envelope. Present only on non-2xx
        responses.
      properties:
        code:
          $ref: '#/components/schemas/ErrorCode'
        message:
          type: string
          description: >-
            Human-readable error message, localized by the caller's
            Accept-Language. May contain field names, IDs, or other context from
            the failing request.
          example: The specified parameter template_id is not valid.
      required:
        - code
        - message
    ErrorCode:
      type: string
      description: >-
        Flashduty error code enum. Every failed API response sets `error.code`
        to one of these stable wire strings. HTTP status is informational — the
        authoritative signal is the enum value.


        | Code | HTTP | Meaning |

        |---|---|---|

        | `OK` | 200 | Reserved — not returned on real errors. |

        | `InvalidParameter` | 400 | A required parameter is missing or failed
        validation. |

        | `BadRequest` | 400 | Generic 400 used when no more specific code fits.
        |

        | `InvalidContentType` | 400 | The `Content-Type` header is not
        `application/json`. |

        | `ResourceNotFound` | 400 | The referenced resource does not exist.
        Note: returned as HTTP 400, not 404 (historical choice). |

        | `NoLicense` | 400 | The feature is license-gated and no active license
        was found. |

        | `ReferenceExist` | 400 | Deletion blocked — other entities still
        reference this resource. |

        | `Unauthorized` | 401 | `app_key` is missing, invalid, or expired. |

        | `BalanceNotEnough` | 402 | Billing-gated operation with insufficient
        account balance. |

        | `AccessDenied` | 403 | Authenticated but lacking the permission
        required for this operation. |

        | `RouteNotFound` | 404 | The request URL path is not a known route. |

        | `MethodNotAllowed` | 405 | The HTTP method is not allowed on this
        otherwise-known path. |

        | `UndonedOrderExist` | 409 | An outstanding billing order blocks this
        new one. Wait and retry. |

        | `RequestLocked` | 423 | Operation temporarily locked due to repeated
        failures. |

        | `EntityTooLarge` | 413 | Request body exceeds the configured max size.
        |

        | `RequestTooFrequently` | 429 | Rate limit hit — API-global,
        per-account, or per-integration. |

        | `RequestVerifyRequired` | 428 | Second-factor verification required
        but not supplied. |

        | `DangerousOperation` | 428 | High-risk operation requires MFA
        verification. |

        | `InternalError` | 500 | Unhandled server-side error. Include
        `request_id` in the bug report. |

        | `ServiceUnavailable` | 503 | A backend dependency is unavailable. Try
        again later. |
      enum:
        - OK
        - InvalidParameter
        - BadRequest
        - InvalidContentType
        - ResourceNotFound
        - NoLicense
        - ReferenceExist
        - Unauthorized
        - BalanceNotEnough
        - AccessDenied
        - RouteNotFound
        - MethodNotAllowed
        - UndonedOrderExist
        - RequestLocked
        - EntityTooLarge
        - RequestTooFrequently
        - RequestVerifyRequired
        - DangerousOperation
        - InternalError
        - ServiceUnavailable
      x-enumDescriptions:
        OK: Reserved — not returned on real errors.
        InvalidParameter: A required parameter is missing or failed validation.
        BadRequest: Generic 400 used when no more specific code fits.
        InvalidContentType: The `Content-Type` header is not `application/json`.
        ResourceNotFound: >-
          The referenced resource does not exist. Note: returned as HTTP 400,
          not 404 (historical choice).
        NoLicense: The feature is license-gated and no active license was found.
        ReferenceExist: Deletion blocked — other entities still reference this resource.
        Unauthorized: '`app_key` is missing, invalid, or expired.'
        BalanceNotEnough: Billing-gated operation with insufficient account balance.
        AccessDenied: Authenticated but lacking the permission required for this operation.
        RouteNotFound: The request URL path is not a known route.
        MethodNotAllowed: The HTTP method is not allowed on this otherwise-known path.
        UndonedOrderExist: An outstanding billing order blocks this new one. Wait and retry.
        RequestLocked: Operation temporarily locked due to repeated failures.
        EntityTooLarge: Request body exceeds the configured max size.
        RequestTooFrequently: Rate limit hit — API-global, per-account, or per-integration.
        RequestVerifyRequired: Second-factor verification required but not supplied.
        DangerousOperation: High-risk operation requires MFA verification.
        InternalError: Unhandled server-side error. Include `request_id` in the bug report.
        ServiceUnavailable: A backend dependency is unavailable. Try again later.
      example: InvalidParameter
  responses:
    BadRequest:
      description: Invalid request — usually a missing or malformed parameter.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            missingParameter:
              value:
                request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4
                error:
                  code: InvalidParameter
                  message: The specified parameter is not valid.
    Unauthorized:
      description: Missing or invalid app_key.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            missingAppKey:
              value:
                request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4
                error:
                  code: Unauthorized
                  message: You are unauthorized.
    TooManyRequests:
      description: >-
        Rate limit hit. Either the global API limit, a per-account limit, or a
        per-integration limit.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            rateLimited:
              value:
                request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4
                error:
                  code: RequestTooFrequently
                  message: Request too frequently.
    ServerError:
      description: Unexpected server-side error. Include the request_id when reporting.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            internal:
              value:
                request_id: 01HK8XQE3Z7JM2NTFQ5YJ8P9R4
                error:
                  code: InternalError
                  message: >-
                    We encountered an internal error, and it has been reported.
                    Please try again later.
  securitySchemes:
    AppKeyAuth:
      type: apiKey
      in: query
      name: app_key
      description: >-
        App key issued from the Flashduty console under Account → APP Keys.
        Required on every public API call. Keep it secret — it grants the same
        access as the owning account.

````