Add ListReferenceTableRows endpoint to Reference Tables

cassettes/features/v2/reference_tables/List-reference-table-rows-returns-Bad-Request-response-for-invalid-limit.frozen

@@ -0,0 +1 @@
+2026-05-15T19:32:21.293Z

cassettes/features/v2/reference_tables/List-reference-table-rows-returns-Not-Found-response.frozen

@@ -0,0 +1 @@
+2026-05-15T19:32:23.068Z

examples/v2/oauth2-client-public/DeleteScopesRestriction.rb

@@ -0,0 +1,8 @@
+# Delete an OAuth2 client scopes restriction returns "No Content" response
+
+require "datadog_api_client"
+DatadogAPIClient.configure do |config|
+  config.unstable_operations["v2.delete_scopes_restriction".to_sym] = true
+end
+api_instance = DatadogAPIClient::V2::OAuth2ClientPublicAPI.new
+api_instance.delete_scopes_restriction("fafa8e1c-36a5-11f0-a83d-da7ad0900001")

examples/v2/oauth2-client-public/GetScopesRestriction.rb

@@ -0,0 +1,8 @@
+# Get an OAuth2 client scopes restriction returns "OK" response
+
+require "datadog_api_client"
+DatadogAPIClient.configure do |config|
+  config.unstable_operations["v2.get_scopes_restriction".to_sym] = true
+end
+api_instance = DatadogAPIClient::V2::OAuth2ClientPublicAPI.new
+p api_instance.get_scopes_restriction("fafa8e1c-36a5-11f0-a83d-da7ad0900001")

examples/v2/oauth2-client-public/RegisterOAuthClient.rb

@@ -0,0 +1,29 @@
+# Register an OAuth2 client returns "Created" response
+
+require "datadog_api_client"
+DatadogAPIClient.configure do |config|
+  config.unstable_operations["v2.register_o_auth_client".to_sym] = true
+end
+api_instance = DatadogAPIClient::V2::OAuth2ClientPublicAPI.new
+
+body = DatadogAPIClient::V2::OAuthClientRegistrationRequest.new({
+  client_name: "Example MCP Client",
+  client_uri: "https://example.com",
+  grant_types: [
+    DatadogAPIClient::V2::OAuthClientRegistrationGrantType::AUTHORIZATION_CODE,
+    DatadogAPIClient::V2::OAuthClientRegistrationGrantType::REFRESH_TOKEN,
+  ],
+  jwks_uri: "https://example.com/.well-known/jwks.json",
+  logo_uri: "https://example.com/logo.png",
+  policy_uri: "https://example.com/privacy",
+  redirect_uris: [
+    "https://example.com/oauth/callback",
+  ],
+  response_types: [
+    DatadogAPIClient::V2::OAuthClientRegistrationResponseType::CODE,
+  ],
+  scope: "openid profile",
+  token_endpoint_auth_method: "none",
+  tos_uri: "https://example.com/tos",
+})
+p api_instance.register_o_auth_client(body)

examples/v2/oauth2-client-public/UpsertScopesRestriction.rb

@@ -0,0 +1,24 @@
+# Upsert an OAuth2 client scopes restriction returns "OK" response
+
+require "datadog_api_client"
+DatadogAPIClient.configure do |config|
+  config.unstable_operations["v2.upsert_scopes_restriction".to_sym] = true
+end
+api_instance = DatadogAPIClient::V2::OAuth2ClientPublicAPI.new
+
+body = DatadogAPIClient::V2::UpsertOAuthScopesRestrictionRequest.new({
+  data: DatadogAPIClient::V2::UpsertOAuthScopesRestrictionData.new({
+    attributes: DatadogAPIClient::V2::UpsertOAuthScopesRestrictionDataAttributes.new({
+      oidc_scopes: [
+        DatadogAPIClient::V2::OAuthOidcScope::OPENID,
+        DatadogAPIClient::V2::OAuthOidcScope::EMAIL,
+      ],
+      permission_scopes: [
+        "dashboards_read",
+        "metrics_read",
+      ],
+    }),
+    type: DatadogAPIClient::V2::UpsertOAuthScopesRestrictionType::UPSERT_SCOPES_RESTRICTION,
+  }),
+})
+p api_instance.upsert_scopes_restriction("fafa8e1c-36a5-11f0-a83d-da7ad0900001", body)

examples/v2/reference-tables/ListReferenceTableRows.rb

@@ -0,0 +1,5 @@
+# List rows returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::ReferenceTablesAPI.new
+p api_instance.list_reference_table_rows("id")

features/scenarios_model_mapping.rb

@@ -3881,6 +3881,19 @@
             "tags" => "String",
             "limit" => "Integer",
     },
+    "v2.DeleteScopesRestriction" => {
+            "client_uuid" => "UUID",
+    },
+    "v2.GetScopesRestriction" => {
+            "client_uuid" => "UUID",
+    },
+    "v2.UpsertScopesRestriction" => {
+            "client_uuid" => "UUID",
+            "body" => "UpsertOAuthScopesRestrictionRequest",
+    },
+    "v2.RegisterOAuthClient" => {
+            "body" => "OAuthClientRegistrationRequest",
+    },
     "v2.ListPipelines" => {
             "page_size" => "Integer",
             "page_number" => "Integer",
@@ -4258,6 +4271,11 @@
             "id" => "String",
             "body" => "BatchUpsertRowsRequestArray",
     },
+    "v2.ListReferenceTableRows" => {
+            "id" => "String",
+            "page_limit" => "Integer",
+            "page_continuation_token" => "String",
+    },
     "v2.CreateReferenceTableUpload" => {
             "body" => "CreateUploadRequest",
     },

features/v2/oauth2_client_public.feature

@@ -0,0 +1,100 @@
+@endpoint(oauth2-client-public) @endpoint(oauth2-client-public-v2)
+Feature: OAuth2 Client Public
+  Configure OAuth2 clients for Datadog. Supports RFC 7591 Dynamic Client
+  Registration and management of OAuth2 client scopes restrictions.
+
+  Background:
+    Given a valid "apiKeyAuth" key in the system
+    And a valid "appKeyAuth" key in the system
+    And an instance of "OAuth2ClientPublic" API
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Delete an OAuth2 client scopes restriction returns "Bad Request" response
+    Given operation "DeleteScopesRestriction" enabled
+    And new "DeleteScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Delete an OAuth2 client scopes restriction returns "No Content" response
+    Given operation "DeleteScopesRestriction" enabled
+    And new "DeleteScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 204 No Content
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Delete an OAuth2 client scopes restriction returns "Not Found" response
+    Given operation "DeleteScopesRestriction" enabled
+    And new "DeleteScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Get an OAuth2 client scopes restriction returns "Bad Request" response
+    Given operation "GetScopesRestriction" enabled
+    And new "GetScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Get an OAuth2 client scopes restriction returns "Not Found" response
+    Given operation "GetScopesRestriction" enabled
+    And new "GetScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Get an OAuth2 client scopes restriction returns "OK" response
+    Given operation "GetScopesRestriction" enabled
+    And new "GetScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Register an OAuth2 client returns "Bad Request" response
+    Given operation "RegisterOAuthClient" enabled
+    And new "RegisterOAuthClient" request
+    And body with value {"client_name": "Example MCP Client", "client_uri": "https://example.com", "grant_types": ["authorization_code", "refresh_token"], "jwks_uri": "https://example.com/.well-known/jwks.json", "logo_uri": "https://example.com/logo.png", "policy_uri": "https://example.com/privacy", "redirect_uris": ["https://example.com/oauth/callback"], "response_types": ["code"], "scope": "openid profile", "token_endpoint_auth_method": "none", "tos_uri": "https://example.com/tos"}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Register an OAuth2 client returns "Created" response
+    Given operation "RegisterOAuthClient" enabled
+    And new "RegisterOAuthClient" request
+    And body with value {"client_name": "Example MCP Client", "client_uri": "https://example.com", "grant_types": ["authorization_code", "refresh_token"], "jwks_uri": "https://example.com/.well-known/jwks.json", "logo_uri": "https://example.com/logo.png", "policy_uri": "https://example.com/privacy", "redirect_uris": ["https://example.com/oauth/callback"], "response_types": ["code"], "scope": "openid profile", "token_endpoint_auth_method": "none", "tos_uri": "https://example.com/tos"}
+    When the request is sent
+    Then the response status is 201 Created
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Upsert an OAuth2 client scopes restriction returns "Bad Request" response
+    Given operation "UpsertScopesRestriction" enabled
+    And new "UpsertScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"oidc_scopes": ["openid", "email"], "permission_scopes": ["dashboards_read", "metrics_read"]}, "type": "upsert_scopes_restriction"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Upsert an OAuth2 client scopes restriction returns "Not Found" response
+    Given operation "UpsertScopesRestriction" enabled
+    And new "UpsertScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"oidc_scopes": ["openid", "email"], "permission_scopes": ["dashboards_read", "metrics_read"]}, "type": "upsert_scopes_restriction"}}
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/delegated-auth-login
+  Scenario: Upsert an OAuth2 client scopes restriction returns "OK" response
+    Given operation "UpsertScopesRestriction" enabled
+    And new "UpsertScopesRestriction" request
+    And request contains "client_uuid" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"oidc_scopes": ["openid", "email"], "permission_scopes": ["dashboards_read", "metrics_read"]}, "type": "upsert_scopes_restriction"}}
+    When the request is sent
+    Then the response status is 200 OK

features/v2/reference_tables.feature

@@ -142,6 +142,41 @@ Feature: Reference Tables
     When the request is sent
     Then the response status is 200 OK
 
+  @team:DataDog/redapl-experiences
+  Scenario: List reference table rows returns "Bad Request" response for invalid limit
+    Given new "ListReferenceTableRows" request
+    And request contains "id" parameter with value "not-a-valid-uuid"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/redapl-experiences
+  Scenario: List reference table rows returns "Not Found" response
+    Given new "ListReferenceTableRows" request
+    And request contains "id" parameter with value "00000000-0000-0000-0000-000000000000"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/redapl-experiences
+  Scenario: List rows returns "Bad Request" response
+    Given new "ListReferenceTableRows" request
+    And request contains "id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/redapl-experiences
+  Scenario: List rows returns "Not Found" response
+    Given new "ListReferenceTableRows" request
+    And request contains "id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/redapl-experiences
+  Scenario: List rows returns "OK" response
+    Given new "ListReferenceTableRows" request
+    And request contains "id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
+
   @skip @team:DataDog/redapl-experiences
   Scenario: List tables returns "OK" response
     Given new "ListTables" request

features/v2/undo.json

@@ -4678,6 +4678,30 @@
       "type": "safe"
     }
   },
+  "DeleteScopesRestriction": {
+    "tag": "OAuth2 Client Public",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
+  "GetScopesRestriction": {
+    "tag": "OAuth2 Client Public",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "UpsertScopesRestriction": {
+    "tag": "OAuth2 Client Public",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
+  "RegisterOAuthClient": {
+    "tag": "OAuth2 Client Public",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "ListPipelines": {
     "tag": "Observability Pipelines",
     "undo": {
@@ -5371,6 +5395,12 @@
       "type": "unsafe"
     }
   },
+  "ListReferenceTableRows": {
+    "tag": "Reference Tables",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "CreateReferenceTableUpload": {
     "tag": "Reference Tables",
     "undo": {

lib/datadog_api_client/configuration.rb

@@ -520,6 +520,10 @@ def initialize
             "v2.update_monitor_user_template": false,
             "v2.validate_existing_monitor_user_template": false,
             "v2.validate_monitor_user_template": false,
+            "v2.delete_scopes_restriction": false,
+            "v2.get_scopes_restriction": false,
+            "v2.register_o_auth_client": false,
+            "v2.upsert_scopes_restriction": false,
             "v2.bulk_update_org_group_memberships": false,
             "v2.create_org_group": false,
             "v2.create_org_group_policy": false,