Skip to main content
To bootstrap development, Opal provides an OpenAPI spec to help you automatically generate a server using OpenAPI Generator. This guide provides instructions to implement the required endpoints to use in a custom Opal app, then connect these endpoints to a custom Opal app. See Opal’s custom DataDog connector for an example server implementation.

1. Bootstrap connector server

  1. If you use MacOS and Homebrew, use the following command to install OpenAPI Generator.
    See OpenAPI Generator README for ways to install the generator app if you’re not on MacOS.
  2. Save the Opal Custom App Connector API spec as a YAML file.
  3. Choose a server generator from the OpenAPI Generator documentation. Opal’s example uses go-gin-server.
  4. Generate the connector server stub, replacing go-gin-server with your preferred server generator. See the available configuration options for your chosen server generator to tweak the output of the generated code.

2. Implement Custom Connector API endpoints

  1. After you generate the boilerplate code, navigate into the generated code directory. In the DataDog example:
See the generated README.md file for instructions on how to run the code. You can change how you run and deploy the code based on your requirements and needs.
  1. On your server, implement the endpoints specified in Opal’s Custom Connector API Spec. Your implementation will vary based on your server and end system. Note the Nested Resources in connectors section as you implement the /resources endpoint.
In the DataDog example, the /resources endpoints are implemented in the api_resources.go file, and uses DataDog’s Go API client to connect to DataDog.
  1. To verify requests originate in Opal, it’s strongly recommended you validate requests using the X-Opal-Signature header. See more in the Signatures section, and in routes.go in the example DataDog connector.

Nested Resources in connectors

Due to how hierarchical resources work in other systems, Opal assumes the following:
  • If a user has access to a parent resource, the user also has access to all its child resources.
  • If a child resource is imported into Opal, all its parent resources will also be imported.
If you enable Nested Resources in the connector setup, Opal assumes the following behavior:
  • GET /resources: instead of listing ALL the available resources in the connector, only the resources without a parent (root resources) are returned. Returning a resource that has a parent in this call might result in duplicate resources or errors.
  • GET /resources?parent_id=<id>: when passing the ID of a resource as a query param, only the immediate children of this resource need to be returned. If no children belong to this resource, an empty list should be returned instead.
For example, given this resource structure: Opal expects the following responses, given the following calls, to and from the connector.

Example request from Opal to the connector

The following is a snapshot of requests made from Opal to a generic connector implementation, containing the raw path with query parameters, method, body, and example of signatures. You can use this to unit test your connector implementation.

Example of X-Opal-Signatures

To test X-Opal-Signature, you can use the following replay of some requests made to a connector with method, signature, hash and encryption key to build unit tests for your validation functions.

3. Test a local connector implementation with Opal

If you’re developing a connector and you want to test it out with your Opal instance before deploying it to a public server (or your own network), you can use ngrok to make a local server available with a public hostname. With a connector running locally on port :8080, run ngrok with:
Now you can use the ngrok endpoint in your Connector app configuration in Opal.

4. Create a custom app

In Opal, go to the Inventory page and select + App. Select the Custom App tile, then the Use custom app connector option. Fill in the form with using the following settings to create the Opal custom app. Select Generate to generate a signing secret, and use this code into your connector to verify that the X-Opal-Signature header is correct and authentic. See Signatures for more. Select Create Custom App to verify that the connector is properly set up. If successful, the connection will be created and you can now manage your access with Opal.
Last modified on September 11, 2025