Rough draft

Author: jpipkin1

blog-service/2025-10-30-collection.md

@@ -0,0 +1,16 @@
+---
+title: Token-Based Authentication for Secure HTTPS Log and Metric Sources (Collection)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - c2c
+  - snowflake
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce secure token-based authentication for HTTPS and OTLP sources. This new capability allows you to authenticate using a unique token in the request header, maintaining the existing HTTPS endpoint behavior while adding token validation per source. This token-based authentication is compatible across all environments, including AWS, Azure, Google Cloud Platform, and on-premises. 
+
+To learn more, see:
+* [Configure an HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source)
+* [Create an OTLP/HTTP Source](/docs/send-data/hosted-collectors/http-source/otlp/#create-an-otlphttpsource)

docs/send-data/hosted-collectors/http-source/generate-new-url.md

@@ -11,10 +11,14 @@ You can generate a new URL for an HTTP Source at any time. Generating a new UR
 To generate a new URL:
 
 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**.  <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Collection**. 
-1. On the **Manage Collection** page, click **Regenerate URL** next to the HTTP source.<br/> <img src={useBaseUrl('img/send-data/regenerate-url.png')} alt="HTTPregenURL"/>
-1. In the **HTTP Source Address** dialog box, click **Generate**.<br/> <img src={useBaseUrl('img/send-data/generate-new-url.png')} alt="http_source_dialog_generate.png" width="350"/>
+1. On the **Manage Collection** page, click **Regenerate URL** next to the HTTP source.<br/><img src={useBaseUrl('img/send-data/regenerate-url.png')} alt="Regenerate URL link" style={{border: '1px solid gray'}} width="800" />
+1. In the **HTTP Source Address** dialog box, select one of the following to regenerate the URL where the source data will be stored:
+   * **Presigned URL**. Select to copy a presigned URL with embedded authentication.<br/><img src={useBaseUrl('img/send-data/generate-new-url.png')} alt="Generate New URL" style={{border: '1px solid gray'}} width="600"/>
+   * **Auth Header**. Select to copy the URL, as well as a separate authorization header that contains an authentication token. This option provides greater security than a presigned URL because placing the authentication token in the authorization header of a request prevents the token from being exposed in the URL.<br/><img src={useBaseUrl('img/send-data/generate-new-url-and-token.png')} alt="Generate New URL and token" style={{border: '1px solid gray'}} width="600"/>
+1. Click **Generate**.
 1. When asked to confirm the generation, click **OK**.
-1. In the **HTTP Source Address** dialog box, the new URL is displayed. Copy and paste the URL, then click **OK**.<br/> <img src={useBaseUrl('img/send-data/http_source_dialog_with_button.png')} alt="http_source_dialog_generate.png" width="350"/>
+1. In the resulting dialog box, the newly-generated URL is displayed, as well as the authorization header if you selected **Auth Header**. Copy the URL (and header if applicable) and keep in a safe place. 
+1. Use the copied URL (and header if appropriate) when you [upload data to your HTTP Logs and Metrics source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#upload-data-to-the-httplogs-and-metrics-source).
 
 :::note
 If you see a 401 (failed to authenticate) error message right after generating a new URL, wait a few minutes, then try the new URL again.

docs/send-data/hosted-collectors/http-source/logs-metrics/index.md

@@ -45,7 +45,11 @@ To configure an HTTP Logs and Metrics Source:
        * **One Message Per Request.** Select this option if you'll be sending a single message with each HTTP request. For more information, see [Multiline options in HTTP sources](#multiline-options-in-http-sources). 
 1. **Processing Rules.** Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in Create a Processing Rule. Processing rules are applied to log data, but not to metric data.
 1. When you are finished configuring the Source, click **Save**.
-1. When the URL associated with the source is displayed, copy the URL so you can use it to upload data.<br/> ![A screenshot showing the 'HTTP Source Address' dialog in Sumo Logic. The dialog instructs to use the given address to send data to the Collector and warns to keep this address private since anyone can use it to send data. The URL provided starts with 'https://collectors.sumologic.com/receiver/v1/http/...'. There is an 'OK' button at the bottom right.](/img/send-data/http-source-address.png)
+1. In the **HTTP Source Address** dialog box, select one of the following to copy the URL where the source data will be stored:
+   * **Presigned URL**. Select to copy a presigned URL with embedded authentication.<br/><img src={useBaseUrl('img/send-data/http-source-address.png')} alt="HTTP Source Address with presigned URL" style={{border: '1px solid gray'}} width="600"/>
+   * **Auth Header**. Select to copy the URL, as well as a separate authorization header that contains an authentication token. This option provides greater security than a presigned URL because placing the authentication token in the authorization header of a request prevents the token from being exposed in the URL.<br/><img src={useBaseUrl('img/send-data/http-source-address-and-auth-header.png')} alt="HTTP Source Address with authorization header" style={{border: '1px solid gray'}} width="600"/>
+1. Copy the URL (and header if applicable) and keep in a safe place. You will use the URL in the next step: [Upload data to the HTTP Logs and Metrics Source](#upload-data-to-the-httplogs-and-metrics-source).
+1. Click **Done**.
 
 :::note
 * Metrics reported with a timestamp older than 24 hours ago or newer than 24 hours in the future from the time they are reported are dropped. Make sure that the Metrics sent to HTTP Endpoint have appropriate timestamps.

docs/send-data/hosted-collectors/http-source/otlp.md

@@ -36,6 +36,11 @@ To configure an OTLP/HTTP Source:
    * **Timestamp Format**. By default, Sumo Logic will automatically detect the timestamp format of your logs. However, you can manually specify a timestamp format for a Source. See [Timestamps, Time Zones, Time Ranges, and Date Formats](/docs/send-data/reference-information/time-reference for more information.
 1. [Create any Processing Rules](/docs/send-data/collection/processing-rules/create-processing-rule) you'd like for the OTLP/HTTP Source. <br/>  ![OTLP processing rules.png](/img/send-data/OTLP-processing-rules.png)
 1. When you are finished configuring the Source, click **Save**.
+1. In the **HTTP Source Address** dialog box, select one of the following to copy the URL where the source data will be stored:
+   * **Presigned URL**. Select to copy a presigned URL with embedded authentication.<br/><img src={useBaseUrl('img/send-data/http-source-address-otlp.png')} alt="HTTP Source Address with presigned URL" style={{border: '1px solid gray'}} width="600"/>
+   * **Auth Header**. Select to copy the URL, as well as a separate authorization header that contains an authentication token. This option provides greater security than a presigned URL because placing the authentication token in the authorization header of a request prevents the token from being exposed in the URL.<br/><img src={useBaseUrl('img/send-data/http-source-address-otlp-auth.png')} alt="HTTP Source Address with authorization header" style={{border: '1px solid gray'}} width="600"/>
+1. Copy the URL (and header if applicable) and keep in a safe place. You will use the URL in the next step: [Using the OTLP/HTTP Source](#using-the-otlphttp-source).
+1. Click **Done**.
 
 :::note
 * Metrics reported with a timestamp older than 24 hours ago or newer than 24 hours in the future from the time they are reported are dropped. Make sure that the Metrics sent to OTLP Endpoint have appropriate timestamps.
@@ -53,6 +58,7 @@ If you need to access the Source's URL again, click **Show URL**.
 ### Data differentiation
 
 When you set up an OTLP/HTTP Source, a unique URL is assigned to the Source. The exporter automatically appends the specific signal type when sending the data, as described by [OpenTelemetry Protocol Exporter specification](https://github.com/open-telemetry/opentelemetry-specification/blob/v1.10.0/specification/protocol/exporter.md).
+
 The following table shows the URL format based on data types.
 
 | Data Type | URL Format                |
@@ -64,7 +70,7 @@ The following table shows the URL format based on data types.
 
 ### OTLP/HTTP Exporter
 
-To use the URL, include the url in otlphttp exporter of OpenTelemetry Collector and refer it in the pipelines, as needed. The exporter will automatically attach the signal type suffix:
+To use the URL, include the URL in otlphttp exporter of OpenTelemetry Collector and refer it in the pipelines, as needed. The exporter will automatically attach the signal type suffix:
 
 ```
 exporters: