Preview Feature ​

This Preview feature is still being developed. We do not recommend using it in a production environment, because the feature might not be fully tested or optimized for performance, and related documentation could be incomplete.

Please continue to submit feedback through normal Cribl support channels, but assistance might be limited while the feature remains in Preview.

This reference summarizes how the App Platform (Preview) handles execution boundaries, credentials, outbound traffic, and role separation between authoring and deployment. It complements the procedural guides:

• Build, package, and integrate APIs: Builder Guide.
• Install checks, KV administration, and governance: Admin Guide.

Where App Code Runs ​

Installed Apps (Production Use) ​

After an administrator installs a package, the App is a client-side web application (HTML, JavaScript, and assets from the bundle). It is delivered to the user’s browser and rendered inside an isolated iframe in the Cribl UI. Business logic you write runs in that iframe, not as arbitrary custom server processes on Cribl infrastructure. The Cribl product shell owns navigation and chrome outside the iframe.

For iframe restrictions (storage, cookies, and similar), see Runtime Model and Sandbox in the Builder Guide.

Live Preview (Development) ​

During Live Preview, the iframe loads your App from a local development server on the builder’s machine (often a loopback URL). The same Cribl session still mediates Cribl API calls and KV access through the platform proxies. Only the static UI bundle is served locally. Browser and OS permissions for local network access apply. See Browser Permissions for Live Preview in the Quick Start.

Cribl APIs and Identity ​

From App code, you call Cribl REST endpoints with fetch() using relative URLs. Cribl intercepts those requests, attaches the signed-in user’s authentication context, and enforces that user’s roles and Workspace assignments. The App does not elevate privileges. If a user cannot perform an action in the standard Cribl UI, the same call from the App fails the same way.

For error-handling patterns, see Permissions and access in the Builder Guide and How API Access Works When Someone Runs an App in the Admin Guide.

Credentials and the KV Store ​

• Store API keys, tokens, passwords, and other secrets in the App Platform (Preview) KV store with the query parameter encrypted=true on writes. Encrypted values are write-only from the browser: reads return a redacted placeholder, so secrets are not exposed to App JavaScript or the network in clear text from KV reads.
• Plain (unencrypted) KV values are visible in contexts that can call the KV API for that App. Do not use them for sensitive material. See The KV store in the Builder Guide.
• Organization Administrators can seed or edit keys from App Settings > Key-Value Stores. Treat that surface as part of your credential lifecycle and least-privilege model.

Outbound HTTP and proxies.yml ​

Calls to external hosts from App code use fetch() with full URLs. Cribl routes them through a server-side proxy that:

• Allows only hosts, paths, and options declared in the App’s proxies.yml.
• Applies SSRF protections and declared timeouts.
• Can inject headers (for example Authorization) from encrypted KV using expressions resolved on the server, so tokens do not need to live in client code. Sensitive headers set only from App code are not a substitute for headers.inject. See External APIs and proxies.yml in the Builder Guide.

Organization policy and per-App review are described in External API access in the Admin Guide. When an administrator installs or upgrades through Add App (for example Import from File), Cribl can require Review app’s file contents when outbound or flagged content is detected so administrators see declared endpoints before the install finishes. See Install an App in the Admin Guide.

Third-Party Services and AI ​

The App Platform (Preview) does not ship a built-in large language model (LLM) or background AI runtime. If an App calls an external model or SaaS API, that appears as normal proxied outbound HTTP subject to proxies.yml and administrator review. AI-assisted authoring on a developer workstation only produces the bundle. It does not change execution rules in Cribl.

Packaging and Install-Time Checks ​

Distributable Apps are .tgz archives with validated layout, size limits, and safe extraction rules (for example blocked symlinks and path traversals). See Install an App and Validation Checks in the Admin Guide.

Roles: Authoring Versus Deployment ​

• Workspace Administrator in a Workspace is sufficient to use Create App, Live Preview, and Deploy from the Create App wizard in that Workspace. That role is scoped to the Workspace. It is not the same as Organization-wide Administrator.
• Organization Administrator (the Administrator role in the Admin Guide) installs, upgrades, and removes Apps and manages App Settings across the Organization’s policy.

A recommended pattern for enterprises is a dedicated development Workspace where builders are Workspace Administrators. Use separate staging and production Workspaces where an Administrator imports the same versioned package when you promote. See Multiple App Builders in Your Organization and Development and release workflow for customer Apps in the Admin Guide.

Observability ​

Cribl logs structured events for App-originated API and proxy traffic. Administrators can correlate activity using App identifiers and documented log fields. See Monitoring, logging, and auditing in the Admin Guide.