Terraform Provider
Manage PlatformXe infrastructure as code with Terraform -- all 19 resources, 4 data sources, and 7 processor types.
Terraform Provider
The Terraform provider is available exclusively to paid tenants (Basic, Pro, and Enterprise plans). Create an account at platformxe.com/portal/register and upgrade your plan to access the provider binary and registry credentials.
The PlatformXe Terraform provider lets you manage your entire PlatformXe tenant configuration as infrastructure-as-code. It covers 19 resources (12 configuration + 7 processor types) and 4 data sources.
Installation
Add the provider to your Terraform configuration and run terraform init:
terraform {
required_providers {
platformxe = {
source = "calderax/platformxe"
version = "~> 1.0"
}
}
}
Provider configuration
Authenticate via the provider block or the PLATFORMXE_API_KEY environment variable:
provider "platformxe" {
api_key = var.platformxe_api_key
}
# Or use an environment variable
export PLATFORMXE_API_KEY="pxk_live_your_key_here"
| Argument | Type | Required | Description |
|---|---|---|---|
api_key | String | No | API key. Falls back to PLATFORMXE_API_KEY env var |
base_url | String | No | API base URL. Defaults to https://platformxe.com |
Configuration resources (12)
platformxe_permissions_role
Manages a permission role with either SIMPLE (capabilities) or FULL (module permissions) model.
resource "platformxe_permissions_role" "agent" {
name = "Support Agent"
description = "Can view and manage support tickets"
model = "SIMPLE"
}
resource "platformxe_permissions_role" "manager" {
name = "Team Manager"
description = "Full access to team resources"
model = "FULL"
}
| Argument | Type | Required | Description |
|---|---|---|---|
name | String | Yes | Role name (1-100 characters) |
description | String | No | Role description |
model | String | No | SIMPLE or FULL. Defaults to SIMPLE |
platformxe_permissions_policy
Manages an ABAC resource policy with condition operators and logic combinators.
resource "platformxe_permissions_policy" "deny_delete_invoices" {
path = "invoices/*"
action = "delete"
effect = "DENY"
priority = 100
description = "Prevent deletion of invoices"
}
resource "platformxe_permissions_policy" "owner_only_updates" {
path = "documents/*"
action = "update"
effect = "ALLOW"
priority = 10
condition = jsonencode({
all = [{
field = "resource.ownerId"
operator = "equals"
value = "actor.id"
}]
})
}
| Argument | Type | Required | Description |
|---|---|---|---|
path | String | Yes | Resource path pattern (supports wildcards) |
action | String | Yes | Action the policy governs |
effect | String | Yes | ALLOW or DENY |
condition | String (JSON) | No | ABAC condition operators (13 operators + all/any/not combinators) |
priority | Number | No | Higher values take precedence. Defaults to 0 |
description | String | No | Policy description |
is_active | Bool | No | Whether the policy is active. Defaults to true |
platformxe_permissions_override
Manages a per-user permission override with optional expiry.
resource "platformxe_permissions_override" "temp_access" {
admin_id = "admin_abc123"
path = "reports/*"
action = "read"
effect = "ALLOW"
reason = "Temporary audit access"
expires_at = "2026-06-01T00:00:00Z"
}
| Argument | Type | Required | Description |
|---|---|---|---|
admin_id | String | Yes | Target user ID |
path | String | Yes | Permission path |
action | String | Yes | Action (read, write, delete, etc.) |
effect | String | Yes | ALLOW or DENY |
reason | String | No | Human-readable reason |
expires_at | String | No | ISO 8601 expiry timestamp |
platformxe_permissions_federation_group
Manages a federation group for cross-app permission sharing (Enterprise only).
resource "platformxe_permissions_federation_group" "caldera" {
name = "Caldera Suite"
}
| Argument | Type | Required | Description |
|---|---|---|---|
name | String | Yes | Group name (forces replacement on change) |
platformxe_permissions_federation_member
Adds an organization to a federation group.
resource "platformxe_permissions_federation_member" "lettings" {
group_id = platformxe_permissions_federation_group.caldera.id
organization_id = "org_lettings_123"
prefix = "LT"
}
resource "platformxe_permissions_federation_member" "chats" {
group_id = platformxe_permissions_federation_group.caldera.id
organization_id = "org_chats_456"
prefix = "CH"
}
| Argument | Type | Required | Description |
|---|---|---|---|
group_id | String | Yes | Federation group ID (forces replacement) |
organization_id | String | Yes | Organization ID of the member (forces replacement) |
prefix | String | Yes | Short prefix within the federation (e.g. LT, CH) |
platformxe_permissions_module
Registers a permission module for use with FULL model roles.
resource "platformxe_permissions_module" "properties" {
name = "PROPERTIES"
actions = ["READ", "CREATE", "UPDATE", "DELETE"]
}
resource "platformxe_permissions_module" "bookings" {
name = "BOOKINGS"
actions = ["READ", "CREATE", "UPDATE", "DELETE", "APPROVE"]
}
| Argument | Type | Required | Description |
|---|---|---|---|
name | String | Yes | Module name (uppercase convention) |
actions | List(String) | Yes | Available actions for this module |
platformxe_webhooks_endpoint
Manages an outbound webhook endpoint.
resource "platformxe_webhooks_endpoint" "slack_alerts" {
name = "Slack Alerts"
url = "https://hooks.slack.com/services/xxx"
events = ["INVOICE_PAID", "ORGANIZATION_CREATED"]
}
| Argument | Type | Required | Description |
|---|---|---|---|
name | String | Yes | Webhook display name |
url | String | Yes | Webhook delivery URL (HTTPS) |
events | List(String) | Yes | Events to subscribe to |
is_active | Bool | No | Whether the webhook is active. Defaults to true |
Computed attributes: id, secret (signing secret generated by PlatformXe).
platformxe_templates_template
Manages a content template for email, SMS, or notifications.
resource "platformxe_templates_template" "welcome" {
name = "Welcome Email"
subject = "Welcome to {{company_name}}"
html = "<h1>Welcome, {{name}}!</h1><p>Thanks for joining.</p>"
}
| Argument | Type | Required | Description |
|---|---|---|---|
name | String | Yes | Template name |
subject | String | Yes | Subject line (supports template variables) |
html | String | Yes | HTML body of the template |
platformxe_workflows_trigger
Manages an event-driven workflow automation.
resource "platformxe_workflows_trigger" "invoice_notify" {
name = "Invoice Payment Notification"
trigger_config = jsonencode({
eventType = "INVOICE_PAID"
filters = { "payload.amount" = { gte = 100000 } }
})
actions = jsonencode([
{ type = "webhook", config = { webhookId = platformxe_webhooks_endpoint.slack_alerts.id } }
])
is_active = true
}
| Argument | Type | Required | Description |
|---|---|---|---|
name | String | Yes | Workflow name |
trigger_config | String (JSON) | Yes | Trigger configuration (event type, filters) |
actions | String (JSON) | Yes | Ordered list of actions to execute |
is_active | Bool | No | Whether the workflow is active. Defaults to true |
platformxe_domains_sending
Manages a sending domain for email delivery.
resource "platformxe_domains_sending" "main" {
domain = "notifications.myapp.com"
}
| Argument | Type | Required | Description |
|---|---|---|---|
domain | String | Yes | Domain name (forces replacement on change) |
Computed attributes: id, verified (Bool), dns_records (JSON string of required DNS records).
platformxe_events_subscription
Manages an event subscription that forwards matching events to a webhook URL.
resource "platformxe_events_subscription" "audit_events" {
event_types = ["ROLE_CREATED", "ROLE_UPDATED", "ROLE_DELETED"]
webhook_url = "https://audit.myapp.com/events"
}
| Argument | Type | Required | Description |
|---|---|---|---|
event_types | List(String) | Yes | Event types to subscribe to |
webhook_url | String | Yes | URL to receive event notifications |
is_active | Bool | No | Whether the subscription is active. Defaults to true |
platformxe_custom_event (v1.2.0)
Registers a tenant-defined custom event with the events engine. Schemas are immutable per (namespace, name, version) — bump the version to evolve a shape.
resource "platformxe_custom_event" "property_favorited" {
namespace = "lettings"
name = "property.favorited"
version = "1.0.0"
status = "published"
description = "Tenant added a property to their favorites list."
payload_schema = jsonencode({
type = "object"
required = ["propertyId", "userId"]
properties = {
propertyId = { type = "string" }
userId = { type = "string" }
}
})
payload_example = jsonencode({
propertyId = "p_1"
userId = "u_1"
})
}
| Argument | Type | Required | Description |
|---|---|---|---|
namespace | String | Yes | Must be on the org's allowlist (seeded with the org slug at onboarding). Forces replacement. |
name | String | Yes | Event name within the namespace (e.g. property.favorited). Forces replacement. |
version | String | Yes | Strict MAJOR.MINOR.PATCH. Forces replacement. |
status | String | No | draft / published / archived. Defaults to draft. |
description | String | No | Surfaced on the marketplace + portal. |
payload_schema | String | Yes | JSON Schema 2020-12 document, encoded as a string (jsonencode({...})). Forces replacement. |
payload_example | String | No | Example payload (JSON string). Validated against payload_schema at register time. |
Computed: id (cer_…), canonical_name (TENANT_CUSTOM:<orgId>:<ns>.<name>@<version>), schema_hash, created_at, updated_at.
platformxe_marketplace_listing (v1.3.0, PRO+)
Publishes a registered custom event to the cross-tenant marketplace so other PlatformXe tenants can browse + fork it into their own org.
resource "platformxe_marketplace_listing" "property_favorited" {
registration_id = platformxe_custom_event.property_favorited.id
title = "Property Favorited"
description = "Emit when a tenant adds a property to their favorites list."
tags = ["lettings", "engagement", "property"]
}
| Argument | Type | Required | Description |
|---|---|---|---|
registration_id | String | Yes | Source platformxe_custom_event id. Must be owned by the calling org and status='published'. Forces replacement. |
title | String | Yes | Marketplace UI label. Min 3 chars. |
description | String | No | Longer description / use cases. |
tags | List(String) | No | Search/filter tokens. |
Computed: id (mkl_…), namespace, name, version, source_canonical_name, status (published / unpublished / archived), fork_count, published_at.
Note: Republishing an unpublished listing is intentionally out-of-scope for the v1 resource — rotate by
terraform destroy+apply, or use the runtime callclient.events.custom.marketplace.republish()for in-place re-activation. Forking is also a runtime call (client.events.custom.marketplace.fork()); the forked event is created in the calling org as a freshplatformxe_custom_eventregistration, not as a marketplace listing.
platformxe_event_federation_group
Manages a Custom Event Federation group (ENTERPRISE only). Owners create groups, declare per-version pushes against them, and attach members. Distinct from platformxe_permissions_federation_group.
resource "platformxe_event_federation_group" "partners" {
name = "Trusted partners"
description = "Lettings partners receiving live property events"
}
| Argument | Type | Required | Description |
|---|---|---|---|
name | String | Yes | Owner-scope-unique label (3–80 chars). Forces replacement on change. |
description | String | No | Free-text purpose. |
Computed: id, owner_organization_id, created_by, created_at, updated_at, archived_at.
platformxe_event_federation_push
Declares a per-version push of one of the owner's custom event registrations into a group. Owner-only.
resource "platformxe_event_federation_push" "favorited" {
group_id = platformxe_event_federation_group.partners.id
registration_id = platformxe_custom_event.property_favorited.id
}
| Argument | Type | Required | Description |
|---|---|---|---|
group_id | String | Yes | Federation group id (cefg_…). Forces replacement. |
registration_id | String | Yes | Source custom-event registration id (cer_…). Must be owned by the calling org and status='published'. Forces replacement. |
Computed: id, source_organization_id, namespace, name, version, source_canonical_name, is_active, pushed_by, pushed_at.
platformxe_event_federation_external_peer (v1.5.0 — Pattern 3)
Adds an external (non-tenant) peer to a Custom Event Federation group, addressed by webhook URL. The peer receives the same relays as a tenant_org member, signed with an HMAC-SHA256 secret returned only at create time.
resource "platformxe_event_federation_external_peer" "bookingcom" {
group_id = platformxe_event_federation_group.partners.id
label = "Booking.com"
webhook_url = "https://booking.example.com/inbound/platformxe"
headers = {
Authorization = var.bookingcom_inbound_token
}
}
# Encrypt your state at rest — `secret` is shown ONLY at create time.
output "bookingcom_signing_secret" {
value = platformxe_event_federation_external_peer.bookingcom.secret
sensitive = true
}
| Argument | Type | Required | Description |
|---|---|---|---|
group_id | String | Yes | Federation group id. Forces replacement. |
label | String | Yes | Operator-friendly label. Forces replacement. |
webhook_url | String | Yes | HTTPS URL receiving signed POSTs. Forces replacement. |
headers | Map(String) | No | Static headers replayed on every relay (e.g. Authorization). Sensitive; values are stored encrypted server-side and only the NAMES are echoed back on read. |
Computed: id, secret (sensitive — store immediately, cannot be retrieved later), status (always accepted for external peers), external_header_names, invited_by, invited_at.
Rotation: the API does not expose an in-place rotation endpoint. To rotate the HMAC secret, destroy and re-create the resource (terraform taint + apply, or remove + re-add).
platformxe_threads_channel
Manages an entity-scoped conversation channel with lifecycle rules and escalation configuration.
resource "platformxe_threads_channel" "booking" {
slug = "booking"
display_name = "Booking Conversations"
entity_type = "BOOKING"
participant_roles = ["GUEST", "HOST", "PLATFORM"]
default_visibility = ["ALL"]
lifecycle_rules = jsonencode({
autoClose = { onEntityStatus = ["CHECKED_OUT", "CANCELLED"] }
autoArchive = { afterClosedDays = 90 }
})
escalation_config = jsonencode({
flagReasons = [
{ code = "SAFETY", label = "Safety concern", severity = "HIGH" },
{ code = "DISPUTE", label = "Dispute", severity = "MEDIUM" },
{ code = "REFUND", label = "Refund request", severity = "LOW" },
]
rules = [{
id = "rule-safety"
name = "Safety auto-escalation"
trigger = "PARTICIPANT_FLAG"
conditions = { "in" = [{ "var" = "flag.reason" }, ["SAFETY"]] }
actions = [{ type = "CREATE_ISSUE", config = { title = "SAFETY: {{thread.subject}}", priority = "URGENT" } }]
priority = 1
isActive = true
}]
})
}
| Argument | Type | Required | Description |
|---|---|---|---|
slug | String | Yes | Channel slug (forces replacement) |
display_name | String | Yes | Human-readable name |
entity_type | String | Yes | Domain entity type (forces replacement) |
participant_roles | List(String) | Yes | Allowed participant roles |
default_visibility | List(String) | Yes | Default message visibility |
lifecycle_rules | String (JSON) | No | Auto-close and auto-archive rules |
escalation_config | String (JSON) | No | Flag reasons and escalation rules |
webhook_url | String | No | Webhook for thread events |
Channels are deactivated on destroy (not deleted) to preserve existing threads and messages.
Processor resources (7)
Processor resources configure service-level runtime settings for your organization. Each processor controls a specific PlatformXe service.
platformxe_ocr_processor
resource "platformxe_ocr_processor" "config" {
enabled = true
config = jsonencode({
confidenceThreshold = 0.85
supportedDocumentTypes = ["NIN_SLIP", "DRIVERS_LICENSE", "VOTERS_CARD"]
})
}
platformxe_pdf_processor
resource "platformxe_pdf_processor" "config" {
enabled = true
config = jsonencode({
defaultPageSize = "A4"
defaultMargins = { top = 20, right = 15, bottom = 20, left = 15 }
})
}
platformxe_qr_processor
resource "platformxe_qr_processor" "config" {
enabled = true
config = jsonencode({
defaultSize = 300
defaultFormat = "svg"
brandColor = "#102a4a"
})
}
platformxe_messaging_processor
resource "platformxe_messaging_processor" "config" {
enabled = true
config = jsonencode({
retryMaxAttempts = 3
retryDelayMs = 2000
deadLetterAfter = 5
})
}
platformxe_storage_processor
resource "platformxe_storage_processor" "config" {
enabled = true
config = jsonencode({
maxFileSizeMb = 25
allowedMimeTypes = ["image/jpeg", "image/png", "application/pdf"]
moderationEnabled = true
})
}
platformxe_exports_processor
resource "platformxe_exports_processor" "config" {
enabled = true
config = jsonencode({
maxConcurrentJobs = 3
retentionDays = 30
})
}
platformxe_identity_processor
resource "platformxe_identity_processor" "config" {
enabled = true
config = jsonencode({
retryOnFailure = true
maxRetries = 3
cacheResolutions = true
cacheTtlSeconds = 86400
})
}
All processor resources share the same argument schema:
| Argument | Type | Required | Description |
|---|---|---|---|
enabled | Bool | No | Whether the processor is active. Defaults to true |
config | String (JSON) | No | Service-specific configuration object |
Data sources (4)
data.platformxe_tenant
Read-only tenant details, resolved from the API key on the provider block. No arguments required.
data "platformxe_tenant" "me" {}
output "tenant_plan" {
value = data.platformxe_tenant.me.plan
}
| Attribute | Type | Description |
|---|---|---|
id | String | Tenant organization ID |
name | String | Tenant display name |
slug | String | URL-safe slug |
plan | String | Current plan (FREE, BASIC, PRO, ENTERPRISE) |
billing_email | String | Billing contact email |
region | String | Tenant region |
is_active | Bool | Whether the tenant is active |
data.platformxe_permissions_modules
List all registered permission modules.
data "platformxe_permissions_modules" "all" {}
output "module_count" {
value = length(data.platformxe_permissions_modules.all.modules)
}
Attributes: modules (list) with id, app, name, description per module.
data.platformxe_identity_providers
Check identity resolution provider health.
data "platformxe_identity_providers" "health" {}
output "providers" {
value = data.platformxe_identity_providers.health.providers[*].name
}
Attributes: providers (list) with id, name, type, status per provider.
data.platformxe_threads_escalation_config
Read the escalation configuration for a thread channel.
data "platformxe_threads_escalation_config" "booking" {
channel_id = platformxe_threads_channel.booking.id
}
output "flag_reasons" {
value = jsondecode(data.platformxe_threads_escalation_config.booking.config).flagReasons[*].code
}
| Argument | Type | Required | Description |
|---|---|---|---|
channel_id | String | Yes | Channel ID to read escalation config from |
Attributes: config (JSON string of the full escalation configuration).
Complete example
A full configuration showing cross-resource references with the correct resource names:
terraform {
required_providers {
platformxe = {
source = "calderax/platformxe"
version = "~> 1.0"
}
}
}
provider "platformxe" {
api_key = var.platformxe_api_key
}
variable "platformxe_api_key" {
type = string
sensitive = true
}
# ── Data sources ──────────────────────────────────────────────────────────────
data "platformxe_tenant" "me" {}
output "tenant_plan" {
value = data.platformxe_tenant.me.plan
}
# ── Permissions ───────────────────────────────────────────────────────────────
resource "platformxe_permissions_role" "agent" {
name = "Support Agent"
description = "Can view and manage support tickets"
model = "SIMPLE"
}
resource "platformxe_permissions_role" "manager" {
name = "Team Manager"
description = "Full access to team resources"
model = "FULL"
}
resource "platformxe_permissions_module" "properties" {
name = "PROPERTIES"
actions = ["READ", "CREATE", "UPDATE", "DELETE"]
}
resource "platformxe_permissions_policy" "deny_delete_invoices" {
path = "invoices/*"
action = "delete"
effect = "DENY"
priority = 100
description = "Prevent deletion of invoices"
}
resource "platformxe_permissions_override" "temp_access" {
admin_id = "admin_abc123"
path = "reports/*"
action = "read"
effect = "ALLOW"
reason = "Temporary audit access"
expires_at = "2026-06-01T00:00:00Z"
}
# ── Federation (Enterprise) ──────────────────────────────────────────────────
resource "platformxe_permissions_federation_group" "caldera" {
name = "Caldera Suite"
}
resource "platformxe_permissions_federation_member" "lettings" {
group_id = platformxe_permissions_federation_group.caldera.id
organization_id = "org_lettings_123"
prefix = "LT"
}
resource "platformxe_permissions_federation_member" "chats" {
group_id = platformxe_permissions_federation_group.caldera.id
organization_id = "org_chats_456"
prefix = "CH"
}
# ── Messaging and delivery ───────────────────────────────────────────────────
resource "platformxe_domains_sending" "main" {
domain = "notifications.myapp.com"
}
resource "platformxe_templates_template" "welcome" {
name = "Welcome Email"
subject = "Welcome to {{company_name}}"
html = "<h1>Welcome, {{name}}!</h1><p>Thanks for joining.</p>"
}
resource "platformxe_webhooks_endpoint" "slack_alerts" {
name = "Slack Alerts"
url = "https://hooks.slack.com/services/xxx"
events = ["INVOICE_PAID", "ORGANIZATION_CREATED"]
}
# ── Events and workflows ────────────────────────────────────────────────────
resource "platformxe_events_subscription" "audit_events" {
event_types = ["ROLE_CREATED", "ROLE_UPDATED", "ROLE_DELETED"]
webhook_url = "https://audit.myapp.com/events"
}
resource "platformxe_workflows_trigger" "invoice_notify" {
name = "Invoice Payment Notification"
trigger_config = jsonencode({ eventType = "INVOICE_PAID" })
actions = jsonencode([{
type = "webhook"
config = { webhookId = platformxe_webhooks_endpoint.slack_alerts.id }
}])
}
# ── Contextual Messaging ────────────────────────────────────────────────────
resource "platformxe_threads_channel" "booking" {
slug = "booking"
display_name = "Booking Conversations"
entity_type = "BOOKING"
participant_roles = ["GUEST", "HOST", "PLATFORM"]
default_visibility = ["ALL"]
lifecycle_rules = jsonencode({
autoClose = { onEntityStatus = ["CHECKED_OUT", "CANCELLED"] }
autoArchive = { afterClosedDays = 90 }
})
escalation_config = jsonencode({
flagReasons = [
{ code = "SAFETY", label = "Safety concern", severity = "HIGH" },
]
rules = [{
id = "rule-safety"
name = "Safety auto-escalation"
trigger = "PARTICIPANT_FLAG"
conditions = { "in" = [{ "var" = "flag.reason" }, ["SAFETY"]] }
actions = [{ type = "CREATE_ISSUE", config = { title = "SAFETY: {{thread.subject}}", priority = "URGENT" } }]
priority = 1
isActive = true
}]
})
}
# ── Processors ──────────────────────────────────────────────────────────────
resource "platformxe_messaging_processor" "config" {
enabled = true
config = jsonencode({ retryMaxAttempts = 3, deadLetterAfter = 5 })
}
resource "platformxe_storage_processor" "config" {
enabled = true
config = jsonencode({ maxFileSizeMb = 25, moderationEnabled = true })
}
resource "platformxe_ocr_processor" "config" {
enabled = true
config = jsonencode({ confidenceThreshold = 0.85 })
}
resource "platformxe_pdf_processor" "config" {
enabled = true
config = jsonencode({ defaultPageSize = "A4" })
}
resource "platformxe_qr_processor" "config" {
enabled = true
config = jsonencode({ defaultSize = 300, defaultFormat = "svg" })
}
resource "platformxe_exports_processor" "config" {
enabled = true
config = jsonencode({ maxConcurrentJobs = 3, retentionDays = 30 })
}
resource "platformxe_identity_processor" "config" {
enabled = true
config = jsonencode({ retryOnFailure = true, maxRetries = 3 })
}
Import existing resources
Import resources already created in the PlatformXe dashboard or portal:
# Permissions
terraform import platformxe_permissions_role.agent role_abc123
terraform import platformxe_permissions_policy.deny_delete platformxe_pol_abc123
terraform import platformxe_permissions_override.temp_access ovr_abc123
terraform import platformxe_permissions_module.properties mod_abc123
terraform import platformxe_permissions_federation_group.caldera fg_abc123
# Delivery
terraform import platformxe_webhooks_endpoint.slack_alerts wh_abc123
terraform import platformxe_templates_template.welcome tmpl_abc123
terraform import platformxe_domains_sending.main dom_abc123
terraform import platformxe_events_subscription.audit_events esub_abc123
# Workflows
terraform import platformxe_workflows_trigger.invoice_notify wf_abc123
# Contextual Messaging
terraform import platformxe_threads_channel.booking ch_abc123
All resources support import using their PlatformXe ID.
Resource reference
| Resource | Description | Force replace on |
|---|---|---|
platformxe_permissions_role | Permission role (SIMPLE or FULL model) | -- |
platformxe_permissions_policy | ABAC resource policy | -- |
platformxe_permissions_override | Per-user permission override | -- |
platformxe_permissions_federation_group | Federation group (Enterprise) | name |
platformxe_permissions_federation_member | Federation member | group_id, organization_id |
platformxe_permissions_module | Permission module registration | -- |
platformxe_webhooks_endpoint | Outbound webhook | -- |
platformxe_templates_template | Content template | -- |
platformxe_workflows_trigger | Event-driven workflow | -- |
platformxe_domains_sending | Sending domain | domain |
platformxe_events_subscription | Event subscription | -- |
platformxe_custom_event | Tenant custom event registration | namespace, name, version, payload_schema, payload_example |
platformxe_marketplace_listing | Custom-event marketplace listing (PRO+) | registration_id |
platformxe_event_federation_group | Custom Event Federation group (ENTERPRISE) | name |
platformxe_event_federation_push | Per-version event push declaration | group_id, registration_id |
platformxe_event_federation_external_peer | External webhook peer (Pattern 3, v1.5.0) | group_id, label, webhook_url |
platformxe_threads_channel | Thread channel | slug, entity_type |
platformxe_ocr_processor | OCR processor config | -- |
platformxe_pdf_processor | PDF processor config | -- |
platformxe_qr_processor | QR processor config | -- |
platformxe_messaging_processor | Messaging processor config | -- |
platformxe_storage_processor | Storage processor config | -- |
platformxe_exports_processor | Exports processor config | -- |
platformxe_identity_processor | Identity processor config | -- |
platformxe_fraud_rule | Tenant-authored Fraud Detection rule (DSL + lifecycle) | -- |
platformxe_fraud_screening_list | Tenant blocklist / allowlist (entries managed via SDK) | source, kind |
Fraud Detection examples (v1.1.0)
resource "platformxe_fraud_rule" "high_value_ng_withdrawal" {
name = "High-value withdrawal in NG"
status = "published"
weight = 25
verdict_override = "review"
applies_to_json = jsonencode({
actions = ["withdraw"]
resourceKinds = ["transaction"]
})
condition_json = jsonencode({
all = [
{ "amount.value" = { gte = 50000 } },
{ "context.geoHint" = { equals = "NG" } },
]
})
}
resource "platformxe_fraud_screening_list" "internal_blocklist" {
source = "internal-2026"
name = "Internal blocklist 2026"
kind = "tenant_blocklist"
}
condition_json accepts the full Detection Engine rule DSL — 13 operators plus all / any / not combinators and $count.<window> references for velocity counters. See the Fraud Detection rules guide for the DSL reference.
tenant_blocklist / tenant_allowlist parent records are managed by Terraform; entries inside them are loaded via the SDK's appendEntries helper or by calling POST /api/v1/fraud/lists/:id/entries directly. The platform's admin-managed lists (sanctions, pep, adverse_media) are NOT manageable from Terraform — they are ingested by the platform's daily refresh cron.