Skip to main content

Harness

Harness is an AI-native software delivery platform that provides a unified, end-to-end solution for managing the software development lifecycle (SDLC). The platform includes purpose-built modules for Continuous Integration (CI), Continuous Delivery (CD), Feature Flags, Cloud Cost Management, Security Testing Orchestration, Chaos Engineering, and Continuous Error Tracking. Harness enables engineering and DevOps teams to build, test, deploy, and verify software faster and more reliably, with AI-powered automation that supports deployments to Kubernetes, serverless environments, virtual machines, and traditional infrastructure. With the Nexla Harness connector, you can integrate Harness pipeline execution data, deployment records, feature flag configurations, and more into your data workflows.

Harness icon

Power end-to-end data operations for your Harness API with Nexla. Our bi-directional Harness connector is purpose-built for Harness, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Harness or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Harness workflows fast, secure, and fully governed.

Features

Type: API

SourceDestination

  • Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
  • Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
  • API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
  • Request optimization with intelligent batching, retry, and caching to minimize API calls and costs

Prerequisites

To connect Nexla to Harness, you need a Harness API key and token. Harness supports two types of API tokens: Personal Access Tokens (PATs), which are associated with individual user accounts, and Service Account Tokens (SATs), which are associated with service accounts and are recommended for automated integrations such as Nexla.

Harness uses the x-api-key header to authenticate all API requests. The token you create must have appropriate permissions to access the Harness resources you intend to use with Nexla.

Option A: Create a Personal Access Token (PAT)

Personal Access Tokens are scoped to your individual Harness user account and inherit your account's permissions. Use a PAT for development or testing purposes, or when the integration requires access to resources visible to your user account.

  1. Sign in to your Harness account at app.harness.io.

  2. Select My Profile from the left-hand navigation menu.

  3. Under the My API Keys section, click + API Key.

  4. Enter a descriptive Name for the API key (for example, Nexla Integration). The Description and Tags fields are optional.

  5. Click Save to create the API key.

  6. Within the newly created API key tile, click + Token.

  7. Enter a Name for the token, set an optional Expiration Date aligned with your organization's security policies, and then click Generate Token.

  8. Copy the generated token value immediately and store it securely.

Important

Harness does not store the token value after it is displayed. Copy the token before closing the dialog — if the token is lost, you must revoke it and generate a new one.

Option B: Create a Service Account Token (SAT)

Service Account Tokens are recommended for production integrations. They are not tied to an individual user account, which means the integration continues to function even when team members leave or change roles. Creating a service account token requires Account Admin permissions or a role that includes View, Create/Edit, Manage, and Delete permissions for service accounts.

  1. Sign in to your Harness account at app.harness.io.

  2. Navigate to Account Settings in the left-hand navigation menu.

  3. Under the Access Control section, select Service Accounts.

  4. Select the service account for which you want to create an API key, or click + New Service Account to create a dedicated service account for the Nexla integration.

  5. Within the service account detail page, under API Keys, click + API Key.

  6. Enter a descriptive Name for the API key and click Save.

  7. Within the newly created API key tile, click + Token.

  8. Enter a Name for the token, set an optional Expiration Date, and click Generate Token.

  9. Copy the generated token value immediately and store it securely.

The service account token inherits the permissions of the service account it belongs to. Ensure the service account has been assigned roles that grant access to the Harness resources (pipelines, deployments, feature flags, etc.) that Nexla will read from or write to. For complete information about configuring service account permissions, see the Harness Service Accounts documentation.

Locate Your Harness Account Identifier

Some Harness API calls require your Account Identifier as a query parameter. To find it:

  1. Sign in to Harness and navigate to Account Settings.

  2. Under Account Overview, your Account Id is displayed. Copy this value for use when constructing API endpoint URLs.

Authenticate

Create a credential in Nexla

  1. After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

  2. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

  3. Enter your Harness API token (PAT or SAT, created in Prerequisites) in the API Key field. This token authenticates all Nexla requests to the Harness REST API. Nexla will include this token in the x-api-key header with each API call.

    Keep your API token secure. Treat it as you would a password — do not share it or commit it to source control. You can revoke and regenerate tokens at any time from your Harness profile or the service account settings page.

  4. Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.

Use as a data source

To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Harness connector tile, then select the credential that will be used to connect to the Harness instance, and click Next; or, create a new Harness credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Harness endpoints. Each template is designed specifically for the corresponding Harness endpoint, making data source setup easy and efficient. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.

List Organizations

Returns a list of organizations accessible to the authenticated user. Use this endpoint to retrieve all organizations within a Harness account for reporting or to obtain organization identifiers for use in project-level API calls.

  • Sends a GET request to /ng/api/organizations using the base URL configured in your Harness credential.
  • Response data is extracted from $.data.content[*], returning each organization as an individual record.

Organization identifiers returned by this endpoint are required as the orgIdentifier parameter for project-level and pipeline-level Harness API endpoints.

List Connectors

Lists connectors configured in the Harness account, including source-code repositories, artifact registries, cloud providers, and more. Use this endpoint to audit connector inventory or export connector configurations.

  • Sends a GET request to /ng/api/connectors using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each connector as an individual record.

The Harness API requires the accountIdentifier query parameter for most endpoints. Ensure that this parameter is included in the URL or is set via your credential configuration.

List Projects

Lists all projects within a Harness account or organization. Projects are the fundamental scoping resource for all pipeline and deployment activity in Harness. Use this endpoint to enumerate projects for reporting or to obtain project identifiers for downstream calls.

  • Sends a GET request to /ng/api/projects using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each project as an individual record.

Project identifiers returned here are required as the projectIdentifier parameter for pipeline, environment, and service endpoints.

List Environments in a Project

Lists environments defined within a Harness project. Use this endpoint to retrieve environment configurations for deployment tracking, change management reporting, or environment auditing.

  • Sends a GET request to /ng/api/environments using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each environment as an individual record.

Scope results to a specific project by including the accountIdentifier, orgIdentifier, and projectIdentifier query parameters in the endpoint URL.

List Services in a Project

Lists services defined within a Harness project. Use this endpoint to retrieve service definitions for software catalog population, deployment reporting, or service ownership auditing.

  • Sends a GET request to /ng/api/servicesV2 using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each service as an individual record.

Include accountIdentifier, orgIdentifier, and projectIdentifier query parameters to scope results to a specific project.

Get Pipeline Execution Details

Retrieves the full details and status of a specific pipeline execution by its execution ID. Use this endpoint to monitor individual pipeline runs, capture execution outcomes, or trigger downstream actions based on execution status.

  • Sends a GET request to /pipeline/api/pipelines/execution/{executionId} using the base URL configured in your Harness credential.
  • Response data is extracted from $.data, returning the full execution details as a single record.
  • Configure the following parameters: Execution ID — the unique identifier of the pipeline execution to retrieve.

Execution IDs can be obtained from the List Pipeline Execution History endpoint. Use a lookup macro to pass execution IDs dynamically when chaining API calls.

List Pipeline Execution History

Lists the execution history for pipelines within a Harness project. Use this endpoint for DORA metrics reporting, deployment frequency analysis, or change failure rate calculations.

  • Sends a GET request to /pipeline/api/pipelines/execution/v2/executions using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each execution record individually.

Use date/time macros in conjunction with time-range filter parameters to perform incremental ingestion of only recent pipeline executions.

List Pipelines in a Project

Lists all pipelines defined within a Harness project. Use this endpoint to audit pipeline configurations, export pipeline metadata for governance reporting, or obtain pipeline identifiers for execution-related API calls.

  • Sends a GET request to /pipeline/api/pipelines/v2 using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each pipeline as an individual record.

Include accountIdentifier, orgIdentifier, and projectIdentifier as query parameters to scope results to a specific project.

List Secrets

Returns a list of secrets in the specified scope (account, org, or project), including text secrets, file secrets, and SSH keys. Use this endpoint to audit secret inventory or identify unused credentials for rotation or cleanup.

  • Sends a POST request to /ng/api/v2/secrets/list using the base URL configured in your Harness credential.
  • Response data is extracted from $.data.content[*], returning each secret record individually. Note: secret values are never returned by the API — only metadata.

Only secret metadata (name, type, scope, tags) is returned — secret values are never exposed via the API. Scope the request to account, org, or project level using the appropriate identifier parameters.

List Role Assignments

Returns a list of role assignments in the given scope (account, org, or project). Use this endpoint to audit access control configurations, produce least-privilege reports, or export role assignment data for compliance.

  • Sends a GET request to /authz/api/roleassignments using the base URL configured in your Harness credential.
  • Response data is extracted from $.data.content[*], returning each role assignment as an individual record.

Role assignment data is available at account, org, and project scope. Include the appropriate identifier parameters to scope the results correctly for your use case.

List Users

Returns a list of users in the Harness account, including profile and role information. Use this endpoint to export user directories, audit account membership, or synchronize Harness users with external identity systems.

  • Sends a GET request to /ng/api/user/aggregate using the base URL configured in your Harness credential.
  • Response data is extracted from $.data.content[*], returning each user as an individual record.

Admin-level permissions are required to list all users in the account.

List Account Roles

Returns a list of roles defined at the account scope in Harness. Use this endpoint to enumerate available roles for access control reporting or to retrieve role IDs for use in role assignment operations.

  • Sends a GET request to /v1/account-roles using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each account role as an individual record.

Account-scope roles are defined at the top level and apply across all organizations and projects. Use role IDs from this endpoint when creating role assignments.

List Account Secrets

Returns a list of account-scoped secrets from the Harness platform. Use this endpoint to audit account-level secret inventory for security governance or credential rotation planning.

  • Sends a GET request to /v1/secrets using the base URL configured in your Harness credential.
  • Response data is extracted from $.data[*], returning each secret record as an individual entry. Secret values are never returned — only metadata.

This endpoint returns account-scoped secrets only. For org- or project-scoped secrets, use the List Secrets endpoint with the appropriate scope parameters.

Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.

Manual configuration

Harness sources can also be configured manually to ingest data from any valid Harness REST API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.

The Harness REST API base URL is https://app.harness.io/ng/api, and most endpoints require the accountIdentifier, orgIdentifier, and projectIdentifier query parameters (found under Account Settings > Account Overview in Harness) plus support pageIndex/pageSize pagination parameters. Common endpoints include listing pipelines, pipeline executions, organizations, projects, feature flags, and connectors — see the Harness API Reference for the complete list.

Harness API responses typically nest records inside a data or content object — for example, a pipeline list response nests records at data.content[*], so enter $.data.content[*] as the Path to Data to extract each pipeline object as a separate record. You do not need to add the x-api-key authentication header manually — it is handled automatically using the API key stored in your Harness credential.

Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Harness data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.

Use as a destination

Click the + icon on the Nexset that will be sent to the Harness destination, and select the Send to Destination option from the menu. Select the Harness connector from the list of available destination connectors, then select the credential that will be used to connect to the Harness account, and click Next; or, create a new Harness credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure destinations to send data to common Harness endpoints. Each template is designed specifically for the corresponding Harness endpoint, making destination setup easy and efficient. Select the endpoint to which this destination will send data from the Endpoint pulldown menu. Then, click on the template in the list below to expand it, and follow the instructions to configure additional endpoint settings.

Create an Environment

Creates a new environment within a Harness project. Use this endpoint to programmatically provision deployment environments as part of infrastructure-as-code or automated project setup workflows.

  • Sends a POST request to the Harness environments endpoint with the environment definition in the request body.
  • The request body must include the environment name, identifier, organization identifier, project identifier, and environment type (e.g., Production, PreProduction).

Include accountIdentifier, orgIdentifier, and projectIdentifier as query parameters or in the request body to scope the new environment to the correct project.

Create a Project

Creates a new Harness project within an organization. Use this endpoint to automate project provisioning as part of team onboarding or infrastructure setup pipelines.

  • Sends a POST request to /ng/api/projects with the project name, identifier, organization identifier, and optional description in the request body.

Project identifiers must be unique within the organization and can only contain letters, numbers, and underscores. Admin permissions are required to create projects.

Trigger a Pipeline Execution

Triggers a pipeline execution in Harness. Use this endpoint to automate CI/CD pipeline runs from external events, scheduled Nexla flows, or data-driven conditions.

  • Sends a POST request to the Harness pipeline execution endpoint with the pipeline identifier and optional runtime inputs in the request body.
  • Configure the following parameters: Identifier — the unique identifier of the pipeline to execute.

Triggering a pipeline execution will create a real pipeline run in your Harness account. Review the pipeline identifier and any runtime inputs carefully before activating this destination. Consider testing against a non-production project first.

Create a Pipeline (YAML Body)

Creates a new pipeline by submitting its full YAML definition to the Harness API. Use this endpoint to automate pipeline creation as part of infrastructure-as-code or template-driven DevOps workflows.

  • Sends a POST request to the Harness pipelines endpoint with the complete pipeline YAML definition in the request body.
  • The YAML must be valid Harness pipeline syntax and must include an identifier field that is unique within the project.

Include accountIdentifier, orgIdentifier, and projectIdentifier as query parameters to associate the new pipeline with the correct project. Pipeline YAML can be exported from the Harness UI for use as a template.

Create a Service

Creates a new service definition within a Harness project. Use this endpoint to programmatically register services as part of software catalog population or automated project setup workflows.

  • Sends a POST request to the Harness services endpoint with the service name, identifier, and optional YAML definition in the request body.
  • Include accountIdentifier, orgIdentifier, and projectIdentifier to scope the service to the correct project.

Service identifiers must be unique within the project. Admin or project-level write permissions are required to create services.

Create a Secret

Creates a new secret (text, file, or SSH key) in the specified scope (account, org, or project). Use this endpoint to automate secret provisioning as part of environment setup or credential rotation workflows.

  • Sends a POST request to the Harness secrets endpoint with the secret type, name, identifier, and value in the request body.
  • Supported secret types include SecretText, SecretFile, and SSHKey.

Secret values sent via this endpoint are encrypted at rest by Harness using the configured secret manager. Ensure that sensitive values are not logged or exposed in Nexla flow configurations.

Create Role Assignment

Creates a role assignment within the specified scope, granting a principal (user, user group, or service account) a specific role. Use this endpoint to automate access provisioning as part of user onboarding or permission management workflows.

  • Sends a POST request to /authz/api/roleassignments with the role identifier, principal type, principal identifier, and resource group in the request body.

Admin-level permissions are required to create role assignments. Scope the assignment to account, org, or project level by including the appropriate identifier parameters.

Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to send a sample payload to the Harness API. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the destination is configured correctly before saving.

Manual configuration

Harness destinations can also be manually configured to send data to any valid Harness REST API endpoint. This allows you to trigger pipeline executions, create or update feature flags, provision connectors, update projects, or push data to any writable Harness resource. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, data format, endpoint URL, request headers, attribute exclusions, record batching, and response webhooks.

The Harness REST API base URL is https://app.harness.io/ng/api, and it accepts and returns data in JSON format only, so select JSON as the Content Format. Most write endpoints require the accountIdentifier, orgIdentifier, and projectIdentifier query parameters — for example, triggering a pipeline execution uses https://app.harness.io/ng/api/pipeline/execute/{'{pipelineIdentifier}'}?accountIdentifier={'{accountId}'}&orgIdentifier={'{orgId}'}&projectIdentifier={'{projectId}'}. See the Harness API Reference for the complete list of write endpoints and required request body schemas.

You do not need to add the x-api-key authentication header or the Content-Type: application/json header manually — both are handled automatically based on your Harness credential and the selected Content Format. Enabling the Response Webhook option is useful for capturing the execution ID and status of a triggered pipeline, or the identifier of a newly created resource, into a new Nexla webhook data source.

Test Payload Caution

Sending a test payload to write endpoints (such as triggering a pipeline execution) will create real resources or trigger real actions in your Harness account. Review the sample payload carefully before sending, and consider using a non-production project for initial testing.

Save & activate

Once all endpoint settings have been configured, click the Done button in the upper right corner of the screen to save and create the destination. To begin sending data to the configured Harness endpoint, open the destination resource menu and select Activate.

The Nexset data will not be sent to the Harness API until the destination is activated. Destinations can be activated immediately or at a later time, providing full control over data movement.