Creating a plugin
Last updated
Was this helpful?
Last updated
Was this helpful?
Plugins enable Cortex users to pull data into their Cortex instance from any source, expose custom metrics, and customize the UI to match other internal tools. A plugin is an application that is embedded in Cortex. It uses a plugin proxy to send requests from the plugin to a third party.
You can use the Scaffolder in a Workflow to quickly spin up a Cortex plugin repository. The plugin code repository includes:
React + TypeScript
Linting and formatting via and
Testing via
Compilation to a single HTML file via
The Cortex React plugin package () pre-installed, which provides access to context, proxy usage, CSS variables for theme-based styling, and UI components.
Cortex offers a with examples using react-plugin-ui
.
The Cortex Plugin core package ().
If you created your plugin before April 2025 and your plugin is using components from plugin-core/components
, we have updated these components to utilize react-plugin-ui
. Please to migrate these components to the new design.
Users with the Edit plugins
permission can create a plugin.
In Cortex, navigate to Plugins.
In the upper right corner, click Register plugin.
Configure the plugin:
Plugin name: Enter a display name for the plugin.
Identifier: Enter a unique identifier for the plugin.
Description: Enter a description of the plugin to help others understand its purpose.
Display icon: Select an icon that will be used when displaying this plugin across Cortex.
Minimum user role: Select the minimum user role required to be able to see this plugin. You can choose default or custom roles.
Note that you will not be able to delete a custom role if it is associated with a plugin.
Associated proxy: If you have configured a , select the proxy to use for proxy fetches from this plugin.
Context: Select the context for your proxy:
Global: Select this option if you want to configure the plugin to appear in your main nav or as a tab on the .
Specific entity types: Select this option if you want to plugin to display in the sidebar of entity pages.
Both options: Select this option to have the ability to display the plugin in the main nav, on the dev homepage, and on entity pages.
In the next step, you will choose how to create the plugin.
While registering your plugin, in the "Code" section of the page, you can choose whether to create a plugin repo from a template or create it from scratch.
Under "Create plugin," click one of the options:
Duplicate repo with template: Choose this option to create a plugin repo from a template.
A side panel will open in Cortex, where you can configure the plugin name, license, and other details depending on which Git provider you use.
You can also choose whether you create a corresponding Cortex entity.
When you are finished configuring the plugin, at the bottom of the side panel click Save.
Download template.zip: Choose this option to create a plugin from scratch.
A zip file will download onto your computer. You can then manually configure your repository.
In the next step, you will generate the HTML file for your plugin.
After you create a plugin from a template in Cortex, a link is displayed to see your created repository.
Navigate to your newly-created plugin repository.
Clone the repository locally.
Install dependencies via yarn
.
You can also use npm
commands if preferred.
Run yarn build
to generate a single HTML file representing your plugin (output at ./dist/ui.html
).
If you want to make any changes to the plugin, modify the code before running or re-running the build
command.
Navigate back to your plugin configuration page in Cortex.
On the plugin configuration page, under "Upload and preview plugin," upload an HTML file you generated from running yarn build
in the previous steps.
Dev mode: Toggle on to enable dev mode. When in dev mode, the preview for your HTML file uses code running at http://localhost:9000/ui.html. To run your plugin code from this location, use yarn dev
or npm run dev
from your plugin.
In the preview, iterate on any changes you might want to make to the plugin.
Click Save plugin.
Users with the Edit plugins
permission can edit plugins.
Optionally, you can preview your changes before implementing them:
In the row containing the plugin, click the 3 dots icon, then click Edit plugin.
Next to the "Code" section, enable the toggle next to Dev mode.
The preview will use code running at http://localhost:9000.
From your scaffolded plugin in command line, run yarn dev
.
View the preview on the Plugin editor page in Cortex.
In your text editor, open the cloned repo for your plugin.
After making changes and saving, run yarn build
.
Optionally, run yarn dev
to preview your changes in Cortex.
In the "Plugin code" section of the plugin editing page in Cortex, click Edit next to the file name. Select your newly-updated file.
At the bottom of the page, click Save plugin.
In the row containing the plugin, click the 3 dots icon.
The easiest way to access the plugin context is via the usePluginContext()
hook.
If you need to access the plugin context outside of a React component, you can use the CortexApi
class directly. The CortexAPI class exposed from @cortexapps/plugin-core
provides a method for accessing the context your plugin is running in, getContext()
.
You can access Cortex APIs using @cortexapps/plugin-core
’s CortexAPI
.
It is also possible to access non-Cortex APIs from your plugin. Because plugins are run in an iframe, typical fetch
requests often get blocked by the browser's enforcement of CORS. However, when using the Cortex-provided template, the browser fetch is shimmed to call CortexApi.proxyFetch
, a method for using Cortex as a proxy to make the request. For this reason, you should be able to use fetch()
as you typically would in a web application.
We add the following headers to each request made by Cortex. Use these headers to verify that the request is valid and originated from Cortex:
x-cortex-timestamp
This header uses the current timestamp in millis, and is used to prevent replay attacks. Cortex will sign the requests using the format <timestamp>.<body>
.
x-cortex-timestamp-only-signature-256
This header calculates the SHA256 signature using only the timestamp. Use this header in environments where the HTTP request body is unavailable due to platform limitations.
x-cortex-signature-256
This header uses the SHA256 algorithm. For security best practices, we recommend using this header rather than x-cortex-signature
.
x-cortex-signature
This header uses the SHA1 algorithm and exists for backward compatibility. SHA1 is considered unsafe and this signature should be considered deprecated.
Create a string with the value "$timestamp.$requestBody"
if the request body is non-null OR "$timestamp
" if the request body is null.
Calculate an HMAC using the SHA256 algorithm. Use the Secret you provided to Cortex as the key and the string from Step 1 as the payload.
Verify that the x-cortex-signature-256 matches the HMAC calculated in Step 2.
Cortex UI components are available for import from @cortexapps/react-plugin-ui
.
If you created the plugin from a template, a link is displayed to see your created repository. Click View created repository.
To access authenticated external APIs, you can configure a plugin proxy to add request headers to requests matching a URL prefix. See for more information.
While viewing the , locate the plugin you want to share.
While viewing the , locate the plugin you want to share.
Click Share. A link is copied to your clipboard. You can share it with anyone who has access to view plugins in your Cortex workspace.
As of April 2025, all new plugins use . This package enables Cortex plugin developers to create plugins that share the look and feel of Cortex in an iframe.
Cortex offers a with examples using react-plugin-ui
.
Prior to April 2025, plugins used . For existing plugins using plugin-core
, ensure that you have upgraded to or above to switch your components to the new design.
The react-plugin-ui
package includes CSS variables for theme-based styling. These styles will adjust to match the and will reflect your light or dark mode settings for your Cortex workspace. The styles are injected via an iframe postMessage
request, which is initiated by the Cortex CortexApi.pluginInit()
call.
If your plugin needs additional styling beyond what is available in react-plugin-ui
, you can also use the Cortex CSS API. See documentation for these variables in the .
See the for available API calls.
If your browser fetch is not getting shimmed properly, make sure that your @cortexapps/plugin-core
is up to date and you're using wrapping your app with <PluginProvider>
. See the for an example.
To calculate the signature (an HMAC):