Cloud Platforms and Data Providers

Operations for listing, adding, and modifying cloud provider configurations

You can manage Veza integrations using the management API and a Veza admin API key.

Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope.

Provider Types

Veza supports the following provider types:

  • AWS: Amazon Web Services accounts with support for IAM, S3, RDS, Redshift, and other services

  • Azure: Microsoft Azure tenants including Active Directory and SharePoint Online

  • Google Cloud: Google Cloud Platform projects and Google Workspace domains

  • Snowflake: Snowflake data warehouses and databases

  • SQL Server: Microsoft SQL Server instances

  • Trino: Trino clusters with file-based access control

For detailed integration guides, see the Integrations documentation.

Authentication

You will need an API token with administrator permissions to manage provider configurations. See API Authentication for details.

Common Provider Properties

All provider configurations share these common properties:

  • id (String): Unique identifier for the provider configuration

  • vendor_id (String): Provider-specific identifier (e.g., AWS account ID)

  • name (String): Display name for the provider

  • type (String): Provider type (AWS, AZURE, GOOGLE_CLOUD, etc.)

  • state (String): Current state (ENABLED, DISABLED)

  • data_plane_id (String): Insight Point ID used for discovery

  • status (String): Last discovery status (SUCCESS, PENDING, ERROR)

AWS Providers

AWS Provider Object Schema

AWS provider configurations include account credentials, regions, and service-specific settings:

{
  "id": "883dd869-8762-4187-8767-1c387de14b4b",
  "vendor_id": "123456789010",
  "name": "AWS-Production",
  "type": "AWS",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "account_id": "123456789010",
  "credentials_type": "ASSUME_CUSTOMER_ROLE",
  "access_key_id": "AKIA6FRNZGGIOEBZ6BEA",
  "assume_role_name": "VezaDiscoveryRole",
  "assume_role_external_id": "veza-external-id",
  "regions": [
    "us-east-1",
    "us-west-2",
    "eu-west-1"
  ],
  "db_user": "veza_user",
  "services": [
    "IAM",
    "S3",
    "RDS",
    "REDSHIFT"
  ],
  "s3_bucket_allow_list": ["prod-data-*"],
  "s3_bucket_deny_list": ["temp-*", "test-*"],
  "rds_database_allow_list": ["production"],
  "rds_database_deny_list": ["temp"]
}

AWS Configuration Fields

  • account_id (String): AWS account ID (12-digit number)

  • credentials_type (String): Authentication method - STATIC, EC2_INSTANCE_PROFILE, or ASSUME_CUSTOMER_ROLE

  • access_key_id (String): Access key ID for static credentials

  • secret_key (String): Secret access key for static credentials

  • assume_role_name (String): IAM role name for assume role authentication

  • assume_role_external_id (String): External ID for assume role authentication

  • regions (Array): List of AWS regions to discover

  • db_user (String): Database username for RDS/Redshift connections

  • services (Array): Specific AWS services to discover (empty array = all services)

AWS Service Discovery Options

Available service values for the services array:

  • IAM: Identity and Access Management

  • S3: Simple Storage Service

  • RDS: Relational Database Service

  • REDSHIFT: Redshift data warehouses

  • EC2: Elastic Compute Cloud

  • LAMBDA: Lambda functions

  • EKS: Elastic Kubernetes Service

  • COGNITO: Cognito user pools

  • SECRETS_MANAGER: Secrets Manager

  • KMS: Key Management Service

  • DYNAMODB: DynamoDB tables

AWS Resource Filtering

Use allow/deny lists to control which resources are discovered:

  • s3_bucket_allow_list: S3 bucket names to include (supports wildcards)

  • s3_bucket_deny_list: S3 bucket names to exclude

  • rds_database_allow_list: RDS database names to include

  • rds_database_deny_list: RDS database names to exclude

  • redshift_database_allow_list: Redshift database ARNs to include

  • redshift_database_deny_list: Redshift database ARNs to exclude

For detailed AWS setup instructions, see Amazon Web Services Integration.

AWS API Operations

List AWS Providers

get
Authorizations
Responses
200
OK
application/json
get
GET /api/v1/providers/aws HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "redshift_database_allow_list": [
        "text"
      ],
      "redshift_database_deny_list": [
        "text"
      ],
      "rds_database_allow_list": [
        "text"
      ],
      "rds_database_deny_list": [
        "text"
      ],
      "s3_bucket_allow_list": [
        "text"
      ],
      "s3_bucket_deny_list": [
        "text"
      ],
      "extraction_policy_name": "text",
      "gather_system_tables": true,
      "gather_postgresql_system_schemas": true,
      "gather_rds_oracle_system_schemas": true,
      "team_id": "text",
      "rds_db_level_only": true,
      "account_id": "text",
      "credentials_type": 1,
      "access_key_id": "text",
      "assume_role_name": "text",
      "regions": [
        "text"
      ],
      "db_user": "text",
      "redshift_user": "text",
      "rds_mysql_user": "text",
      "rds_postgres_user": "text",
      "rds_oracle_user": "text",
      "services": [
        1
      ],
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2025-07-01T03:48:14.853Z",
        "synced_at": "2025-07-01T03:48:14.853Z"
      },
      "audit_log_cloud_trail_name": "text",
      "audit_log_cloud_trail_region": "text",
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "databricks_oauth_m2m_credentials": {
        "client_id": "text",
        "client_secret": "text"
      },
      "provisioning": true,
      "lifecycle_management_state": 1,
      "provisioning_identity_store_id": "text",
      "provisioning_scim_endpoint": "text",
      "audit_log_extract_for_org": true,
      "audit_log_skip_extraction": true
    }
  ]
}

Create AWS Provider

post
Authorizations
Body
namestringOptional
account_idstringOptional
regionsstring[]Optional
data_plane_idstringOptional
credentials_typeinteger · enumOptional
access_key_idstringOptional
secret_keystringOptional
assume_role_namestringOptional
assume_role_external_idstringOptional
db_userstringOptional
rds_postgres_userstringOptional
rds_mysql_userstringOptional
rds_oracle_userstringOptional
rds_oracle_passwordstringOptional
redshift_userstringOptional
servicesinteger · enum[]Optional
redshift_database_allow_liststring[]Optional
redshift_database_deny_liststring[]Optional
rds_database_allow_liststring[]Optional
rds_database_deny_liststring[]Optional
s3_bucket_allow_liststring[]Optional
s3_bucket_deny_liststring[]Optional
extraction_policy_namestringOptional
gather_system_tablesbooleanOptional
gather_postgresql_system_schemasbooleanOptional
gather_rds_oracle_system_schemasbooleanOptional
rds_db_level_onlybooleanOptional
provisioningbooleanOptional
provisioning_identity_store_idstringOptional
provisioning_scim_endpointstringOptional
provisioning_scim_tokenstringOptional
Responses
200
OK
application/json
post
POST /api/v1/providers/aws HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1028

{
  "name": "text",
  "account_id": "text",
  "regions": [
    "text"
  ],
  "data_plane_id": "text",
  "credentials_type": 1,
  "access_key_id": "text",
  "secret_key": "text",
  "assume_role_name": "text",
  "assume_role_external_id": "text",
  "db_user": "text",
  "rds_postgres_user": "text",
  "rds_mysql_user": "text",
  "rds_oracle_user": "text",
  "rds_oracle_password": "text",
  "redshift_user": "text",
  "services": [
    1
  ],
  "redshift_database_allow_list": [
    "text"
  ],
  "redshift_database_deny_list": [
    "text"
  ],
  "rds_database_allow_list": [
    "text"
  ],
  "rds_database_deny_list": [
    "text"
  ],
  "s3_bucket_allow_list": [
    "text"
  ],
  "s3_bucket_deny_list": [
    "text"
  ],
  "extraction_policy_name": "text",
  "gather_system_tables": true,
  "gather_postgresql_system_schemas": true,
  "gather_rds_oracle_system_schemas": true,
  "rds_db_level_only": true,
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "databricks_oauth_m2m_credentials": {
    "client_id": "text",
    "client_secret": "text"
  },
  "provisioning": true,
  "provisioning_identity_store_id": "text",
  "provisioning_scim_endpoint": "text",
  "provisioning_scim_token": "text"
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "redshift_database_allow_list": [
      "text"
    ],
    "redshift_database_deny_list": [
      "text"
    ],
    "rds_database_allow_list": [
      "text"
    ],
    "rds_database_deny_list": [
      "text"
    ],
    "s3_bucket_allow_list": [
      "text"
    ],
    "s3_bucket_deny_list": [
      "text"
    ],
    "extraction_policy_name": "text",
    "gather_system_tables": true,
    "gather_postgresql_system_schemas": true,
    "gather_rds_oracle_system_schemas": true,
    "team_id": "text",
    "rds_db_level_only": true,
    "account_id": "text",
    "credentials_type": 1,
    "access_key_id": "text",
    "assume_role_name": "text",
    "regions": [
      "text"
    ],
    "db_user": "text",
    "redshift_user": "text",
    "rds_mysql_user": "text",
    "rds_postgres_user": "text",
    "rds_oracle_user": "text",
    "services": [
      1
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "audit_log_cloud_trail_name": "text",
    "audit_log_cloud_trail_region": "text",
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "databricks_oauth_m2m_credentials": {
      "client_id": "text",
      "client_secret": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "provisioning_identity_store_id": "text",
    "provisioning_scim_endpoint": "text",
    "audit_log_extract_for_org": true,
    "audit_log_skip_extraction": true
  }
}

Get AWS Provider

get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
get
GET /api/v1/providers/aws/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "redshift_database_allow_list": [
      "text"
    ],
    "redshift_database_deny_list": [
      "text"
    ],
    "rds_database_allow_list": [
      "text"
    ],
    "rds_database_deny_list": [
      "text"
    ],
    "s3_bucket_allow_list": [
      "text"
    ],
    "s3_bucket_deny_list": [
      "text"
    ],
    "extraction_policy_name": "text",
    "gather_system_tables": true,
    "gather_postgresql_system_schemas": true,
    "gather_rds_oracle_system_schemas": true,
    "team_id": "text",
    "rds_db_level_only": true,
    "account_id": "text",
    "credentials_type": 1,
    "access_key_id": "text",
    "assume_role_name": "text",
    "regions": [
      "text"
    ],
    "db_user": "text",
    "redshift_user": "text",
    "rds_mysql_user": "text",
    "rds_postgres_user": "text",
    "rds_oracle_user": "text",
    "services": [
      1
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "audit_log_cloud_trail_name": "text",
    "audit_log_cloud_trail_region": "text",
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "databricks_oauth_m2m_credentials": {
      "client_id": "text",
      "client_secret": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "provisioning_identity_store_id": "text",
    "provisioning_scim_endpoint": "text",
    "audit_log_extract_for_org": true,
    "audit_log_skip_extraction": true
  }
}

Update AWS Provider

patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
account_idstringOptional
credentials_typeinteger · enumOptional
access_key_idstringOptional
secret_keystringOptional
assume_role_namestringOptional
assume_role_external_idstringOptional
regionsstring[]Optional
db_userstringOptional
redshift_userstringOptional
rds_mysql_userstringOptional
rds_postgres_userstringOptional
rds_oracle_userstringOptional
rds_oracle_passwordstringOptional
servicesinteger · enum[]Optional
data_plane_idstringOptional
redshift_database_allow_liststring[]Optional
redshift_database_deny_liststring[]Optional
rds_database_allow_liststring[]Optional
rds_database_deny_liststring[]Optional
s3_bucket_allow_liststring[]Optional
s3_bucket_deny_liststring[]Optional
extraction_policy_namestringOptional
gather_system_tablesbooleanOptional
gather_rds_oracle_system_schemasbooleanOptional
gather_postgresql_system_schemasbooleanOptional
rds_db_level_onlybooleanOptional
provisioningbooleanOptional
provisioning_identity_store_idstringOptional
provisioning_scim_endpointstringOptional
provisioning_scim_tokenstringOptional
Responses
200
OK
application/json
patch
PATCH /api/v1/providers/aws/{provider.id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1026

{
  "id": "text",
  "account_id": "text",
  "credentials_type": 1,
  "access_key_id": "text",
  "secret_key": "text",
  "assume_role_name": "text",
  "assume_role_external_id": "text",
  "regions": [
    "text"
  ],
  "db_user": "text",
  "redshift_user": "text",
  "rds_mysql_user": "text",
  "rds_postgres_user": "text",
  "rds_oracle_user": "text",
  "rds_oracle_password": "text",
  "services": [
    1
  ],
  "data_plane_id": "text",
  "redshift_database_allow_list": [
    "text"
  ],
  "redshift_database_deny_list": [
    "text"
  ],
  "rds_database_allow_list": [
    "text"
  ],
  "rds_database_deny_list": [
    "text"
  ],
  "s3_bucket_allow_list": [
    "text"
  ],
  "s3_bucket_deny_list": [
    "text"
  ],
  "extraction_policy_name": "text",
  "gather_system_tables": true,
  "gather_rds_oracle_system_schemas": true,
  "gather_postgresql_system_schemas": true,
  "rds_db_level_only": true,
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "databricks_oauth_m2m_credentials": {
    "client_id": "text",
    "client_secret": "text"
  },
  "provisioning": true,
  "provisioning_identity_store_id": "text",
  "provisioning_scim_endpoint": "text",
  "provisioning_scim_token": "text"
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "redshift_database_allow_list": [
      "text"
    ],
    "redshift_database_deny_list": [
      "text"
    ],
    "rds_database_allow_list": [
      "text"
    ],
    "rds_database_deny_list": [
      "text"
    ],
    "s3_bucket_allow_list": [
      "text"
    ],
    "s3_bucket_deny_list": [
      "text"
    ],
    "extraction_policy_name": "text",
    "gather_system_tables": true,
    "gather_postgresql_system_schemas": true,
    "gather_rds_oracle_system_schemas": true,
    "team_id": "text",
    "rds_db_level_only": true,
    "account_id": "text",
    "credentials_type": 1,
    "access_key_id": "text",
    "assume_role_name": "text",
    "regions": [
      "text"
    ],
    "db_user": "text",
    "redshift_user": "text",
    "rds_mysql_user": "text",
    "rds_postgres_user": "text",
    "rds_oracle_user": "text",
    "services": [
      1
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "audit_log_cloud_trail_name": "text",
    "audit_log_cloud_trail_region": "text",
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "databricks_oauth_m2m_credentials": {
      "client_id": "text",
      "client_secret": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "provisioning_identity_store_id": "text",
    "provisioning_scim_endpoint": "text",
    "audit_log_extract_for_org": true,
    "audit_log_skip_extraction": true
  }
}

Delete AWS Provider

delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
delete
DELETE /api/v1/providers/aws/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{}

Get AWS Trust Policy

get
Authorizations
Query parameters
assume_role_external_idstringOptional
assume_role_namestringOptionalDeprecated
Responses
200
OK
application/json
get
GET /api/v1/providers/aws:trustpolicy HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "trust_policy_json": "text"
}

Check AWS Policy

get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
get
GET /api/v1/providers/aws/{id}:checkpolicy HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "requires_update": true,
  "aws_account_id": "text",
  "current_policy": "text",
  "required_policy": "text",
  "required_actions": [
    "text"
  ],
  "overprivileged_actions": [
    "text"
  ]
}

Azure Providers

Azure Provider Object Schema

Azure provider configurations include tenant authentication and service settings:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "contoso.onmicrosoft.com",
  "name": "Azure-Production",
  "type": "AZURE",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "tenant_id": "12345678-1234-1234-1234-123456789012",
  "client_id": "87654321-4321-4321-4321-210987654321",
  "services": [
    "AZUREAD",
    "SHAREPOINT",
    "SQLSERVER"
  ],
  "gather_guest_users": true,
  "gather_disabled_users": false,
  "gather_personal_sites": true,
  "domains": ["contoso.com"],
  "sql_server_database_allow_list": ["production"],
  "sql_server_database_deny_list": ["temp"]
}

Azure Configuration Fields

  • tenant_id (String): Azure Active Directory tenant ID

  • client_id (String): Application (client) ID for service principal

  • client_secret (String): Client secret for authentication

  • auth_certificate (String): Certificate for SharePoint app-only access

  • auth_certificate_password (String): Certificate password

  • services (Array): Azure services to discover

  • gather_guest_users (Boolean): Include guest users in discovery

  • gather_disabled_users (Boolean): Include disabled users

  • gather_personal_sites (Boolean): Include personal SharePoint sites

  • domains (Array): Specific domains to discover

For detailed Azure setup instructions, see Azure Integration.

Azure API Operations

List Azure Providers

get
Authorizations
Responses
200
OK
application/json
get
GET /api/v1/providers/azure HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "gather_guest_users": true,
      "gather_disabled_users": true,
      "domains": [
        "text"
      ],
      "gather_personal_sites": true,
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2025-07-01T03:48:14.853Z",
        "synced_at": "2025-07-01T03:48:14.853Z"
      },
      "government_cloud": 1,
      "extract_pim_eligibility": true,
      "dynamics365_environments": [
        "text"
      ],
      "team_id": "text",
      "dynamics_erp_environments": [
        "text"
      ],
      "account_id": "text",
      "tenant_id": "text",
      "client_id": "text",
      "services": [
        1
      ],
      "sql_server_database_allow_list": [
        "text"
      ],
      "sql_server_database_deny_list": [
        "text"
      ],
      "sql_server_schema_allow_list": [
        "text"
      ],
      "sql_server_schema_deny_list": [
        "text"
      ],
      "sql_server_gather_system_databases": true,
      "gather_postgresql_system_schemas": true,
      "postgresql_username": "text",
      "postgresql_password": "text",
      "postgresql_database_allow_list": [
        "text"
      ],
      "postgresql_database_deny_list": [
        "text"
      ],
      "postgresql_schema_allow_list": [
        "text"
      ],
      "postgresql_schema_deny_list": [
        "text"
      ],
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "sharepoint_site_allow_list": [
        "text"
      ],
      "sharepoint_site_deny_list": [
        "text"
      ],
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ]
          }
        ],
        "use_email": true
      },
      "user_custom_properties": [
        {
          "name": "text",
          "type": 1
        }
      ],
      "provisioning": true,
      "lifecycle_management_state": 1
    }
  ]
}

Create Azure Provider

post
Authorizations
Body
namestringOptional
tenant_idstringOptional
client_idstringOptional
client_secretstringOptional
data_plane_idstringOptional
auth_certificatestringOptional
auth_certificate_passwordstringOptional
servicesinteger · enum[]Optional
gather_guest_usersbooleanOptional
gather_disabled_usersbooleanOptional
domainsstring[]Optional
gather_personal_sitesbooleanOptional
government_cloudinteger · enumOptional
extract_pim_eligibilitybooleanOptional
dynamics365_environmentsstring[]Optional
dynamics_erp_environmentsstring[]Optional
sql_server_database_allow_liststring[]Optional
sql_server_database_deny_liststring[]Optional
sql_server_schema_allow_liststring[]Optional
sql_server_schema_deny_liststring[]Optional
sql_server_gather_system_databasesbooleanOptional
postgresql_usernamestringOptional
postgresql_passwordstringOptional
postgresql_database_allow_liststring[]Optional
postgresql_database_deny_liststring[]Optional
postgresql_schema_allow_liststring[]Optional
postgresql_schema_deny_liststring[]Optional
sharepoint_site_allow_liststring[]Optional
sharepoint_site_deny_liststring[]Optional
gather_postgresql_system_schemasbooleanOptional
provisioningbooleanOptional
Responses
200
OK
application/json
post
POST /api/v1/providers/azure HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1574

{
  "name": "text",
  "tenant_id": "text",
  "client_id": "text",
  "client_secret": "text",
  "data_plane_id": "text",
  "auth_certificate": "text",
  "auth_certificate_password": "text",
  "services": [
    1
  ],
  "gather_guest_users": true,
  "gather_disabled_users": true,
  "domains": [
    "text"
  ],
  "gather_personal_sites": true,
  "government_cloud": 1,
  "extract_pim_eligibility": true,
  "dynamics365_environments": [
    "text"
  ],
  "dynamics_erp_environments": [
    "text"
  ],
  "sql_server_database_allow_list": [
    "text"
  ],
  "sql_server_database_deny_list": [
    "text"
  ],
  "sql_server_schema_allow_list": [
    "text"
  ],
  "sql_server_schema_deny_list": [
    "text"
  ],
  "sql_server_gather_system_databases": true,
  "postgresql_username": "text",
  "postgresql_password": "text",
  "postgresql_database_allow_list": [
    "text"
  ],
  "postgresql_database_deny_list": [
    "text"
  ],
  "postgresql_schema_allow_list": [
    "text"
  ],
  "postgresql_schema_deny_list": [
    "text"
  ],
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "sharepoint_site_allow_list": [
    "text"
  ],
  "sharepoint_site_deny_list": [
    "text"
  ],
  "gather_postgresql_system_schemas": true,
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  },
  "user_custom_properties": [
    {
      "name": "text",
      "type": 1
    }
  ],
  "provisioning": true
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1
  }
}

Get Azure Provider

get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
get
GET /api/v1/providers/azure/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1
  }
}

Update Azure Provider

patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
tenant_idstringOptional
client_idstringOptional
client_secretstringOptional
auth_certificatestringOptional
auth_certificate_passwordstringOptional
servicesinteger · enum[]Optional
gather_guest_usersbooleanOptional
gather_disabled_usersbooleanOptional
domainsstring[]Optional
gather_personal_sitesbooleanOptional
government_cloudinteger · enumOptional
extract_pim_eligibilitybooleanOptional
dynamics365_environmentsstring[]Optional
dynamics_erp_environmentsstring[]Optional
sql_server_database_allow_liststring[]Optional
sql_server_database_deny_liststring[]Optional
sql_server_schema_allow_liststring[]Optional
sql_server_schema_deny_liststring[]Optional
sql_server_gather_system_databasesbooleanOptional
postgresql_usernamestringOptional
postgresql_passwordstringOptional
postgresql_database_allow_liststring[]Optional
postgresql_database_deny_liststring[]Optional
postgresql_schema_allow_liststring[]Optional
postgresql_schema_deny_liststring[]Optional
sharepoint_site_allow_liststring[]Optional
sharepoint_site_deny_liststring[]Optional
gather_postgresql_system_schemasbooleanOptional
data_plane_idstringOptional
provisioningbooleanOptional
Responses
200
OK
application/json
patch
PATCH /api/v1/providers/azure/{provider.id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1572

{
  "id": "text",
  "tenant_id": "text",
  "client_id": "text",
  "client_secret": "text",
  "auth_certificate": "text",
  "auth_certificate_password": "text",
  "services": [
    1
  ],
  "gather_guest_users": true,
  "gather_disabled_users": true,
  "domains": [
    "text"
  ],
  "gather_personal_sites": true,
  "government_cloud": 1,
  "extract_pim_eligibility": true,
  "dynamics365_environments": [
    "text"
  ],
  "dynamics_erp_environments": [
    "text"
  ],
  "sql_server_database_allow_list": [
    "text"
  ],
  "sql_server_database_deny_list": [
    "text"
  ],
  "sql_server_schema_allow_list": [
    "text"
  ],
  "sql_server_schema_deny_list": [
    "text"
  ],
  "sql_server_gather_system_databases": true,
  "postgresql_username": "text",
  "postgresql_password": "text",
  "postgresql_database_allow_list": [
    "text"
  ],
  "postgresql_database_deny_list": [
    "text"
  ],
  "postgresql_schema_allow_list": [
    "text"
  ],
  "postgresql_schema_deny_list": [
    "text"
  ],
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "sharepoint_site_allow_list": [
    "text"
  ],
  "sharepoint_site_deny_list": [
    "text"
  ],
  "gather_postgresql_system_schemas": true,
  "data_plane_id": "text",
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  },
  "user_custom_properties": [
    {
      "name": "text",
      "type": 1
    }
  ],
  "provisioning": true
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1
  }
}

Delete Azure Provider

delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
delete
DELETE /api/v1/providers/azure/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{}

Google Cloud Providers

Google Cloud Provider Object Schema

Google Cloud provider configurations include service account credentials and project settings:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "gcp-project-id",
  "name": "GCP-Production",
  "type": "GOOGLE_CLOUD",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "customer_id": "C01234567",
  "workspace_email": "[email protected]",
  "project_allow_list": ["prod-project-1", "prod-project-2"],
  "project_deny_list": ["test-*"],
  "domain_allow_list": ["company.com"],
  "domain_deny_list": [],
  "services": [
    "IAM",
    "STORAGE",
    "COMPUTE",
    "WORKSPACE",
    "BIGQUERY"
  ],
  "dataset_allow_list": ["analytics", "reporting"],
  "dataset_deny_list": ["temp_*"]
}

Google Cloud Configuration Fields

  • credentials_json (String): Service account key JSON

  • customer_id (String): Google Workspace customer ID

  • workspace_email (String): Workspace user email for service account impersonation

  • project_allow_list (Array): GCP project names to include

  • project_deny_list (Array): GCP project names to exclude

  • domain_allow_list (Array): Workspace domains to include

  • domain_deny_list (Array): Workspace domains to exclude

  • dataset_allow_list (Array): BigQuery dataset names to include

  • dataset_deny_list (Array): BigQuery dataset names to exclude

For detailed Google Cloud setup instructions, see Google Cloud Integration.

Google Cloud API Operations

List Google Cloud Providers

get
Authorizations
Responses
200
OK
application/json
get
GET /api/v1/providers/google_cloud HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "workspace_email": "text",
      "customer_id": "text",
      "services": [
        1
      ],
      "project_allow_list": [
        "text"
      ],
      "project_deny_list": [
        "text"
      ],
      "domain_allow_list": [
        "text"
      ],
      "domain_deny_list": [
        "text"
      ],
      "dataset_allow_list": [
        "text"
      ],
      "dataset_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ],
      "location_allow_list": [
        "text"
      ],
      "location_deny_list": [
        "text"
      ],
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "provisioning": true,
      "lifecycle_management_state": 1,
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2025-07-01T03:48:14.853Z",
        "synced_at": "2025-07-01T03:48:14.853Z"
      },
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ]
          }
        ],
        "use_email": true
      }
    }
  ]
}

Create Google Cloud Provider

post
Authorizations
Body
namestringOptional
credentials_jsonstring · bytesOptional
data_plane_idstringOptional
workspace_emailstringOptional
customer_idstringOptional
project_allow_liststring[]Optional
project_deny_liststring[]Optional
domain_allow_liststring[]Optional
domain_deny_liststring[]Optional
servicesinteger · enum[]Optional
dataset_allow_liststring[]Optional
dataset_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
location_allow_liststring[]Optional
location_deny_liststring[]Optional
oauth_configstring · bytesOptional
oauth_tokenstring · bytesOptional
provisioningbooleanOptional
Responses
200
OK
application/json
post
POST /api/v1/providers/google_cloud HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1039

{
  "name": "text",
  "credentials_json": "text",
  "data_plane_id": "text",
  "workspace_email": "text",
  "customer_id": "text",
  "project_allow_list": [
    "text"
  ],
  "project_deny_list": [
    "text"
  ],
  "domain_allow_list": [
    "text"
  ],
  "domain_deny_list": [
    "text"
  ],
  "services": [
    1
  ],
  "dataset_allow_list": [
    "text"
  ],
  "dataset_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ],
  "location_allow_list": [
    "text"
  ],
  "location_deny_list": [
    "text"
  ],
  "oauth_config": "text",
  "oauth_token": "text",
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "provisioning": true,
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  }
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "workspace_email": "text",
    "customer_id": "text",
    "services": [
      1
    ],
    "project_allow_list": [
      "text"
    ],
    "project_deny_list": [
      "text"
    ],
    "domain_allow_list": [
      "text"
    ],
    "domain_deny_list": [
      "text"
    ],
    "dataset_allow_list": [
      "text"
    ],
    "dataset_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ],
    "location_allow_list": [
      "text"
    ],
    "location_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Get Google Cloud Provider

get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
get
GET /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "workspace_email": "text",
    "customer_id": "text",
    "services": [
      1
    ],
    "project_allow_list": [
      "text"
    ],
    "project_deny_list": [
      "text"
    ],
    "domain_allow_list": [
      "text"
    ],
    "domain_deny_list": [
      "text"
    ],
    "dataset_allow_list": [
      "text"
    ],
    "dataset_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ],
    "location_allow_list": [
      "text"
    ],
    "location_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Update Google Cloud Provider

patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
credentials_jsonstring · bytesOptional
workspace_emailstringOptional
customer_idstringOptional
project_allow_liststring[]Optional
project_deny_liststring[]Optional
domain_allow_liststring[]Optional
domain_deny_liststring[]Optional
servicesinteger · enum[]Optional
data_plane_idstringOptional
dataset_allow_liststring[]Optional
dataset_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
location_allow_liststring[]Optional
location_deny_liststring[]Optional
oauth_configstring · bytesOptional
oauth_tokenstring · bytesOptional
provisioningbooleanOptional
Responses
200
OK
application/json
patch
PATCH /api/v1/providers/google_cloud/{provider.id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1037

{
  "id": "text",
  "credentials_json": "text",
  "workspace_email": "text",
  "customer_id": "text",
  "project_allow_list": [
    "text"
  ],
  "project_deny_list": [
    "text"
  ],
  "domain_allow_list": [
    "text"
  ],
  "domain_deny_list": [
    "text"
  ],
  "services": [
    1
  ],
  "data_plane_id": "text",
  "dataset_allow_list": [
    "text"
  ],
  "dataset_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ],
  "location_allow_list": [
    "text"
  ],
  "location_deny_list": [
    "text"
  ],
  "oauth_config": "text",
  "oauth_token": "text",
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "provisioning": true,
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  }
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "workspace_email": "text",
    "customer_id": "text",
    "services": [
      1
    ],
    "project_allow_list": [
      "text"
    ],
    "project_deny_list": [
      "text"
    ],
    "domain_allow_list": [
      "text"
    ],
    "domain_deny_list": [
      "text"
    ],
    "dataset_allow_list": [
      "text"
    ],
    "dataset_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ],
    "location_allow_list": [
      "text"
    ],
    "location_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Delete Google Cloud Provider

delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
delete
DELETE /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{}

Snowflake Providers

Snowflake Provider Object Schema

Snowflake provider configurations include connection details and database filtering:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "xy12345.us-east-1",
  "name": "Snowflake-Production",
  "type": "SNOWFLAKE",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "account_locator": "xy12345",
  "region": "us-east-1",
  "cloud": "aws",
  "user": "veza_user",
  "role": "VEZA_ROLE",
  "warehouse": "COMPUTE_WH",
  "database_allow_list": ["PROD_DB", "ANALYTICS_DB"],
  "database_deny_list": ["TEMP_DB", "TEST_DB"]
}

Snowflake Configuration Fields

  • account_locator (String): Snowflake account locator (e.g., "xy12345")

  • region (String): Cloud region for the Snowflake account

  • cloud (String): Cloud provider ("aws", "azure", or "gcp")

  • user (String): Snowflake username for authentication

  • password (String): Password for the Snowflake user

  • role (String): Snowflake role to use for queries

  • warehouse (String): Default warehouse for compute

  • database_allow_list (Array): Database names to include

  • database_deny_list (Array): Database names to exclude

For detailed Snowflake setup instructions, see Snowflake Integration.

Snowflake API Operations

List Snowflake Providers

get
Authorizations
Responses
200
OK
application/json
get
GET /api/v1/providers/snowflake HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "account_locator": "text",
      "region": "text",
      "cloud": "text",
      "user": "text",
      "role": "text",
      "warehouse": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2025-07-01T03:48:14.853Z",
        "synced_at": "2025-07-01T03:48:14.853Z"
      },
      "alternative_database_name": "text",
      "authentication_method": 1,
      "extract_tags": true,
      "provisioning": true,
      "lifecycle_management_state": 1,
      "export_database": "text",
      "export_schema": "text",
      "export_user": "text",
      "export_role": "text",
      "export_authentication_method": 1,
      "connection_type": 1,
      "account_name": "text",
      "org_name": "text",
      "private_link": true,
      "alternative_account_usage_schema_name": "text",
      "gather_masking_policies": true
    }
  ]
}

Create Snowflake Provider

post
Authorizations
Body
namestringOptional
account_locatorstringOptional
regionstringOptional
cloudstringOptional
userstringOptional
passwordstringOptional
rolestringOptional
warehousestringOptional
data_plane_idstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
alternative_database_namestringOptional
authentication_methodinteger · enumOptional
private_keystringOptional
private_key_passwordstringOptional
extract_tagsbooleanOptional
export_databasestringOptional
export_schemastringOptional
export_userstringOptional
export_rolestringOptional
export_authentication_methodinteger · enumOptional
export_private_keystringOptional
export_private_key_passwordstringOptional
export_passwordstringOptional
provisioningbooleanOptional
connection_typeinteger · enumOptional
account_namestringOptional
org_namestringOptional
private_linkbooleanOptional
alternative_account_usage_schema_namestringOptional
gather_masking_policiesbooleanOptional
Responses
200
OK
application/json
post
POST /api/v1/providers/snowflake HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 743

{
  "name": "text",
  "account_locator": "text",
  "region": "text",
  "cloud": "text",
  "user": "text",
  "password": "text",
  "role": "text",
  "warehouse": "text",
  "data_plane_id": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "alternative_database_name": "text",
  "authentication_method": 1,
  "private_key": "text",
  "private_key_password": "text",
  "extract_tags": true,
  "export_database": "text",
  "export_schema": "text",
  "export_user": "text",
  "export_role": "text",
  "export_authentication_method": 1,
  "export_private_key": "text",
  "export_private_key_password": "text",
  "export_password": "text",
  "provisioning": true,
  "connection_type": 1,
  "account_name": "text",
  "org_name": "text",
  "private_link": true,
  "alternative_account_usage_schema_name": "text",
  "gather_masking_policies": true
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "account_locator": "text",
    "region": "text",
    "cloud": "text",
    "user": "text",
    "role": "text",
    "warehouse": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "alternative_database_name": "text",
    "authentication_method": 1,
    "extract_tags": true,
    "provisioning": true,
    "lifecycle_management_state": 1,
    "export_database": "text",
    "export_schema": "text",
    "export_user": "text",
    "export_role": "text",
    "export_authentication_method": 1,
    "connection_type": 1,
    "account_name": "text",
    "org_name": "text",
    "private_link": true,
    "alternative_account_usage_schema_name": "text",
    "gather_masking_policies": true
  }
}

Get Snowflake Provider

get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
get
GET /api/v1/providers/snowflake/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "account_locator": "text",
    "region": "text",
    "cloud": "text",
    "user": "text",
    "role": "text",
    "warehouse": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "alternative_database_name": "text",
    "authentication_method": 1,
    "extract_tags": true,
    "provisioning": true,
    "lifecycle_management_state": 1,
    "export_database": "text",
    "export_schema": "text",
    "export_user": "text",
    "export_role": "text",
    "export_authentication_method": 1,
    "connection_type": 1,
    "account_name": "text",
    "org_name": "text",
    "private_link": true,
    "alternative_account_usage_schema_name": "text",
    "gather_masking_policies": true
  }
}

Update Snowflake Provider

patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
account_locatorstringOptional
regionstringOptional
cloudstringOptional
userstringOptional
passwordstringOptional
rolestringOptional
warehousestringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
alternative_database_namestringOptional
authentication_methodinteger · enumOptional
private_keystringOptional
private_key_passwordstringOptional
extract_tagsbooleanOptional
data_plane_idstringOptional
export_databasestringOptional
export_schemastringOptional
export_userstringOptional
export_rolestringOptional
export_authentication_methodinteger · enumOptional
export_private_keystringOptional
export_private_key_passwordstringOptional
export_passwordstringOptional
gather_masking_policiesbooleanOptional
provisioningbooleanOptional
connection_typeinteger · enumOptional
account_namestringOptional
org_namestringOptional
private_linkbooleanOptional
alternative_account_usage_schema_namestringOptional
Responses
200
OK
application/json
patch
PATCH /api/v1/providers/snowflake/{provider.id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 741

{
  "id": "text",
  "account_locator": "text",
  "region": "text",
  "cloud": "text",
  "user": "text",
  "password": "text",
  "role": "text",
  "warehouse": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "alternative_database_name": "text",
  "authentication_method": 1,
  "private_key": "text",
  "private_key_password": "text",
  "extract_tags": true,
  "data_plane_id": "text",
  "export_database": "text",
  "export_schema": "text",
  "export_user": "text",
  "export_role": "text",
  "export_authentication_method": 1,
  "export_private_key": "text",
  "export_private_key_password": "text",
  "export_password": "text",
  "gather_masking_policies": true,
  "provisioning": true,
  "connection_type": 1,
  "account_name": "text",
  "org_name": "text",
  "private_link": true,
  "alternative_account_usage_schema_name": "text"
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "account_locator": "text",
    "region": "text",
    "cloud": "text",
    "user": "text",
    "role": "text",
    "warehouse": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2025-07-01T03:48:14.853Z",
      "synced_at": "2025-07-01T03:48:14.853Z"
    },
    "alternative_database_name": "text",
    "authentication_method": 1,
    "extract_tags": true,
    "provisioning": true,
    "lifecycle_management_state": 1,
    "export_database": "text",
    "export_schema": "text",
    "export_user": "text",
    "export_role": "text",
    "export_authentication_method": 1,
    "connection_type": 1,
    "account_name": "text",
    "org_name": "text",
    "private_link": true,
    "alternative_account_usage_schema_name": "text",
    "gather_masking_policies": true
  }
}

Delete Snowflake Provider

delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
delete
DELETE /api/v1/providers/snowflake/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{}

SQL Server Providers

SQL Server Provider Object Schema

SQL Server provider configurations include connection details and database filtering:

{
  "id": "90112ed7-47e7-48e6-9f05-c02d19d7f137",
  "vendor_id": "sqlserver.company.com",
  "name": "SQL-Production",
  "type": "SQL_SERVER",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "host": "sqlserver.company.com",
  "port": 1433,
  "username": "veza_user",
  "database_allow_list": ["ProductionDB", "AnalyticsDB"],
  "database_deny_list": ["TempDB", "TestDB"],
  "schema_allow_list": ["dbo", "analytics"],
  "schema_deny_list": ["temp"]
}

SQL Server Configuration Fields

  • host (String): SQL Server hostname or IP address

  • port (Integer): Port number (typically 1433)

  • username (String): SQL Server username

  • password (String): Password for authentication

  • database_allow_list (Array): Database names to include

  • database_deny_list (Array): Database names to exclude

  • schema_allow_list (Array): Schema names to include

  • schema_deny_list (Array): Schema names to exclude

For detailed SQL Server setup instructions, see SQL Server Integration.

SQL Server API Operations

List SQL Server Providers

get
Authorizations
Responses
200
OK
application/json
get
GET /api/v1/providers/sqlserver HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "gather_system_databases": true,
      "instance_name": "text"
    }
  ]
}

Create SQL Server Provider

post
Authorizations
Body
namestringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
data_plane_idstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
gather_system_databasesbooleanOptional
instance_namestringOptional
Responses
200
OK
application/json
post
POST /api/v1/providers/sqlserver HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 269

{
  "name": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "data_plane_id": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "gather_system_databases": true,
  "instance_name": "text"
}
{
  "id": "text"
}

Get SQL Server Provider

get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
get
GET /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "id": "text",
  "vendor_id": "text",
  "name": "text",
  "type": 1,
  "state": 1,
  "data_plane_id": "text",
  "status": 1,
  "team_id": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "gather_system_databases": true,
  "instance_name": "text"
}

Update SQL Server Provider

patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
gather_system_databasesbooleanOptional
instance_namestringOptional
data_plane_idstringOptional
Responses
200
OK
application/json
patch
PATCH /api/v1/providers/sqlserver/{provider.id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 267

{
  "id": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "gather_system_databases": true,
  "instance_name": "text",
  "data_plane_id": "text"
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "gather_system_databases": true,
    "instance_name": "text"
  }
}

Delete SQL Server Provider

delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
delete
DELETE /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{}

Trino Providers

Trino Provider Object Schema

Trino provider configurations include cluster connection details and S3 access control file settings:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "trino.company.com",
  "name": "Trino-Production",
  "type": "TRINO",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "host": "trino.company.com",
  "port": 8080,
  "username": "veza_user",
  "aws_s3_object_config": {
    "access_key": "AKIA...",
    "region": "us-east-1",
    "bucket": "trino-config",
    "object": "access-control.properties",
    "credentials_type": "STATIC",
    "assume_role_name": "",
    "account_id": ""
  },
  "ssl_certificate": "-----BEGIN CERTIFICATE-----\n..."
}

Trino Configuration Fields

  • host (String): Trino coordinator hostname

  • port (Integer): Trino coordinator port (typically 8080 or 8443)

  • username (String): Trino username

  • password (String): Password for authentication

  • aws_s3_object_config (Object): S3 configuration for access control file

  • ssl_certificate (String): TLS certificate for secure connections

S3 Object Configuration

The aws_s3_object_config object contains:

  • access_key (String): AWS access key ID

  • secret_key (String): AWS secret access key

  • region (String): S3 bucket region

  • bucket (String): S3 bucket name

  • object (String): Path to access control file

  • credentials_type (String): Authentication method

  • assume_role_name (String): IAM role name (for assume role)

  • assume_role_external_id (String): External ID for assume role

  • account_id (String): AWS account ID

For detailed Trino setup instructions, see Trino Integration.

Trino API Operations

List Trino Providers

get
Authorizations
Responses
200
OK
application/json
get
GET /api/v1/providers/trino HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "aws_s3_object_config": {
        "access_key": "text",
        "region": "text",
        "bucket": "text",
        "object": "text",
        "credentials_type": 1,
        "assume_role_name": "text",
        "account_id": "text"
      },
      "ssl_certificate": "text",
      "catalog_allow_list": [
        "text"
      ],
      "catalog_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ]
    }
  ]
}

Create Trino Provider

post
Authorizations
Body
namestringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
data_plane_idstringOptional
ssl_certificatestringOptional
catalog_allow_liststring[]Optional
catalog_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
Responses
200
OK
application/json
post
POST /api/v1/providers/trino HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 506

{
  "name": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "data_plane_id": "text",
  "aws_s3_object_config": {
    "access_key": "text",
    "secret_key": "text",
    "region": "text",
    "bucket": "text",
    "object": "text",
    "credentials_type": 1,
    "assume_role_name": "text",
    "assume_role_external_id": "text",
    "account_id": "text"
  },
  "ssl_certificate": "text",
  "catalog_allow_list": [
    "text"
  ],
  "catalog_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ]
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "aws_s3_object_config": {
      "access_key": "text",
      "region": "text",
      "bucket": "text",
      "object": "text",
      "credentials_type": 1,
      "assume_role_name": "text",
      "account_id": "text"
    },
    "ssl_certificate": "text",
    "catalog_allow_list": [
      "text"
    ],
    "catalog_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ]
  }
}

Get Trino Provider

get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
get
GET /api/v1/providers/trino/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "aws_s3_object_config": {
      "access_key": "text",
      "region": "text",
      "bucket": "text",
      "object": "text",
      "credentials_type": 1,
      "assume_role_name": "text",
      "account_id": "text"
    },
    "ssl_certificate": "text",
    "catalog_allow_list": [
      "text"
    ],
    "catalog_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ]
  }
}

Update Trino Provider

patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
ssl_certificatestringOptional
catalog_allow_liststring[]Optional
catalog_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
data_plane_idstringOptional
Responses
200
OK
application/json
patch
PATCH /api/v1/providers/trino/{provider.id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 504

{
  "id": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "aws_s3_object_config": {
    "access_key": "text",
    "secret_key": "text",
    "region": "text",
    "bucket": "text",
    "object": "text",
    "credentials_type": 1,
    "assume_role_name": "text",
    "assume_role_external_id": "text",
    "account_id": "text"
  },
  "ssl_certificate": "text",
  "catalog_allow_list": [
    "text"
  ],
  "catalog_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ],
  "data_plane_id": "text"
}
{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "aws_s3_object_config": {
      "access_key": "text",
      "region": "text",
      "bucket": "text",
      "object": "text",
      "credentials_type": 1,
      "assume_role_name": "text",
      "account_id": "text"
    },
    "ssl_certificate": "text",
    "catalog_allow_list": [
      "text"
    ],
    "catalog_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ]
  }
}

Delete Trino Provider

delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
delete
DELETE /api/v1/providers/trino/{id} HTTP/1.1
Host: 
Authorization: Bearer Bearer <API key>
Accept: */*
{}

Error Handling

All provider API operations return standard HTTP status codes:

  • 200 OK: Request successful

  • 400 Bad Request: Invalid request parameters or payload

  • 401 Unauthorized: Invalid or missing API token

  • 403 Forbidden: Insufficient permissions

  • 404 Not Found: Provider configuration not found

  • 409 Conflict: Provider configuration already exists

  • 500 Internal Server Error: Server error

Error responses include a descriptive message and error code:

{
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "The provided credentials are invalid or expired",
    "details": "AWS STS AssumeRole failed with error: Access denied"
  }
}

Best Practices

When managing provider configurations:

  1. Use descriptive names that identify the environment and purpose

  2. Implement least privilege by configuring only necessary services and resources

  3. Use allow lists rather than deny lists when possible for better security

  4. Test configurations in development environments before production

  5. Monitor discovery status regularly to ensure successful data collection

  6. Rotate credentials according to your organization's security policies

  7. Use assume role authentication for AWS providers when possible

  8. Configure resource filtering to limit discovery scope and improve performance

Last updated

Was this helpful?