search
Release Notes

Cloud Platforms and Data Providers

Operations for listing, adding, and modifying cloud provider configurations

You can manage Veza integrations using the management API and a Veza admin API key.

Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope.

hashtag
Provider Types

Veza supports the following provider types:

  • AWS: Amazon Web Services accounts with support for IAM, S3, RDS, Redshift, and other services

  • Azure: Microsoft Azure tenants including Active Directory and SharePoint Online

  • Google Cloud: Google Cloud Platform projects and Google Workspace domains

  • Snowflake: Snowflake data warehouses and databases

  • SQL Server: Microsoft SQL Server instances

  • Trino: Trino clusters with file-based access control

For detailed integration guides, see the Integrations documentation.

hashtag
Authentication

You will need an API token with administrator permissions to manage provider configurations. See API Authentication for details.

hashtag
Common Provider Properties

All provider configurations share these common properties:

  • id (String): Unique identifier for the provider configuration

  • vendor_id (String): Provider-specific identifier (e.g., AWS account ID)

  • name (String): Display name for the provider

  • type (String): Provider type (AWS, AZURE, GOOGLE_CLOUD, etc.)

  • state (String): Current state (ENABLED, DISABLED)

  • data_plane_id (String): Insight Point ID used for discovery

  • status (String): Last discovery status (SUCCESS, PENDING, ERROR)

hashtag
AWS Providers

hashtag
AWS Provider Object Schema

AWS provider configurations include account credentials, regions, and service-specific settings:

hashtag
AWS Configuration Fields

  • account_id (String): AWS account ID (12-digit number)

  • credentials_type (String): Authentication method - STATIC, EC2_INSTANCE_PROFILE, or ASSUME_CUSTOMER_ROLE

  • access_key_id (String): Access key ID for static credentials

  • secret_key (String): Secret access key for static credentials

  • assume_role_name (String): IAM role name for assume role authentication

  • assume_role_external_id (String): External ID for assume role authentication

  • regions (Array): List of AWS regions to discover

  • db_user (String): Database username for RDS/Redshift connections

  • services (Array): Specific AWS services to discover (empty array = all services)

hashtag
AWS Service Discovery Options

Available service values for the services array:

  • IAM: Identity and Access Management

  • S3: Simple Storage Service

  • RDS: Relational Database Service

  • REDSHIFT: Redshift data warehouses

  • EC2: Elastic Compute Cloud

  • LAMBDA: Lambda functions

  • EKS: Elastic Kubernetes Service

  • COGNITO: Cognito user pools

  • SECRETS_MANAGER: Secrets Manager

  • KMS: Key Management Service

  • DYNAMODB: DynamoDB tables

hashtag
AWS Resource Filtering

Use allow/deny lists to control which resources are discovered:

  • s3_bucket_allow_list: S3 bucket names to include (supports wildcards)

  • s3_bucket_deny_list: S3 bucket names to exclude

  • rds_database_allow_list: RDS database names to include

  • rds_database_deny_list: RDS database names to exclude

  • redshift_database_allow_list: Redshift database ARNs to include

  • redshift_database_deny_list: Redshift database ARNs to exclude

For detailed AWS setup instructions, see Amazon Web Services Integration.

hashtag
AWS API Operations

hashtag
List AWS Providers

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/aws

hashtag
Create AWS Provider

post
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Body
namestringOptional
account_idstringOptional
regionsstring[]Optional
data_plane_idstringOptional
credentials_typeinteger ยท enumOptional
access_key_idstringOptional
secret_keystringOptional
assume_role_namestringOptional
assume_role_external_idstringOptional
db_userstringOptional
rds_postgres_userstringOptional
rds_mysql_userstringOptional
rds_oracle_userstringOptional
rds_oracle_passwordstringOptional
redshift_userstringOptional
servicesinteger ยท enum[]Optional
redshift_database_allow_liststring[]Optional
redshift_database_deny_liststring[]Optional
rds_database_allow_liststring[]Optional
rds_database_deny_liststring[]Optional
s3_bucket_allow_liststring[]Optional
s3_bucket_deny_liststring[]Optional
extraction_policy_namestringOptional
gather_system_tablesbooleanOptional
gather_postgresql_system_schemasbooleanOptional
gather_rds_oracle_system_schemasbooleanOptional
rds_db_level_onlybooleanOptional
provisioningbooleanOptional
provisioning_identity_store_idstringOptional
provisioning_scim_endpointstringOptional
provisioning_scim_tokenstringOptional
gather_all_iam_policiesbooleanOptional
documentdb_userstringOptional
documentdb_passwordstringOptional
Responses
chevron-right
200

OK

application/json
post
/api/v1/providers/aws

hashtag
Get AWS Provider

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/aws/{id}

hashtag
Update AWS Provider

patch
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
provider.idstringRequired
Query parameters
update_maskstring ยท field-maskOptional
Body
idstringOptional
account_idstringOptional
credentials_typeinteger ยท enumOptional
access_key_idstringOptional
secret_keystringOptional
assume_role_namestringOptional
assume_role_external_idstringOptional
regionsstring[]Optional
db_userstringOptional
redshift_userstringOptional
rds_mysql_userstringOptional
rds_postgres_userstringOptional
rds_oracle_userstringOptional
rds_oracle_passwordstringOptional
servicesinteger ยท enum[]Optional
data_plane_idstringOptional
redshift_database_allow_liststring[]Optional
redshift_database_deny_liststring[]Optional
rds_database_allow_liststring[]Optional
rds_database_deny_liststring[]Optional
s3_bucket_allow_liststring[]Optional
s3_bucket_deny_liststring[]Optional
extraction_policy_namestringOptional
gather_system_tablesbooleanOptional
gather_rds_oracle_system_schemasbooleanOptional
gather_postgresql_system_schemasbooleanOptional
rds_db_level_onlybooleanOptional
provisioningbooleanOptional
provisioning_identity_store_idstringOptional
provisioning_scim_endpointstringOptional
provisioning_scim_tokenstringOptional
gather_all_iam_policiesbooleanOptional
documentdb_userstringOptional
documentdb_passwordstringOptional
Responses
chevron-right
200

OK

application/json
patch
/api/v1/providers/aws/{provider.id}

hashtag
Delete AWS Provider

delete
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
Responseobject
delete
/api/v1/providers/aws/{id}

hashtag
Get AWS Trust Policy

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Query parameters
assume_role_external_idstringOptional
assume_role_namestringOptionalDeprecated
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/aws:trustpolicy

hashtag
Check AWS Policy

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/aws/{id}:checkpolicy

hashtag
Azure Providers

hashtag
Azure Provider Object Schema

Azure provider configurations include tenant authentication and service settings:

hashtag
Azure Configuration Fields

  • tenant_id (String): Azure Active Directory tenant ID

  • client_id (String): Application (client) ID for service principal

  • client_secret (String): Client secret for authentication

  • auth_certificate (String): Certificate for SharePoint app-only access

  • auth_certificate_password (String): Certificate password

  • services (Array): Azure services to discover

  • gather_guest_users (Boolean): Include guest users in discovery

  • gather_disabled_users (Boolean): Include disabled users

  • gather_personal_sites (Boolean): Include personal SharePoint sites

  • domains (Array): Specific domains to discover

For detailed Azure setup instructions, see Azure Integration.

hashtag
Azure API Operations

hashtag
List Azure Providers

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/azure

hashtag
Create Azure Provider

post
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Body
namestringOptional
tenant_idstringOptional
client_idstringOptional
client_secretstringOptional
data_plane_idstringOptional
auth_certificatestringOptional
auth_certificate_passwordstringOptional
servicesinteger ยท enum[]Optional
gather_guest_usersbooleanOptional
gather_disabled_usersbooleanOptional
domainsstring[]Optional
gather_personal_sitesbooleanOptional
government_cloudinteger ยท enumOptional
extract_pim_eligibilitybooleanOptional
dynamics365_environmentsstring[]Optional
dynamics_erp_environmentsstring[]Optional
authentication_typeinteger ยท enumOptional
sql_server_database_allow_liststring[]Optional
sql_server_database_deny_liststring[]Optional
sql_server_schema_allow_liststring[]Optional
sql_server_schema_deny_liststring[]Optional
sql_server_gather_system_databasesbooleanOptional
postgresql_usernamestringOptional
postgresql_passwordstringOptional
postgresql_database_allow_liststring[]Optional
postgresql_database_deny_liststring[]Optional
postgresql_schema_allow_liststring[]Optional
postgresql_schema_deny_liststring[]Optional
sharepoint_site_allow_liststring[]Optional
sharepoint_site_deny_liststring[]Optional
gather_postgresql_system_schemasbooleanOptional
provisioningbooleanOptional
gather_group_extra_infobooleanOptional
gather_group_owner_detailsbooleanOptional
log_analytics_workspace_idstringOptional
subscription_id_allow_liststring[]Optional
subscription_id_deny_liststring[]Optional
storage_account_name_allow_liststring[]Optional
storage_account_name_deny_liststring[]Optional
blob_container_name_allow_liststring[]Optional
blob_container_name_deny_liststring[]Optional
Responses
chevron-right
200

OK

application/json
post
/api/v1/providers/azure

hashtag
Get Azure Provider

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/azure/{id}

hashtag
Update Azure Provider

patch
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
provider.idstringRequired
Query parameters
update_maskstring ยท field-maskOptional
Body
idstringOptional
tenant_idstringOptional
client_idstringOptional
client_secretstringOptional
auth_certificatestringOptional
auth_certificate_passwordstringOptional
servicesinteger ยท enum[]Optional
gather_guest_usersbooleanOptional
gather_disabled_usersbooleanOptional
domainsstring[]Optional
gather_personal_sitesbooleanOptional
government_cloudinteger ยท enumOptional
extract_pim_eligibilitybooleanOptional
dynamics365_environmentsstring[]Optional
dynamics_erp_environmentsstring[]Optional
authentication_typeinteger ยท enumOptional
sql_server_database_allow_liststring[]Optional
sql_server_database_deny_liststring[]Optional
sql_server_schema_allow_liststring[]Optional
sql_server_schema_deny_liststring[]Optional
sql_server_gather_system_databasesbooleanOptional
postgresql_usernamestringOptional
postgresql_passwordstringOptional
postgresql_database_allow_liststring[]Optional
postgresql_database_deny_liststring[]Optional
postgresql_schema_allow_liststring[]Optional
postgresql_schema_deny_liststring[]Optional
sharepoint_site_allow_liststring[]Optional
sharepoint_site_deny_liststring[]Optional
gather_postgresql_system_schemasbooleanOptional
data_plane_idstringOptional
provisioningbooleanOptional
gather_group_extra_infobooleanOptional
gather_group_owner_detailsbooleanOptional
log_analytics_workspace_idstringOptional
subscription_id_allow_liststring[]Optional
subscription_id_deny_liststring[]Optional
storage_account_name_allow_liststring[]Optional
storage_account_name_deny_liststring[]Optional
blob_container_name_allow_liststring[]Optional
blob_container_name_deny_liststring[]Optional
Responses
chevron-right
200

OK

application/json
patch
/api/v1/providers/azure/{provider.id}

hashtag
Delete Azure Provider

delete
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
Responseobject
delete
/api/v1/providers/azure/{id}

hashtag
Google Cloud Providers

hashtag
Google Cloud Provider Object Schema

Google Cloud provider configurations include service account credentials and project settings:

hashtag
Google Cloud Configuration Fields

  • credentials_json (String): Service account key JSON

  • customer_id (String): Google Workspace customer ID

  • workspace_email (String): Workspace user email for service account impersonation

  • project_allow_list (Array): GCP project names to include

  • project_deny_list (Array): GCP project names to exclude

  • domain_allow_list (Array): Workspace domains to include

  • domain_deny_list (Array): Workspace domains to exclude

  • dataset_allow_list (Array): BigQuery dataset names to include

  • dataset_deny_list (Array): BigQuery dataset names to exclude

For detailed Google Cloud setup instructions, see Google Cloud Integration.

hashtag
Google Cloud API Operations

hashtag
List Google Cloud Providers

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/google_cloud

hashtag
Create Google Cloud Provider

post
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Body
namestringOptional
credentials_jsonstring ยท bytesOptional
data_plane_idstringOptional
workspace_emailstringOptional
customer_idstringOptional
project_allow_liststring[]Optional
project_deny_liststring[]Optional
domain_allow_liststring[]Optional
domain_deny_liststring[]Optional
servicesinteger ยท enum[]Optional
dataset_allow_liststring[]Optional
dataset_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
location_allow_liststring[]Optional
location_deny_liststring[]Optional
oauth_configstring ยท bytesOptional
oauth_tokenstring ยท bytesOptional
provisioningbooleanOptional
Responses
chevron-right
200

OK

application/json
post
/api/v1/providers/google_cloud

hashtag
Get Google Cloud Provider

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/google_cloud/{id}

hashtag
Update Google Cloud Provider

patch
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
provider.idstringRequired
Query parameters
update_maskstring ยท field-maskOptional
Body
idstringOptional
credentials_jsonstring ยท bytesOptional
workspace_emailstringOptional
customer_idstringOptional
project_allow_liststring[]Optional
project_deny_liststring[]Optional
domain_allow_liststring[]Optional
domain_deny_liststring[]Optional
servicesinteger ยท enum[]Optional
data_plane_idstringOptional
dataset_allow_liststring[]Optional
dataset_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
location_allow_liststring[]Optional
location_deny_liststring[]Optional
oauth_configstring ยท bytesOptional
oauth_tokenstring ยท bytesOptional
provisioningbooleanOptional
Responses
chevron-right
200

OK

application/json
patch
/api/v1/providers/google_cloud/{provider.id}

hashtag
Delete Google Cloud Provider

delete
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
Responseobject
delete
/api/v1/providers/google_cloud/{id}

hashtag
Snowflake Providers

hashtag
Snowflake Provider Object Schema

Snowflake provider configurations include connection details and database filtering:

hashtag
Snowflake Configuration Fields

  • account_locator (String): Snowflake account locator (e.g., "xy12345")

  • region (String): Cloud region for the Snowflake account

  • cloud (String): Cloud provider ("aws", "azure", or "gcp")

  • user (String): Snowflake username for authentication

  • password (String): Password for the Snowflake user

  • role (String): Snowflake role to use for queries

  • warehouse (String): Default warehouse for compute

  • database_allow_list (Array): Database names to include

  • database_deny_list (Array): Database names to exclude

For detailed Snowflake setup instructions, see Snowflake Integration.

hashtag
Snowflake API Operations

hashtag
List Snowflake Providers

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/snowflake

hashtag
Create Snowflake Provider

post
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Body
namestringOptional
account_locatorstringOptional
regionstringOptional
cloudstringOptional
userstringOptional
passwordstringOptional
rolestringOptional
warehousestringOptional
data_plane_idstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
alternative_database_namestringOptional
authentication_methodinteger ยท enumOptional
private_keystringOptional
private_key_passwordstringOptional
extract_tagsbooleanOptional
export_databasestringOptional
export_schemastringOptional
export_userstringOptional
export_rolestringOptional
export_authentication_methodinteger ยท enumOptional
export_private_keystringOptional
export_private_key_passwordstringOptional
export_passwordstringOptional
provisioningbooleanOptional
connection_typeinteger ยท enumOptional
account_namestringOptional
org_namestringOptional
private_linkbooleanOptional
alternative_account_usage_schema_namestringOptional
gather_masking_policiesbooleanOptional
gather_row_access_policiesbooleanOptional
gather_network_policiesbooleanOptional
gather_projection_policiesbooleanOptional
organization_accountbooleanOptional
gather_password_policiesbooleanOptional
gather_login_source_ipbooleanOptional
external_oauth_aws_regionstringOptional

External OAuth specific fields

external_oauth_ida_provider_uristringOptional
external_oauth_ida_resource_uristringOptional
account_allow_liststring[]Optional

Organization account filtering

account_deny_liststring[]Optional
Responses
chevron-right
200

OK

application/json
post
/api/v1/providers/snowflake

hashtag
Get Snowflake Provider

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/snowflake/{id}

hashtag
Update Snowflake Provider

patch
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
provider.idstringRequired
Query parameters
update_maskstring ยท field-maskOptional
Body
idstringOptional
account_locatorstringOptional
regionstringOptional
cloudstringOptional
userstringOptional
passwordstringOptional
rolestringOptional
warehousestringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
alternative_database_namestringOptional
authentication_methodinteger ยท enumOptional
private_keystringOptional
private_key_passwordstringOptional
extract_tagsbooleanOptional
data_plane_idstringOptional
export_databasestringOptional
export_schemastringOptional
export_userstringOptional
export_rolestringOptional
export_authentication_methodinteger ยท enumOptional
export_private_keystringOptional
export_private_key_passwordstringOptional
export_passwordstringOptional
gather_masking_policiesbooleanOptional
gather_row_access_policiesbooleanOptional
gather_projection_policiesbooleanOptional
organization_accountbooleanOptional
gather_password_policiesbooleanOptional
gather_login_source_ipbooleanOptional
provisioningbooleanOptional
connection_typeinteger ยท enumOptional
account_namestringOptional
org_namestringOptional
private_linkbooleanOptional
alternative_account_usage_schema_namestringOptional
gather_network_policiesbooleanOptional
external_oauth_aws_regionstringOptional

External OAuth specific fields

external_oauth_ida_provider_uristringOptional
external_oauth_ida_resource_uristringOptional
account_allow_liststring[]Optional

Organization account filtering

account_deny_liststring[]Optional
Responses
chevron-right
200

OK

application/json
patch
/api/v1/providers/snowflake/{provider.id}

hashtag
Delete Snowflake Provider

delete
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
Responseobject
delete
/api/v1/providers/snowflake/{id}

hashtag
SQL Server Providers

hashtag
SQL Server Provider Object Schema

SQL Server provider configurations include connection details and database filtering:

hashtag
SQL Server Configuration Fields

  • host (String): SQL Server hostname or IP address

  • port (Integer): Port number (typically 1433)

  • username (String): SQL Server username

  • password (String): Password for authentication

  • database_allow_list (Array): Database names to include

  • database_deny_list (Array): Database names to exclude

  • schema_allow_list (Array): Schema names to include

  • schema_deny_list (Array): Schema names to exclude

For detailed SQL Server setup instructions, see SQL Server Integration.

hashtag
SQL Server API Operations

hashtag
List SQL Server Providers

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/sqlserver

hashtag
Create SQL Server Provider

post
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Body
namestringOptional
hoststringOptional
portinteger ยท int32Optional
usernamestringOptional
passwordstringOptional
data_plane_idstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
gather_system_databasesbooleanOptional
instance_namestringOptional
Responses
chevron-right
200

OK

application/json
post
/api/v1/providers/sqlserver

hashtag
Get SQL Server Provider

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/sqlserver/{id}

hashtag
Update SQL Server Provider

patch
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
provider.idstringRequired
Query parameters
update_maskstring ยท field-maskOptional
Body
idstringOptional
hoststringOptional
portinteger ยท int32Optional
usernamestringOptional
passwordstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
gather_system_databasesbooleanOptional
instance_namestringOptional
data_plane_idstringOptional
Responses
chevron-right
200

OK

application/json
patch
/api/v1/providers/sqlserver/{provider.id}

hashtag
Delete SQL Server Provider

delete
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
Responseobject
delete
/api/v1/providers/sqlserver/{id}

hashtag
Trino Providers

hashtag
Trino Provider Object Schema

Trino provider configurations include cluster connection details and S3 access control file settings:

hashtag
Trino Configuration Fields

  • host (String): Trino coordinator hostname

  • port (Integer): Trino coordinator port (typically 8080 or 8443)

  • username (String): Trino username

  • password (String): Password for authentication

  • aws_s3_object_config (Object): S3 configuration for access control file

  • ssl_certificate (String): TLS certificate for secure connections

hashtag
S3 Object Configuration

The aws_s3_object_config object contains:

  • access_key (String): AWS access key ID

  • secret_key (String): AWS secret access key

  • region (String): S3 bucket region

  • bucket (String): S3 bucket name

  • object (String): Path to access control file

  • credentials_type (String): Authentication method

  • assume_role_name (String): IAM role name (for assume role)

  • assume_role_external_id (String): External ID for assume role

  • account_id (String): AWS account ID

For detailed Trino setup instructions, see Trino Integration.

hashtag
Trino API Operations

hashtag
List Trino Providers

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/trino

hashtag
Create Trino Provider

post
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Body
namestringOptional
hoststringOptional
portinteger ยท int32Optional
usernamestringOptional
passwordstringOptional
data_plane_idstringOptional
ssl_certificatestringOptional
catalog_allow_liststring[]Optional
catalog_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
Responses
chevron-right
200

OK

application/json
post
/api/v1/providers/trino

hashtag
Get Trino Provider

get
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
get
/api/v1/providers/trino/{id}

hashtag
Update Trino Provider

patch
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
provider.idstringRequired
Query parameters
update_maskstring ยท field-maskOptional
Body
idstringOptional
hoststringOptional
portinteger ยท int32Optional
usernamestringOptional
passwordstringOptional
ssl_certificatestringOptional
catalog_allow_liststring[]Optional
catalog_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
data_plane_idstringOptional
Responses
chevron-right
200

OK

application/json
patch
/api/v1/providers/trino/{provider.id}

hashtag
Delete Trino Provider

delete
Authorizations
AuthorizationstringRequired

Bearer token authentication using a Veza Personal API key.

Header Format: Authorization: Bearer <your-api-key>

Creating an API Key:

  1. Log into your Veza tenant
  2. Navigate to Administration โ†’ API Keys
  3. Generate a new API key and save the value securely
Path parameters
idstringRequired
Responses
chevron-right
200

OK

application/json
Responseobject
delete
/api/v1/providers/trino/{id}

hashtag
Error Handling

All provider API operations return standard HTTP status codes:

  • 200 OK: Request successful

  • 400 Bad Request: Invalid request parameters or payload

  • 401 Unauthorized: Invalid or missing API token

  • 403 Forbidden: Insufficient permissions

  • 404 Not Found: Provider configuration not found

  • 409 Conflict: Provider configuration already exists

  • 500 Internal Server Error: Server error

Error responses include a descriptive message and error code:

hashtag
Best Practices

When managing provider configurations:

  1. Use descriptive names that identify the environment and purpose

  2. Implement least privilege by configuring only necessary services and resources

  3. Use allow lists rather than deny lists when possible for better security

  4. Test configurations in development environments before production

  5. Monitor discovery status regularly to ensure successful data collection

  6. Rotate credentials according to your organization's security policies

  7. Use assume role authentication for AWS providers when possible

  8. Configure resource filtering to limit discovery scope and improve performance

hashtag
Related Documentation

PreviousEnable/Disable ProvidersNextDisable AWS Services using Provider Management APIs

Last updated

Was this helpful?