Cloud Platforms and Data Providers
Operations for listing, adding, and modifying cloud provider configurations
You can manage Veza integrations using the management API and a Veza admin API key.
Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope.
Provider Types
Veza supports the following provider types:
AWS: Amazon Web Services accounts with support for IAM, S3, RDS, Redshift, and other services
Azure: Microsoft Azure tenants including Active Directory and SharePoint Online
Google Cloud: Google Cloud Platform projects and Google Workspace domains
Snowflake: Snowflake data warehouses and databases
SQL Server: Microsoft SQL Server instances
Trino: Trino clusters with file-based access control
For detailed integration guides, see the Integrations documentation.
Authentication
You will need an API token with administrator permissions to manage provider configurations. See API Authentication for details.
Common Provider Properties
All provider configurations share these common properties:
id(String): Unique identifier for the provider configurationvendor_id(String): Provider-specific identifier (e.g., AWS account ID)name(String): Display name for the providertype(String): Provider type (AWS, AZURE, GOOGLE_CLOUD, etc.)state(String): Current state (ENABLED, DISABLED)data_plane_id(String): Insight Point ID used for discoverystatus(String): Last discovery status (SUCCESS, PENDING, ERROR)
AWS Providers
AWS Provider Object Schema
AWS provider configurations include account credentials, regions, and service-specific settings:
{
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789010",
"name": "AWS-Production",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_id": "123456789010",
"credentials_type": "ASSUME_CUSTOMER_ROLE",
"access_key_id": "AKIA6FRNZGGIOEBZ6BEA",
"assume_role_name": "VezaDiscoveryRole",
"assume_role_external_id": "veza-external-id",
"regions": [
"us-east-1",
"us-west-2",
"eu-west-1"
],
"db_user": "veza_user",
"services": [
"IAM",
"S3",
"RDS",
"REDSHIFT"
],
"s3_bucket_allow_list": ["prod-data-*"],
"s3_bucket_deny_list": ["temp-*", "test-*"],
"rds_database_allow_list": ["production"],
"rds_database_deny_list": ["temp"]
}AWS Configuration Fields
account_id(String): AWS account ID (12-digit number)credentials_type(String): Authentication method -STATIC,EC2_INSTANCE_PROFILE, orASSUME_CUSTOMER_ROLEaccess_key_id(String): Access key ID for static credentialssecret_key(String): Secret access key for static credentialsassume_role_name(String): IAM role name for assume role authenticationassume_role_external_id(String): External ID for assume role authenticationregions(Array): List of AWS regions to discoverdb_user(String): Database username for RDS/Redshift connectionsservices(Array): Specific AWS services to discover (empty array = all services)
AWS Service Discovery Options
Available service values for the services array:
IAM: Identity and Access ManagementS3: Simple Storage ServiceRDS: Relational Database ServiceREDSHIFT: Redshift data warehousesEC2: Elastic Compute CloudLAMBDA: Lambda functionsEKS: Elastic Kubernetes ServiceCOGNITO: Cognito user poolsSECRETS_MANAGER: Secrets ManagerKMS: Key Management ServiceDYNAMODB: DynamoDB tables
AWS Resource Filtering
Use allow/deny lists to control which resources are discovered:
s3_bucket_allow_list: S3 bucket names to include (supports wildcards)s3_bucket_deny_list: S3 bucket names to excluderds_database_allow_list: RDS database names to includerds_database_deny_list: RDS database names to excluderedshift_database_allow_list: Redshift database ARNs to includeredshift_database_deny_list: Redshift database ARNs to exclude
For detailed AWS setup instructions, see Amazon Web Services Integration.
AWS API Operations
List AWS Providers
get
Authorizations
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/aws HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
]
}Create AWS Provider
post
Authorizations
Body
namestringOptional
account_idstringOptional
regionsstring[]Optional
data_plane_idstringOptional
credentials_typeinteger · enumOptional
access_key_idstringOptional
secret_keystringOptional
assume_role_namestringOptional
assume_role_external_idstringOptional
db_userstringOptional
rds_postgres_userstringOptional
rds_mysql_userstringOptional
rds_oracle_userstringOptional
rds_oracle_passwordstringOptional
redshift_userstringOptional
servicesinteger · enum[]Optional
redshift_database_allow_liststring[]Optional
redshift_database_deny_liststring[]Optional
rds_database_allow_liststring[]Optional
rds_database_deny_liststring[]Optional
s3_bucket_allow_liststring[]Optional
s3_bucket_deny_liststring[]Optional
extraction_policy_namestringOptional
gather_system_tablesbooleanOptional
gather_postgresql_system_schemasbooleanOptional
gather_rds_oracle_system_schemasbooleanOptional
rds_db_level_onlybooleanOptional
provisioningbooleanOptional
provisioning_identity_store_idstringOptional
provisioning_scim_endpointstringOptional
provisioning_scim_tokenstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/providers/aws HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1028
{
"name": "text",
"account_id": "text",
"regions": [
"text"
],
"data_plane_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"db_user": "text",
"rds_postgres_user": "text",
"rds_mysql_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"redshift_user": "text",
"services": [
1
],
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text"
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
}Get AWS Provider
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/aws/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
}Update AWS Provider
patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
account_idstringOptional
credentials_typeinteger · enumOptional
access_key_idstringOptional
secret_keystringOptional
assume_role_namestringOptional
assume_role_external_idstringOptional
regionsstring[]Optional
db_userstringOptional
redshift_userstringOptional
rds_mysql_userstringOptional
rds_postgres_userstringOptional
rds_oracle_userstringOptional
rds_oracle_passwordstringOptional
servicesinteger · enum[]Optional
data_plane_idstringOptional
redshift_database_allow_liststring[]Optional
redshift_database_deny_liststring[]Optional
rds_database_allow_liststring[]Optional
rds_database_deny_liststring[]Optional
s3_bucket_allow_liststring[]Optional
s3_bucket_deny_liststring[]Optional
extraction_policy_namestringOptional
gather_system_tablesbooleanOptional
gather_rds_oracle_system_schemasbooleanOptional
gather_postgresql_system_schemasbooleanOptional
rds_db_level_onlybooleanOptional
provisioningbooleanOptional
provisioning_identity_store_idstringOptional
provisioning_scim_endpointstringOptional
provisioning_scim_tokenstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/providers/aws/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1026
{
"id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"services": [
1
],
"data_plane_id": "text",
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_rds_oracle_system_schemas": true,
"gather_postgresql_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text"
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
}Delete AWS Provider
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
default
Default error response
application/json
delete
DELETE /api/v1/providers/aws/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}Get AWS Trust Policy
get
Authorizations
Query parameters
assume_role_external_idstringOptional
assume_role_namestringOptionalDeprecated
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/aws:trustpolicy HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"trust_policy_json": "text"
}Check AWS Policy
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/aws/{id}:checkpolicy HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"requires_update": true,
"aws_account_id": "text",
"current_policy": "text",
"required_policy": "text",
"required_actions": [
"text"
],
"overprivileged_actions": [
"text"
]
}Azure Providers
Azure Provider Object Schema
Azure provider configurations include tenant authentication and service settings:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "contoso.onmicrosoft.com",
"name": "Azure-Production",
"type": "AZURE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"tenant_id": "12345678-1234-1234-1234-123456789012",
"client_id": "87654321-4321-4321-4321-210987654321",
"services": [
"AZUREAD",
"SHAREPOINT",
"SQLSERVER"
],
"gather_guest_users": true,
"gather_disabled_users": false,
"gather_personal_sites": true,
"domains": ["contoso.com"],
"sql_server_database_allow_list": ["production"],
"sql_server_database_deny_list": ["temp"]
}Azure Configuration Fields
tenant_id(String): Azure Active Directory tenant IDclient_id(String): Application (client) ID for service principalclient_secret(String): Client secret for authenticationauth_certificate(String): Certificate for SharePoint app-only accessauth_certificate_password(String): Certificate passwordservices(Array): Azure services to discovergather_guest_users(Boolean): Include guest users in discoverygather_disabled_users(Boolean): Include disabled usersgather_personal_sites(Boolean): Include personal SharePoint sitesdomains(Array): Specific domains to discover
For detailed Azure setup instructions, see Azure Integration.
Azure API Operations
List Azure Providers
get
Authorizations
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/azure HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
]
}Create Azure Provider
post
Authorizations
Body
namestringOptional
tenant_idstringOptional
client_idstringOptional
client_secretstringOptional
data_plane_idstringOptional
auth_certificatestringOptional
auth_certificate_passwordstringOptional
servicesinteger · enum[]Optional
gather_guest_usersbooleanOptional
gather_disabled_usersbooleanOptional
domainsstring[]Optional
gather_personal_sitesbooleanOptional
government_cloudinteger · enumOptional
extract_pim_eligibilitybooleanOptional
dynamics365_environmentsstring[]Optional
dynamics_erp_environmentsstring[]Optional
sql_server_database_allow_liststring[]Optional
sql_server_database_deny_liststring[]Optional
sql_server_schema_allow_liststring[]Optional
sql_server_schema_deny_liststring[]Optional
sql_server_gather_system_databasesbooleanOptional
postgresql_usernamestringOptional
postgresql_passwordstringOptional
postgresql_database_allow_liststring[]Optional
postgresql_database_deny_liststring[]Optional
postgresql_schema_allow_liststring[]Optional
postgresql_schema_deny_liststring[]Optional
sharepoint_site_allow_liststring[]Optional
sharepoint_site_deny_liststring[]Optional
gather_postgresql_system_schemasbooleanOptional
provisioningbooleanOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/providers/azure HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1574
{
"name": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"data_plane_id": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
}Get Azure Provider
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/azure/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
}Update Azure Provider
patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
tenant_idstringOptional
client_idstringOptional
client_secretstringOptional
auth_certificatestringOptional
auth_certificate_passwordstringOptional
servicesinteger · enum[]Optional
gather_guest_usersbooleanOptional
gather_disabled_usersbooleanOptional
domainsstring[]Optional
gather_personal_sitesbooleanOptional
government_cloudinteger · enumOptional
extract_pim_eligibilitybooleanOptional
dynamics365_environmentsstring[]Optional
dynamics_erp_environmentsstring[]Optional
sql_server_database_allow_liststring[]Optional
sql_server_database_deny_liststring[]Optional
sql_server_schema_allow_liststring[]Optional
sql_server_schema_deny_liststring[]Optional
sql_server_gather_system_databasesbooleanOptional
postgresql_usernamestringOptional
postgresql_passwordstringOptional
postgresql_database_allow_liststring[]Optional
postgresql_database_deny_liststring[]Optional
postgresql_schema_allow_liststring[]Optional
postgresql_schema_deny_liststring[]Optional
sharepoint_site_allow_liststring[]Optional
sharepoint_site_deny_liststring[]Optional
gather_postgresql_system_schemasbooleanOptional
data_plane_idstringOptional
provisioningbooleanOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/providers/azure/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1572
{
"id": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"data_plane_id": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
}Delete Azure Provider
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
default
Default error response
application/json
delete
DELETE /api/v1/providers/azure/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}Google Cloud Providers
Google Cloud Provider Object Schema
Google Cloud provider configurations include service account credentials and project settings:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "gcp-project-id",
"name": "GCP-Production",
"type": "GOOGLE_CLOUD",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"customer_id": "C01234567",
"workspace_email": "[email protected]",
"project_allow_list": ["prod-project-1", "prod-project-2"],
"project_deny_list": ["test-*"],
"domain_allow_list": ["company.com"],
"domain_deny_list": [],
"services": [
"IAM",
"STORAGE",
"COMPUTE",
"WORKSPACE",
"BIGQUERY"
],
"dataset_allow_list": ["analytics", "reporting"],
"dataset_deny_list": ["temp_*"]
}Google Cloud Configuration Fields
credentials_json(String): Service account key JSONcustomer_id(String): Google Workspace customer IDworkspace_email(String): Workspace user email for service account impersonationproject_allow_list(Array): GCP project names to includeproject_deny_list(Array): GCP project names to excludedomain_allow_list(Array): Workspace domains to includedomain_deny_list(Array): Workspace domains to excludedataset_allow_list(Array): BigQuery dataset names to includedataset_deny_list(Array): BigQuery dataset names to exclude
For detailed Google Cloud setup instructions, see Google Cloud Integration.
Google Cloud API Operations
List Google Cloud Providers
get
Authorizations
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/google_cloud HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
]
}Create Google Cloud Provider
post
Authorizations
Body
namestringOptional
credentials_jsonstring · bytesOptional
data_plane_idstringOptional
workspace_emailstringOptional
customer_idstringOptional
project_allow_liststring[]Optional
project_deny_liststring[]Optional
domain_allow_liststring[]Optional
domain_deny_liststring[]Optional
servicesinteger · enum[]Optional
dataset_allow_liststring[]Optional
dataset_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
location_allow_liststring[]Optional
location_deny_liststring[]Optional
oauth_configstring · bytesOptional
oauth_tokenstring · bytesOptional
provisioningbooleanOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/providers/google_cloud HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1039
{
"name": "text",
"credentials_json": "text",
"data_plane_id": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}Get Google Cloud Provider
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/google_cloud/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}Update Google Cloud Provider
patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
credentials_jsonstring · bytesOptional
workspace_emailstringOptional
customer_idstringOptional
project_allow_liststring[]Optional
project_deny_liststring[]Optional
domain_allow_liststring[]Optional
domain_deny_liststring[]Optional
servicesinteger · enum[]Optional
data_plane_idstringOptional
dataset_allow_liststring[]Optional
dataset_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
location_allow_liststring[]Optional
location_deny_liststring[]Optional
oauth_configstring · bytesOptional
oauth_tokenstring · bytesOptional
provisioningbooleanOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/providers/google_cloud/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1037
{
"id": "text",
"credentials_json": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"data_plane_id": "text",
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}Delete Google Cloud Provider
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
default
Default error response
application/json
delete
DELETE /api/v1/providers/google_cloud/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}Snowflake Providers
Snowflake Provider Object Schema
Snowflake provider configurations include connection details and database filtering:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "xy12345.us-east-1",
"name": "Snowflake-Production",
"type": "SNOWFLAKE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_locator": "xy12345",
"region": "us-east-1",
"cloud": "aws",
"user": "veza_user",
"role": "VEZA_ROLE",
"warehouse": "COMPUTE_WH",
"database_allow_list": ["PROD_DB", "ANALYTICS_DB"],
"database_deny_list": ["TEMP_DB", "TEST_DB"]
}Snowflake Configuration Fields
account_locator(String): Snowflake account locator (e.g., "xy12345")region(String): Cloud region for the Snowflake accountcloud(String): Cloud provider ("aws", "azure", or "gcp")user(String): Snowflake username for authenticationpassword(String): Password for the Snowflake userrole(String): Snowflake role to use for querieswarehouse(String): Default warehouse for computedatabase_allow_list(Array): Database names to includedatabase_deny_list(Array): Database names to exclude
For detailed Snowflake setup instructions, see Snowflake Integration.
Snowflake API Operations
List Snowflake Providers
get
Authorizations
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/snowflake HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
]
}Create Snowflake Provider
post
Authorizations
Body
namestringOptional
account_locatorstringOptional
regionstringOptional
cloudstringOptional
userstringOptional
passwordstringOptional
rolestringOptional
warehousestringOptional
data_plane_idstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
alternative_database_namestringOptional
authentication_methodinteger · enumOptional
private_keystringOptional
private_key_passwordstringOptional
extract_tagsbooleanOptional
export_databasestringOptional
export_schemastringOptional
export_userstringOptional
export_rolestringOptional
export_authentication_methodinteger · enumOptional
export_private_keystringOptional
export_private_key_passwordstringOptional
export_passwordstringOptional
provisioningbooleanOptional
connection_typeinteger · enumOptional
account_namestringOptional
org_namestringOptional
private_linkbooleanOptional
alternative_account_usage_schema_namestringOptional
gather_masking_policiesbooleanOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/providers/snowflake HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 743
{
"name": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
}Get Snowflake Provider
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/snowflake/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
}Update Snowflake Provider
patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
account_locatorstringOptional
regionstringOptional
cloudstringOptional
userstringOptional
passwordstringOptional
rolestringOptional
warehousestringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
alternative_database_namestringOptional
authentication_methodinteger · enumOptional
private_keystringOptional
private_key_passwordstringOptional
extract_tagsbooleanOptional
data_plane_idstringOptional
export_databasestringOptional
export_schemastringOptional
export_userstringOptional
export_rolestringOptional
export_authentication_methodinteger · enumOptional
export_private_keystringOptional
export_private_key_passwordstringOptional
export_passwordstringOptional
gather_masking_policiesbooleanOptional
provisioningbooleanOptional
connection_typeinteger · enumOptional
account_namestringOptional
org_namestringOptional
private_linkbooleanOptional
alternative_account_usage_schema_namestringOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/providers/snowflake/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 741
{
"id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"data_plane_id": "text",
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"gather_masking_policies": true,
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text"
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
}Delete Snowflake Provider
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
default
Default error response
application/json
delete
DELETE /api/v1/providers/snowflake/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}SQL Server Providers
SQL Server Provider Object Schema
SQL Server provider configurations include connection details and database filtering:
{
"id": "90112ed7-47e7-48e6-9f05-c02d19d7f137",
"vendor_id": "sqlserver.company.com",
"name": "SQL-Production",
"type": "SQL_SERVER",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "sqlserver.company.com",
"port": 1433,
"username": "veza_user",
"database_allow_list": ["ProductionDB", "AnalyticsDB"],
"database_deny_list": ["TempDB", "TestDB"],
"schema_allow_list": ["dbo", "analytics"],
"schema_deny_list": ["temp"]
}SQL Server Configuration Fields
host(String): SQL Server hostname or IP addressport(Integer): Port number (typically 1433)username(String): SQL Server usernamepassword(String): Password for authenticationdatabase_allow_list(Array): Database names to includedatabase_deny_list(Array): Database names to excludeschema_allow_list(Array): Schema names to includeschema_deny_list(Array): Schema names to exclude
For detailed SQL Server setup instructions, see SQL Server Integration.
SQL Server API Operations
List SQL Server Providers
get
Authorizations
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/sqlserver HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}
]
}Create SQL Server Provider
post
Authorizations
Body
namestringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
data_plane_idstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
gather_system_databasesbooleanOptional
instance_namestringOptional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/providers/sqlserver HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 269
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}{
"id": "text"
}Get SQL Server Provider
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/sqlserver/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}Update SQL Server Provider
patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
database_allow_liststring[]Optional
database_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
gather_system_databasesbooleanOptional
instance_namestringOptional
data_plane_idstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/providers/sqlserver/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 267
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"data_plane_id": "text"
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}
}Delete SQL Server Provider
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
default
Default error response
application/json
delete
DELETE /api/v1/providers/sqlserver/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}Trino Providers
Trino Provider Object Schema
Trino provider configurations include cluster connection details and S3 access control file settings:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "trino.company.com",
"name": "Trino-Production",
"type": "TRINO",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "trino.company.com",
"port": 8080,
"username": "veza_user",
"aws_s3_object_config": {
"access_key": "AKIA...",
"region": "us-east-1",
"bucket": "trino-config",
"object": "access-control.properties",
"credentials_type": "STATIC",
"assume_role_name": "",
"account_id": ""
},
"ssl_certificate": "-----BEGIN CERTIFICATE-----\n..."
}Trino Configuration Fields
host(String): Trino coordinator hostnameport(Integer): Trino coordinator port (typically 8080 or 8443)username(String): Trino usernamepassword(String): Password for authenticationaws_s3_object_config(Object): S3 configuration for access control filessl_certificate(String): TLS certificate for secure connections
S3 Object Configuration
The aws_s3_object_config object contains:
access_key(String): AWS access key IDsecret_key(String): AWS secret access keyregion(String): S3 bucket regionbucket(String): S3 bucket nameobject(String): Path to access control filecredentials_type(String): Authentication methodassume_role_name(String): IAM role name (for assume role)assume_role_external_id(String): External ID for assume roleaccount_id(String): AWS account ID
For detailed Trino setup instructions, see Trino Integration.
Trino API Operations
List Trino Providers
get
Authorizations
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/trino HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
]
}Create Trino Provider
post
Authorizations
Body
namestringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
data_plane_idstringOptional
ssl_certificatestringOptional
catalog_allow_liststring[]Optional
catalog_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
Responses
200
OK
application/json
default
Default error response
application/json
post
POST /api/v1/providers/trino HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 506
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}Get Trino Provider
get
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
default
Default error response
application/json
get
GET /api/v1/providers/trino/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}Update Trino Provider
patch
Authorizations
Path parameters
provider.idstringRequired
Query parameters
update_maskstring · field-maskOptional
Body
idstringOptional
hoststringOptional
portinteger · int32Optional
usernamestringOptional
passwordstringOptional
ssl_certificatestringOptional
catalog_allow_liststring[]Optional
catalog_deny_liststring[]Optional
schema_allow_liststring[]Optional
schema_deny_liststring[]Optional
table_allow_liststring[]Optional
table_deny_liststring[]Optional
data_plane_idstringOptional
Responses
200
OK
application/json
default
Default error response
application/json
patch
PATCH /api/v1/providers/trino/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 504
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"data_plane_id": "text"
}{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}Delete Trino Provider
delete
Authorizations
Path parameters
idstringRequired
Responses
200
OK
application/json
Responseobject
default
Default error response
application/json
delete
DELETE /api/v1/providers/trino/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}Error Handling
All provider API operations return standard HTTP status codes:
200 OK: Request successful
400 Bad Request: Invalid request parameters or payload
401 Unauthorized: Invalid or missing API token
403 Forbidden: Insufficient permissions
404 Not Found: Provider configuration not found
409 Conflict: Provider configuration already exists
500 Internal Server Error: Server error
Error responses include a descriptive message and error code:
{
"error": {
"code": "INVALID_CREDENTIALS",
"message": "The provided credentials are invalid or expired",
"details": "AWS STS AssumeRole failed with error: Access denied"
}
}Best Practices
When managing provider configurations:
Use descriptive names that identify the environment and purpose
Implement least privilege by configuring only necessary services and resources
Use allow lists rather than deny lists when possible for better security
Test configurations in development environments before production
Monitor discovery status regularly to ensure successful data collection
Rotate credentials according to your organization's security policies
Use assume role authentication for AWS providers when possible
Configure resource filtering to limit discovery scope and improve performance
Related Documentation
Last updated
Was this helpful?