Cloud Platforms and Data Providers
Operations for listing, adding, and modifying cloud provider configurations
You can manage Veza integrations using the management API and a Veza admin API key.
Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope.
Provider Types
Veza supports the following provider types:
AWS: Amazon Web Services accounts with support for IAM, S3, RDS, Redshift, and other services
Azure: Microsoft Azure tenants including Active Directory and SharePoint Online
Google Cloud: Google Cloud Platform projects and Google Workspace domains
Snowflake: Snowflake data warehouses and databases
SQL Server: Microsoft SQL Server instances
Trino: Trino clusters with file-based access control
For detailed integration guides, see the Integrations documentation.
Authentication
You will need an API token with administrator permissions to manage provider configurations. See API Authentication for details.
Common Provider Properties
All provider configurations share these common properties:
id
(String): Unique identifier for the provider configurationvendor_id
(String): Provider-specific identifier (e.g., AWS account ID)name
(String): Display name for the providertype
(String): Provider type (AWS, AZURE, GOOGLE_CLOUD, etc.)state
(String): Current state (ENABLED, DISABLED)data_plane_id
(String): Insight Point ID used for discoverystatus
(String): Last discovery status (SUCCESS, PENDING, ERROR)
AWS Providers
AWS Provider Object Schema
AWS provider configurations include account credentials, regions, and service-specific settings:
{
"id": "883dd869-8762-4187-8767-1c387de14b4b",
"vendor_id": "123456789010",
"name": "AWS-Production",
"type": "AWS",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_id": "123456789010",
"credentials_type": "ASSUME_CUSTOMER_ROLE",
"access_key_id": "AKIA6FRNZGGIOEBZ6BEA",
"assume_role_name": "VezaDiscoveryRole",
"assume_role_external_id": "veza-external-id",
"regions": [
"us-east-1",
"us-west-2",
"eu-west-1"
],
"db_user": "veza_user",
"services": [
"IAM",
"S3",
"RDS",
"REDSHIFT"
],
"s3_bucket_allow_list": ["prod-data-*"],
"s3_bucket_deny_list": ["temp-*", "test-*"],
"rds_database_allow_list": ["production"],
"rds_database_deny_list": ["temp"]
}
AWS Configuration Fields
account_id
(String): AWS account ID (12-digit number)credentials_type
(String): Authentication method -STATIC
,EC2_INSTANCE_PROFILE
, orASSUME_CUSTOMER_ROLE
access_key_id
(String): Access key ID for static credentialssecret_key
(String): Secret access key for static credentialsassume_role_name
(String): IAM role name for assume role authenticationassume_role_external_id
(String): External ID for assume role authenticationregions
(Array): List of AWS regions to discoverdb_user
(String): Database username for RDS/Redshift connectionsservices
(Array): Specific AWS services to discover (empty array = all services)
AWS Service Discovery Options
Available service values for the services
array:
IAM
: Identity and Access ManagementS3
: Simple Storage ServiceRDS
: Relational Database ServiceREDSHIFT
: Redshift data warehousesEC2
: Elastic Compute CloudLAMBDA
: Lambda functionsEKS
: Elastic Kubernetes ServiceCOGNITO
: Cognito user poolsSECRETS_MANAGER
: Secrets ManagerKMS
: Key Management ServiceDYNAMODB
: DynamoDB tables
AWS Resource Filtering
Use allow/deny lists to control which resources are discovered:
s3_bucket_allow_list
: S3 bucket names to include (supports wildcards)s3_bucket_deny_list
: S3 bucket names to excluderds_database_allow_list
: RDS database names to includerds_database_deny_list
: RDS database names to excluderedshift_database_allow_list
: Redshift database ARNs to includeredshift_database_deny_list
: Redshift database ARNs to exclude
For detailed AWS setup instructions, see Amazon Web Services Integration.
AWS API Operations
List AWS Providers
GET /api/v1/providers/aws HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
]
}
Create AWS Provider
POST /api/v1/providers/aws HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1028
{
"name": "text",
"account_id": "text",
"regions": [
"text"
],
"data_plane_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"db_user": "text",
"rds_postgres_user": "text",
"rds_mysql_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"redshift_user": "text",
"services": [
1
],
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text"
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
}
Get AWS Provider
GET /api/v1/providers/aws/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
}
Update AWS Provider
PATCH /api/v1/providers/aws/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1026
{
"id": "text",
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"secret_key": "text",
"assume_role_name": "text",
"assume_role_external_id": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"rds_oracle_password": "text",
"services": [
1
],
"data_plane_id": "text",
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_rds_oracle_system_schemas": true,
"gather_postgresql_system_schemas": true,
"rds_db_level_only": true,
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"provisioning_scim_token": "text"
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"redshift_database_allow_list": [
"text"
],
"redshift_database_deny_list": [
"text"
],
"rds_database_allow_list": [
"text"
],
"rds_database_deny_list": [
"text"
],
"s3_bucket_allow_list": [
"text"
],
"s3_bucket_deny_list": [
"text"
],
"extraction_policy_name": "text",
"gather_system_tables": true,
"gather_postgresql_system_schemas": true,
"gather_rds_oracle_system_schemas": true,
"team_id": "text",
"rds_db_level_only": true,
"account_id": "text",
"credentials_type": 1,
"access_key_id": "text",
"assume_role_name": "text",
"regions": [
"text"
],
"db_user": "text",
"redshift_user": "text",
"rds_mysql_user": "text",
"rds_postgres_user": "text",
"rds_oracle_user": "text",
"services": [
1
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"audit_log_cloud_trail_name": "text",
"audit_log_cloud_trail_region": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"databricks_oauth_m2m_credentials": {
"client_id": "text",
"client_secret": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"provisioning_identity_store_id": "text",
"provisioning_scim_endpoint": "text",
"audit_log_extract_for_org": true,
"audit_log_skip_extraction": true
}
}
Delete AWS Provider
DELETE /api/v1/providers/aws/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}
Get AWS Trust Policy
GET /api/v1/providers/aws:trustpolicy HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"trust_policy_json": "text"
}
Check AWS Policy
GET /api/v1/providers/aws/{id}:checkpolicy HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"requires_update": true,
"aws_account_id": "text",
"current_policy": "text",
"required_policy": "text",
"required_actions": [
"text"
],
"overprivileged_actions": [
"text"
]
}
Azure Providers
Azure Provider Object Schema
Azure provider configurations include tenant authentication and service settings:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "contoso.onmicrosoft.com",
"name": "Azure-Production",
"type": "AZURE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"tenant_id": "12345678-1234-1234-1234-123456789012",
"client_id": "87654321-4321-4321-4321-210987654321",
"services": [
"AZUREAD",
"SHAREPOINT",
"SQLSERVER"
],
"gather_guest_users": true,
"gather_disabled_users": false,
"gather_personal_sites": true,
"domains": ["contoso.com"],
"sql_server_database_allow_list": ["production"],
"sql_server_database_deny_list": ["temp"]
}
Azure Configuration Fields
tenant_id
(String): Azure Active Directory tenant IDclient_id
(String): Application (client) ID for service principalclient_secret
(String): Client secret for authenticationauth_certificate
(String): Certificate for SharePoint app-only accessauth_certificate_password
(String): Certificate passwordservices
(Array): Azure services to discovergather_guest_users
(Boolean): Include guest users in discoverygather_disabled_users
(Boolean): Include disabled usersgather_personal_sites
(Boolean): Include personal SharePoint sitesdomains
(Array): Specific domains to discover
For detailed Azure setup instructions, see Azure Integration.
Azure API Operations
List Azure Providers
GET /api/v1/providers/azure HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
]
}
Create Azure Provider
POST /api/v1/providers/azure HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1574
{
"name": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"data_plane_id": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
}
Get Azure Provider
GET /api/v1/providers/azure/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
}
Update Azure Provider
PATCH /api/v1/providers/azure/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1572
{
"id": "text",
"tenant_id": "text",
"client_id": "text",
"client_secret": "text",
"auth_certificate": "text",
"auth_certificate_password": "text",
"services": [
1
],
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"dynamics_erp_environments": [
"text"
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"gather_postgresql_system_schemas": true,
"data_plane_id": "text",
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"gather_guest_users": true,
"gather_disabled_users": true,
"domains": [
"text"
],
"gather_personal_sites": true,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"government_cloud": 1,
"extract_pim_eligibility": true,
"dynamics365_environments": [
"text"
],
"team_id": "text",
"dynamics_erp_environments": [
"text"
],
"account_id": "text",
"tenant_id": "text",
"client_id": "text",
"services": [
1
],
"sql_server_database_allow_list": [
"text"
],
"sql_server_database_deny_list": [
"text"
],
"sql_server_schema_allow_list": [
"text"
],
"sql_server_schema_deny_list": [
"text"
],
"sql_server_gather_system_databases": true,
"gather_postgresql_system_schemas": true,
"postgresql_username": "text",
"postgresql_password": "text",
"postgresql_database_allow_list": [
"text"
],
"postgresql_database_deny_list": [
"text"
],
"postgresql_schema_allow_list": [
"text"
],
"postgresql_schema_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"sharepoint_site_allow_list": [
"text"
],
"sharepoint_site_deny_list": [
"text"
],
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
},
"user_custom_properties": [
{
"name": "text",
"type": 1
}
],
"provisioning": true,
"lifecycle_management_state": 1
}
}
Delete Azure Provider
DELETE /api/v1/providers/azure/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}
Google Cloud Providers
Google Cloud Provider Object Schema
Google Cloud provider configurations include service account credentials and project settings:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "gcp-project-id",
"name": "GCP-Production",
"type": "GOOGLE_CLOUD",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"customer_id": "C01234567",
"workspace_email": "[email protected]",
"project_allow_list": ["prod-project-1", "prod-project-2"],
"project_deny_list": ["test-*"],
"domain_allow_list": ["company.com"],
"domain_deny_list": [],
"services": [
"IAM",
"STORAGE",
"COMPUTE",
"WORKSPACE",
"BIGQUERY"
],
"dataset_allow_list": ["analytics", "reporting"],
"dataset_deny_list": ["temp_*"]
}
Google Cloud Configuration Fields
credentials_json
(String): Service account key JSONcustomer_id
(String): Google Workspace customer IDworkspace_email
(String): Workspace user email for service account impersonationproject_allow_list
(Array): GCP project names to includeproject_deny_list
(Array): GCP project names to excludedomain_allow_list
(Array): Workspace domains to includedomain_deny_list
(Array): Workspace domains to excludedataset_allow_list
(Array): BigQuery dataset names to includedataset_deny_list
(Array): BigQuery dataset names to exclude
For detailed Google Cloud setup instructions, see Google Cloud Integration.
Google Cloud API Operations
List Google Cloud Providers
GET /api/v1/providers/google_cloud HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
]
}
Create Google Cloud Provider
POST /api/v1/providers/google_cloud HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1039
{
"name": "text",
"credentials_json": "text",
"data_plane_id": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}
Get Google Cloud Provider
GET /api/v1/providers/google_cloud/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}
Update Google Cloud Provider
PATCH /api/v1/providers/google_cloud/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 1037
{
"id": "text",
"credentials_json": "text",
"workspace_email": "text",
"customer_id": "text",
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"services": [
1
],
"data_plane_id": "text",
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"oauth_config": "text",
"oauth_token": "text",
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"workspace_email": "text",
"customer_id": "text",
"services": [
1
],
"project_allow_list": [
"text"
],
"project_deny_list": [
"text"
],
"domain_allow_list": [
"text"
],
"domain_deny_list": [
"text"
],
"dataset_allow_list": [
"text"
],
"dataset_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"location_allow_list": [
"text"
],
"location_deny_list": [
"text"
],
"databricks_cloud_config": {
"account_id": "text",
"tag_name_collector_cluster": "text"
},
"provisioning": true,
"lifecycle_management_state": 1,
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"identity_mapping_configuration": {
"mappings": [
{
"destination_datasource_type": "text",
"destination_datasource_oaa_app_type": "text",
"type": 1,
"mode": 1,
"transformations": [
1
],
"custom_value": "text",
"property_matchers": [
{
"source_property": 1,
"destination_property": 1,
"custom_source_property": "text",
"custom_destination_property": "text"
}
],
"id_matchers": [
{
"source_id": "text",
"destination_id": "text"
}
],
"destination_datasources": [
{
"type": "text",
"oaa_app_type": "text"
}
]
}
],
"use_email": true
}
}
}
Delete Google Cloud Provider
DELETE /api/v1/providers/google_cloud/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}
Snowflake Providers
Snowflake Provider Object Schema
Snowflake provider configurations include connection details and database filtering:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "xy12345.us-east-1",
"name": "Snowflake-Production",
"type": "SNOWFLAKE",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"account_locator": "xy12345",
"region": "us-east-1",
"cloud": "aws",
"user": "veza_user",
"role": "VEZA_ROLE",
"warehouse": "COMPUTE_WH",
"database_allow_list": ["PROD_DB", "ANALYTICS_DB"],
"database_deny_list": ["TEMP_DB", "TEST_DB"]
}
Snowflake Configuration Fields
account_locator
(String): Snowflake account locator (e.g., "xy12345")region
(String): Cloud region for the Snowflake accountcloud
(String): Cloud provider ("aws", "azure", or "gcp")user
(String): Snowflake username for authenticationpassword
(String): Password for the Snowflake userrole
(String): Snowflake role to use for querieswarehouse
(String): Default warehouse for computedatabase_allow_list
(Array): Database names to includedatabase_deny_list
(Array): Database names to exclude
For detailed Snowflake setup instructions, see Snowflake Integration.
Snowflake API Operations
List Snowflake Providers
GET /api/v1/providers/snowflake HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
]
}
Create Snowflake Provider
POST /api/v1/providers/snowflake HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 743
{
"name": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
}
Get Snowflake Provider
GET /api/v1/providers/snowflake/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
}
Update Snowflake Provider
PATCH /api/v1/providers/snowflake/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 741
{
"id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"password": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"alternative_database_name": "text",
"authentication_method": 1,
"private_key": "text",
"private_key_password": "text",
"extract_tags": true,
"data_plane_id": "text",
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"export_private_key": "text",
"export_private_key_password": "text",
"export_password": "text",
"gather_masking_policies": true,
"provisioning": true,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text"
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"account_locator": "text",
"region": "text",
"cloud": "text",
"user": "text",
"role": "text",
"warehouse": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"audit_log": {
"state": 1,
"status": 1,
"cursor": "2025-07-01T03:48:14.853Z",
"synced_at": "2025-07-01T03:48:14.853Z"
},
"alternative_database_name": "text",
"authentication_method": 1,
"extract_tags": true,
"provisioning": true,
"lifecycle_management_state": 1,
"export_database": "text",
"export_schema": "text",
"export_user": "text",
"export_role": "text",
"export_authentication_method": 1,
"connection_type": 1,
"account_name": "text",
"org_name": "text",
"private_link": true,
"alternative_account_usage_schema_name": "text",
"gather_masking_policies": true
}
}
Delete Snowflake Provider
DELETE /api/v1/providers/snowflake/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}
SQL Server Providers
SQL Server Provider Object Schema
SQL Server provider configurations include connection details and database filtering:
{
"id": "90112ed7-47e7-48e6-9f05-c02d19d7f137",
"vendor_id": "sqlserver.company.com",
"name": "SQL-Production",
"type": "SQL_SERVER",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "sqlserver.company.com",
"port": 1433,
"username": "veza_user",
"database_allow_list": ["ProductionDB", "AnalyticsDB"],
"database_deny_list": ["TempDB", "TestDB"],
"schema_allow_list": ["dbo", "analytics"],
"schema_deny_list": ["temp"]
}
SQL Server Configuration Fields
host
(String): SQL Server hostname or IP addressport
(Integer): Port number (typically 1433)username
(String): SQL Server usernamepassword
(String): Password for authenticationdatabase_allow_list
(Array): Database names to includedatabase_deny_list
(Array): Database names to excludeschema_allow_list
(Array): Schema names to includeschema_deny_list
(Array): Schema names to exclude
For detailed SQL Server setup instructions, see SQL Server Integration.
SQL Server API Operations
List SQL Server Providers
GET /api/v1/providers/sqlserver HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}
]
}
Create SQL Server Provider
POST /api/v1/providers/sqlserver HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 269
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}
{
"id": "text"
}
Get SQL Server Provider
GET /api/v1/providers/sqlserver/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}
Update SQL Server Provider
PATCH /api/v1/providers/sqlserver/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 267
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text",
"data_plane_id": "text"
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"database_allow_list": [
"text"
],
"database_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"gather_system_databases": true,
"instance_name": "text"
}
}
Delete SQL Server Provider
DELETE /api/v1/providers/sqlserver/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}
Trino Providers
Trino Provider Object Schema
Trino provider configurations include cluster connection details and S3 access control file settings:
{
"id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
"vendor_id": "trino.company.com",
"name": "Trino-Production",
"type": "TRINO",
"state": "ENABLED",
"data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
"status": "SUCCESS",
"host": "trino.company.com",
"port": 8080,
"username": "veza_user",
"aws_s3_object_config": {
"access_key": "AKIA...",
"region": "us-east-1",
"bucket": "trino-config",
"object": "access-control.properties",
"credentials_type": "STATIC",
"assume_role_name": "",
"account_id": ""
},
"ssl_certificate": "-----BEGIN CERTIFICATE-----\n..."
}
Trino Configuration Fields
host
(String): Trino coordinator hostnameport
(Integer): Trino coordinator port (typically 8080 or 8443)username
(String): Trino usernamepassword
(String): Password for authenticationaws_s3_object_config
(Object): S3 configuration for access control filessl_certificate
(String): TLS certificate for secure connections
S3 Object Configuration
The aws_s3_object_config
object contains:
access_key
(String): AWS access key IDsecret_key
(String): AWS secret access keyregion
(String): S3 bucket regionbucket
(String): S3 bucket nameobject
(String): Path to access control filecredentials_type
(String): Authentication methodassume_role_name
(String): IAM role name (for assume role)assume_role_external_id
(String): External ID for assume roleaccount_id
(String): AWS account ID
For detailed Trino setup instructions, see Trino Integration.
Trino API Operations
List Trino Providers
GET /api/v1/providers/trino HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"values": [
{
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
]
}
Create Trino Provider
POST /api/v1/providers/trino HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 506
{
"name": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"data_plane_id": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}
Get Trino Provider
GET /api/v1/providers/trino/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}
Update Trino Provider
PATCH /api/v1/providers/trino/{provider.id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Content-Type: application/json
Accept: */*
Content-Length: 504
{
"id": "text",
"host": "text",
"port": 1,
"username": "text",
"password": "text",
"aws_s3_object_config": {
"access_key": "text",
"secret_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"assume_role_external_id": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
],
"data_plane_id": "text"
}
{
"value": {
"id": "text",
"vendor_id": "text",
"name": "text",
"type": 1,
"state": 1,
"data_plane_id": "text",
"status": 1,
"team_id": "text",
"host": "text",
"port": 1,
"username": "text",
"aws_s3_object_config": {
"access_key": "text",
"region": "text",
"bucket": "text",
"object": "text",
"credentials_type": 1,
"assume_role_name": "text",
"account_id": "text"
},
"ssl_certificate": "text",
"catalog_allow_list": [
"text"
],
"catalog_deny_list": [
"text"
],
"schema_allow_list": [
"text"
],
"schema_deny_list": [
"text"
],
"table_allow_list": [
"text"
],
"table_deny_list": [
"text"
]
}
}
Delete Trino Provider
DELETE /api/v1/providers/trino/{id} HTTP/1.1
Host:
Authorization: Bearer Bearer <API key>
Accept: */*
{}
Error Handling
All provider API operations return standard HTTP status codes:
200 OK: Request successful
400 Bad Request: Invalid request parameters or payload
401 Unauthorized: Invalid or missing API token
403 Forbidden: Insufficient permissions
404 Not Found: Provider configuration not found
409 Conflict: Provider configuration already exists
500 Internal Server Error: Server error
Error responses include a descriptive message and error code:
{
"error": {
"code": "INVALID_CREDENTIALS",
"message": "The provided credentials are invalid or expired",
"details": "AWS STS AssumeRole failed with error: Access denied"
}
}
Best Practices
When managing provider configurations:
Use descriptive names that identify the environment and purpose
Implement least privilege by configuring only necessary services and resources
Use allow lists rather than deny lists when possible for better security
Test configurations in development environments before production
Monitor discovery status regularly to ensure successful data collection
Rotate credentials according to your organization's security policies
Use assume role authentication for AWS providers when possible
Configure resource filtering to limit discovery scope and improve performance
Related Documentation
Last updated
Was this helpful?