Cloud Platforms and Data Providers

Operations for listing, adding, and modifying cloud provider configurations

You can manage Veza integrations using the management API and a Veza admin API key.

Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope.

Provider Types

Veza supports the following provider types:

AWS: Amazon Web Services accounts with support for IAM, S3, RDS, Redshift, and other services
Azure: Microsoft Azure tenants including Active Directory and SharePoint Online
Google Cloud: Google Cloud Platform projects and Google Workspace domains
Snowflake: Snowflake data warehouses and databases
SQL Server: Microsoft SQL Server instances
Trino: Trino clusters with file-based access control

For detailed integration guides, see the Integrations documentation.

Authentication

You will need an API token with administrator permissions to manage provider configurations. See API Authentication for details.

Common Provider Properties

All provider configurations share these common properties:

id (String): Unique identifier for the provider configuration
vendor_id (String): Provider-specific identifier (e.g., AWS account ID)
name (String): Display name for the provider
type (String): Provider type (AWS, AZURE, GOOGLE_CLOUD, etc.)
state (String): Current state (ENABLED, DISABLED)
data_plane_id (String): Insight Point ID used for discovery
status (String): Last discovery status (SUCCESS, PENDING, ERROR)

AWS Providers

AWS Provider Object Schema

AWS provider configurations include account credentials, regions, and service-specific settings:

{
  "id": "883dd869-8762-4187-8767-1c387de14b4b",
  "vendor_id": "123456789010",
  "name": "AWS-Production",
  "type": "AWS",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "account_id": "123456789010",
  "credentials_type": "ASSUME_CUSTOMER_ROLE",
  "access_key_id": "AKIA6FRNZGGIOEBZ6BEA",
  "assume_role_name": "VezaDiscoveryRole",
  "assume_role_external_id": "veza-external-id",
  "regions": [
    "us-east-1",
    "us-west-2",
    "eu-west-1"
  ],
  "db_user": "veza_user",
  "services": [
    "IAM",
    "S3",
    "RDS",
    "REDSHIFT"
  ],
  "s3_bucket_allow_list": ["prod-data-*"],
  "s3_bucket_deny_list": ["temp-*", "test-*"],
  "rds_database_allow_list": ["production"],
  "rds_database_deny_list": ["temp"]
}

AWS Configuration Fields

account_id (String): AWS account ID (12-digit number)
credentials_type (String): Authentication method - STATIC, EC2_INSTANCE_PROFILE, or ASSUME_CUSTOMER_ROLE
access_key_id (String): Access key ID for static credentials
secret_key (String): Secret access key for static credentials
assume_role_name (String): IAM role name for assume role authentication
assume_role_external_id (String): External ID for assume role authentication
regions (Array): List of AWS regions to discover
db_user (String): Database username for RDS/Redshift connections
services (Array): Specific AWS services to discover (empty array = all services)

AWS Service Discovery Options

Available service values for the services array:

IAM: Identity and Access Management
S3: Simple Storage Service
RDS: Relational Database Service
REDSHIFT: Redshift data warehouses
EC2: Elastic Compute Cloud
LAMBDA: Lambda functions
EKS: Elastic Kubernetes Service
COGNITO: Cognito user pools
SECRETS_MANAGER: Secrets Manager
KMS: Key Management Service
DYNAMODB: DynamoDB tables

AWS Resource Filtering

Use allow/deny lists to control which resources are discovered:

s3_bucket_allow_list: S3 bucket names to include (supports wildcards)
s3_bucket_deny_list: S3 bucket names to exclude
rds_database_allow_list: RDS database names to include
rds_database_deny_list: RDS database names to exclude
redshift_database_allow_list: Redshift database ARNs to include
redshift_database_deny_list: Redshift database ARNs to exclude

For detailed AWS setup instructions, see Amazon Web Services Integration.

AWS API Operations

List AWS Providers

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/aws

GET /api/v1/providers/aws HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "redshift_database_allow_list": [
        "text"
      ],
      "redshift_database_deny_list": [
        "text"
      ],
      "rds_database_allow_list": [
        "text"
      ],
      "rds_database_deny_list": [
        "text"
      ],
      "s3_bucket_allow_list": [
        "text"
      ],
      "s3_bucket_deny_list": [
        "text"
      ],
      "extraction_policy_name": "text",
      "gather_system_tables": true,
      "gather_postgresql_system_schemas": true,
      "gather_rds_oracle_system_schemas": true,
      "team_id": "text",
      "rds_db_level_only": true,
      "rbac_id": "text",
      "account_id": "text",
      "credentials_type": 1,
      "access_key_id": "text",
      "assume_role_name": "text",
      "regions": [
        "text"
      ],
      "db_user": "text",
      "redshift_user": "text",
      "rds_mysql_user": "text",
      "rds_postgres_user": "text",
      "rds_oracle_user": "text",
      "services": [
        1
      ],
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2026-03-20T21:59:37.761Z",
        "synced_at": "2026-03-20T21:59:37.761Z"
      },
      "audit_log_cloud_trail_name": "text",
      "audit_log_cloud_trail_region": "text",
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "databricks_oauth_m2m_credentials": {
        "client_id": "text",
        "client_secret": "text"
      },
      "provisioning": true,
      "lifecycle_management_state": 1,
      "provisioning_identity_store_id": "text",
      "provisioning_scim_endpoint": "text",
      "audit_log_extract_for_org": true,
      "audit_log_skip_extraction": true,
      "gather_all_iam_policies": true,
      "documentdb_user": "text",
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ]
          }
        ],
        "use_email": true
      }
    }
  ]
}

Create AWS Provider

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

account_idstringOptional

regionsstring[]Optional

data_plane_idstringOptional

credentials_typeinteger · enumOptional

access_key_idstringOptional

secret_keystringOptional

assume_role_namestringOptional

assume_role_external_idstringOptional

db_userstringOptional

rds_postgres_userstringOptional

rds_mysql_userstringOptional

rds_oracle_userstringOptional

rds_oracle_passwordstringOptional

redshift_userstringOptional

redshift_database_allow_liststring[]Optional

redshift_database_deny_liststring[]Optional

rds_database_allow_liststring[]Optional

rds_database_deny_liststring[]Optional

s3_bucket_allow_liststring[]Optional

s3_bucket_deny_liststring[]Optional

extraction_policy_namestringOptional

gather_system_tablesbooleanOptional

gather_postgresql_system_schemasbooleanOptional

gather_rds_oracle_system_schemasbooleanOptional

rds_db_level_onlybooleanOptional

provisioningbooleanOptional

provisioning_identity_store_idstringOptional

provisioning_scim_endpointstringOptional

provisioning_scim_tokenstringOptional

gather_all_iam_policiesbooleanOptional

documentdb_userstringOptional

documentdb_passwordstringOptional

Responses

200

application/json

default

Default error response

application/json

post

/api/v1/providers/aws

POST /api/v1/providers/aws HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1589

{
  "name": "text",
  "account_id": "text",
  "regions": [
    "text"
  ],
  "data_plane_id": "text",
  "credentials_type": 1,
  "access_key_id": "text",
  "secret_key": "text",
  "assume_role_name": "text",
  "assume_role_external_id": "text",
  "db_user": "text",
  "rds_postgres_user": "text",
  "rds_mysql_user": "text",
  "rds_oracle_user": "text",
  "rds_oracle_password": "text",
  "redshift_user": "text",
  "services": [
    1
  ],
  "redshift_database_allow_list": [
    "text"
  ],
  "redshift_database_deny_list": [
    "text"
  ],
  "rds_database_allow_list": [
    "text"
  ],
  "rds_database_deny_list": [
    "text"
  ],
  "s3_bucket_allow_list": [
    "text"
  ],
  "s3_bucket_deny_list": [
    "text"
  ],
  "extraction_policy_name": "text",
  "gather_system_tables": true,
  "gather_postgresql_system_schemas": true,
  "gather_rds_oracle_system_schemas": true,
  "rds_db_level_only": true,
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "databricks_oauth_m2m_credentials": {
    "client_id": "text",
    "client_secret": "text"
  },
  "provisioning": true,
  "provisioning_identity_store_id": "text",
  "provisioning_scim_endpoint": "text",
  "provisioning_scim_token": "text",
  "gather_all_iam_policies": true,
  "documentdb_user": "text",
  "documentdb_password": "text",
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  }
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "redshift_database_allow_list": [
      "text"
    ],
    "redshift_database_deny_list": [
      "text"
    ],
    "rds_database_allow_list": [
      "text"
    ],
    "rds_database_deny_list": [
      "text"
    ],
    "s3_bucket_allow_list": [
      "text"
    ],
    "s3_bucket_deny_list": [
      "text"
    ],
    "extraction_policy_name": "text",
    "gather_system_tables": true,
    "gather_postgresql_system_schemas": true,
    "gather_rds_oracle_system_schemas": true,
    "team_id": "text",
    "rds_db_level_only": true,
    "rbac_id": "text",
    "account_id": "text",
    "credentials_type": 1,
    "access_key_id": "text",
    "assume_role_name": "text",
    "regions": [
      "text"
    ],
    "db_user": "text",
    "redshift_user": "text",
    "rds_mysql_user": "text",
    "rds_postgres_user": "text",
    "rds_oracle_user": "text",
    "services": [
      1
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "audit_log_cloud_trail_name": "text",
    "audit_log_cloud_trail_region": "text",
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "databricks_oauth_m2m_credentials": {
      "client_id": "text",
      "client_secret": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "provisioning_identity_store_id": "text",
    "provisioning_scim_endpoint": "text",
    "audit_log_extract_for_org": true,
    "audit_log_skip_extraction": true,
    "gather_all_iam_policies": true,
    "documentdb_user": "text",
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Get AWS Provider

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/aws/{id}

GET /api/v1/providers/aws/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "redshift_database_allow_list": [
      "text"
    ],
    "redshift_database_deny_list": [
      "text"
    ],
    "rds_database_allow_list": [
      "text"
    ],
    "rds_database_deny_list": [
      "text"
    ],
    "s3_bucket_allow_list": [
      "text"
    ],
    "s3_bucket_deny_list": [
      "text"
    ],
    "extraction_policy_name": "text",
    "gather_system_tables": true,
    "gather_postgresql_system_schemas": true,
    "gather_rds_oracle_system_schemas": true,
    "team_id": "text",
    "rds_db_level_only": true,
    "rbac_id": "text",
    "account_id": "text",
    "credentials_type": 1,
    "access_key_id": "text",
    "assume_role_name": "text",
    "regions": [
      "text"
    ],
    "db_user": "text",
    "redshift_user": "text",
    "rds_mysql_user": "text",
    "rds_postgres_user": "text",
    "rds_oracle_user": "text",
    "services": [
      1
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "audit_log_cloud_trail_name": "text",
    "audit_log_cloud_trail_region": "text",
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "databricks_oauth_m2m_credentials": {
      "client_id": "text",
      "client_secret": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "provisioning_identity_store_id": "text",
    "provisioning_scim_endpoint": "text",
    "audit_log_extract_for_org": true,
    "audit_log_skip_extraction": true,
    "gather_all_iam_policies": true,
    "documentdb_user": "text",
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Update AWS Provider

patch

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

provider.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

account_idstringOptional

credentials_typeinteger · enumOptional

access_key_idstringOptional

secret_keystringOptional

assume_role_namestringOptional

assume_role_external_idstringOptional

regionsstring[]Optional

db_userstringOptional

redshift_userstringOptional

rds_mysql_userstringOptional

rds_postgres_userstringOptional

rds_oracle_userstringOptional

rds_oracle_passwordstringOptional

data_plane_idstringOptional

redshift_database_allow_liststring[]Optional

redshift_database_deny_liststring[]Optional

rds_database_allow_liststring[]Optional

rds_database_deny_liststring[]Optional

s3_bucket_allow_liststring[]Optional

s3_bucket_deny_liststring[]Optional

extraction_policy_namestringOptional

gather_system_tablesbooleanOptional

gather_rds_oracle_system_schemasbooleanOptional

gather_postgresql_system_schemasbooleanOptional

rds_db_level_onlybooleanOptional

provisioningbooleanOptional

provisioning_identity_store_idstringOptional

provisioning_scim_endpointstringOptional

provisioning_scim_tokenstringOptional

gather_all_iam_policiesbooleanOptional

documentdb_userstringOptional

documentdb_passwordstringOptional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/providers/aws/{provider.id}

PATCH /api/v1/providers/aws/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1587

{
  "id": "text",
  "account_id": "text",
  "credentials_type": 1,
  "access_key_id": "text",
  "secret_key": "text",
  "assume_role_name": "text",
  "assume_role_external_id": "text",
  "regions": [
    "text"
  ],
  "db_user": "text",
  "redshift_user": "text",
  "rds_mysql_user": "text",
  "rds_postgres_user": "text",
  "rds_oracle_user": "text",
  "rds_oracle_password": "text",
  "services": [
    1
  ],
  "data_plane_id": "text",
  "redshift_database_allow_list": [
    "text"
  ],
  "redshift_database_deny_list": [
    "text"
  ],
  "rds_database_allow_list": [
    "text"
  ],
  "rds_database_deny_list": [
    "text"
  ],
  "s3_bucket_allow_list": [
    "text"
  ],
  "s3_bucket_deny_list": [
    "text"
  ],
  "extraction_policy_name": "text",
  "gather_system_tables": true,
  "gather_rds_oracle_system_schemas": true,
  "gather_postgresql_system_schemas": true,
  "rds_db_level_only": true,
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "databricks_oauth_m2m_credentials": {
    "client_id": "text",
    "client_secret": "text"
  },
  "provisioning": true,
  "provisioning_identity_store_id": "text",
  "provisioning_scim_endpoint": "text",
  "provisioning_scim_token": "text",
  "gather_all_iam_policies": true,
  "documentdb_user": "text",
  "documentdb_password": "text",
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  }
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "redshift_database_allow_list": [
      "text"
    ],
    "redshift_database_deny_list": [
      "text"
    ],
    "rds_database_allow_list": [
      "text"
    ],
    "rds_database_deny_list": [
      "text"
    ],
    "s3_bucket_allow_list": [
      "text"
    ],
    "s3_bucket_deny_list": [
      "text"
    ],
    "extraction_policy_name": "text",
    "gather_system_tables": true,
    "gather_postgresql_system_schemas": true,
    "gather_rds_oracle_system_schemas": true,
    "team_id": "text",
    "rds_db_level_only": true,
    "rbac_id": "text",
    "account_id": "text",
    "credentials_type": 1,
    "access_key_id": "text",
    "assume_role_name": "text",
    "regions": [
      "text"
    ],
    "db_user": "text",
    "redshift_user": "text",
    "rds_mysql_user": "text",
    "rds_postgres_user": "text",
    "rds_oracle_user": "text",
    "services": [
      1
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "audit_log_cloud_trail_name": "text",
    "audit_log_cloud_trail_region": "text",
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "databricks_oauth_m2m_credentials": {
      "client_id": "text",
      "client_secret": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "provisioning_identity_store_id": "text",
    "provisioning_scim_endpoint": "text",
    "audit_log_extract_for_org": true,
    "audit_log_skip_extraction": true,
    "gather_all_iam_policies": true,
    "documentdb_user": "text",
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Delete AWS Provider

delete

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

objectOptional

default

Default error response

application/json

delete

/api/v1/providers/aws/{id}

DELETE /api/v1/providers/aws/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Get AWS Trust Policy

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters

assume_role_external_idstringOptional

assume_role_namestringOptionalDeprecated

Responses

200

application/json

trust_policy_jsonstringOptional

default

Default error response

application/json

get

/api/v1/providers/aws:trustpolicy

GET /api/v1/providers/aws:trustpolicy HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "trust_policy_json": "text"
}

Check AWS Policy

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

requires_updatebooleanOptional

aws_account_idstringOptional

current_policystringOptional

required_policystringOptional

required_actionsstring[]Optional

overprivileged_actionsstring[]Optional

default

Default error response

application/json

get

/api/v1/providers/aws/{id}:checkpolicy

GET /api/v1/providers/aws/{id}:checkpolicy HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "requires_update": true,
  "aws_account_id": "text",
  "current_policy": "text",
  "required_policy": "text",
  "required_actions": [
    "text"
  ],
  "overprivileged_actions": [
    "text"
  ]
}

Azure Providers

Azure Provider Object Schema

Azure provider configurations include tenant authentication and service settings:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "contoso.onmicrosoft.com",
  "name": "Azure-Production",
  "type": "AZURE",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "tenant_id": "12345678-1234-1234-1234-123456789012",
  "client_id": "87654321-4321-4321-4321-210987654321",
  "services": [
    "AZUREAD",
    "SHAREPOINT",
    "SQLSERVER"
  ],
  "gather_guest_users": true,
  "gather_disabled_users": false,
  "gather_personal_sites": true,
  "domains": ["contoso.com"],
  "sql_server_database_allow_list": ["production"],
  "sql_server_database_deny_list": ["temp"]
}

Azure Configuration Fields

tenant_id (String): Azure Active Directory tenant ID
client_id (String): Application (client) ID for service principal
client_secret (String): Client secret for authentication
auth_certificate (String): Certificate for SharePoint app-only access
auth_certificate_password (String): Certificate password
services (Array): Azure services to discover
gather_guest_users (Boolean): Include guest users in discovery
gather_disabled_users (Boolean): Include disabled users
gather_personal_sites (Boolean): Include personal SharePoint sites
domains (Array): Specific domains to discover

For detailed Azure setup instructions, see Azure Integration.

Azure API Operations

List Azure Providers

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/azure

GET /api/v1/providers/azure HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "gather_guest_users": true,
      "gather_disabled_users": true,
      "domains": [
        "text"
      ],
      "gather_personal_sites": true,
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2026-03-20T21:59:37.761Z",
        "synced_at": "2026-03-20T21:59:37.761Z"
      },
      "government_cloud": 1,
      "extract_pim_eligibility": true,
      "dynamics365_environments": [
        "text"
      ],
      "team_id": "text",
      "dynamics_erp_environments": [
        "text"
      ],
      "authentication_type": 1,
      "account_id": "text",
      "tenant_id": "text",
      "client_id": "text",
      "services": [
        1
      ],
      "sql_server_database_allow_list": [
        "text"
      ],
      "sql_server_database_deny_list": [
        "text"
      ],
      "sql_server_schema_allow_list": [
        "text"
      ],
      "sql_server_schema_deny_list": [
        "text"
      ],
      "sql_server_gather_system_databases": true,
      "gather_postgresql_system_schemas": true,
      "postgresql_username": "text",
      "postgresql_password": "text",
      "postgresql_database_allow_list": [
        "text"
      ],
      "postgresql_database_deny_list": [
        "text"
      ],
      "postgresql_schema_allow_list": [
        "text"
      ],
      "postgresql_schema_deny_list": [
        "text"
      ],
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "sharepoint_site_allow_list": [
        "text"
      ],
      "sharepoint_site_deny_list": [
        "text"
      ],
      "rbac_id": "text",
      "skip_mailbox_folders": true,
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ]
          }
        ],
        "use_email": true
      },
      "user_custom_properties": [
        {
          "name": "text",
          "type": 1,
          "lcm_unique_identifier": true
        }
      ],
      "provisioning": true,
      "lifecycle_management_state": 1,
      "secret_references": [
        {
          "id": "text",
          "secret_id": "text",
          "vault_id": "text",
          "vault": {
            "id": "text",
            "name": "text",
            "vault_provider": "text",
            "insight_point_id": "text",
            "deleted": true
          }
        }
      ],
      "gather_group_extra_info": true,
      "gather_group_owner_details": true,
      "log_analytics_workspace_id": "text",
      "subscription_id_allow_list": [
        "text"
      ],
      "subscription_id_deny_list": [
        "text"
      ],
      "storage_account_name_allow_list": [
        "text"
      ],
      "storage_account_name_deny_list": [
        "text"
      ],
      "blob_container_name_allow_list": [
        "text"
      ],
      "blob_container_name_deny_list": [
        "text"
      ]
    }
  ]
}

Create Azure Provider

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

tenant_idstringOptional

client_idstringOptional

client_secretstringOptional

data_plane_idstringOptional

auth_certificatestringOptional

auth_certificate_passwordstringOptional

gather_guest_usersbooleanOptional

gather_disabled_usersbooleanOptional

domainsstring[]Optional

gather_personal_sitesbooleanOptional

government_cloudinteger · enumOptional

extract_pim_eligibilitybooleanOptional

dynamics365_environmentsstring[]Optional

dynamics_erp_environmentsstring[]Optional

authentication_typeinteger · enumOptional

sql_server_database_allow_liststring[]Optional

sql_server_database_deny_liststring[]Optional

sql_server_schema_allow_liststring[]Optional

sql_server_schema_deny_liststring[]Optional

sql_server_gather_system_databasesbooleanOptional

postgresql_usernamestringOptional

postgresql_passwordstringOptional

postgresql_database_allow_liststring[]Optional

postgresql_database_deny_liststring[]Optional

postgresql_schema_allow_liststring[]Optional

postgresql_schema_deny_liststring[]Optional

sharepoint_site_allow_liststring[]Optional

sharepoint_site_deny_liststring[]Optional

gather_postgresql_system_schemasbooleanOptional

skip_mailbox_foldersbooleanOptional

provisioningbooleanOptional

gather_group_extra_infobooleanOptional

gather_group_owner_detailsbooleanOptional

log_analytics_workspace_idstringOptional

subscription_id_allow_liststring[]Optional

subscription_id_deny_liststring[]Optional

storage_account_name_allow_liststring[]Optional

storage_account_name_deny_liststring[]Optional

blob_container_name_allow_liststring[]Optional

blob_container_name_deny_liststring[]Optional

Responses

200

application/json

default

Default error response

application/json

post

/api/v1/providers/azure

POST /api/v1/providers/azure HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 2060

{
  "name": "text",
  "tenant_id": "text",
  "client_id": "text",
  "client_secret": "text",
  "data_plane_id": "text",
  "auth_certificate": "text",
  "auth_certificate_password": "text",
  "services": [
    1
  ],
  "gather_guest_users": true,
  "gather_disabled_users": true,
  "domains": [
    "text"
  ],
  "gather_personal_sites": true,
  "government_cloud": 1,
  "extract_pim_eligibility": true,
  "dynamics365_environments": [
    "text"
  ],
  "dynamics_erp_environments": [
    "text"
  ],
  "authentication_type": 1,
  "sql_server_database_allow_list": [
    "text"
  ],
  "sql_server_database_deny_list": [
    "text"
  ],
  "sql_server_schema_allow_list": [
    "text"
  ],
  "sql_server_schema_deny_list": [
    "text"
  ],
  "sql_server_gather_system_databases": true,
  "postgresql_username": "text",
  "postgresql_password": "text",
  "postgresql_database_allow_list": [
    "text"
  ],
  "postgresql_database_deny_list": [
    "text"
  ],
  "postgresql_schema_allow_list": [
    "text"
  ],
  "postgresql_schema_deny_list": [
    "text"
  ],
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "sharepoint_site_allow_list": [
    "text"
  ],
  "sharepoint_site_deny_list": [
    "text"
  ],
  "gather_postgresql_system_schemas": true,
  "skip_mailbox_folders": true,
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  },
  "user_custom_properties": [
    {
      "name": "text",
      "type": 1,
      "lcm_unique_identifier": true
    }
  ],
  "provisioning": true,
  "secret_references": [
    {
      "secret_id": "text",
      "vault_id": "text"
    }
  ],
  "gather_group_extra_info": true,
  "gather_group_owner_details": true,
  "log_analytics_workspace_id": "text",
  "subscription_id_allow_list": [
    "text"
  ],
  "subscription_id_deny_list": [
    "text"
  ],
  "storage_account_name_allow_list": [
    "text"
  ],
  "storage_account_name_deny_list": [
    "text"
  ],
  "blob_container_name_allow_list": [
    "text"
  ],
  "blob_container_name_deny_list": [
    "text"
  ]
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "authentication_type": 1,
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "rbac_id": "text",
    "skip_mailbox_folders": true,
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1,
        "lcm_unique_identifier": true
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1,
    "secret_references": [
      {
        "id": "text",
        "secret_id": "text",
        "vault_id": "text",
        "vault": {
          "id": "text",
          "name": "text",
          "vault_provider": "text",
          "insight_point_id": "text",
          "deleted": true
        }
      }
    ],
    "gather_group_extra_info": true,
    "gather_group_owner_details": true,
    "log_analytics_workspace_id": "text",
    "subscription_id_allow_list": [
      "text"
    ],
    "subscription_id_deny_list": [
      "text"
    ],
    "storage_account_name_allow_list": [
      "text"
    ],
    "storage_account_name_deny_list": [
      "text"
    ],
    "blob_container_name_allow_list": [
      "text"
    ],
    "blob_container_name_deny_list": [
      "text"
    ]
  }
}

Get Azure Provider

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/azure/{id}

GET /api/v1/providers/azure/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "authentication_type": 1,
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "rbac_id": "text",
    "skip_mailbox_folders": true,
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1,
        "lcm_unique_identifier": true
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1,
    "secret_references": [
      {
        "id": "text",
        "secret_id": "text",
        "vault_id": "text",
        "vault": {
          "id": "text",
          "name": "text",
          "vault_provider": "text",
          "insight_point_id": "text",
          "deleted": true
        }
      }
    ],
    "gather_group_extra_info": true,
    "gather_group_owner_details": true,
    "log_analytics_workspace_id": "text",
    "subscription_id_allow_list": [
      "text"
    ],
    "subscription_id_deny_list": [
      "text"
    ],
    "storage_account_name_allow_list": [
      "text"
    ],
    "storage_account_name_deny_list": [
      "text"
    ],
    "blob_container_name_allow_list": [
      "text"
    ],
    "blob_container_name_deny_list": [
      "text"
    ]
  }
}

Update Azure Provider

patch

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

provider.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

tenant_idstringOptional

client_idstringOptional

client_secretstringOptional

auth_certificatestringOptional

auth_certificate_passwordstringOptional

gather_guest_usersbooleanOptional

gather_disabled_usersbooleanOptional

domainsstring[]Optional

gather_personal_sitesbooleanOptional

government_cloudinteger · enumOptional

extract_pim_eligibilitybooleanOptional

dynamics365_environmentsstring[]Optional

dynamics_erp_environmentsstring[]Optional

authentication_typeinteger · enumOptional

sql_server_database_allow_liststring[]Optional

sql_server_database_deny_liststring[]Optional

sql_server_schema_allow_liststring[]Optional

sql_server_schema_deny_liststring[]Optional

sql_server_gather_system_databasesbooleanOptional

postgresql_usernamestringOptional

postgresql_passwordstringOptional

postgresql_database_allow_liststring[]Optional

postgresql_database_deny_liststring[]Optional

postgresql_schema_allow_liststring[]Optional

postgresql_schema_deny_liststring[]Optional

sharepoint_site_allow_liststring[]Optional

sharepoint_site_deny_liststring[]Optional

gather_postgresql_system_schemasbooleanOptional

skip_mailbox_foldersbooleanOptional

data_plane_idstringOptional

provisioningbooleanOptional

gather_group_extra_infobooleanOptional

gather_group_owner_detailsbooleanOptional

log_analytics_workspace_idstringOptional

subscription_id_allow_liststring[]Optional

subscription_id_deny_liststring[]Optional

storage_account_name_allow_liststring[]Optional

storage_account_name_deny_liststring[]Optional

blob_container_name_allow_liststring[]Optional

blob_container_name_deny_liststring[]Optional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/providers/azure/{provider.id}

PATCH /api/v1/providers/azure/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 2058

{
  "id": "text",
  "tenant_id": "text",
  "client_id": "text",
  "client_secret": "text",
  "auth_certificate": "text",
  "auth_certificate_password": "text",
  "services": [
    1
  ],
  "gather_guest_users": true,
  "gather_disabled_users": true,
  "domains": [
    "text"
  ],
  "gather_personal_sites": true,
  "government_cloud": 1,
  "extract_pim_eligibility": true,
  "dynamics365_environments": [
    "text"
  ],
  "dynamics_erp_environments": [
    "text"
  ],
  "authentication_type": 1,
  "sql_server_database_allow_list": [
    "text"
  ],
  "sql_server_database_deny_list": [
    "text"
  ],
  "sql_server_schema_allow_list": [
    "text"
  ],
  "sql_server_schema_deny_list": [
    "text"
  ],
  "sql_server_gather_system_databases": true,
  "postgresql_username": "text",
  "postgresql_password": "text",
  "postgresql_database_allow_list": [
    "text"
  ],
  "postgresql_database_deny_list": [
    "text"
  ],
  "postgresql_schema_allow_list": [
    "text"
  ],
  "postgresql_schema_deny_list": [
    "text"
  ],
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "sharepoint_site_allow_list": [
    "text"
  ],
  "sharepoint_site_deny_list": [
    "text"
  ],
  "gather_postgresql_system_schemas": true,
  "skip_mailbox_folders": true,
  "data_plane_id": "text",
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  },
  "user_custom_properties": [
    {
      "name": "text",
      "type": 1,
      "lcm_unique_identifier": true
    }
  ],
  "provisioning": true,
  "secret_references": [
    {
      "secret_id": "text",
      "vault_id": "text"
    }
  ],
  "gather_group_extra_info": true,
  "gather_group_owner_details": true,
  "log_analytics_workspace_id": "text",
  "subscription_id_allow_list": [
    "text"
  ],
  "subscription_id_deny_list": [
    "text"
  ],
  "storage_account_name_allow_list": [
    "text"
  ],
  "storage_account_name_deny_list": [
    "text"
  ],
  "blob_container_name_allow_list": [
    "text"
  ],
  "blob_container_name_deny_list": [
    "text"
  ]
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "authentication_type": 1,
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "rbac_id": "text",
    "skip_mailbox_folders": true,
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1,
        "lcm_unique_identifier": true
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1,
    "secret_references": [
      {
        "id": "text",
        "secret_id": "text",
        "vault_id": "text",
        "vault": {
          "id": "text",
          "name": "text",
          "vault_provider": "text",
          "insight_point_id": "text",
          "deleted": true
        }
      }
    ],
    "gather_group_extra_info": true,
    "gather_group_owner_details": true,
    "log_analytics_workspace_id": "text",
    "subscription_id_allow_list": [
      "text"
    ],
    "subscription_id_deny_list": [
      "text"
    ],
    "storage_account_name_allow_list": [
      "text"
    ],
    "storage_account_name_deny_list": [
      "text"
    ],
    "blob_container_name_allow_list": [
      "text"
    ],
    "blob_container_name_deny_list": [
      "text"
    ]
  }
}

Delete Azure Provider

delete

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

objectOptional

default

Default error response

application/json

delete

/api/v1/providers/azure/{id}

DELETE /api/v1/providers/azure/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Google Cloud Providers

Google Cloud Provider Object Schema

Google Cloud provider configurations include service account credentials and project settings:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "gcp-project-id",
  "name": "GCP-Production",
  "type": "GOOGLE_CLOUD",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "customer_id": "C01234567",
  "workspace_email": "[email protected]",
  "project_allow_list": ["prod-project-1", "prod-project-2"],
  "project_deny_list": ["test-*"],
  "domain_allow_list": ["company.com"],
  "domain_deny_list": [],
  "services": [
    "IAM",
    "STORAGE",
    "COMPUTE",
    "WORKSPACE",
    "BIGQUERY"
  ],
  "dataset_allow_list": ["analytics", "reporting"],
  "dataset_deny_list": ["temp_*"]
}

Google Cloud Configuration Fields

credentials_json (String): Service account key JSON
customer_id (String): Google Workspace customer ID
workspace_email (String): Workspace user email for service account impersonation
project_allow_list (Array): GCP project names to include
project_deny_list (Array): GCP project names to exclude
domain_allow_list (Array): Workspace domains to include
domain_deny_list (Array): Workspace domains to exclude
dataset_allow_list (Array): BigQuery dataset names to include
dataset_deny_list (Array): BigQuery dataset names to exclude

For detailed Google Cloud setup instructions, see Google Cloud Integration.

Google Cloud API Operations

List Google Cloud Providers

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/google_cloud

GET /api/v1/providers/google_cloud HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "rbac_id": "text",
      "workspace_email": "text",
      "customer_id": "text",
      "services": [
        1
      ],
      "project_allow_list": [
        "text"
      ],
      "project_deny_list": [
        "text"
      ],
      "domain_allow_list": [
        "text"
      ],
      "domain_deny_list": [
        "text"
      ],
      "dataset_allow_list": [
        "text"
      ],
      "dataset_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ],
      "location_allow_list": [
        "text"
      ],
      "location_deny_list": [
        "text"
      ],
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "provisioning": true,
      "lifecycle_management_state": 1,
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2026-03-20T21:59:37.761Z",
        "synced_at": "2026-03-20T21:59:37.761Z"
      },
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ]
          }
        ],
        "use_email": true
      }
    }
  ]
}

Create Google Cloud Provider

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

credentials_jsonstring · bytesOptional

data_plane_idstringOptional

workspace_emailstringOptional

customer_idstringOptional

project_allow_liststring[]Optional

project_deny_liststring[]Optional

domain_allow_liststring[]Optional

domain_deny_liststring[]Optional

dataset_allow_liststring[]Optional

dataset_deny_liststring[]Optional

table_allow_liststring[]Optional

table_deny_liststring[]Optional

location_allow_liststring[]Optional

location_deny_liststring[]Optional

oauth_configstring · bytesOptional

oauth_tokenstring · bytesOptional

provisioningbooleanOptional

Responses

200

application/json

default

Default error response

application/json

post

/api/v1/providers/google_cloud

POST /api/v1/providers/google_cloud HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1039

{
  "name": "text",
  "credentials_json": "text",
  "data_plane_id": "text",
  "workspace_email": "text",
  "customer_id": "text",
  "project_allow_list": [
    "text"
  ],
  "project_deny_list": [
    "text"
  ],
  "domain_allow_list": [
    "text"
  ],
  "domain_deny_list": [
    "text"
  ],
  "services": [
    1
  ],
  "dataset_allow_list": [
    "text"
  ],
  "dataset_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ],
  "location_allow_list": [
    "text"
  ],
  "location_deny_list": [
    "text"
  ],
  "oauth_config": "text",
  "oauth_token": "text",
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "provisioning": true,
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  }
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "workspace_email": "text",
    "customer_id": "text",
    "services": [
      1
    ],
    "project_allow_list": [
      "text"
    ],
    "project_deny_list": [
      "text"
    ],
    "domain_allow_list": [
      "text"
    ],
    "domain_deny_list": [
      "text"
    ],
    "dataset_allow_list": [
      "text"
    ],
    "dataset_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ],
    "location_allow_list": [
      "text"
    ],
    "location_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Get Google Cloud Provider

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/google_cloud/{id}

GET /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "workspace_email": "text",
    "customer_id": "text",
    "services": [
      1
    ],
    "project_allow_list": [
      "text"
    ],
    "project_deny_list": [
      "text"
    ],
    "domain_allow_list": [
      "text"
    ],
    "domain_deny_list": [
      "text"
    ],
    "dataset_allow_list": [
      "text"
    ],
    "dataset_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ],
    "location_allow_list": [
      "text"
    ],
    "location_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Update Google Cloud Provider

patch

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

provider.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

credentials_jsonstring · bytesOptional

workspace_emailstringOptional

customer_idstringOptional

project_allow_liststring[]Optional

project_deny_liststring[]Optional

domain_allow_liststring[]Optional

domain_deny_liststring[]Optional

data_plane_idstringOptional

dataset_allow_liststring[]Optional

dataset_deny_liststring[]Optional

table_allow_liststring[]Optional

table_deny_liststring[]Optional

location_allow_liststring[]Optional

location_deny_liststring[]Optional

oauth_configstring · bytesOptional

oauth_tokenstring · bytesOptional

provisioningbooleanOptional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/providers/google_cloud/{provider.id}

PATCH /api/v1/providers/google_cloud/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1037

{
  "id": "text",
  "credentials_json": "text",
  "workspace_email": "text",
  "customer_id": "text",
  "project_allow_list": [
    "text"
  ],
  "project_deny_list": [
    "text"
  ],
  "domain_allow_list": [
    "text"
  ],
  "domain_deny_list": [
    "text"
  ],
  "services": [
    1
  ],
  "data_plane_id": "text",
  "dataset_allow_list": [
    "text"
  ],
  "dataset_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ],
  "location_allow_list": [
    "text"
  ],
  "location_deny_list": [
    "text"
  ],
  "oauth_config": "text",
  "oauth_token": "text",
  "databricks_cloud_config": {
    "account_id": "text",
    "tag_name_collector_cluster": "text"
  },
  "provisioning": true,
  "identity_mapping_configuration": {
    "mappings": [
      {
        "destination_datasource_type": "text",
        "destination_datasource_oaa_app_type": "text",
        "type": 1,
        "mode": 1,
        "transformations": [
          1
        ],
        "custom_value": "text",
        "property_matchers": [
          {
            "source_property": 1,
            "destination_property": 1,
            "custom_source_property": "text",
            "custom_destination_property": "text"
          }
        ],
        "id_matchers": [
          {
            "source_id": "text",
            "destination_id": "text"
          }
        ],
        "destination_datasources": [
          {
            "type": "text",
            "oaa_app_type": "text"
          }
        ]
      }
    ],
    "use_email": true
  }
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "workspace_email": "text",
    "customer_id": "text",
    "services": [
      1
    ],
    "project_allow_list": [
      "text"
    ],
    "project_deny_list": [
      "text"
    ],
    "domain_allow_list": [
      "text"
    ],
    "domain_deny_list": [
      "text"
    ],
    "dataset_allow_list": [
      "text"
    ],
    "dataset_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ],
    "location_allow_list": [
      "text"
    ],
    "location_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "provisioning": true,
    "lifecycle_management_state": 1,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    }
  }
}

Delete Google Cloud Provider

delete

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

objectOptional

default

Default error response

application/json

delete

/api/v1/providers/google_cloud/{id}

DELETE /api/v1/providers/google_cloud/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Snowflake Providers

Snowflake Provider Object Schema

Snowflake provider configurations include connection details and database filtering:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "xy12345.us-east-1",
  "name": "Snowflake-Production",
  "type": "SNOWFLAKE",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "account_locator": "xy12345",
  "region": "us-east-1",
  "cloud": "aws",
  "user": "veza_user",
  "role": "VEZA_ROLE",
  "warehouse": "COMPUTE_WH",
  "database_allow_list": ["PROD_DB", "ANALYTICS_DB"],
  "database_deny_list": ["TEMP_DB", "TEST_DB"]
}

Snowflake Configuration Fields

account_locator (String): Snowflake account locator (e.g., "xy12345")
region (String): Cloud region for the Snowflake account
cloud (String): Cloud provider ("aws", "azure", or "gcp")
user (String): Snowflake username for authentication
password (String): Password for the Snowflake user
role (String): Snowflake role to use for queries
warehouse (String): Default warehouse for compute
database_allow_list (Array): Database names to include
database_deny_list (Array): Database names to exclude

For detailed Snowflake setup instructions, see Snowflake Integration.

Snowflake API Operations

List Snowflake Providers

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/snowflake

GET /api/v1/providers/snowflake HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "rbac_id": "text",
      "account_locator": "text",
      "region": "text",
      "cloud": "text",
      "user": "text",
      "role": "text",
      "warehouse": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2026-03-20T21:59:37.761Z",
        "synced_at": "2026-03-20T21:59:37.761Z"
      },
      "alternative_database_name": "text",
      "authentication_method": 1,
      "extract_tags": true,
      "provisioning": true,
      "lifecycle_management_state": 1,
      "export_database": "text",
      "export_schema": "text",
      "export_user": "text",
      "export_role": "text",
      "export_authentication_method": 1,
      "organization_account": true,
      "connection_type": 1,
      "account_name": "text",
      "org_name": "text",
      "private_link": true,
      "alternative_account_usage_schema_name": "text",
      "gather_masking_policies": true,
      "gather_row_access_policies": true,
      "gather_network_policies": true,
      "gather_projection_policies": true,
      "gather_password_policies": true,
      "gather_login_source_ip": true,
      "external_oauth_aws_region": "text",
      "external_oauth_ida_provider_uri": "text",
      "external_oauth_ida_resource_uri": "text",
      "account_allow_list": [
        "text"
      ],
      "account_deny_list": [
        "text"
      ]
    }
  ]
}

Create Snowflake Provider

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

account_locatorstringOptional

regionstringOptional

cloudstringOptional

userstringOptional

passwordstringOptional

rolestringOptional

warehousestringOptional

data_plane_idstringOptional

database_allow_liststring[]Optional

database_deny_liststring[]Optional

alternative_database_namestringOptional

authentication_methodinteger · enumOptional

private_keystringOptional

private_key_passwordstringOptional

extract_tagsbooleanOptional

export_databasestringOptional

export_schemastringOptional

export_userstringOptional

export_rolestringOptional

export_authentication_methodinteger · enumOptional

export_private_keystringOptional

export_private_key_passwordstringOptional

export_passwordstringOptional

provisioningbooleanOptional

connection_typeinteger · enumOptional

account_namestringOptional

org_namestringOptional

private_linkbooleanOptional

alternative_account_usage_schema_namestringOptional

gather_masking_policiesbooleanOptional

gather_row_access_policiesbooleanOptional

gather_network_policiesbooleanOptional

gather_projection_policiesbooleanOptional

organization_accountbooleanOptional

gather_password_policiesbooleanOptional

gather_login_source_ipbooleanOptional

external_oauth_aws_regionstringOptional

External OAuth specific fields

external_oauth_ida_provider_uristringOptional

external_oauth_ida_resource_uristringOptional

account_allow_liststring[]Optional

Organization account filtering

account_deny_liststring[]Optional

Responses

200

application/json

default

Default error response

application/json

post

/api/v1/providers/snowflake

POST /api/v1/providers/snowflake HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1108

{
  "name": "text",
  "account_locator": "text",
  "region": "text",
  "cloud": "text",
  "user": "text",
  "password": "text",
  "role": "text",
  "warehouse": "text",
  "data_plane_id": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "alternative_database_name": "text",
  "authentication_method": 1,
  "private_key": "text",
  "private_key_password": "text",
  "extract_tags": true,
  "export_database": "text",
  "export_schema": "text",
  "export_user": "text",
  "export_role": "text",
  "export_authentication_method": 1,
  "export_private_key": "text",
  "export_private_key_password": "text",
  "export_password": "text",
  "provisioning": true,
  "connection_type": 1,
  "account_name": "text",
  "org_name": "text",
  "private_link": true,
  "alternative_account_usage_schema_name": "text",
  "gather_masking_policies": true,
  "gather_row_access_policies": true,
  "gather_network_policies": true,
  "gather_projection_policies": true,
  "organization_account": true,
  "gather_password_policies": true,
  "gather_login_source_ip": true,
  "external_oauth_aws_region": "text",
  "external_oauth_ida_provider_uri": "text",
  "external_oauth_ida_resource_uri": "text",
  "account_allow_list": [
    "text"
  ],
  "account_deny_list": [
    "text"
  ]
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "account_locator": "text",
    "region": "text",
    "cloud": "text",
    "user": "text",
    "role": "text",
    "warehouse": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "alternative_database_name": "text",
    "authentication_method": 1,
    "extract_tags": true,
    "provisioning": true,
    "lifecycle_management_state": 1,
    "export_database": "text",
    "export_schema": "text",
    "export_user": "text",
    "export_role": "text",
    "export_authentication_method": 1,
    "organization_account": true,
    "connection_type": 1,
    "account_name": "text",
    "org_name": "text",
    "private_link": true,
    "alternative_account_usage_schema_name": "text",
    "gather_masking_policies": true,
    "gather_row_access_policies": true,
    "gather_network_policies": true,
    "gather_projection_policies": true,
    "gather_password_policies": true,
    "gather_login_source_ip": true,
    "external_oauth_aws_region": "text",
    "external_oauth_ida_provider_uri": "text",
    "external_oauth_ida_resource_uri": "text",
    "account_allow_list": [
      "text"
    ],
    "account_deny_list": [
      "text"
    ]
  }
}

Get Snowflake Provider

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/snowflake/{id}

GET /api/v1/providers/snowflake/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "account_locator": "text",
    "region": "text",
    "cloud": "text",
    "user": "text",
    "role": "text",
    "warehouse": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "alternative_database_name": "text",
    "authentication_method": 1,
    "extract_tags": true,
    "provisioning": true,
    "lifecycle_management_state": 1,
    "export_database": "text",
    "export_schema": "text",
    "export_user": "text",
    "export_role": "text",
    "export_authentication_method": 1,
    "organization_account": true,
    "connection_type": 1,
    "account_name": "text",
    "org_name": "text",
    "private_link": true,
    "alternative_account_usage_schema_name": "text",
    "gather_masking_policies": true,
    "gather_row_access_policies": true,
    "gather_network_policies": true,
    "gather_projection_policies": true,
    "gather_password_policies": true,
    "gather_login_source_ip": true,
    "external_oauth_aws_region": "text",
    "external_oauth_ida_provider_uri": "text",
    "external_oauth_ida_resource_uri": "text",
    "account_allow_list": [
      "text"
    ],
    "account_deny_list": [
      "text"
    ]
  }
}

Update Snowflake Provider

patch

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

provider.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

account_locatorstringOptional

regionstringOptional

cloudstringOptional

userstringOptional

passwordstringOptional

rolestringOptional

warehousestringOptional

database_allow_liststring[]Optional

database_deny_liststring[]Optional

alternative_database_namestringOptional

authentication_methodinteger · enumOptional

private_keystringOptional

private_key_passwordstringOptional

extract_tagsbooleanOptional

data_plane_idstringOptional

export_databasestringOptional

export_schemastringOptional

export_userstringOptional

export_rolestringOptional

export_authentication_methodinteger · enumOptional

export_private_keystringOptional

export_private_key_passwordstringOptional

export_passwordstringOptional

gather_masking_policiesbooleanOptional

gather_row_access_policiesbooleanOptional

gather_projection_policiesbooleanOptional

organization_accountbooleanOptional

gather_password_policiesbooleanOptional

gather_login_source_ipbooleanOptional

provisioningbooleanOptional

connection_typeinteger · enumOptional

account_namestringOptional

org_namestringOptional

private_linkbooleanOptional

alternative_account_usage_schema_namestringOptional

gather_network_policiesbooleanOptional

external_oauth_aws_regionstringOptional

External OAuth specific fields

external_oauth_ida_provider_uristringOptional

external_oauth_ida_resource_uristringOptional

account_allow_liststring[]Optional

Organization account filtering

account_deny_liststring[]Optional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/providers/snowflake/{provider.id}

PATCH /api/v1/providers/snowflake/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 1106

{
  "id": "text",
  "account_locator": "text",
  "region": "text",
  "cloud": "text",
  "user": "text",
  "password": "text",
  "role": "text",
  "warehouse": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "alternative_database_name": "text",
  "authentication_method": 1,
  "private_key": "text",
  "private_key_password": "text",
  "extract_tags": true,
  "data_plane_id": "text",
  "export_database": "text",
  "export_schema": "text",
  "export_user": "text",
  "export_role": "text",
  "export_authentication_method": 1,
  "export_private_key": "text",
  "export_private_key_password": "text",
  "export_password": "text",
  "gather_masking_policies": true,
  "gather_row_access_policies": true,
  "gather_projection_policies": true,
  "organization_account": true,
  "gather_password_policies": true,
  "gather_login_source_ip": true,
  "provisioning": true,
  "connection_type": 1,
  "account_name": "text",
  "org_name": "text",
  "private_link": true,
  "alternative_account_usage_schema_name": "text",
  "gather_network_policies": true,
  "external_oauth_aws_region": "text",
  "external_oauth_ida_provider_uri": "text",
  "external_oauth_ida_resource_uri": "text",
  "account_allow_list": [
    "text"
  ],
  "account_deny_list": [
    "text"
  ]
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "account_locator": "text",
    "region": "text",
    "cloud": "text",
    "user": "text",
    "role": "text",
    "warehouse": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-03-20T21:59:37.761Z",
      "synced_at": "2026-03-20T21:59:37.761Z"
    },
    "alternative_database_name": "text",
    "authentication_method": 1,
    "extract_tags": true,
    "provisioning": true,
    "lifecycle_management_state": 1,
    "export_database": "text",
    "export_schema": "text",
    "export_user": "text",
    "export_role": "text",
    "export_authentication_method": 1,
    "organization_account": true,
    "connection_type": 1,
    "account_name": "text",
    "org_name": "text",
    "private_link": true,
    "alternative_account_usage_schema_name": "text",
    "gather_masking_policies": true,
    "gather_row_access_policies": true,
    "gather_network_policies": true,
    "gather_projection_policies": true,
    "gather_password_policies": true,
    "gather_login_source_ip": true,
    "external_oauth_aws_region": "text",
    "external_oauth_ida_provider_uri": "text",
    "external_oauth_ida_resource_uri": "text",
    "account_allow_list": [
      "text"
    ],
    "account_deny_list": [
      "text"
    ]
  }
}

Delete Snowflake Provider

delete

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

objectOptional

default

Default error response

application/json

delete

/api/v1/providers/snowflake/{id}

DELETE /api/v1/providers/snowflake/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

SQL Server Providers

SQL Server Provider Object Schema

SQL Server provider configurations include connection details and database filtering:

{
  "id": "90112ed7-47e7-48e6-9f05-c02d19d7f137",
  "vendor_id": "sqlserver.company.com",
  "name": "SQL-Production",
  "type": "SQL_SERVER",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "host": "sqlserver.company.com",
  "port": 1433,
  "username": "veza_user",
  "database_allow_list": ["ProductionDB", "AnalyticsDB"],
  "database_deny_list": ["TempDB", "TestDB"],
  "schema_allow_list": ["dbo", "analytics"],
  "schema_deny_list": ["temp"]
}

SQL Server Configuration Fields

host (String): SQL Server hostname or IP address
port (Integer): Port number (typically 1433)
username (String): SQL Server username
password (String): Password for authentication
database_allow_list (Array): Database names to include
database_deny_list (Array): Database names to exclude
schema_allow_list (Array): Schema names to include
schema_deny_list (Array): Schema names to exclude

For detailed SQL Server setup instructions, see SQL Server Integration.

SQL Server API Operations

List SQL Server Providers

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/sqlserver

GET /api/v1/providers/sqlserver HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "rbac_id": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "database_allow_list": [
        "text"
      ],
      "database_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "gather_system_databases": true,
      "instance_name": "text",
      "use_tls_connector": true
    }
  ]
}

Create SQL Server Provider

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

hoststringOptional

portinteger · int32Optional

usernamestringOptional

passwordstringOptional

data_plane_idstringOptional

database_allow_liststring[]Optional

database_deny_liststring[]Optional

schema_allow_liststring[]Optional

schema_deny_liststring[]Optional

gather_system_databasesbooleanOptional

instance_namestringOptional

use_tls_connectorbooleanOptional

Responses

200

application/json

idstringOptional

default

Default error response

application/json

post

/api/v1/providers/sqlserver

POST /api/v1/providers/sqlserver HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 294

{
  "name": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "data_plane_id": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "gather_system_databases": true,
  "instance_name": "text",
  "use_tls_connector": true
}

{
  "id": "text"
}

Get SQL Server Provider

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

idstringOptional

vendor_idstringOptional

namestringOptional

typeinteger · enumOptional

stateinteger · enumOptional

data_plane_idstringOptional

statusinteger · enumOptional

team_idstringOptional

rbac_idstringOptional

hoststringOptional

portinteger · int32Optional

usernamestringOptional

database_allow_liststring[]Optional

database_deny_liststring[]Optional

schema_allow_liststring[]Optional

schema_deny_liststring[]Optional

gather_system_databasesbooleanOptional

instance_namestringOptional

use_tls_connectorbooleanOptional

default

Default error response

application/json

get

/api/v1/providers/sqlserver/{id}

GET /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "id": "text",
  "vendor_id": "text",
  "name": "text",
  "type": 1,
  "state": 1,
  "data_plane_id": "text",
  "status": 1,
  "team_id": "text",
  "rbac_id": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "gather_system_databases": true,
  "instance_name": "text",
  "use_tls_connector": true
}

Update SQL Server Provider

patch

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

provider.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

hoststringOptional

portinteger · int32Optional

usernamestringOptional

passwordstringOptional

database_allow_liststring[]Optional

database_deny_liststring[]Optional

schema_allow_liststring[]Optional

schema_deny_liststring[]Optional

gather_system_databasesbooleanOptional

instance_namestringOptional

use_tls_connectorbooleanOptional

data_plane_idstringOptional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/providers/sqlserver/{provider.id}

PATCH /api/v1/providers/sqlserver/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 292

{
  "id": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "database_allow_list": [
    "text"
  ],
  "database_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "gather_system_databases": true,
  "instance_name": "text",
  "use_tls_connector": true,
  "data_plane_id": "text"
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "database_allow_list": [
      "text"
    ],
    "database_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "gather_system_databases": true,
    "instance_name": "text",
    "use_tls_connector": true
  }
}

Delete SQL Server Provider

delete

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

objectOptional

default

Default error response

application/json

delete

/api/v1/providers/sqlserver/{id}

DELETE /api/v1/providers/sqlserver/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Trino Providers

Trino Provider Object Schema

Trino provider configurations include cluster connection details and S3 access control file settings:

{
  "id": "fa04e92f-6e0d-4285-ba58-86a20c6941ff",
  "vendor_id": "trino.company.com",
  "name": "Trino-Production",
  "type": "TRINO",
  "state": "ENABLED",
  "data_plane_id": "a2e32a80-9d64-4725-b4a9-8de6ffd0682b",
  "status": "SUCCESS",
  "host": "trino.company.com",
  "port": 8080,
  "username": "veza_user",
  "aws_s3_object_config": {
    "access_key": "AKIA...",
    "region": "us-east-1",
    "bucket": "trino-config",
    "object": "access-control.properties",
    "credentials_type": "STATIC",
    "assume_role_name": "",
    "account_id": ""
  },
  "ssl_certificate": "-----BEGIN CERTIFICATE-----\n..."
}

Trino Configuration Fields

host (String): Trino coordinator hostname
port (Integer): Trino coordinator port (typically 8080 or 8443)
username (String): Trino username
password (String): Password for authentication
aws_s3_object_config (Object): S3 configuration for access control file
ssl_certificate (String): TLS certificate for secure connections

S3 Object Configuration

The aws_s3_object_config object contains:

access_key (String): AWS access key ID
secret_key (String): AWS secret access key
region (String): S3 bucket region
bucket (String): S3 bucket name
object (String): Path to access control file
credentials_type (String): Authentication method
assume_role_name (String): IAM role name (for assume role)
assume_role_external_id (String): External ID for assume role
account_id (String): AWS account ID

For detailed Trino setup instructions, see Trino Integration.

Trino API Operations

List Trino Providers

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/trino

GET /api/v1/providers/trino HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "team_id": "text",
      "rbac_id": "text",
      "host": "text",
      "port": 1,
      "username": "text",
      "aws_s3_object_config": {
        "access_key": "text",
        "region": "text",
        "bucket": "text",
        "object": "text",
        "credentials_type": 1,
        "assume_role_name": "text",
        "account_id": "text"
      },
      "ssl_certificate": "text",
      "catalog_allow_list": [
        "text"
      ],
      "catalog_deny_list": [
        "text"
      ],
      "schema_allow_list": [
        "text"
      ],
      "schema_deny_list": [
        "text"
      ],
      "table_allow_list": [
        "text"
      ],
      "table_deny_list": [
        "text"
      ]
    }
  ]
}

Create Trino Provider

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

hoststringOptional

portinteger · int32Optional

usernamestringOptional

passwordstringOptional

data_plane_idstringOptional

ssl_certificatestringOptional

catalog_allow_liststring[]Optional

catalog_deny_liststring[]Optional

schema_allow_liststring[]Optional

schema_deny_liststring[]Optional

table_allow_liststring[]Optional

table_deny_liststring[]Optional

Responses

200

application/json

default

Default error response

application/json

post

/api/v1/providers/trino

POST /api/v1/providers/trino HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 506

{
  "name": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "data_plane_id": "text",
  "aws_s3_object_config": {
    "access_key": "text",
    "secret_key": "text",
    "region": "text",
    "bucket": "text",
    "object": "text",
    "credentials_type": 1,
    "assume_role_name": "text",
    "assume_role_external_id": "text",
    "account_id": "text"
  },
  "ssl_certificate": "text",
  "catalog_allow_list": [
    "text"
  ],
  "catalog_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ]
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "aws_s3_object_config": {
      "access_key": "text",
      "region": "text",
      "bucket": "text",
      "object": "text",
      "credentials_type": 1,
      "assume_role_name": "text",
      "account_id": "text"
    },
    "ssl_certificate": "text",
    "catalog_allow_list": [
      "text"
    ],
    "catalog_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ]
  }
}

Get Trino Provider

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

get

/api/v1/providers/trino/{id}

GET /api/v1/providers/trino/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "aws_s3_object_config": {
      "access_key": "text",
      "region": "text",
      "bucket": "text",
      "object": "text",
      "credentials_type": 1,
      "assume_role_name": "text",
      "account_id": "text"
    },
    "ssl_certificate": "text",
    "catalog_allow_list": [
      "text"
    ],
    "catalog_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ]
  }
}

Update Trino Provider

patch

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

provider.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

idstringOptional

hoststringOptional

portinteger · int32Optional

usernamestringOptional

passwordstringOptional

ssl_certificatestringOptional

catalog_allow_liststring[]Optional

catalog_deny_liststring[]Optional

schema_allow_liststring[]Optional

schema_deny_liststring[]Optional

table_allow_liststring[]Optional

table_deny_liststring[]Optional

data_plane_idstringOptional

Responses

200

application/json

default

Default error response

application/json

patch

/api/v1/providers/trino/{provider.id}

PATCH /api/v1/providers/trino/{provider.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 504

{
  "id": "text",
  "host": "text",
  "port": 1,
  "username": "text",
  "password": "text",
  "aws_s3_object_config": {
    "access_key": "text",
    "secret_key": "text",
    "region": "text",
    "bucket": "text",
    "object": "text",
    "credentials_type": 1,
    "assume_role_name": "text",
    "assume_role_external_id": "text",
    "account_id": "text"
  },
  "ssl_certificate": "text",
  "catalog_allow_list": [
    "text"
  ],
  "catalog_deny_list": [
    "text"
  ],
  "schema_allow_list": [
    "text"
  ],
  "schema_deny_list": [
    "text"
  ],
  "table_allow_list": [
    "text"
  ],
  "table_deny_list": [
    "text"
  ],
  "data_plane_id": "text"
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "team_id": "text",
    "rbac_id": "text",
    "host": "text",
    "port": 1,
    "username": "text",
    "aws_s3_object_config": {
      "access_key": "text",
      "region": "text",
      "bucket": "text",
      "object": "text",
      "credentials_type": 1,
      "assume_role_name": "text",
      "account_id": "text"
    },
    "ssl_certificate": "text",
    "catalog_allow_list": [
      "text"
    ],
    "catalog_deny_list": [
      "text"
    ],
    "schema_allow_list": [
      "text"
    ],
    "schema_deny_list": [
      "text"
    ],
    "table_allow_list": [
      "text"
    ],
    "table_deny_list": [
      "text"
    ]
  }
}

Delete Trino Provider

delete

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

objectOptional

default

Default error response

application/json

delete

/api/v1/providers/trino/{id}

DELETE /api/v1/providers/trino/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Error Handling

All provider API operations return standard HTTP status codes:

200 OK: Request successful
400 Bad Request: Invalid request parameters or payload
401 Unauthorized: Invalid or missing API token
403 Forbidden: Insufficient permissions
404 Not Found: Provider configuration not found
409 Conflict: Provider configuration already exists
500 Internal Server Error: Server error

Error responses include a descriptive message and error code:

{
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "The provided credentials are invalid or expired",
    "details": "AWS STS AssumeRole failed with error: Access denied"
  }
}

Best Practices

When managing provider configurations:

Use descriptive names that identify the environment and purpose
Implement least privilege by configuring only necessary services and resources
Use allow lists rather than deny lists when possible for better security
Test configurations in development environments before production
Monitor discovery status regularly to ensure successful data collection
Rotate credentials according to your organization's security policies
Use assume role authentication for AWS providers when possible
Configure resource filtering to limit discovery scope and improve performance
Use secrets vaults to store sensitive credentials in your private network instead of in Veza. See Secrets Vaults

PreviousEnable/Disable Providers NextDisable AWS Services using Provider Management APIs

Last updated 1 month ago

Was this helpful?

hashtagProvider Types

hashtagAuthentication

hashtagCommon Provider Properties

hashtagAWS Providers

hashtagAWS Provider Object Schema

hashtagAWS Configuration Fields

hashtagAWS Service Discovery Options

hashtagAWS Resource Filtering

hashtagAWS API Operations

hashtagList AWS Providers

hashtagCreate AWS Provider

hashtagGet AWS Provider

hashtagUpdate AWS Provider

hashtagDelete AWS Provider

hashtagGet AWS Trust Policy

hashtagCheck AWS Policy

hashtagAzure Providers

hashtagAzure Provider Object Schema

hashtagAzure Configuration Fields

hashtagAzure API Operations

hashtagList Azure Providers

hashtagCreate Azure Provider

hashtagGet Azure Provider

hashtagUpdate Azure Provider

hashtagDelete Azure Provider

hashtagGoogle Cloud Providers

hashtagGoogle Cloud Provider Object Schema

hashtagGoogle Cloud Configuration Fields

hashtagGoogle Cloud API Operations

hashtagList Google Cloud Providers

hashtagCreate Google Cloud Provider

hashtagGet Google Cloud Provider

hashtagUpdate Google Cloud Provider

hashtagDelete Google Cloud Provider

hashtagSnowflake Providers

hashtagSnowflake Provider Object Schema

hashtagSnowflake Configuration Fields

hashtagSnowflake API Operations

hashtagList Snowflake Providers

hashtagCreate Snowflake Provider

hashtagGet Snowflake Provider

hashtagUpdate Snowflake Provider

hashtagDelete Snowflake Provider

hashtagSQL Server Providers

hashtagSQL Server Provider Object Schema

hashtagSQL Server Configuration Fields

hashtagSQL Server API Operations

hashtagList SQL Server Providers

hashtagCreate SQL Server Provider

hashtagGet SQL Server Provider

hashtagUpdate SQL Server Provider

hashtagDelete SQL Server Provider

hashtagTrino Providers

hashtagTrino Provider Object Schema

hashtagTrino Configuration Fields

hashtagS3 Object Configuration

hashtagTrino API Operations

hashtagList Trino Providers

hashtagCreate Trino Provider

hashtagGet Trino Provider

hashtagUpdate Trino Provider

hashtagDelete Trino Provider

hashtagError Handling

hashtagBest Practices

hashtagRelated Documentation

Provider Types

Authentication

Common Provider Properties

AWS Providers

AWS Provider Object Schema

AWS Configuration Fields

AWS Service Discovery Options

AWS Resource Filtering

AWS API Operations

List AWS Providers

Create AWS Provider

Get AWS Provider

Update AWS Provider

Delete AWS Provider

Get AWS Trust Policy

Check AWS Policy

Azure Providers

Azure Provider Object Schema

Azure Configuration Fields

Azure API Operations

List Azure Providers

Create Azure Provider

Get Azure Provider

Update Azure Provider

Delete Azure Provider

Google Cloud Providers

Google Cloud Provider Object Schema

Google Cloud Configuration Fields

Google Cloud API Operations

List Google Cloud Providers

Create Google Cloud Provider

Get Google Cloud Provider

Update Google Cloud Provider

Delete Google Cloud Provider

Snowflake Providers

Snowflake Provider Object Schema

Snowflake Configuration Fields

Snowflake API Operations

List Snowflake Providers

Create Snowflake Provider

Get Snowflake Provider

Update Snowflake Provider

Delete Snowflake Provider

SQL Server Providers

SQL Server Provider Object Schema

SQL Server Configuration Fields

SQL Server API Operations

List SQL Server Providers

Create SQL Server Provider

Get SQL Server Provider

Update SQL Server Provider

Delete SQL Server Provider

Trino Providers

Trino Provider Object Schema

Trino Configuration Fields

S3 Object Configuration

Trino API Operations

List Trino Providers

Create Trino Provider

Get Trino Provider

Update Trino Provider

Delete Trino Provider

Error Handling

Best Practices

Related Documentation