Skip to main content

API Integration

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with API Integration:

  • Manage Lifecycle of new and existing API Integrations
  • Manage Grants of API Integrations

Supported Parameters

The engine supports the parameters listed below.

  • API_ALLOWED_PREFIXES: Explicitly limits external functions that use the integration to reference one or more HTTPS proxy service endpoints and resources within those proxies.
    • REQUIRED
    • Configuration key: api_allowed_prefixes
    • Data Type: List of String
  • API_PROVIDER: Specifies the HTTPS proxy service type.
    • REQUIRED
    • Configuration key: api_provider
    • Data Type: String
      caution

      The API_PROVIDER cannot be changed. Please refer to Snowflake documentation.

  • API_AWS_ROLE_ARN: ARN of a cloud platform role.
    • Configuration key: api_aws_role_arn
    • Data Type: String
  • API_BLOCKED_PREFIXES: Lists the endpoints and resources in the HTTPS proxy service that are not allowed to be called from Snowflake.
    • Configuration key: api_blocked_prefixes
    • Data Type: List of String
  • AZURE_AD_APPLICATION_ID: The 'Application (client) id' of the Azure AD app for your remote service.
    • Configuration key: azure_ad_application_id
    • Data Type: String
  • AZURE_TENANT_ID: Specifies the ID for your Office 365 tenant that all Azure API Management instances belong to.
    • Configuration key: azure_tenant_id
    • Data Type: String
  • ENABLED: Specifies whether this API integration is enabled or disabled. If the API integration is disabled, any external function that relies on it will not work.
    • Configuration key: enabled
    • Data Type: Boolean
  • NAMESPACING: Specify whether Prefix or Suffix or both are to be added to API Integration Name.
    • Configuration key: namespacing
    • Data Type: String
    • Possible Values:
      • none
      • prefix
      • suffix
      • both(Default)
  • ENVIRONMENT: Specify the environment in which the API Integration is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the API Integration.
    • Configuration key: manage_mode
    • Data Type: String
    • Possible Values:
      • none
      • grants
      • all(Default)
  • GRANTS: List of Privileges and Roles to which privileges are granted to on the current API Integration.
    • Configuration key: grants
    • Data Type: Map

Basic syntax

api_integrations:
  <api_integration-name>:
    <configuration-key>: <value>
    grants:
      <privilege>:
        - <role-name>
        - <role-name>

Supported API Integration Grants to Roles

Following is the list of Privileges Grant to Roles that can be specified in the database definition

  • USAGE
  • OWNERSHIP

Examples

api_integrations:
  API_INTEGRATION_1:
    grants:
      USAGE:
        - ROLE_1
    api_provider: aws_api_gateway
    api_aws_role_arn: arn:aws:iam::000000000001:/role/test
    api_allowed_prefixes:
      ["https://123456.execute-api.us-west-2.amazonaws.com/prod/"]
Last updated on