API Integration
You can provide configuration to Snowflake Object Lifecycle Engine for the following operations with API integration:
- Manage the lifecycle of new and existing API integrations
- Manage grants of API integration
Usage
We have introduced SOLE for Data Products as a new framework for SOLE to help you easily build an ecosystem of data products. The major difference is in how you define Snowflake objects in the configuration file.
Rather than having a grouped collection of objects, SOLE for Data Products goes for modular, self-describing, and explicit object definition.
Learn more about SOLE for Data Products, currently available as a public preview.
We have also introduced Data products as an extra layer on top of the data product platform capabilities making managing data products easier than ever. Learn more about Data Products, currently available as a private preview.
- Default Configuration
- Data Products Configuration
api_integrations:
<api_integration-name>:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>
- api_integration:
name: <api_integration-name>
<configuration-key>: <value>
roles:
- rel(role.<role-name>)
- rel(role.<role-name>)
Supported parameters
The engine supports the parameters listed below.
| Configuration Key | Required/Optional | Data Types and Values | Description |
|---|---|---|---|
api_allowed_prefixes | Required | List of String | Limits external functions that use the integration to reference one or more HTTPS proxy service endpoints and resources within those proxies |
api_provider | Required | String | Specifies the HTTPS proxy service type. Caution: api_provider cannot be changed. See Snowflake documentation. |
api_aws_role_arn | Optional | String | ARN of a cloud platform role |
api_blocked_prefixes | Optional | List of String | Lists the endpoints and resources in the HTTPS proxy service that are not allowed to be called from Snowflake |
azure_ad_application_id | Optional | String | The 'Application (client) ID' of the Azure AD app for your remote service |
azure_tenant_id | Optional | String | Specifies the ID for your Office 365 tenant that all Azure API management instances belong to |
comment | Optional | String | Specifies a comment for the API integration |
deleted | Optional | Boolean: True enables deletion prevention, False does nothing | Specifies what objects are allowed to be deleted |
enabled | Optional | Boolean | Specifies whether this API integration is enabled or disabled. If the API integration is disabled, any external function that relies on it will not work. |
environment | Optional | String | Specifies the environment in which the API integration is managed. Regex can be provided as well. |
grants | Optional | Map: See Supported API Integration Grants to Roles | Lists Privileges and Roles to which privileges are granted on the current API integration |
manage_mode | Optional | String: all (default), none, grants | Configures what properties to manage for the API integration. See Changing Manage Mode before changing the value. |
namespacing | Optional | String: both (default), prefix, suffix, none | Specifies whether a prefix or a suffix or both are to be added to the API integration name |
Supported API integration grants to roles
Following are the privileges you can grant to roles in the API integration definition:
- USAGE
- OWNERSHIP
Examples
- Default Configuration
- Data Products Configuration
api_integrations:
API_INTEGRATION_1:
grants:
USAGE:
- ROLE_1
api_provider: aws_api_gateway
api_aws_role_arn: arn:aws:iam::000000000001:/role/test
comment: comment for API integration
api_allowed_prefixes:
["https://123456.execute-api.us-west-2.amazonaws.com/prod/"]
- api_integration:
name: API_INTEGRATION_1
grants:
USAGE:
- rel(role.ROLE_1)
api_provider: aws_api_gateway
api_aws_role_arn: arn:aws:iam::000000000001:/role/test
api_allowed_prefixes:
["https://123456.execute-api.us-west-2.amazonaws.com/prod/"]