Skip to main content

Supported Connection Credential Types

This section contains general reference information on the credential types that are supported for use in connections from Alteryx Analytics Cloud (AAC). A credential type defines the authentication or account information that must be provided to the authenticating application.

Note

Some credential types may not be available in your product edition.

API Key

This credential type requires generation of an API key within the target application. This key must be inserted as part of the connection definition in AAC.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["apiKey"]

API Key with Token

This credential type requires an API key generated by the target application, as well as an access token tied to the API key.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["apiKeyWithToken"]

Azure Token SSO

Connect to Azure-hosted resources using the Azure Single Sign On (SSO) token for the authenticating user.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["azureTokenSso"]

AWS

AWS-specific credentials. Used for Redshift connections.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["aws"]

AWS Key/Secret

These AWS-specific credentials use a key/secret combination to authenticate to AWS systems, such as Amazon Dynamo DB and Amazon Athena.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["awsKeySecret"]

Basic

A simple username/password can be provided to the authenticating application.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["basic"]

Basic app

The basic app credential type requires that a private app be created in the target application. Access through this app needs an AppId and Password combination.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["basicApp"]

Basic with app token

This basic authentication mechanism requires three pieces of information: Username, Password and Application Token. All of these are available in through the target application.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["basicWithAppToken"]

conf

For this credential type, the connection credentials are stored in trifacta-conf.json, a JSON configuration file stored on the node hosting the product.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["conf"]

HTTP Header-Based Authentication

Used for REST API connections, these credentials are submitted as key/value pairs in the HTTP request.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["httpHeaderBasedAuth"]

HTTP Query-Based Authentication

Used for REST API connections, these credentials are submitted as key/value pairs in URL query parameters.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["httpQueryBasedAuth"]

IAM DB User

This credential type leverages an IAM role to access Amazon Redshift databases. The IAM role must be specified as part of the connection definition.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["iamDbUser"]

IAM Role Arn

This credential type uses an IAM role to access external S3 buckets, which are not defined as part of the base storage layer.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["iamRoleArn"]

Kerberos Delegate

Connection uses the Kerberos-delegated principal to connect to a relational database. No credentials are submitted as part of the connection definition. This method requires additional configuration.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["kerberosDelegate"]

Kerberos Impersonation

Connection uses the Kerberos impersonation principal for the user to connect to the database. No credentials are submitted as part of the connection definition.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["kerberosImpersonation"]

Key/Secret

When accessing an external S3 bucket, you can apply key-secret combinations as part of your connection definition. This authentication mechanism consists of an AWS Access Key ID and an AWS Access Secret ID.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["keySecret"]

No Authentication

Some connection types do not require credentials to be submitted to them.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["noAuth"]

OAuth 2.0

OAuth 2.0 credentials can be used to connect a client in AAC to the client app created in the target system.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["oauth2"]

Note

Additional configuration may be required to enable this credential type for a specific connection type.

Password

A single password value is required for authentication.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["password"]

Security Token

This credential type requires the insertion of a single security token as part of the connection definition. This security token must be generated from the targeted application.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["securityToken"]

SSH Key

Used for SFTP connections, this credential type requires that you insert an SSH key generated from the host server of the FTP site.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["sshKey"]

SSH Tunneling Basic

For SSH tunneling connectivity, you can use a simple username and password set of credentials. This credential type can be applied to various connection types.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["sshTunnelingBasic"]

SSH Tunneling SSH Key

For SSH tunneling connectivity, you can use a username and SSH key as a set of credentials. This credential type can be applied to various connection types.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["sshTunnelingSshKey"]

Transaction Key

This credential type uses a Login ID and Transaction Key to authenticate.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["transactionKey"]

User with API Token

This credential type requires a user identifier and an API token associated with that user to authenticate to the server.

Alteryx API attribute:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["userWithApiToken"]

Reference Information

Connections by Credential Type

Click here to expand...

Credential Type

Connection Type

apiKey

Airtable, Freshdesk, HubSpot, Mailchimp, SendGrid

apiKeyWithToken

Trello

awsKeySecret

Amazon Athena, Amazon DynamoDB

azureTokenSso

Azure SQL Database

basic

Alloy DB, MariaDB on Amazon RDS, MySQL on Amazon RDS, Oracle DB on Amazon RDS, PostgreSQL on Amazon RDS, SQL Server on Amazon RDS, Apache Impala, Azure SQL Database, Cassandra DB, MySQL on Google Cloud SQL, PostgreSQL on Google Cloud SQL, SQL Server on Google Cloud SQL, Cockroach DB, DB2, Denodo, Greenplum, IBM DB2, REST API, Jira by Atlassian, Magento, MariaDb, MongoDB, MongoDB Atlas, MySQL, Oracle Database, PostgreSQL, Presto, SAP HANA, ServiceNow, SFTP, SharePoint, Snowflake, Snowflake JDBC (Private Preview), Splunk, Azure Synapse Analytics (Formerly Microsoft SQL DW), Microsoft SQL Server, Tableau Server, Teradata, Trino, Workday, Zendesk

basicApp

Shopify

basicWithAppToken

Quickbase

conf

Databricks, Amazon Glue, Hive

httpHeaderBasedAuth

$strConnectionType

iamDbUser

Amazon Redshift

iamRoleArn

Amazon Redshift

keySecret

External Amazon S3

noAuth

REST API, Presto, Trino

oauth2

Adobe Analytics, Asana, Microsoft Advertising, Microsoft Dataverse, Denodo, Microsoft Dynamics 365 Sales, Microsoft Dynamics 365 Sales (Deprecated), Exact Online, Facebook Ads, Google Ads, Google Analytics, Google BigQuery JDBC (Private Preview), Google Calendar, Google Contacts, Google Data Catalog, Google Spanner, Google Sheets, Instagram Ads, LinkedIn Ads, Marketo, NetSuite, Pinterest, QuickBooks Online, SalesForce, SharePoint, Smartsheet, Snowflake, SurveyMonkey, Workday, Xero, YouTube Analytics, Zoho CRM

password

Redis

securityToken

SalesForce (Deprecated), SalesForce

sshKey

SFTP

transactionKey

Authorize.Net

API References

In the request and response for actual connections, the attribute credentialTypes is used as a String value:

{
  "id": 37,
  "host": "postgres.example.com",
  "port": 5432,
  "vendor": "postgres",
  "params": {
    "connectStrOpts": "",
    "database": "mydb"
  },
  "ssl": false,
  "vendorName": "postgres",
  "name": "Postgres20200417182437287",
  "description": "",
  "type": "jdbc",
  "isGlobal": false,
  "credentialType": "basic",
  "credentialsShared": false,
  "uuid": "myUniqueId",
  "disableTypeInference": false,
  "createdAt": "2020-04-17T18:25:04.518Z",
  "updatedAt": "2020-04-17T18:25:04.530Z",
  ...
}