Supported Connection Credential Types
This section contains general reference information on the credential types that are supported for use in connections from Alteryx Analytics Cloud (AAC). A credential type defines the authentication or account information that must be provided to the authenticating application.
Note
Some credential types may not be available in your product edition.
API Key
This credential type requires generation of an API key within the target application. This key must be inserted as part of the connection definition in AACAAC.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["apiKey"]
API Key with Token
This credential type requires an API key generated by the target application, as well as an access token tied to the API key.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["apiKeyWithToken"]
Azure Token SSO
Connect to Azure-hosted resources using the Azure Single Sign On (SSO) token for the authenticating user.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["azureTokenSso"]
AWS
AWS-specific credentials. Used for Redshift connections.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["aws"]
AWS Key/Secret
These AWS-specific credentials use a key/secret combination to authenticate to AWS systems, such as Amazon Dynamo DB and Amazon Athena.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["awsKeySecret"]
Basic
A simple username/password can be provided to the authenticating application.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["basic"]
Basic app
The basic app credential type requires that a private app be created in the target application. Access through this app needs an AppId and Password combination.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["basicApp"]
Basic with app token
This basic authentication mechanism requires three pieces of information: Username, Password and Application Token. All of these are available in through the target application.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["basicWithAppToken"]
conf
For this credential type, the connection credentials are stored in trifacta-conf.json, a JSON configuration file stored on the node hosting the product.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["conf"]
HTTP Header-Based Authentication
Used for REST API connections, these credentials are submitted as key/value pairs in the HTTP request.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["httpHeaderBasedAuth"]
HTTP Query-Based Authentication
Used for REST API connections, these credentials are submitted as key/value pairs in URL query parameters.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["httpQueryBasedAuth"]
IAM DB User
This credential type leverages an IAM role to access Amazon Redshift databases. The IAM role must be specified as part of the connection definition.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["iamDbUser"]
IAM Role Arn
This credential type uses an IAM role to access external S3 buckets, which are not defined as part of the base storage layer.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["iamRoleArn"]
Kerberos Delegate
Connection uses the Kerberos-delegated principal to connect to a relational database. No credentials are submitted as part of the connection definition. This method requires additional configuration.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["kerberosDelegate"]
Kerberos Impersonation
Connection uses the Kerberos impersonation principal for the user to connect to the database. No credentials are submitted as part of the connection definition.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["kerberosImpersonation"]
Key/Secret
When accessing an external S3 bucket, you can apply key-secret combinations as part of your connection definition. This authentication mechanism consists of an AWS Access Key ID and an AWS Access Secret ID.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["keySecret"]
No Authentication
Some connection types do not require credentials to be submitted to them.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["noAuth"]
OAuth 2.0
OAuth 2.0 credentials can be used to connect a client in AACAAC to the client app created in the target system.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["oauth2"]
Note
Additional configuration may be required to enable this credential type for a specific connection type.
Password
A single password value is required for authentication.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["password"]
Security Token
This credential type requires the insertion of a single security token as part of the connection definition. This security token must be generated from the targeted application.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["securityToken"]
SSH Key
Used for SFTP connections, this credential type requires that you insert an SSH key generated from the host server of the FTP site.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["sshKey"]
SSH Tunneling Basic
For SSH tunneling connectivity, you can use a simple username and password set of credentials. This credential type can be applied to various connection types.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["sshTunnelingBasic"]
SSH Tunneling SSH Key
For SSH tunneling connectivity, you can use a username and SSH key as a set of credentials. This credential type can be applied to various connection types.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["sshTunnelingSshKey"]
Transaction Key
This credential type uses a Login ID and Transaction Key to authenticate.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["transactionKey"]
User with API Token
This credential type requires a user identifier and an API token associated with that user to authenticate to the server.
Alteryx API attribute:
When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:
"credentialType": ["userWithApiToken"]
Reference Information
Connections by Credential Type
Click here to expand...
Credential Type | Connection Type |
|---|---|
apiKey | Airtable, Freshdesk, HubSpot, Mailchimp, SendGrid |
apiKeyWithToken | Trello |
awsKeySecret | Amazon Athena, Amazon DynamoDB |
azureTokenSso | Azure SQL Database |
basic | Alloy DB, MariaDB on Amazon RDS, MySQL on Amazon RDS, Oracle DB on Amazon RDS, PostgreSQL on Amazon RDS, SQL Server on Amazon RDS, Apache Impala, Azure SQL Database, Cassandra DB, MySQL on Google Cloud SQL, PostgreSQL on Google Cloud SQL, SQL Server on Google Cloud SQL, Cockroach DB, DB2, Denodo, Greenplum, IBM DB2, REST API, Jira by Atlassian, Magento, MariaDb, MongoDB, MongoDB Atlas, MySQL, Oracle Database, PostgreSQL, Presto, SAP HANA, ServiceNow, SFTP, SharePoint, Snowflake, Snowflake JDBC (Private Preview), Splunk, Azure Synapse Analytics (Formerly Microsoft SQL DW), Microsoft SQL Server, Tableau Server, Teradata, Trino, Workday, Zendesk |
basicApp | Shopify |
basicWithAppToken | Quickbase |
conf | Databricks, Amazon Glue, Hive |
httpHeaderBasedAuth | $strConnectionType |
iamDbUser | Amazon Redshift |
iamRoleArn | Amazon Redshift |
keySecret | External Amazon S3 |
noAuth | REST API, Presto, Trino |
oauth2 | Adobe Analytics, Asana, Microsoft Advertising, Microsoft Dataverse, Denodo, Microsoft Dynamics 365 Sales, Microsoft Dynamics 365 Sales (Deprecated), Exact Online, Facebook Ads, Google Ads, Google Analytics, Google BigQuery JDBC (Private Preview), Google Calendar, Google Contacts, Google Data Catalog, Google Spanner, Google Sheets, Instagram Ads, LinkedIn Ads, Marketo, NetSuite, Pinterest, QuickBooks Online, SalesForce, SharePoint, Smartsheet, Snowflake, SurveyMonkey, Workday, Xero, YouTube Analytics, Zoho CRM |
password | Redis |
securityToken | SalesForce (Deprecated), SalesForce |
sshKey | SFTP |
transactionKey | Authorize.Net |
API References
In the request and response for actual connections, the attribute credentialTypes is used as a String value:
{
"id": 37,
"host": "postgres.example.com",
"port": 5432,
"vendor": "postgres",
"params": {
"connectStrOpts": "",
"database": "mydb"
},
"ssl": false,
"vendorName": "postgres",
"name": "Postgres20200417182437287",
"description": "",
"type": "jdbc",
"isGlobal": false,
"credentialType": "basic",
"credentialsShared": false,
"uuid": "myUniqueId",
"disableTypeInference": false,
"createdAt": "2020-04-17T18:25:04.518Z",
"updatedAt": "2020-04-17T18:25:04.530Z",
...
}