This section contains general reference information on the credential types that are supported for use in connections from the . A credential type defines the authentication or account information that must be provided to the authenticating application.

NOTE: Some credential types may not be available in your product edition.

API Key

This credential type requires generation of an API key within the target application. This key must be inserted as part of the connection definition in the .

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["apiKey"]

API Key with Token

This credential type requires an API key generated by the target application, as well as an access token tied to the API key. 

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["apiKeyWithToken"]

Azure Token SSO

 Connect to Azure-hosted resources using the Azure Single Sign On (SSO) token for the authenticating user.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["azureTokenSso"]

AWS

AWS-specific credentials. Used for Redshift connections.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["aws"]

AWS Key/Secret

These AWS-specific credentials use a key/secret combination to authenticate to AWS systems, such as Amazon Dynamo DB and Amazon Athena.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["awsKeySecret"]

Basic

A simple username/password can be provided to the authenticating application.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["basic"]

Basic app

The basic app credential type requires that a private app be created in the target application. Access through this app needs an AppId and Password combination. 

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["basicApp"]

Basic with app token

This basic authentication mechanism requires three pieces of information:  Username Password  and  Application Token . All of these are available in through the target application.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["basicWithAppToken"]

conf

For this credential type, the connection credentials are stored in , a JSON configuration file stored on the node hosting the product.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["conf"]

HTTP Header-Based Authentication

Used for REST API connections, these credentials are submitted as key/value pairs in the HTTP request.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["httpHeaderBasedAuth"]

HTTP Query-Based Authentication

Used for REST API connections, these credentials are submitted as key/value pairs in URL query parameters.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["httpQueryBasedAuth"]

IAM DB User

This credential type leverages an IAM role to access Amazon Redshift databases. The IAM role must be specified as part of the connection definition.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["iamDbUser"]

IAM Role Arn

This credential type uses an IAM role to access external S3 buckets, which are not defined as part of the base storage layer. 

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["iamRoleArn"]

Kerberos Delegate

Connection uses the Kerberos-delegated principal to connect to a relational database. No credentials are submitted as part of the connection definition. This method requires additional configuration.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["kerberosDelegate"]

Kerberos Impersonation

Connection uses the Kerberos impersonation principal for the user to connect to the database. No credentials are submitted as part of the connection definition.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["kerberosImpersonation"]

Key/Secret

When accessing an external S3 bucket, you can apply key-secret combinations as part of your connection definition. This authentication mechanism consists of an AWS Access Key ID and an AWS Access Secret ID.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["keySecret"]

No Authentication

Some connection types do not require credentials to be submitted to them.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["noAuth"]

OAuth 2.0

OAuth 2.0 credentials can be used to connect a client in the  to the client app created in the target system.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["oauth2"]

NOTE: Additional configuration may be required to enable this credential type for a specific connection type.

Password

A single password value is required for authentication.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["password"]

Security Token

This credential type requires the insertion of a single security token as part of the connection definition. This security token must be generated from the targeted application.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["securityToken"]

SSH Key

Used for SFTP connections, this credential type requires that you insert an SSH key generated from the host server of the FTP site.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["sshKey"]

SSH Tunneling Basic

For SSH tunneling connectivity, you can use a simple username and password set of credentials. This credential type can be applied to various connection types.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["sshTunnelingBasic"]

SSH Tunneling SSH Key

For SSH tunneling connectivity, you can use a username and SSH key as a set of credentials. This credential type can be applied to various connection types.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["sshTunnelingSshKey"]

Transaction Key

This credential type uses a Login ID and Transaction Key to authenticate.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["transactionKey"]

User with API Token

This credential type requires a user identifier and an API token associated with that user to authenticate to the server.

:

When creating a connection via API, the following attribute and value must be inserted as part of the connection definition:

"credentialType": ["userWithApiToken"]

Reference Information

Connections by Credential Type

Credential Type

Connection Type

apiKey

, , ,

apiKeyWithToken

awsKeySecret

,

azureTokenSso

basic

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

basicApp

basicWithAppToken

conf

, ,

httpHeaderBasedAuth

iamDbUser

iamRoleArn

keySecret

noAuth

, ,

oauth2

, , , , , , , , , , , , , , , , , , , , ,

password

securityToken

,

sshKey

transactionKey


API References

In the request and response for actual connections, the attribute credentialTypes is used as a String value:

{
  "id": 37,
  "host": "postgres.example.com",
  "port": 5432,
  "vendor": "postgres",
  "params": {
    "connectStrOpts": "",
    "database": "mydb"
  },
  "ssl": false,
  "vendorName": "postgres",
  "name": "Postgres20200417182437287",
  "description": "",
  "type": "jdbc",
  "isGlobal": false,
  "credentialType": "basic",
  "credentialsShared": false,
  "uuid": "myUniqueId",
  "disableTypeInference": false,
  "createdAt": "2020-04-17T18:25:04.518Z",
  "updatedAt": "2020-04-17T18:25:04.530Z",
  ...
}