Step 4: Link the API Integration for Azure to the Proxy Service in the Portal
Step 4: Link the API Integration for Azure to the Proxy Service in the Portal¶
When an external function is called, Snowflake sends an HTTP POST command to the proxy service (i.e. Azure Function), which relays the
POST to the remote service (i.e. Azure API Management service). A service principal in your Azure AD tenant allows Snowflake to
authenticate with Azure AD when calling the API Management service in your tenant.
This topic provides instructions for creating a service principal to link the API integration you created in the previous step with
your Azure API Management service. The instructions are the same regardless of whether you are using the Azure Portal or ARM template.
To grant Snowflake access to your Azure tenancy, you need the AZURE_CONSENT_URL that you recorded earlier:
Paste the URL into your browser. When your browser resolves this URL, Azure automatically creates a service principal that represents
Snowflake in the tenant.
Note that you only need to create a service principal for Snowflake once per tenancy. After Snowflake has been granted access, access
does not need to be granted again. In other words, you do not need to grant access again for each new external function you create for