Step 3: Create the API Integration for GCP in Snowflake

These instructions show how to create an API Integration object to work with your Google Cloud API Gateway (proxy service).

In this Topic:

Create the API Integration Object

  1. Open up (if you haven’t already) a Snowflake web interface session.

  2. Execute the USE ROLE command to use a Snowflake role with ACCOUNTADMIN privileges or a role with the CREATE INTEGRATION privilege, for example:

    use role has_accountadmin_privileges;
  3. Type the CREATE API INTEGRATION command to create an API integration. The command should look similar to the following:

    create or replace api integration <integration_name>
        api_provider = google_api_gateway
        google_audience = '<google_audience_claim>'
        api_allowed_prefixes = ('<url>')
        enabled = true;
  4. Replace the <integration_name> with a unique integration name.

  5. Record the integration name in the “API Integration Name” field of the worksheet. You need the API Integration name later when you execute the CREATE EXTERNAL FUNCTION command.

  6. In the google_audience clause, replace the <google_audience_claim> with the value in the “Managed Service Identifier” field in the worksheet.

    (During authentication, Snowflake gives Google a JWT (JSON Web Token). The JWT contains an “aud” (“audience”) claim, which Snowflake sets to the google_audience field’s value. For more information about authenticating with Google, please see the Google service account authentication documentation. )

  7. In the api_allowed_prefixes clause, replace the <url> with the value in the “Gateway Base URL” field in the worksheet.

    (This field allows you to restrict the URLs to which this API integration can be applied. You can use a value that is more restrictive than the Gateway Base URL.)

  8. If you have not already done so, then execute the CREATE API INTEGRATION command you typed above.

  9. Read and record the API integration’s API_GCP_SERVICE_ACCOUNT information.

    1. Execute the DESCRIBE INTEGRATION command. For example:

      describe integration my_api_integration_name;
    2. Record the value of the API_GCP_SERVICE_ACCOUNT in the “API_GCP_SERVICE_ACCOUNT” field of the worksheet.

For more details about creating an API integration, see CREATE API INTEGRATION.

Next Step

Continue on to the next step:

Step 4: Create the External Function for GCP in Snowflake