Step 3: Create the API Integration for GCP in Snowflake

This topic provides instructions for creating an API integration object in Snowflake to work with your proxy service (i.e. Google Cloud API Gateway).

In this Topic:

Create the API Integration Object

Use the CREATE API INTEGRATION command to create the API integration object:

  1. If you haven’t already, log into the Snowflake web interface.

  2. Navigate to the Worksheets Worksheet tab page in the interface.

  3. Execute the USE ROLE command to use the ACCOUNTADMIN role or a role with the CREATE INTEGRATION privilege. For example:

    use role has_accountadmin_privileges;
    
  4. Enter a CREATE API INTEGRATION statement. The statement should look similar to the following:

    create or replace api integration <integration_name>
        api_provider = google_api_gateway
        google_audience = '<google_audience_claim>'
        api_allowed_prefixes = ('<url>')
        enabled = true;
    

    In the statement:

    1. Replace <integration_name> with a unique integration name (e.g. my_api_integration_name. The name must follow the rules for Object Identifiers.

      In addition, record the integration name in the “API Integration Name” field in your tracking worksheet. You will need the name when you execute the CREATE EXTERNAL FUNCTION command later in the creation process.

    2. For google_audience, replace <google_audience_claim> with the value from the “Managed Service Identifier” field in your tracking worksheet.

      During authentication, Snowflake passes a JWT (JSON Web Token) to Google. The JWT contains an “aud” (“audience”) claim, which Snowflake sets to the value for google_audience.

      For more information about authenticating with Google, see the Google service account authentication documentation.

    3. For api_allowed_prefixes, replace <url> with the value from the “Gateway Base URL” field in your tracking worksheet.

      This field allows you to restrict the URLs to which this API integration can be applied. You can use a value that is more restrictive than the Gateway Base URL.

  5. If you haven’t already, execute the CREATE API INTEGRATION statement you entered.

Record the API_GCP_SERVICE_ACCOUNT Information for the API Integration

  1. Execute the DESCRIBE INTEGRATION command. For example:

    describe integration my_api_integration_name;
    
  2. Record the value for API_GCP_SERVICE_ACCOUNT in the “API_GCP_SERVICE_ACCOUNT” field in your tracking worksheet.