Step 3: Create the API Integration for GCP in Snowflake¶
This topic provides instructions for creating an API integration object in Snowflake to work with your proxy service (i.e. Google Cloud API Gateway).
In this Topic:
Create the API Integration Object¶
Use the CREATE API INTEGRATION command to create the API integration object:
If you haven’t already, log into the Snowflake web interface.
Execute the USE ROLE command to use the ACCOUNTADMIN role or a role with the CREATE INTEGRATION privilege. For example:
use role has_accountadmin_privileges;
Enter a CREATE API INTEGRATION statement. The statement should look similar to the following:
create or replace api integration <integration_name> api_provider = google_api_gateway google_audience = '<google_audience_claim>' api_allowed_prefixes = ('<url>') enabled = true;
In the statement:
<integration_name>with a unique integration name (e.g.
my_api_integration_name. The name must follow the rules for Object Identifiers.
In addition, record the integration name in the “API Integration Name” field in your tracking worksheet. You will need the name when you execute the CREATE EXTERNAL FUNCTION command later in the creation process.
<google_audience_claim>with the value from the “Managed Service Identifier” field in your tracking worksheet.
During authentication, Snowflake passes a JWT (JSON Web Token) to Google. The JWT contains an “aud” (“audience”) claim, which Snowflake sets to the value for
For more information about authenticating with Google, see the Google service account authentication documentation.
<url>with the value from the “Gateway Base URL” field in your tracking worksheet.
This field allows you to restrict the URLs to which this API integration can be applied. You can use a value that is more restrictive than the Gateway Base URL.
If you haven’t already, execute the CREATE API INTEGRATION statement you entered.
Record the API_GCP_SERVICE_ACCOUNT Information for the API Integration¶
Execute the DESCRIBE INTEGRATION command. For example:
describe integration my_api_integration_name;
Record the value for
API_GCP_SERVICE_ACCOUNTin the “API_GCP_SERVICE_ACCOUNT” field in your tracking worksheet.