ALTER APPLICATION SET SPECIFICATIONS¶

Syntax¶

ALTER APPLICATION SET SPECIFICATION <app_spec_name>
  TYPE = EXTERNAL_ACCESS
  LABEL = '<label>'
  DESCRIPTION = '<description>'
  { HOST_PORTS | PRIVATE_HOST_PORTS } = ( '<value>' [, '<value>', ... ] )

ALTER APPLICATION SET SPECIFICATION <app_spec_name>
    TYPE = SECURITY_INTEGRATION
    LABEL = '<string_literal>'
    DESCRIPTION = '<string_literal>'
    OAUTH_TYPE = 'CLIENT_CREDENTIALS'
    OAUTH_TOKEN_ENDPOINT = '<string_literal>'
    OAUTH_ALLOWED_SCOPES = ( '<scope>' [ , '<scope>' ... ] );

ALTER APPLICATION SET SPECIFICATION <app_spec_name>
  TYPE = SECURITY_INTEGRATION
  LABEL = '<string_literal>'
  DESCRIPTION = '<string_literal>'
  OAUTH_TYPE = 'AUTHORIZATION_CODE'
  OAUTH_TOKEN_ENDPOINT = '<string_literal>'
  [ OAUTH_AUTHORIZATION_ENDPOINT = '<string_literal>' ]
  [ OAUTH_ALLOWED_SCOPES = ( '<scope>' [ , '<scope>' ... ] ) ];

ALTER APPLICATION SET SPECIFICATION <app_spec_name>
  TYPE = SECURITY_INTEGRATION
  LABEL = '<string_literal>'
  DESCRIPTION = '<string_literal>'
  OAUTH_TYPE = 'JWT_BEARER'
  OAUTH_TOKEN_ENDPOINT = '<string_literal>'
  [ OAUTH_AUTHORIZATION_ENDPOINT = '<string_literal>' ]
  [ OAUTH_ALLOWED_SCOPES = ( '<scope>' [ , '<scope>' ... ] ) ];

ALTER APPLICATION SET SPECIFICATION <app_spec_name>
  TYPE = LISTING
  LABEL = '<string_literal>'
  DESCRIPTION = '<string_literal>'
  TARGET_ACCOUNTS = '<account_list>'
  LISTING = <listing_name>
  [ AUTO_FULFILLMENT_REFRESH_SCHEDULE = '<schedule>' ]

General parameters¶

app_spec_name

Identifier for the app specification.

TYPE = {EXTERNAL_ACCESS | SECURITY_INTEGRATION | LISTING}

Specifies the type of app specification. Supported values are:

• EXTERNAL_ACCESS

• SECURITY_INTEGRATION

• LISTING

LABEL = 'label'

Specifies a label for the app specification. This label is the name of the app specification that is visible to the consumer. Each app specification must have a unique label.

DESCRIPTION = 'description'

Specifies a description of the app specification. Snowflake recommends including information about the app specification type and why it is required by the app.

External access integration parameters¶

HOST_PORTS | PRIVATE_HOST_PORTS = ( 'value' [ , 'value', ... ] )

Specifies a list of host ports or private host ports that the app can connect to. These ports are used by external access integrations.

Security integration parameters - CLIENT_CREDENTIALS¶

OAUTH_TYPE = 'CLIENT_CREDENTIALS'

Specifies the type of security integration for external API Authentication. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_TOKEN_ENDPOINT = 'string_literal'

Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_ALLOWED_SCOPES = ( 'scope' [  , 'scope' ... ]  )

Specifies a comma-separated list of scopes, with single quotes surrounding each scope, to use when making a request from the OAuth by a role with USAGE on the integration during the OAuth client credentials flow. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_ACCESS_TOKEN_VALIDITY = integer

Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

Security integration parameters - AUTHORIZATION_CODE¶

OAUTH_TYPE = 'AUTHORIZATION_CODE'

Specifies the type of security integration for external API Authentication. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_TOKEN_ENDPOINT = 'string_literal'

Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_AUTHORIZATION_ENDPOINT = 'string_literal'

Specifies the URL for authenticating to the external service. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_ACCESS_TOKEN_VALIDITY = integer

Specifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_REFRESH_TOKEN_VALIDITY = integer

Specifies the default lifetime of the OAuth refresh token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

Security integration parameters - JWT_BEARER¶

OAUTH_TYPE = 'JWT_BEARER'

Specifies the type of security integration for external API Authentication. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_TOKEN_ENDPOINT = 'string_literal'

Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_AUTHORIZATION_ENDPOINT = 'string_literal'

Specifies the URL for authenticating to the external service. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

OAUTH_REFRESH_TOKEN_VALIDITY = integer

Specifies the default lifetime of the OAuth refresh token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.

Listing parameters¶

TARGET_ACCOUNTS = 'account_list'

Specifies a single-quoted string of target accounts, separated by commas, with no spaces. Each account must be specified in the format OrgName.AccountName; for example: 'ProviderOrg.ProviderAccount,PartnerOrg.PartnerAccount'. When the specification is approved, these accounts are added to the listing. When declined, all accounts are removed from the listing.

LISTING = listing_name

Specifies the identifier of the external listing created by the app. The listing must already exist and must have been created by the app with a share attached. After the listing is set in an app specification, the listing name cannot be changed.

AUTO_FULFILLMENT_REFRESH_SCHEDULE = 'schedule'

Optional. Specifies the refresh schedule for cross-region data sharing. This parameter is required when sharing data across regions. The value can be specified in two formats:

• num MINUTE: Number of minutes, with a minimum of 10 minutes and a maximum of 11,520 minutes (eight days).

• USING CRON expression time_zone: Cron expression with time zone for the refresh.

Usage notes¶

• To use this command, providers must ensure that the manifest file of the app uses manifest_version = 2.

Examples¶

Create an app specification for external access:

ALTER APPLICATION SET SPECIFICATION eai_spec
  TYPE = EXTERNAL_ACCESS
  LABEL = 'External API Access'
  DESCRIPTION = 'Connect to external weather API'
  HOST_PORTS = ('api.weather.com:443', 'api.openweather.org:443');

Create an app specification for OAuth security integration:

ALTER APPLICATION SET SPECIFICATION oauth_spec
  TYPE = SECURITY_INTEGRATION
  LABEL = 'OAuth Integration'
  DESCRIPTION = 'Connect to Microsoft Graph API'
  OAUTH_TYPE = 'CLIENT_CREDENTIALS'
  OAUTH_TOKEN_ENDPOINT = 'https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token'
  OAUTH_ALLOWED_SCOPES = ('https://graph.microsoft.com/.default');

Create an app specification for data sharing through a listing:

ALTER APPLICATION SET SPECIFICATION shareback_spec
  TYPE = LISTING
  LABEL = 'Telemetry Data Sharing'
  DESCRIPTION = 'Share telemetry and usage data with provider'
  TARGET_ACCOUNTS = 'ProviderOrg.ProviderAccount,PartnerOrg.PartnerAccount'
  LISTING = telemetry_listing
  AUTO_FULFILLMENT_REFRESH_SCHEDULE = '720 MINUTE';