Certificate Managementlink

REST API supports the following certificate management actions:

Approve a certificate
Approve a fingerprint

Approve a certificatelink

Approves a certificate for a connector, so Fivetran trusts this certificate for a source database. The connector setup tests will fail if a non-approved certificate is provided.

Requestlink

POST api.fivetran.com/v1/certificates

{
    "connector_id": "projected_sickle",
    "hash": "r+u4QL4MGvZe...",
    "encoded_cert": "MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxGzAZBgNVBAMMEkFtYXpvbiBSRF..."
}

Payload parameters

Name	Description
`connector_id` (required)	The unique identifier for the connector.
`hash` (required)	Hash of the certificate. See how to get `hash` value in the Get certificate details section.
`encoded_cert` (required)	The certificate encoded in base64. See how to get `encoded_cert` value in the Get certificate details section.

Responselink

HTTP 200 Success

{
    "code": "Success",
    "message": "The certificate has been trusted"
}

Get certificate detailslink

To get the certificate details, retain the default when you create a database connector with the Fivetran REST API. (Do not set "trust_certficates": true when you create a database connector with API)

The setup test verifying the certificate will fail with a message that includes the hash and encoded_cert parameters you need:

{
    "code": "Success",
    "message": "Connector has been created",
    "data": {
        ...,

        "setup_tests": [
            {
                "title": "SSH Tunnel Connection",
                "status": "SKIPPED",
                "message": ""
            },
            {
                "title": "Host Connection",
                "status": "PASSED",
                "message": ""
            },
            {
                "title": "Validate Certificate",
                "status": "FAILED",
                "message": "No trust anchors for this connection",
                "details": [
                    {
                        "hash": "r+u4QL4MGvZeY+DL15zONWVL...",
                        "name": "CN=Amazon RDS Root CA, OU=Amazon RDS, O=\"Amazon Web Services, Inc.\", L=Seattle, ST=Washington, C=US",
                        "public_key": "Sun RSA public key, 2048 bits\n  modulus: 2325899...\n  public exponent: 65537",
                        "encoded_cert": "MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMA...",
                        "sha1": "e8118856e7a7ce3...",
                        "sha256": "afebb840be0c1af65e63e0cbd79c..."
                    }
                ]
            }
        ],

        ...
    }
}

After you get the failed test message, note the values of hash and encoded_cert.

Send a POST request to the Fivetran API certificates endpoint with the hash and encoded_cert you just learned.

Approve a fingerprintlink

Approves a fingerprint, so Fivetran trusts this fingerprint for a source database, and the connector can connect to the source through an SSH tunnel. The connector setup tests will fail if a non-approved fingerprint is provided.

Requestlink

POST api.fivetran.com/v1/fingerprints

{
    "connector_id": "projected_sickle",
    "hash": "eUtPirI6yy...",
    "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6 ... fivetran user key"
}

Payload parameters

Name	Description
`connector_id` (required)	The unique identifier for the connector.
`hash` (required)	Hash of the fingerprint. See how to get `hash` value in the Get fingerprint details section.
`public_key` (required)	The SSH public key. See how to get `public_key` value in the Get fingerprint details section.

Responselink

HTTP 200 Success

{
    "code": "Success",
    "message": "The fingerprint has been trusted"
}

Get fingerprint detailslink

To get the fingerprint details, retain the default when you create a database connector with the Fivetran REST API. (Do not set "trust_fingerprints": true when you create a database connector with API)

The setup test verifying the fingerprint will fail with a message that includes the hash and public_key parameters you need:

{
    "code": "Success",
    "message": "Connector has been created",
    "data": {
        ...,

        "setup_tests": [
            {
                "title": "SSH Tunnel Connection",
                "status": "FAILED",
                "message": "The ssh key might have changed",
                "details": {
                    "hash": "eUtPirI6yy...",
                    "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6 ... fivetran user key",
                    "type": "ssh-rsa",
                    "name": "fivetran user key"
                }
            },
            {
                "title": "Host Connection",
                "status": "PASSED",
                "message": ""
            },
            {
                "title": "Validate Certificate",
                "status": "SKIPPED",
                "message": ""
            }
        ],

        ...
    }
}

After you get the failed test message, note the values of hash and public_key.

Send a POST request to the Fivetran API fingerprints endpoint with the hash and public_key you just learned.

Documentation

Certificate Managementlink

Approve a certificatelink

Requestlink

Payload parameters

Responselink

Get certificate detailslink

Approve a fingerprintlink

Requestlink

Payload parameters

Responselink

Get fingerprint detailslink