Getting Started
Scoped API Key
The Scoped API key and secret you create as a Fivetran user allow you to use our REST API. The key and secret pair is linked to you and is scoped to your RBAC permissions. You cannot create service account keys.
Prerequisites
To use this feature, you need an active Fivetran account on a Free, Standard, Enterprise, or Business Critical plan.
Instructions
Creating a new API key and secret disables the previous API key.
Click your user name in your Fivetran dashboard.
Click API Key.
Click Generate API key.
If you already have an API key, then the button text is Generate new API key.
Make a note of the key and secret as they won't be displayed once you close the page or navigate away. You will need these to access your Fivetran account using our API.
Scoped API Key FAQs
Read answers to frequently asked questions about our scoped API keys.
Expand for details
What happens when I delete a user?
The scoped API key is deleted and cannot be used anymore.
How do I revoke a Fivetran API key?
To revoke a key, delete the user.
How do I rotate a key without taking down my application?
You must have two valid Fivetran API keys. You may need to create another Fivetran user and assign the same RBAC permissions as the user whose key you want to rotate. Once you have two Fivetran API keys with the same permissions, do the following:
- In your application, switch from the original key you want to rotate to another user’s key.
- In Fivetran, rotate the original key:
- In your dashboard, click your username.
- Click API Key.
- Click Generate API key.
- Click Generate.
- Make a note of the new secret and store it in your relevant key management system.
- Switch back to using the original key.
System API Key
System Keys are meant to replace user-oriented, scoped API keys. Instead of relying on RBAC to scope permissions, you set permission at the key level and manage them centrally. This solves for key pain points in securely managing keys, allowing you to understand usage, rotation, and other key information.
See our System Keys documentation for more details.
Authentication
Fivetran REST API uses API Key authentication. For each request to the API, provide an Authorization HTTP header with the following value: Basic {api_key}:{api_secret}. Basic authentication requires the key and secret to be base64-encoded. You can utilize the -u flag for curl:
curl -u api_key:api_secret "https://example.com"
or you can encode to base64 by running one of following commands in CLI (depending on your environment):
- On Linux/macOS:
echo -n '<API Key>:<Secret Key>' | base64 - On Linux/macOS (using OpenSSL):
echo -n '<API Key>:<Secret Key>' | openssl base64 - On Windows (Command Prompt with OpenSSL installed):
echo "<API Key>:<Secret Key>" | openssl base64 - On Windows (PowerShell):
[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("<API Key>:<Secret Key>"))
For example, for API key d9c4511349dd4b86 and API secret 1f6f2d161365888a1943160ccdb8d968, encode d9c4511349dd4b86:1f6f2d161365888a1943160ccdb8d968 to base64 (ZDljNDUxMTM0OWRkNGI4NjoxZjZmMmQxNjEzNjU4ODhhMTk0MzE2MGNjZGI4ZDk2OA==) and use the following Authorization HTTP header value:
Basic ZDljNDUxMTM0OWRkNGI4NjoxZjZmMmQxNjEzNjU4ODhhMTk0MzE2MGNjZGI4ZDk2OA==
The API key is unique for the account and Account Administrator user pair. Different Account Administrators have different API keys.
API secret regeneration
When you regenerate your API secret, your previous API secret will stop working immediately. Make sure that won't affect your system before you generate a new secret.
To generate a new API secret, click Generate new secret.
This action will instantly replace your API secret key with a new one.
Request content type
Fivetran Public API only accepts requests with the Content-Type: application/json header explicitly specified in them. Make sure you have this header specified in the request when sending the POST and PATCH requests.
Response
Every response has the following format:
{
"code": "Success",
"message": "User has been invited to the account",
"data": {
"id": "cardiac_contemplation",
"email": "test.user@mycompany.com",
"given_name": "Test",
"family_name": "User",
"verified": false,
"invited": true,
"picture": "https://mycompany.com/avatars/test_user.png",
"phone": "test_phone",
"logged_in_at": null,
"created_at": "2019-01-20T16:00:09.097014Z"
}
}
The timestamp format is specified as "yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'".
Fields
| Name | Description |
|---|---|
code | Response status code |
message | Response status text |
data | Response data |
Common terms
| Term | Description |
|---|---|
| source | The application, database, storage or event service that creates the data that you are using Fivetran to access in your destination. |
| connection | The pipeline that you create every time you create a new Fivetran connection from your source to your destination. |
| connector type | The type of connector that you're creating based on the source. For example, Salesforce is a connector type. |
| group | Your Fivetran account can have multiple destinations associated with it and we call those groups. Users and connections can be provisioned within these groups. |
Troubleshooting
We respond with standard codes for errors that occur during request processing.
Connectors supported by API and their authorization methods
The following table lists the connectors supported by Fivetran's REST API as well as supported authorization methods. You can use the following authorization methods:
- Connect Card
- various authorization methods using the API:
- by defining the
authsection in the API request - by providing the credentials using the
loginandpasswordfields in the API request - by providing the credentials using the
tokenfield and related field(s) in the API request - by providing the credentials using the
keyfield and related field(s) in the API request
- by defining the
If you'd like Fivetran's REST API to support a connector that's not listed here, submit your request in our Support Portal.