Skip to main content
Documentation
Troubleshooting
Feature Requests Status

Certificate Management

Edit on GitHub
  • Updated
Fivetran System User Fivetranner

REST API supports the following certificate management actions:

Approve a connector certificatelink

Approves a certificate for a connector, so Fivetran trusts this certificate for a source database. The connector setup tests will fail if a non-approved certificate is provided.

Requestlink

POST https://api.fivetran.com/v1/certificates

{
    "connector_id": "projected_sickle",
    "hash": "r+u4QL4MGvZe...",
    "encoded_cert": "MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxGzAZBgNVBAMMEkFtYXpvbiBSRF..."
}

Payload parameters

Name Description
connector_id (required) The unique identifier for the connector.
hash (required) Hash of the certificate. See how to get hash value in the Get connector certificate details section.
encoded_cert (required) The certificate encoded in base64. See how to get encoded_cert value in the Get connector certificate details section.

Responselink

HTTP 200 Success

{
    "code": "Success",
    "message": "The certificate has been approved"
}

Get connector certificate detailslink

To get the certificate details, retain the default when you create a database connector with the Fivetran REST API.

NOTE: Do not set "trust_certficates": true when you create a database connector with API.

The setup test verifying the certificate will fail with a message that includes the hash and encoded_cert parameters you need:

{
    "code": "Success",
    "message": "Connector has been created",
    "data": {
        ...,

        "setup_tests": [
            ...,
            {
                "title": "Validate Certificate",
                "status": "FAILED",
                "message": "No trust anchors for this connection",
                "details": [
                    {
                        "hash": "r+u4QL4MGvZeY+DL15zONWVL...",
                        "name": "CN=Amazon RDS Root CA, OU=Amazon RDS, O=\"Amazon Web Services, Inc.\", L=Seattle, ST=Washington, C=US",
                        "public_key": "Sun RSA public key, 2048 bits\n  modulus: 2325899...\n  public exponent: 65537",
                        "encoded_cert": "MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMA...",
                        "sha1": "e8118856e7a7ce3...",
                        "sha256": "afebb840be0c1af65e63e0cbd79c..."
                    }
                ]
            }
        ],

        ...
    }
}

After you get the failed test message, note the values of hash and encoded_cert.

Send a POST request to the Fivetran API certificates endpoint with the hash and encoded_cert you just learned.

Approve a connector fingerprintlink

Approves a fingerprint, so Fivetran trusts this fingerprint for a source database, and the connector can connect to the source through an SSH tunnel. The connector setup tests will fail if a non-approved fingerprint is provided.

Requestlink

POST https://api.fivetran.com/v1/fingerprints

{
    "connector_id": "projected_sickle",
    "hash": "eUtPirI6yy...",
    "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6 ... fivetran user key"
}

Payload parameters

Name Description
connector_id (required) The unique identifier for the connector.
hash (required) Hash of the fingerprint. See how to get hash value in the Get connector fingerprint details section.
public_key (required) The SSH public key. See how to get public_key value in the Get connector fingerprint details section.

Responselink

HTTP 200 Success

{
    "code": "Success",
    "message": "The fingerprint has been approved"
}

Get connector fingerprint detailslink

To get the fingerprint details, retain the default when you create a database connector with the Fivetran REST API.

NOTE: Do not set "trust_fingerprints": true when you create a database connector with API.

The setup test verifying the fingerprint will fail with a message that includes the hash and public_key parameters you need:

{
    "code": "Success",
    "message": "Connector has been created",
    "data": {
        ...,
        "setup_tests": [
            {
                "title": "SSH Tunnel Connection",
                "status": "FAILED",
                "message": "The ssh key might have changed",
                "details": {
                    "hash": "eUtPirI6yy...",
                    "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6 ... fivetran user key",
                    "type": "ssh-rsa",
                    "name": "fivetran user key"
                }
            }
        ],

        ...
    }
}

After you get the failed test message, note the values of hash and public_key.

Send a POST request to the Fivetran API fingerprints endpoint with the hash and public_key you just learned.

Approve a destination certificatelink

Approves a certificate for a destination, so Fivetran trusts this certificate for a destination database. The destination setup tests will fail if a non-approved certificate is provided.

Requestlink

POST https://api.fivetran.com/v1/certificates

{
    "destination_id": "ambitious_rock",
    "hash": "r+u4QL4MGvZe...",
    "encoded_cert": "MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxGzAZBgNVBAMMEkFtYXpvbiBSRF..."
}

Payload parameters

Name Description
destination_id (required) The unique identifier for the destination.
hash (required) Hash of the certificate. See how to get hash value in the Get destination certificate details section.
encoded_cert (required) The certificate encoded in base64. See how to get encoded_cert value in the Get destination certificate details section.

Responselink

HTTP 200 Success

{
    "code": "Success",
    "message": "The certificate has been approved"
}

Get destination certificate detailslink

To get the certificate details, retain the default when you create a destination with the Fivetran REST API.

NOTE: Do not set "trust_certficates": true when you create a destination with API.

The setup test verifying the certificate will fail with a message that includes the hash and encoded_cert parameters you need:

{
    "code": "Success",
    "message": "Destination has been created",
    "data": {
        ...,

        "setup_tests": [
            ...,
            {
                "title": "Validate Certificate",
                "status": "FAILED",
                "message": "No trust anchors for this connection",
                "details": [
                    {
                        "hash": "r+u4QL4MGvZeY+DL15zONWVL...",
                        "name": "CN=Amazon RDS Root CA, OU=Amazon RDS, O=\"Amazon Web Services, Inc.\", L=Seattle, ST=Washington, C=US",
                        "public_key": "Sun RSA public key, 2048 bits\n  modulus: 2325899...\n  public exponent: 65537",
                        "encoded_cert": "MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMA...",
                        "sha1": "e8118856e7a7ce3...",
                        "sha256": "afebb840be0c1af65e63e0cbd79c..."
                    }
                ]
            }
        ],

        ...
    }
}

After you get the failed test message, note the values of hash and encoded_cert.

Send a POST request to the Fivetran API certificates endpoint with the hash and encoded_cert you just learned.

Approve a destination fingerprintlink

Approves a fingerprint, so Fivetran trusts this fingerprint for a destination database, and connectors can connect to the destination through an SSH tunnel. The destination setup tests will fail if a non-approved fingerprint is provided.

Requestlink

POST https://api.fivetran.com/v1/fingerprints

{
    "destination_id": "ambitious_rock",
    "hash": "eUtPirI6yy...",
    "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6 ... fivetran user key"
}

Payload parameters

Name Description
destination_id (required) The unique identifier for the destination.
hash (required) Hash of the fingerprint. See how to get hash value in the Get destination fingerprint details section.
public_key (required) The SSH public key. See how to get public_key value in the Get destination fingerprint details section.

Responselink

HTTP 200 Success

{
    "code": "Success",
    "message": "The fingerprint has been approved"
}

Get destination fingerprint detailslink

To get the fingerprint details, retain the default when you create a destination with the Fivetran REST API.

NOTE: Do not set "trust_fingerprints": true when you create a destination with API.

The setup test verifying the fingerprint will fail with a message that includes the hash and public_key parameters you need:

{
    "code": "Success",
    "message": "Destination has been created",
    "data": {
        ...,
        "setup_tests": [
            {
                "title": "SSH Tunnel Connection",
                "status": "FAILED",
                "message": "The ssh key might have changed",
                "details": {
                    "hash": "eUtPirI6yy...",
                    "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6 ... fivetran user key",
                    "type": "ssh-rsa",
                    "name": "fivetran user key"
                }
            }
        ],

        ...
    }
}

After you get the failed test message, note the values of hash and public_key.

Send a POST request to the Fivetran API fingerprints endpoint with the hash and public_key you just learned.

Related articles

Didn’t find what you need?

Contact support