Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
After connecting to your data source, set DataModel to more closely match the data representation to the structure of your data.
Below are example connection strings to XML files or streams, using the provider's default data modeling configuration (see below):
The DataModel property is the controlling property over how your data is represented into tables and toggles the following basic configurations.
Document (default): Model a top-level, document view of your XML data. The provider returns nested elements as aggregated XML.
FlattenedDocuments: Detect nested documents and implicitly join them into a single table.
Relational: Return individual, related tables from hierarchical data. The tables contain a primary key and a foreign key that links to the parent document.
Service provider
URI formats
Connection example
Local
localPath
file:///localPath/file.xml
URI=C:\folder1\file.xml;
HTTP or HTTPS
http://remoteStream
https://remoteStream
URI=http://www.host1.com/streamname1;
Amazon S3
s3://bucket1/folder1/file.xml
URI=s3://bucket1/folder1/file.xml; AWSAccessKey=token1; AWSSecretKey=secret1; AWSRegion=OHIO;
Azure Blob Storage
azureblob://mycontainer/myblob/
URI=azureblob://mycontainer/myblob; AzureAccount=myAccount; AzureAccessKey=myKey;
Google Drive
gdrive://remotePath/file.xml
URI=gdrive://folder1/file.xml;InitiateOAuth=GETANDREFRESH;
Box
box://remotePath/file.xml
URI=box://folder1/file.xml; InitiateOAuth=GETANDREFRESH;
Dropbox
dropbox://remotePath/file.xml
URI=dropbox://folder1/file.xml; InitiateOAuth=GETANDREFRESH; OAuthClientId=oauthclientid1; OAuthClientSecret=oauthcliensecret1; CallbackUrl=http://localhost:12345;
Sharepoint
sp://remotePath/file.xml
URI=sp://Documents/folder1/file.xml; User=user1; Password=password1; SharepointUrl=https://subdomain.sharepoint.com;
FTP or FTPS
ftp://server:port/remotePath/file.xml
ftps://server:port/remotepath/file.xml
URI=ftps://localhost:990/folder1/file.xml; User=user1; Password=password1;
AzureDataLakeStoreGen2
abfs://myfilesystem/remotePath/file.xml
abfss://myfilesystem@accountName.dfs.core.windows.net/remotepath/file.xml
URI=abfs://myfilesystem/folder1/file.xml; AzureAccount=myAccount; AzureAccessKey=myKey;
URI=abfss://myfilesystem@myAccount.dfs.core.windows.net/folder1/file.xml; AzureAccessKey=myKey;
AzureDataLakeStoreGen2 with SSL
abfss://myfilesystem/remotePath/file.xml
abfs://myfilesystem@accountName.dfs.core.windows.net/remotepath/file.xml
URI=abfss://myfilesystem/folder1/file.xml; AzureAccount=myAccount; AzureAccessKey=myKey;
URI=abfss://myfilesystem@myAccount.dfs.core.windows.net/folder1/file.xml; AzureAccessKey=myKey;
Wasabi
wasabi://bucket/remotePath/file.xml
URI=wasabi://bucket/folder1/file.xml; AWSAccessKey=token1; AWSSecretKey=secret1; AWSRegion=NorthenVirginia;
AuthScheme: Set this to AzureAD.
If you are running Dataverse on an Azure VM, you can leverage Managed Service Identity (MSI) credentials to connect:
AuthScheme: Set this to AzureMSI.
The MSI credentials will then be automatically obtained for authentication.
Dataverse supports schema values of 'System' and 'Entities' and can be set using the Schema property.
Using 'System' for Schema property uses the Web API to query entities/tables.
Using 'Entities' for Schema property uses the EntityDefinitions entity set path and retrieves information about EntityMetadata EntityType entities/tables. This will often result in more user friendly names, though requires extra metadata requests.
The connector for the LDAP supports connecting to LDAP server objects. To connect, set the required properties.
Server: The domain name or IP of the LDAP server.
Port: The port setting defaults to port=389. Specifying the port to a different setting is optional.
BaseDN: This property is used for limiting results to specific subtrees. Specifying a narrow BaseDN (Base Distinguished Name) may greatly increase performance. For example, a value of cn=users,dc=domain only returns results contained within cn=users and its children.
Optional properties can be used to further refine control of the returned results.
FollowReferrals: This property follows referrals when TRUE. The returned response then becomes read only. To modify data returned by a referral server, open a new connection to the server by specifying server and port.
Scope: This property enables more control over the search depth of the LDAP tree, starting with BaseDN. Limiting the Scope can greatly improve search performance. Set the Scope to one of the following values:
WholeSubtree: Limit the scope of the search to the BaseDN and all of its descendants.
SingleLevel: Limit the scope of the search to the BaseDN and its direct descendants.
BaseObject: Limit the scope of the search to the base object only.
LDAPVersion: The LDAP version used to connect to and communicate with the server. Set this property to 2.
To authenticate requests, set the User and Password properties to valid LDAP credentials. For example: set User to Domain\\BobF or cn=Bob F,ou=Employees,dc=Domain.
The AuthMechanism properties for the provider are as follows:
SIMPLE: The default plaintext value of the authentication mechanism to login to the server.
DIGESTMD5: Authenticates to the LDAP server using DIGESTMD5 authentication.
NEGOTIATE: Negotiates whether to use NTLN or Kerberos when authenticating to the server.
By default, the driver uses plaintext when communicating with the server set to port=389. The driver automatically switches to use SSL when talking to the LDAP on port=636. You can force the connection to use the SSL connection property when set to SSL=TRUE.
The Provider for RSS supports connecting to RSS and Atom feeds, as well as feeds with custom extensions. To connect to a feed, set the URI property. The provider also supports accessing secure feeds. A variety of authentication mechanisms are supported. See the connection properties for details.
To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\BobF" or "cn=Bob F,ou=Employees,dc=Domain").
The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism.
By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.
To specify another certificate, set the SSLServerCert property for the available formats to do so.
Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following:
FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port.
LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2.
UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials.
The following properties control the scope of data returned:
BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. Note: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children.
Scope: This property enables more granular control over the data to return from a subtree.
Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.
Set the following to connect:
URL: Specify the URL of the GraphQL service, for example https://api.example.com/graphql.
Location: Set this to the file path containing any custom defined schemas for the GraphQL service.
The driver supports the following types of authentication:
Basic
OAuth 1.0 & 2.0
OAuthPKCE
AWS Cognito Credentials:
AwsCognitoSrp
AwsCognitoBasic
Set AuthScheme to Basic. You must specify the User and Password of the GraphQL service.
In all OAuth flows, you must set AuthScheme to OAuth and OAuthVersion to 1.0 or 2.0. The following sections assume you have done so.
Desktop Applications
After setting the following connection properties, you are ready to connect:
OAuthRequestTokenURL: Required for OAuth 1.0. This is the URL where the application makes a request for the request token.
OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
OAuthClientId: Set this to the client Id in your application settings. This is also called the consumer key.
OAuthClientSecret: Set this to the client secret in your application settings. This is also called the consumer secret.
CallbackURL: Set this to http://localhost:33333. If you specified a redirect URL in your application settings, this must match.
InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the access token in the connection string.
When you connect, the provider opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:
Extracts the access token from the callback URL and authenticates requests.
Refreshes the access token when it expires.
Saves OAuth values in OAuthSettingsLocation. These values persist across connections.
Web Applications
When connecting via a Web application, or if the provider is not authorized to open a browser window, use the provided stored procedures to get and manage the OAuth token values.
Note: You can extend the stored procedure schemas to set defaults for the OAuth URLs or other connection string properties.
Set Up the OAuth Flow
Provide the OAuth URLs to authenticate in the Web flow.
OAuthRequestTokenURL: Required for OAuth 1.0. This is the URL where the application makes a request for the request token.
OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
Get an Access Token
In addition to the OAuth URLs, set the following additional connection properties to obtain the OAuthAccessToken:
OAuthClientId: Set this to the client Id in your application settings.
OAuthClientSecret: Set this to the client secret in your application settings.
You can then call stored procedures to complete the OAuth exchange:
Call the GetOAuthAuthorizationURL stored procedure. Set the AuthMode input to WEB and set the CallbackURL input to the Redirect URI you specified in your application settings. The stored procedure returns the URL to the OAuth endpoint.
Log in and authorize the application. You are redirected back to the callback URL.
Call the GetOAuthAccessToken stored procedure. Set the AuthMode input to WEB.
In OAuth 1.0, set the Verifier input to the "oauth_verifier" parameter. Extract the verifier code from the callback URL. Additionally, set the AuthToken and AuthSecret to the values returned by GetOAuthAccessToken.
In OAuth 2.0, set the Verifier input to the "code" parameter in the query string of the callback URL.
Connect to Data and Refresh the Token
The OAuthAccessToken returned by GetOAuthAccessToken has a limited lifetime. To automatically refresh the token, set the following on the first data connection.
OAuth Endpoints
OAuthRequestTokenURL
OAuthAuthorizationURL
OAuthAccessTokenURL
OAuthRefreshTokenURL
OAuth Tokens and Keys
OAuthClientId
OAuthClientSecret
OAuthRefreshToken
OAuthAccessToken
Alternatively, use the RefreshOAuthAccessToken stored procedure to manually refresh the token.
Initiate OAuth
InitiateOAuth: Set this to REFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
OAuthSettingsLocation: Set this to the location where the provider saves the OAuth values. These values persist across connections.
On subsequent data connections, set the following:
InitiateOAuth
OAuthSettingsLocation
OAuthRequestTokenURL
OAuthAuthorizationURL
OAuthAccessTokenURL
OAuthRefreshTokenURL
Headless Machines
To create GraphQL data sources on headless servers or other machines on which the provider cannot open a browser, you need to authenticate from another machine. Authentication is a two-step process.
Choose one of two options:
Option 1: Obtain the OAuthVerifier value as described in "Obtain and Exchange a Verifier Code" below.
Option 2: Install the provider on a machine with an internet browser and transfer the OAuth authentication values after you authenticate through the usual browser-based flow, as described in "Transfer OAuth Settings" below.
Then configure the provider to automatically refresh the access token on the headless machine.
Option 1: Obtain and Exchange a Verifier Code
Set the following properties on the headless machine:
InitiateOAuth: Set this to OFF.
OAuthClientId: Set this to the application Id in your application settings.
OAuthClientSecret: Set this to the application secret in your application settings.
You can then follow the steps below to authenticate from another machine and obtain the OAuthVerifier connection property.
Call the GetOAuthAuthorizationURL stored procedure with the CallbackURL input parameter set to the exact Redirect URI you specified in your application settings.
Save the value of the returned AuthToken and AuthKey if OAuthVersion is set to 1.0. They are used in the next step.
Open the returned URL in a browser. Log in and grant permissions to the provider. You are then redirected to the callback URL, which contains the verifier code.
Save the value of the verifier code. Later, you must set this in the OAuthVerifier connection property.
On the headless machine, set the following connection properties to obtain the OAuth authentication values:
OAuthRequestTokenURL: Required for OAuth 1.0. In OAuth 1.0 this is the URL where the application makes a request for the request token.
OAuthAuthorizationURL: Required for OAuth 1.0 and 2.0. This is the URL where the user logs into the service and grants permissions to the application. In OAuth 1.0 if permissions are granted the request token is authorized.
OAuthAccessTokenURL: Required for OAuth 1.0 and 2.0. This is the URL where the request for the access token is made. In OAuth 1.0 the authorized request token is exchanged for the access token.
OAuthRefreshTokenURL: Required for OAuth 2.0. In OAuth 2.0 this is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
OAuthClientId: Set this to the client Id in your application settings.
OAuthClientSecret: Set this to the client secret in your application settings.
CallbackURL: Set this to http://localhost:33333. If you specified a redirect URL in your application settings, this must match.
InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the access token in the connection string.
Connect to Data
After the OAuth settings file is generated, set the following properties to connect to data:
OAuthSettingsLocation: Set this to the location containing the encrypted OAuth authentication values. Make sure this location gives read and write permissions to the provider to enable the automatic refreshing of the access token.
InitiateOAuth: Set this to REFRESH.
Option 2: Transfer OAuth Settings
Follow the steps below to install the provider on another machine, authenticate, and then transfer the resulting OAuth values.
On a second machine, install the provider and connect with the following properties set:
OAuthSettingsLocation: Set this to a writable location.
InitiateOAuth: Set this to GETANDREFRESH.
OAuthClientId: Set this to the Client Id in your application settings.
OAuthClientSecret: Set this to the Client Secret in your application settings.
CallbackURL: Set this to the Callback URL in your application settings.
Test the connection to authenticate. The resulting authentication values are written, encrypted, to the location specified by OAuthSettingsLocation. After you have successfully tested the connection, copy the OAuth settings file to your headless machine. On the headless machine, set the following connection properties to connect to data:
InitiateOAuth: Set this to REFRESH.
OAuthSettingsLocation: Set this to the location of your OAuth settings file. Make sure this location gives read and write permissions to the provider to enable the automatic refreshing of the access token.
NOTE:OAuth Proof Key for Code Exchange (PKCE) is an extension to the OAuth 2.0 Authorization Code flow.
Desktop Applications
After setting the following, you are ready to connect:
AuthScheme: Set this to OAuthPKCE.
InitiateOAuth: Set this to GETANDREFRESH to avoid making the OAuth exchange manually and manually setting the access token in the connection string.
OAuthClientId: Set this to the client Id generated when creating your OAuth application on the GraphQL service.
OAuthAuthorizationURL: Set this to the authorization URL for the GraphQL service. This is the URL where the user logs into the service and grants permissions to the OAuth application, for example https://api.example.com/authorize.
OAuthAccessTokenURL: Set this to the access token URL for the GraphQL service. This is the URL where the request for the access token is made, for example https://api.example.com/token.
OAuthRefreshTokenURL: Set this to the refresh token URL for the GraphQL service. This is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the OAuthAccessTokenURL.
When you connect, the provider opens the OAuth authorization endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:
Extracts the authorization code from the callback URL.
Exchanges the authorization code for an access and refresh token.
Refreshes the access token when it expires.
Saves OAuth values in OAuthSettingsLocation. These values persist across connections.
Web Applications
When connecting via a Web application, or if the provider is not authorized to open a browser window, use the provided stored procedures to get and manage the OAuth token values.
Set Up the OAuth Flow
Provide the OAuth URLs to authenticate in the Web flow:
OAuthAuthorizationURL: This is the URL where the user logs into the service and grants permissions to the OAuth application.
OAuthAccessTokenURL:This is the URL where the request for the access token is made.
OAuthRefreshTokenURL: This is the URL where the refresh token is exchanged for a new access token when the old one expires. Note that for your data source this may be the same as the access token URL.
Get an Access Token
In addition to the OAuth URLs, set OAuthClientId to the client Id in your application settings to obtain the OAuthAccessToken.
You can then call stored procedures to complete the OAuth exchange:
Log in and authorize the application. You are redirected back to the callback URL.
Set the AuthMode input to WEB.
Set the Verifier input to the value of the "code" parameter in the query string of the callback URL.
Connect to Data and Refresh the Token
OAuth Endpoints
OAuthAuthorizationURL
OAuthAccessTokenURL
OAuthRefreshTokenURL
OAuth Tokens and Keys
OAuthClientId
OAuthRefreshToken
OAuthAccessToken
Initiate OAuth
InitiateOAuth: Set this to REFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
OAuthSettingsLocation: Set this to the location where the provider saves the OAuth values. These values persist across connections.
On subsequent data connections, set the following:
InitiateOAuth
OAuthSettingsLocation
OAuthAuthorizationURL
OAuthAccessTokenURL
OAuthRefreshTokenURL
If you want to use the provider with a user registered in a User Pool in AWS Cognito, set the following properties to authenticate:
AuthScheme: Set this to AwsCognitoSrp (recommended). You can also use AwsCognitoBasic.
AWSCognitoRegion: Set this to the region of the User Pool.
AWSUserPoolId: Set this to the User Pool Id.
AWSUserPoolClientAppId: Set this to the User Pool Client App Id.
AWSUserPoolClientAppSecret: Set this to the User Pool Client Secret.
AWSIdentityPoolId: Set this to the Identity Pool Id of the Identity Pool that is linked with the User Pool.
User: Set this to the username of the user registered in the User Pool.
Password: Set this to the password of the user registered in the User Pool.
To connect with the provider's data modeling defaults, set the URI of the XML resource and authenticate. This section provides connection and authentication guides for the available XML data sources. See Connecting to XML Data Sources to control the data representation.
Here is an overview of the authentication properties corresponding to each data source:
Set the URI to an XML file. Below is an example connection string:
Set the URI to the HTTP or HTTPS URL of the XML resource you want to access as a table. Set AuthScheme to use the following authentication types. The provider also supports OAuth authentication; see Using OAuth for more information.
HTTP:To use HTTP Basic or Digest, set the User and Password and set the corresponding AuthScheme. Set CustomHeaders if you need access to the request headers. Set CustomUrlParams to modify the URL query string.
Windows (NTLM): Set the Windows User and Password to connect and set AuthScheme to "NTLM".
Kerberos and Kerberos Delegation: To authenticate with Kerberos, set the User and Password and set AuthScheme to NEGOTIATE. To use Kerberos Delegation, set AuthScheme to KERBEROSDELEGATION.
For example:
Set the URI to an XML document in a bucket. Additionally, set the following properties to authenticate:
AWSAccessKey: Set to an Amazon Web Services Access Key (a user name).
AWSSecretKey: Set to an Amazon Web Services Secret Key.
For example:
Optionally, specify AWSRegion.
Set the URI to the bucket and folder. Additionally, set the following properties to authenticate:
AWSAccessKey: Set this to an Wasabi Access Key (a username)
AWSSecretKey: Set this to an Wasabi Secret Key.
For example:
Optionally, specify AWSRegion in addition.
Set the URI to the name of your container and the name of the blob. Additionally, set the following properties to authenticate:
AzureAccount: Set this to the account associated with the Azure blob.
AzureAccessKey: Set the to the access key associated with the Azure blob.
For example:
Set the URI to the path to an XML file and authenticate using the OAuth standard. See Connecting to Google Drive for an authentication guide. You can connect with a user account or a service account. In the user account flow, you do not need to set any connection properties for your user credentials, as shown in the following connection string:
Set the URI to the path to an XML file and authenticate using the OAuth standard. See Connecting to Box for an authentication guide. You can authenticate with a user account or a service account. In the user account flow, you do not need to set any connection properties for your user credentials, as shown in the following connection string:
Set the URI to the path to an XML file and authenticate using the OAuth standard. You can authenticate with a user account or a service account. In the user account flow, you do not need to set any connection properties for your user credentials, as shown in the following connection string:
Set the URI to a document library containing XML files. To authenticate, set User and Password and SharepointUrl.
Set the URI to the address of the server followed by the path to an XML file. To authenticate, set User and Password.
By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.
Below is the raw data used throughout this chapter. The data includes entries for people, the cars they own, and various maintenance services performed on those cars:
The Provider for REST allows connecting to local and remote XML/JSON resources. Set the URI property to the XML/JSON resource location, in addition to any other properties necessary to connect to your data source.
Set the URI to a folder containing XML/JSON files.
Below is an example connection string:
Set the URI to the HTTP or HTTPS URL of the XML/JSON resource you want to access as a table. Set AuthScheme to use the following authentication types. The provider also supports OAuth authentication;
HTTP:To use HTTP Basic or Digest, set the User and Password and set the corresponding AuthScheme. Set CustomHeaders if you need access to the request headers. Set CustomUrlParams to modify the URL query string.
Windows (NTLM): Set the Windows User and Password to connect and set AuthScheme to "NTLM".
Kerberos and Kerberos Delegation: To authenticate with Kerberos, set the User and Password and set AuthScheme to NEGOTIATE. To use Kerberos Delegation, set AuthScheme to KERBEROSDELEGATION.
For example:
Set the URI to an XML/JSON document in a bucket. Additionally, set the following properties to authenticate:
AWSAccessKey: Set this to an Amazon Web Services Access Key (a username).
AWSSecretKey: Set this to an Amazon Web Services Secret Key.
For example:
Optionally, specify AWSRegion in addition.
Note: It is also possible to connect to S3-compatible services by specifying its base Url. For example, if the Url conn prp is set to http://s3.%region%.myservice.com and Region is region-1, then we will generate request URLs like https://s3.region-1.myservice.com/bucket/... (or like https://bucket.s3.region-1.myservice.com/..., if the UseVirtualHosting property is true).
Set the URI to an XML/JSON document in a bucket. Additionally, set the following properties to authenticate:
AccessKey: Set this to an Oracle cloud Access Key.
SecretKey: Set this to an Oracle cloud Secret Key.
OracleNamespace: Set this to an Oracle cloud namespace.
For example:
Optionally, specify Region in addition.
Set the URI to an XML/JSON document in a bucket. Additionally, set the following properties to authenticate:
AWSAccessKey: Set this to a Wasabi Access Key (a username)
AWSSecretKey: Set this to a Wasabi Secret Key.
Optionally, specify AWSRegion in addition.
For example:
Set the URI to the name of your container and the name of the blob. Additionally, set the following properties to authenticate:
AzureAccount: Set this to the account associated with the Azure blob.
AzureAccessKey: Set this to the access key associated with the Azure blob.
For example:
Set the URI to the name of the file system, the name of the folder which contacts your REST files, and the name of an XML/JSON file. Additionally, set the following properties to authenticate:
AzureAccount: Set this to the account associated with the Azure data lake store.
AzureAccessKey: Set this to the access key associated with the Azure data lake store.
For example:
Set the URI to the path to a XML/JSON file. To authenticate to Box, use the OAuth authentication standard. See Connecting to Box (Collaboration section) for an authentication guide.
For example:
Set the URI to the path to a XML/JSON file. To authenticate to Dropbox, use the OAuth authentication standard. See Connecting to Dropbox for an authentication guide. You can authenticate with a user account or a service account. In the user account flow, you do not need to set any connection properties for your user credentials, as shown in the connection string below:
Set the URI to a document library containing XML/JSON files. To authenticate, set User and Password and SharepointUrl.
For example:
Set the URI to a document library containing XML/JSON files. SharepointUrl is optional. If not provided, the driver will work with the root drive. To authenticate, use the OAuth authentication standard.
For example:
Set the URI to the address of the server followed by the path to the XML/JSON file. To authenticate, set User and Password.
For example:
Set the URI to the path to the name of the file system, the name of the folder which contains your REST files, and the name of an XML/JSON file. To authenticate to Google APIs, provide a ProjectId.
For example:
By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.
Below is an overview of the authentication properties corresponding to each data source:
Set the URI to a JSON file.
Below is an example connection string:
Set the URI to the HTTP or HTTPS URL of the JSON resource you want to access as a table. Set AuthScheme to use the following authentication types. The provider also supports OAuth authentication;
HTTP
To use HTTP Basic or Digest, set the User and Password. Set CustomHeaders if you need access to the request headers. Set CustomUrlParams to modify the URL query string.
Windows (NTLM)
Set the Windows User and Password to connect and set AuthScheme to "NTLM".
Kerberos and Kerberos Delegation
To authenticate with Kerberos, set the User and Password and set AuthScheme to NEGOTIATE. To use Kerberos Delegation, set AuthScheme to KERBEROSDELEGATION.
For example:
Set the URI to a JSON document in a bucket. Additionally, set the following properties to authenticate:
AWSAccessKey: Set this to an Amazon Web Services Access Key (a username).
AWSSecretKey: Set this to an Amazon Web Services Secret Key.
For example:
Optionally, specify AWSRegion.
Set the URI to the bucket and folder. Additionally, set the following properties to authenticate:
AWSAccessKey: Set this to an Wasabi Access Key (a username)
AWSSecretKey: Set this to an Wasabi Secret Key.
For example:
Optionally, specify AWSRegion in addition.
Set the URI to the name of your container and the name of the blob. Additionally, set the following properties to authenticate:
AzureAccount: Set this to the account associated with the Azure blob.
AzureAccessKey: Set the to the access key associated with the Azure blob.
For example:
Set the URI to the path to a JSON file. To authenticate to Google APIs, use the OAuth authentication standard. You can connect with a user account or a service account. In the user account flow, you do not need to set any connection properties for your user credentials, as shown in the connection string below:
Set the URI to the path to a JSON file. To authenticate to Box, use the OAuth authentication standard. You can authenticate with a user account or a service account. In the user account flow, you do not need to set any connection properties for your user credentials, as shown in the connection string below:
Set the URI to the path to a JSON file. To authenticate to Dropbox, use the OAuth authentication standard. You can authenticate with a user account or a service account. In the user account flow, you do not need to set any connection properties for your user credentials, as shown in the connection string below:
Set the URI to a document library containing JSON files. To authenticate, set User and Password and SharepointUrl.
Set the URI to the address of the server followed by the path to a JSON file. To authenticate, set User and Password.
By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.
The provider offers three basic configurations to model nested data in XML as tables.
For users who simply need access to the entirety of their XML data, flattening the data into a single table is the best option. The provider will use streaming and only parses the XML data once per query in this mode.
With DataModel set to "FlattenedDocuments", the provider returns a separate table for each object array, but implicitly JOINed to the parent table. Any nested sibling XPath values (child paths at the same height) will be treated as a SQL CROSS JOIN.
Below is a sample query and the results, based on the sample document in and parsing based on the XPaths /root/people, /root/people/vehicles, and /root/people/vehicles/maintenance. This implicitly JOINs the people element with the vehicles element and implicitly JOINs the vehicles element with the maintenance element.
Use the following connection string to query the in this example.
The following query drills into the nested elements in each people element. Since the XPath property included the vehicles node as an XML path, you can query an element of a vehicle explicitly.
With horizontal and vertical flattening based on the described paths, each vehicle element is implicitly JOINed to its parent people element and each maintenance element is implicitly JOINed to its parent vehicle element.
The provider for XML can be configured to create a relational model of the data in the XML file or source, treating each XPath as an individual table containing a primary key and a foreign key that links to the parent document. This is particularly useful if you need to work with your XML data in existing BI, reporting, and ETL tools that expect a relational data model.
With DataModel set to "Relational", any JOINs are controlled by the query. Any time you perform a JOIN query, the XML file or source will be queried once for each table included in the query.
Set the DataModel connection property to "Relational" and set the XPath connection property to "/root/people;/root/people/vehicles;/root/people/vehicles/maintenance;" to perform the following query and see the example result set.
The following query explicitly JOINs the people, vehicles, and maintenance tables.
In the example query, each maintenance element is JOINed to its parent vehicle element, which is JOINed to its parent people element to produce a table with 8 rows (2 maintenance entries for each of 2 vehicles each for 2 people).
Using a top-level document view of the data provides ready access to top-level elements. The provider returns nested elements in aggregate, as single columns.
One aspect to consider is performance. You forego the time and resources to process and parse nested elements -- the provider parses the returned data once, using streaming to read the data. Another consideration is your need to access any data stored in nested parent elements, and the ability of your tool or application to process XML.
With DataModel set to "Document" (the default), the provider scans only a single element, the top-level element by default. The top-level elements are available as columns due to default object flattening. Nested elements are returned as aggregated XML.
You can set XPath to specify an element other than the top-level one.
Set the DataModel connection property to "Document" to perform the following query and see the example result set. The provider will scan only the XPath value below:
The following query pulls the top-level elements and the subelements of the vehicles element into the results.
With a document view of the data, the personal element is flattened into 4 columns and the source and vehicles elements are returned as individual columns, resulting in a table with 6 columns.
Note: You can extend the stored procedure schemas to set defaults for the OAuth URLs or other connection string properties. See for a guide.
Call the stored procedure. Set the CallbackURL input to the Redirect URI you specified in your application settings. The stored procedure returns the URL to the GraphQL service's authorization URL and the PKCEVerifier. The PKCEVerifier is a randomly generated value used for security reasons with OAuthPKCE. Save the PKCEVerifier; you need it as an input when executing the stored procedure.
Call the stored procedure.
Set the PKCEVerifier input to the value generated after calling the stored procedure.
The OAuthAccessToken returned by has a limited lifetime. To automatically refresh the token, set the following on the first data connection.
Alternatively, use the stored procedure to manually refresh the token.
Below is a sample query against the sample document in , using a relational model based on the XML paths "/root/people", "/root/people/vehicles", and "/root/people/vehicles/maintenance".
Below is a sample query and the results, based on the sample document in . The query results in a single "people" table based on the XPath "/root/people".
Service provider
URI formats
InitiateOAuth
OAuthClientId
OAuthClientSecret
OAuthAccessToken
OAuthAccessTokenSecret
User
Password
AuthScheme
AzureAccount
AzureAccessKey
AWSAccessKey
AWSSecretKey
AWSRegion
Local
localPath
file://localPath
HTTP or HTTPS
http://remoteStream
https://remoteStream
OPTIONAL
OPTIONAL
OPTIONAL
Amazon S3
s3://remotePath
REQUIRED (your AccessKey)
REQUIRED (your SecretKey)
OPTIONAL
Azure Blob Storage
azureblob://mycontainer/myblob/
REQUIRED
REQUIRED (your AccessKey)
Google Drive
gdrive://remotePath
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
Box
box://remotePath
OPTIONAL
REQUIRED
REQUIRED
OPTIONAL
OPTIONAL
Dropbox
dropbox://remotePath
OPTIONAL
REQUIRED
REQUIRED
OPTIONAL
OPTIONAL
SharePoint Online
sp://remotePath
REQUIRED
REQUIRED
FTP or FTPS
ftp://server:port/remotePath
ftps://server:port/remotepath
REQUIRED
REQUIRED
Wasabi
wasabi://bucket1/remotePath;
REQUIRED (your AccessKey)
REQUIRED (your SecretKey)
OPTIONAL
URI=C:\folder1\file.xml;
URI=http://www.host1.com/streamname1;AuthScheme=BASIC;User=admin;Password=admin
URI=s3://bucket1/folder1/file.xml; AWSAccessKey=token1; AWSSecretKey=secret1; AWSRegion=OHIO;
URI=wasabi://bucket1/folder1/file.xml; AWSAccessKey=token1; AWSSecretKey=secret1; AWSRegion=OHIO;
URI=azureblob://mycontainer/myblob; AzureAccount=myAccount; AzureAccessKey=myKey;
URI=gdrive://folder1/file.xml;InitiateOAuth=GETANDREFRESH;
URI=box://folder1/file.xml; InitiateOAuth=GETANDREFRESH;
URI=dropbox://folder1/file.xml; InitiateOAuth=GETANDREFRESH; OAuthClientId=oauthclientid1; OAuthClientSecret=oauthcliensecret1; CallbackUrl=http://localhost:12345;
URI=sp://Documents/folder1/file.xml; User=user1; Password=password1; SharepointUrl=https://subdomain.sharepoint.com;
URI=ftps://localhost:990/folder1/file.xml; User=user1; Password=password1;
<?xml version="1.0" encoding="UTF-8" ?><root> <rootAttr1>rootValue1</rootAttr1> <people> <personal> <age>20</age> <gender>M</gender> <name> <first>John</first> <last>Doe</last> </name> </personal> <jobs>support</jobs> <jobs>coding</jobs> <vehicles> <type>car</type> <model>Honda Civic</model> <insurance> <company>ABC Insurance</company> <policy_num>12345</policy_num> </insurance> <features>sunroof</features> <features>rims</features> <maintenance> <date>07-17-2017</date> <desc>oil change</desc> </maintenance> <maintenance> <date>01-03-2018</date> <desc>new tires</desc> </maintenance> </vehicles> <vehicles> <type>truck</type> <model>Dodge Ram</model> <insurance> <company>ABC Insurance</company> <policy_num>12345</policy_num> </insurance> <features>lift kit</features> <features>tow package</features> <maintenance> <date>08-27-2017</date> <desc>new tires</desc> </maintenance> <maintenance> <date>01-08-2018</date> <desc>oil change</desc> </maintenance> </vehicles> <addresses> <type>work</type> <zip>12345</zip> </addresses> <addresses> <type>home</type> <zip>12357</zip> </addresses> <source>internet</source> </people> <people> <personal> <age>24</age> <gender>F</gender> <name> <first>Jane</first> <last>Roberts</last> </name> </personal> <jobs>sales</jobs> <jobs>marketing</jobs> <source>phone</source> <vehicles> <type>car</type> <model>Toyota Camry</model> <insurance> <company>Car Insurance</company> <policy_num>98765</policy_num> </insurance> <features>upgraded stereo</features> <maintenance> <date>05-11-2017</date> <desc>tires rotated</desc> </maintenance> <maintenance> <date>11-03-2017</date> <desc>oil change</desc> </maintenance> </vehicles> <vehicles> <type>car</type> <model>Honda Accord</model> <insurance> <company>Car Insurance</company> <policy_num>98765</policy_num> </insurance> <features>custom paint</features> <features>custom wheels</features> <maintenance> <date>10-07-2017</date> <desc>new air filter</desc> </maintenance> <maintenance> <date>01-13-2018</date> <desc>new brakes</desc> </maintenance> </vehicles> <addresses> <type>home</type> <zip>98765</zip> </addresses> <addresses> <type>work</type> <zip>98753</zip> </addresses> </people> <rootAttr2>rootValue2</rootAttr2> <rootAttr3>rootValue3</rootAttr3> <rootAttr3>rootValue4</rootAttr3></root>
Service provider
URI formats
InitiateOAuth
OAuthClientId
OAuthClientSecret
OAuthAccessToken
OAuthAccessTokenSecret
User
Password
AuthScheme
AzureAccount
AzureAccessKey
AWSAccessKey
AWSSecretKey
AWSRegion
AccessKey
SecretKey
Region
OracleNamespace
ProjectId
Local
localPath
file://localPath/file.json
HTTP or HTTPS
http://remoteStream
https://remoteStream
OPTIONAL
OPTIONAL
OPTIONAL
Amazon S3
s3://remotePath/file.json
REQUIRED (your AccessKey)
REQUIRED (your SecretKey)
OPTIONAL
Azure Blob Storage
azureblob://mycontainer/myblob/
REQUIRED
REQUIRED (your AccessKey)
Azure Data Lake Store Gen1
adl://remotePath
adl://Account.azuredatalakestore.net@remotePath
REQUIRED
OPTIONAL
OPTIONAL
OPTIONAL
REQUIRED
REQUIRED
Azure Data Lake Store Gen2
abfs://myfilesystem/remotePath
REQUIRED
REQUIRED (your AccessKey)
Azure Data Lake Store Gen2 with SSL
abfss://myfilesystem/remotePath
REQUIRED
REQUIRED (your AccessKey)
Google Drive
gdrive://remotePath/file.json
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
REQUIRED
OneDrive
onedrive://remotePath/file.json
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
REQUIRED
Box
box://remotePath/file.json
OPTIONAL
REQUIRED
REQUIRED
OPTIONAL
OPTIONAL
REQUIRED
Dropbox
dropbox://remotePath/file.json
OPTIONAL
REQUIRED
REQUIRED
OPTIONAL
OPTIONAL
REQUIRED
SharePoint Online SOAP
sp://remotePath/file.json
REQUIRED
REQUIRED
SharePoint Online REST
sprest://remotePath/file.json
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
REQUIRED
FTP or FTPS
ftp://server:port/remotePath/file.json
ftps://server:port/remotepath/file.json
REQUIRED
REQUIRED
SFTP
sftp://server:port/remotePath/file.json
OPTIONAL
OPTIONAL
Wasabi
wasabi://bucket1/remotePath/file.json;
REQUIRED (your AccessKey)
REQUIRED (your SecretKey)
OPTIONAL
Google Cloud Storage
gs://bucket/remotePath/file.json;
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
OPTIONAL
REQUIRED
REQUIRED
Oracle Cloud Storage
os://bucket/remotePath/file.json;
REQUIRED (your AccessKey)
REQUIRED (your SecretKey)
OPTIONAL
REQUIRED
URI=C:\folder1\file.json;
URI=http://www.host1.com/streamname1;AuthScheme=BASIC;User=admin;Password=admin
URI=s3://bucket1/folder1/file.json; AWSAccessKey=token1; AWSSecretKey=secret1; AWSRegion=OHIO;
URI=os://bucket/remotePath/; AccessKey=token1; SecretKey=secret1; OracleNamespace=myNamespace; Region=us-ashburn-1;
URI=wasabi://bucket1/folder1/file.json; AWSAccessKey=token1; AWSSecretKey=secret1; AWSRegion=OHIO;
URI=azureblob://mycontainer/myblob/; AzureAccount=myAccount; AzureAccessKey=myKey;
URI=abfs://myfilesystem/folder1/file.json; AzureAccount=myAccount; AzureAccessKey=myKey;URI=abfss://myfilesystem/folder1/file.json; AzureAccount=myAccount; AzureAccessKey=myKey;
URI=box://folder1/file.json; InitiateOAuth=GETANDREFRESH; OAuthClientId=oauthclientid1; OAuthClientSecret=oauthcliensecret1; CallbackUrl=http://localhost:12345;
URI=dropbox://folder1/file.json; InitiateOAuth=GETANDREFRESH; OAuthClientId=oauthclientid1; OAuthClientSecret=oauthcliensecret1; CallbackUrl=http://localhost:12345;
URI=sp://Documents/folder1; User=user1; Password=password1; SharepointUrl=https://subdomain.sharepoint.com;
URI=sp://Documents/folder1; InitiateOAuth=GETANDREFRESH; SharepointUrl=https://subdomain.sharepoint.com;
URI=ftps://localhost:990/folder1/file.json; User=user1; Password=password1;
URI=gs://bucket/remotePath/; ProjectId=PROJECT_ID;
Property
|
Description
|
|
|
Authentication |
AuthMechanism | The authentication mechanism to be used when connecting to the Active Directory server. |
BaseDN | The base portion of the distinguished name, used for limiting results to specific subtrees. |
IntegratedSecurity | Whether or not to use the user's current context when logging in. |
LDAPVersion | The LDAP version used to connect to and communicate with the server. |
Password | The password for the distinguished name of the specified user. |
Port | The port the Active Directory server is running on. |
Scope | Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only). |
Server | The domain name or IP of the Active Directory server. |
UseDefaultDC | Used to connect to the default Domain Controller and authenticate using the current user credentials. |
User | The distinguished name of a user. |
Firewall |
FirewallPassword | A password used to authenticate to a proxy-based firewall. |
FirewallPort | The TCP port for a proxy-based firewall. |
FirewallServer | The name or IP address of a proxy-based firewall. |
FirewallType | The protocol used by a proxy-based firewall. |
FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
Logging |
Logfile | A path to the log file. |
MaxLogFileCount | A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted. |
MaxLogFileSize | A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end. |
Verbosity | The verbosity level that determines the amount of detail included in the log file. |
Misc |
ConnectionLifeTime | The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed. |
ConnectionString | *** |
FollowReferrals | Whether or not to follow referrals returned by the Active Directory server. |
FriendlyGUID | Whether to return GUID attribute values in a human readable format. |
FriendlySID | Whether to return SID attribute values in a human readable format. |
MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. |
Other | These hidden properties are used only in specific use cases. |
PoolIdleTimeout | The allowed idle time for a connection before it is closed. |
PoolMaxSize | The maximum connections in the pool. |
PoolMinSize | The minimum number of connections in the pool. |
PoolWaitTime | The max seconds to wait for an available connection. |
PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
Readonly | You can use this property to enforce read-only access to ActiveDirectory from the provider. |
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
SupportEnhancedSQL | This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing. |
Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
UseConnectionPooling | This property enables connection pooling. |
Service provider | URI formats | InitiateOAuth | OAuthClientId | OAuthClientSecret | OAuthAccessToken | OAuthAccessTokenSecret | User | Password | AuthScheme | AzureAccount | AzureAccessKey | AWSAccessKey | AWSSecretKey | AWSRegion |
Local | localPath file://localPath |
HTTP or HTTPS | http://remoteStream https://remoteStream | OPTIONAL | OPTIONAL | OPTIONAL |
Amazon S3 | s3://remotePath | REQUIRED (your AccessKey) | REQUIRED (your SecretKey) | OPTIONAL |
Azure Blob Storage | azureblob://mycontainer/myblob/ | REQUIRED | REQUIRED (your AccessKey) |
Google Drive | gdrive://remotePath | OPTIONAL | OPTIONAL | OPTIONAL | OPTIONAL | OPTIONAL |
Box | box://remotePath | OPTIONAL | REQUIRED | REQUIRED | OPTIONAL | OPTIONAL |
Dropbox | dropbox://remotePath | OPTIONAL | REQUIRED | REQUIRED | OPTIONAL | OPTIONAL |
SharePoint Online | sp://remotePath | REQUIRED | REQUIRED |
FTP or FTPS | ftp://server:port/remotePath ftps://server:port/remotepath | REQUIRED | REQUIRED |
Wasabi | wasabi://bucket1/remotePath; |
|
|
|
|
|
|
|
|
|
|
age | gender | first_name | last_name | source | type | model | ins_company | ins_policy_num | maint_date | maint_desc |
20 | M | John | Doe | internet | car | Honda Civic | ABC Insurance | 12345 | 2017-07-17 | oil change |
20 | M | John | Doe | internet | car | Honda Civic | ABC Insurance | 12345 | 2018-01-03 | new tires |
20 | M | John | Doe | internet | truck | Dodge Ram | ABC Insurance | 12345 | 2017-08-27 | new tires |
20 | M | John | Doe | internet | truck | Dodge Ram | ABC Insurance | 12345 | 2018-01-08 | oil change |
24 | F | Jane | Roberts | phone | car | Toyota Camry | Car Insurance | 98765 | 2017-05-11 | tires rotated |
24 | F | Jane | Roberts | phone | car | Toyota Camry | Car Insurance | 98765 | 2017-11-03 | oil change |
24 | F | Jane | Roberts | phone | car | Honda Accord | Car Insurance | 98765 | 2017-10-07 | new air filter |
24 | F | Jane | Roberts | phone | car | Honda Accord | Car Insurance | 98765 | 2018-01-13 | new brakes |
|
|
age | gender | first_name | last_name | source | type | model | ins_company | ins_policy_num | maint_date | maint_desc |
20 | M | John | Doe | internet | car | Honda Civic | ABC Insurance | 12345 | 2017-07-17 | oil change |
20 | M | John | Doe | internet | car | Honda Civic | ABC Insurance | 12345 | 2018-01-03 | new tires |
20 | M | John | Doe | internet | truck | Dodge Ram | ABC Insurance | 12345 | 2017-08-27 | new tires |
20 | M | John | Doe | internet | truck | Dodge Ram | ABC Insurance | 12345 | 2018-01-08 | oil change |
24 | F | Jane | Roberts | phone | car | Toyota Camry | Car Insurance | 98765 | 2017-05-11 | tires rotated |
24 | F | Jane | Roberts | phone | car | Toyota Camry | Car Insurance | 98765 | 2017-11-03 | oil change |
24 | F | Jane | Roberts | phone | car | Honda Accord | Car Insurance | 98765 | 2017-10-07 | new air filter |
24 | F | Jane | Roberts | phone | car | Honda Accord | Car Insurance | 98765 | 2018-01-13 | new brakes |
|
|
age | gender | name_first | name_last | source | vehicles |
20 | M | John | Doe | internet |
24 | F | Jane | Roberts | phone |
|
|