Credentials

Authentication credentials must be securely stored in a supported credentials management provider and programmatically accessible to the Request Manager Agent.

OAuth Client Credentials

DataGrail is granted access to the Agent's resources via the OAuth 2.0 Client Credentials grant flow. The resulting access token is used by DataGrail to authenticate and authorize subsequent API requests.

The client_id and client_secret are user-defined credentials managed by the customer and can be rotated at any time. These credentials should be stored in JSON format using the following key-value structure.

{
    "client_id": "<identifier for the credential e.g. 'datagrail'>",
    "client_secret": "<generated password>"
}

After the credentials have been stored in your credentials manager, set the datagrail_agent_credentials_location parameter in the RMAgentConfig to it's location.

Callback Token

The Agent authenticates its requests to the DataGrail platform using an API access token for authorization.

The token will be provided by DataGrail and should be stored in JSON format using the following key-value structure.

{
    "token": "<your DataGrail token>"
}

After the token has been stored in your credentials manager, set the datagrail_credentials_location parameter in the RMAgentConfig to it's location.

Connection Credentials

Credentials for each connection follow the schema defined in their respective Connection documentation. The credentials are stored in your credentials manager and referenced in the credentials_location parameter of their connection object.