Connection String Options
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider. Click the links for further details.
| Property | Description |
| AuthScheme | The type of authentication to use when connecting to remote services. |
| AccessKey | The access key used to authenticate to REST. This value is accessible from your security credentials page. |
| SecretKey | Your account secret key. This value is accessible from your security credentials page. |
| ApiKey | The API Key used to identify the user to IBM Cloud. |
| User | The authenticating user, required with the Password for authentication to the server.. |
| Password | The authenticating user's password, required with the User name for authentication to the server. |
| SharePointEdition | The edition of SharePoint being used. Set either SharePointOnline or SharePointOnPremise. |
| AuthorizationHeaderPrefix | Specifies a value to be prepended to the client secret, to form the Authorization header. The prepended value is usually a client ID. |
| ImpersonateUserMode | Specify the type of the user impersonation. It should be whether the User mode or the Admin mode. |
| Property | Description |
| Format | Specifies the format reported by the data source. Required when using either the CreateSchema stored procedure or the Generate Schema File feature. |
| URI | The Uniform Resource Identifier (URI) for the XML/JSON/CSV resource location. |
| Region | The hosting region for your S3-like Web Services. |
| OracleNamespace | The Oracle Cloud Object Storage namespace to use. |
| StorageBaseURL | Specifies the URL of a cloud storage service provider. |
| SimpleUploadLimit | This setting specifies the threshold, in bytes, above which the provider will choose to perform a multipart upload rather than uploading everything in one request. |
| UseVirtualHosting | If true (default), buckets will be referenced in the request using the hosted-style request: http://yourbucket.s3.amazonaws.com/yourobject. If set to false, the bean will use the path-style request: http://s3.amazonaws.com/yourbucket/yourobject. Note that this property will be set to false, in case of an S3 based custom service when the CustomURL is specified. |
| UseLakeFormation | When this property is set to true, AWSLakeFormation service will be used to retrieve temporary credentials, which enforce access policies against the user based on the configured IAM role. The service can be used when authenticating through OKTA, ADFS, AzureAD, PingFederate, while providing a SAML assertion. |
| Property | Description |
| AWSAccessKey | Specifies your AWS account access key. This value is accessible from your AWS security credentials page. |
| AWSSecretKey | Your AWS account secret key. This value is accessible from your AWS security credentials page. |
| AWSRoleARN | The Amazon Resource Name of the role to use when authenticating. |
| AWSPrincipalARN | The ARN of the SAML Identity provider in your AWS account. |
| AWSRegion | The hosting region for your Amazon Web Services. |
| AWSCredentialsFile | The path to the AWS Credentials File to be used for authentication. |
| AWSCredentialsFileProfile | The name of the profile to be used from the supplied AWSCredentialsFile. |
| AWSSessionToken | Your AWS session token. |
| AWSExternalId | A unique identifier that might be required when you assume a role in another account. |
| MFASerialNumber | The serial number of the MFA device if one is being used. |
| MFAToken | The temporary token available from your MFA device. |
| CredentialsLocation | The location of the settings file where MFA credentials are saved. |
| TemporaryTokenDuration | The amount of time (in seconds) a temporary token will last. |
| AWSWebIdentityToken | The OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. |
| ServerSideEncryption | When activated, file uploads into Amazon S3 buckets will be server-side encrypted. |
| SSEContext | A BASE64-encoded UTF-8 string holding JSON which represents a string-string (key-value) map. |
| SSEEnableS3BucketKeys | Configuration to use an S3 Bucket Key at the object level when encrypting data with AWS KMS. Enabling this will reduce the cost of server-side encryption by lowering calls to AWS KMS. |
| SSEKey | A symmetric encryption KeyManagementService key, that is used to protect the data when using ServerSideEncryption. |
| Property | Description |
| AzureStorageAccount | The name of your Azure storage account. |
| AzureAccessKey | The storage key associated with your Azure account. |
| AzureSharedAccessSignature | A shared access key signature that may be used for authentication. |
| AzureTenant | Identifies the REST tenant being used to access data. Accepts either the tenant's domain name (for example, contoso.onmicrosoft.com ) or its directory (tenant) ID. |
| AzureEnvironment | Specifies the Azure network environment to which you will connect. Must be the same network to which your Azure account was added. |
| Property | Description |
| KeycloakRealmURL | Specifies the full URL to the Keycloak server including the specific realm used for authentication and authorization. |
| Property | Description |
| SSOLoginURL | The identity provider's login URL. |
| SSOProperties | Additional properties required to connect to the identity provider, formatted as a semicolon-separated list. |
| SSOExchangeURL | The URL used for consuming the SAML response and exchanging it for service specific credentials. |
| Property | Description |
| XPath | Specifies the XPath of an element that has the same name as other elements at that same height within the XML/JSON document. This XPath is used to split the document into multiple rows. |
| DataModel | Specifies the data model configuration to use when parsing XML/JSON documents and generating the database metadata. The value supplied here controls how the driver models nested object arrays into tables. |
| JSONFormat | Specifies the format of the JSON document. Requires Format to be set to JSON. |
| XMLFormat | Specifies the format of the XML document. |
| FlattenArrays | Specifies the number of elements you want to return from nested arrays, as columns of their own. Only recommended for arrays that are expected to be short. |
| FlattenObjects | Specifies that object properties should be flattened into columns of their own. Otherwise, objects nested in arrays are returned as XML/JSON strings. |
| BackwardsCompatibilityMode | Optional property that, when set to True, specifies that XML/JSON functionality should match the functionality and features of the 2017 version. To access the most recent XML/JSON flattening features, leave this blank. |
| QualifyColumns | Specifies whether the provider will use relative column names. |
| URISeparator | A delimiter used to separate different values in the URI property. |
| Property | Description |
| FMT | Specifies the format to use when parsing all CSV files. |
| IncludeColumnHeaders | Directs the driver to derive column names for each table from the first line of CSV files. |
| Property | Description |
| InitiateOAuth | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. |
| OAuthVersion | Identifies the version of OAuth being used. |
| OAuthClientId | Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication. |
| OAuthClientSecret | Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. (Custom OAuth applications only.). |
| OAuthAccessToken | Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange. |
| OAuthAccessTokenSecret | The OAuth access token secret for connecting using OAuth. |
| SubjectId | The user subject for which the application is requesting delegated access. |
| SubjectType | The Subject Type for the Client Credentials authentication. |
| OAuthSettingsLocation | Specifies the location of the settings file where OAuth values are saved. |
| CallbackURL | Identifies the URL users return to after authenticating to REST via OAuth (Custom OAuth applications only). |
| Scope | Specifies the scope of the authenticating user's access to the application, to ensure they get appropriate access to data. If a custom OAuth application is needed, this is generally specified at the time the application is created. |
| OAuthPasswordGrantMode | Specifies how the OAuth Client ID and Client Secret are sent to the authorization server. |
| OAuthIncludeCallbackURL | Whether to include the callback URL in an access token request. |
| OAuthAuthorizationURL | The authorization URL for the OAuth service. |
| OAuthAccessTokenURL | The URL from which the OAuth access token is retrieved. |
| OAuthRefreshTokenURL | The URL to refresh the OAuth token from. |
| OAuthRequestTokenURL | The URL the service provides to retrieve request tokens from. This is required in OAuth 1.0. |
| OAuthVerifier | Specifies a verifier code returned from the OAuthAuthorizationURL . Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set. |
| PKCEVerifier | The PKCE code verifier generated from executing the GetOAuthAuthorizationUrl stored procedure for PKCE authentication schemes. |
| AuthToken | The authentication token used to request and obtain the OAuth Access Token. |
| AuthKey | The authentication secret used to request and obtain the OAuth Access Token. |
| OAuthParams | A comma-separated list of other parameters to submit in the request for the OAuth access token in the format paramname=value. |
| OAuthRefreshToken | Specifies the OAuth refresh token used to request a new access token after the original has expired. |
| OAuthExpiresIn | Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working. |
| OAuthTokenTimestamp | Displays a Unix epoch timestamp in milliseconds that shows how long ago the current access token was created. |
| SupportCaseSensitiveOAuthParams | If true, parameter names in OAuthParams will be submitted to the request using the casing provided by the user. |
| Property | Description |
| OAuthJWTCert | Supplies the name of the client certificate's JWT Certificate store. |
| OAuthJWTCertType | Identifies the type of key store containing the JWT Certificate. |
| OAuthJWTCertPassword | Provides the password for the OAuth JWT certificate used to access a password-protected certificate store. If the certificate store does not require a password, leave this property blank. |
| OAuthJWTEncryptionKey | The key used used for HMAC signatures with JWT tokens. |
| OAuthJWTCertSubject | Identifies the subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate. |
| OAuthJWTIssuer | The issuer of the Java Web Token. |
| OAuthJWTSubject | The user subject for which the application is requesting delegated access. |
| OAuthJWTSubjectType | The SubType for the JWT authentication. |
| OAuthJWTPublicKeyId | The Id of the public key for JWT. |
| OAuthJWTAudience | A space-separated list of entities that may use the JWT. |
| OAuthJWTEncryption | The encryption algorithm to be used in JWT authentication. |
| OAuthJWTHeaders | A collection of extra headers to include in the JWT. |
| OAuthJWTValidityTime | How long the JWT should remain valid, in seconds. |
| Property | Description |
| KerberosKDC | Identifies the Kerberos Key Distribution Center (KDC) service used to authenticate the user. (SPNEGO or Windows authentication only). |
| KerberosRealm | Identifies the Kerberos Realm used to authenticate the user. |
| KerberosSPN | Identifies the service principal name (SPN) for the Kerberos Domain Controller. |
| KerberosUser | Confirms the principal name for the Kerberos Domain Controller, which uses the format host/user@realm. |
| KerberosKeytabFile | Identifies the Keytab file containing your pairs of Kerberos principals and encrypted keys. |
| KerberosServiceRealm | Identifies the service's Kerberos realm. (Cross-realm authentication only). |
| KerberosServiceKDC | Identifies the service's Kerberos Key Distribution Center (KDC). |
| KerberosTicketCache | Specifies the full file path to an MIT Kerberos credential cache file. |
| Property | Description |
| SSLClientCert | Specifies the TLS/SSL client certificate store for SSL Client Authentication (2-way SSL). This property works in conjunction with other SSL-related properties to establish a secure connection. |
| SSLClientCertType | Specifies the type of key store containing the TLS/SSL client certificate for SSL Client Authentication. Choose from a variety of key store formats depending on your platform and certificate source. |
| SSLClientCertPassword | Specifes the password required to access the TLS/SSL client certificate store. Use this property if the selected certificate store type requires a password for access. |
| SSLClientCertSubject | Specifes the subject of the TLS/SSL client certificate to locate it in the certificate store. Use a comma-separated list of distinguished name fields, such as CN=www.server.com, C=US. The wildcard * selects the first certificate in the store. |
| SSLMode | The authentication mechanism to be used when connecting to the FTP or FTPS server. |
| SSLServerCert | Specifies the certificate to be accepted from the server when connecting using TLS/SSL. |
| Property | Description |
| SSHAuthMode | The authentication method used when establishing an SSH Tunnel to the service. |
| SSHClientCert | A certificate to be used for authenticating the SSHUser. |
| SSHClientCertPassword | The password of the SSHClientCert key if it has one. |
| SSHClientCertSubject | The subject of the SSH client certificate. |
| SSHClientCertType | The type of SSHClientCert private key. |
| SSHUser | The SSH user. |
| SSHPassword | The SSH password. |
| Property | Description |
| FirewallType | Specifies the protocol the provider uses to tunnel traffic through a proxy-based firewall. |
| FirewallServer | Identifies the IP address, DNS name, or host name of a proxy used to traverse a firewall and relay user queries to network resources. |
| FirewallPort | Specifies the TCP port to be used for a proxy-based firewall. |
| FirewallUser | Identifies the user ID of the account authenticating to a proxy-based firewall. |
| FirewallPassword | Specifies the password of the user account authenticating to a proxy-based firewall. |
| Property | Description |
| ProxyAutoDetect | Specifies whether the provider checks your system proxy settings for existing proxy server configurations, rather than using a manually specified proxy server. |
| ProxyServer | Identifies the hostname or IP address of the proxy server through which you want to route HTTP traffic. |
| ProxyPort | Identifies the TCP port on your specified proxy server that has been reserved for routing HTTP traffic to and from the client. |
| ProxyAuthScheme | Specifies the authentication method the provider uses when authenticating to the proxy server specified in the ProxyServer connection property. |
| ProxyUser | Provides the username of a user account registered with the proxy server specified in the ProxyServer connection property. |
| ProxyPassword | Specifies the password of the user specified in the ProxyUser connection property. |
| ProxySSLType | Specifies the SSL type to use when connecting to the proxy server specified in the ProxyServer connection property. |
| ProxyExceptions | Specifies a semicolon-separated list of destination hostnames or IPs that are exempt from connecting through the proxy server set in the ProxyServer connection property. |
| Property | Description |
| Logfile | Specifes the file path to the log file where the provider records its activities, such as authentication, query execution, and connection details. |
| Verbosity | Specifies the verbosity level of the log file, which controls the amount of detail logged. Supported values range from 1 to 5. |
| LogModules | Specifies the core modules to include in the log file. Use a semicolon-separated list of module names. By default, all modules are logged. |
| MaxLogFileSize | Specifies the maximum size of a single log file in bytes. For example, '10 MB'. When the file reaches the limit, the provider creates a new log file with the date and time appended to the name. |
| MaxLogFileCount | Specifies the maximum number of log files the provider retains. When the limit is reached, the oldest log file is deleted to make space for a new one. |
| Property | Description |
| Location | Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path. |
| BrowsableSchemas | Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC . |
| Tables | Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA,TableB,TableC . |
| Views | Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC . |
| Property | Description |
| AutoCache | Specifies whether the content of tables targeted by SELECT queries is automatically cached to the specified cache database. |
| CacheDriver | The driver class of a JDBC driver. The specified driver is used to connect to the target database for all caching operations. |
| CacheConnection | Specifies the connection string for the specified cache database. |
| CacheLocation | Specifies the path to the cache when caching to a file. |
| CacheTolerance | Notes the tolerance, in seconds, for stale data in the specified cache database. Requires AutoCache to be set to True. |
| Offline | Gets the data from the specified cache database instead of live REST data. |
| CacheMetadata | Determines whether the provider caches table metadata to a file-based cache database. |
| Property | Description |
| BatchSize | Specifies the maximum number of rows included in each batch submitted during batch operations. To submit the entire batch as a single request, set BatchSize to 0 . |
| Charset | Specifies the session character set for encoding and decoding character data transferred to and from the REST file. The default value is UTF-8. |
| ClientCulture | This property can be used to specify the format of data (e.g., currency values) that is accepted by the client application. This property can be used when the client application does not support the machine's culture settings. For example, Microsoft Access requires 'en-US'. |
| ConnectionLifeTime | Specifies the maximum lifetime of a connection in seconds. When the specified time elapses, the provider closes the connection. |
| ConnectOnOpen | Specifies whether the provider establishes a connection to REST immediately upon opening the connection. Set ConnectOnOpen to True if immediate connectivity verification is necessary. |
| Culture | This setting can be used to specify culture settings that determine how the provider interprets certain data types that are passed into the provider. For example, setting Culture='de-DE' will output German formats even on an American machine. |
| CustomHeaders | Specifies additional HTTP headers to append to the request headers created from other properties, such as ContentType and From. Use this property to customize requests for specialized or nonstandard APIs. |
| CustomURLParams | A string of custom URL parameters to be included with the HTTP request, in the form field1=value1&field2=value2&field3=value3. |
| DirectoryRetrievalDepth | Limit the subfolders recursively scanned when IncludeSubdirectories is enabled. |
| ExcludeFiles | Comma-separated list of file extensions to exclude from the set of the files modeled as tables. |
| ExcludeStorageClasses | A comma seperated list of storage classes to ignore. |
| FolderId | The ID of a folder in Google Drive. If set, the resource location specified by the URI is relative to the Folder ID for all operations. |
| GenerateSchemaFiles | Indicates the user preference as to when schemas should be generated and saved. |
| IncludeDropboxTeamResources | Indicates if you want to include Dropbox team files and folders. |
| IncludeFiles | Comma-separated list of file extensions to include into the set of the files modeled as tables. |
| IncludeItemsFromAllDrives | Whether Google Drive shared drive items should be included in results. If not present or set to false, then shared drive items are not returned. |
| MaxRows | Specifies the maximum number of rows returned for queries that do not include either aggregation or GROUP BY. |
| MetadataDiscoveryURI | Used when aggregating multiple files into one table, this property specifies a specific file to read to determined the aggregated table schema. |
| Other | Specifies additional hidden properties for specific use cases., to be used only when our Support team advises it, to address specific issues. See Remarks for details. |
| Pagesize | Specifies the maximum number of records per page the provider returns when requesting data from REST. |
| PoolIdleTimeout | Specifies the maximum idle time, in seconds, that a connection can remain in the pool before being closed. Requires UseConnectionPooling=True. |
| PoolMaxSize | Specifies the maximum number of connections allowed in the connection pool. |
| PoolMinSize | Specifies the minimum number of connections to be maintained in the connection pool at all times. |
| PoolWaitTime | Specifies the maximum number of seconds a connection request waits for an available connection in the pool. If the wait exceeds this time, an error is returned. |
| PseudoColumns | Specifies the pseudocolumns to expose as table columns, expressed as a string in the format 'TableName=ColumnName;TableName=ColumnName'. |
| Readonly | Toggles read-only access to REST from the provider. |
| RowScanDepth | Specifies the number of rows (objects) to scan when dynamically determining columns for the table. |
| RTK | Specifies the runtime key for licensing the provider. If unset or invalid, the provider defaults to the standard licensing method. This property is only required in environments where the standard licensing method is unsupported or requires a runtime key. |
| Timeout | Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. |
| TypeDetectionScheme | Specifies how to determine the data types of columns. |
| UseConnectionPooling | Enables the connection pooling feature, which allows the provider to reuse existing connections instead of creating new ones for each request. |
| UserDefinedViews | Specifies a filepath to a JSON configuration file that defines custom views. The provider automatically detects and uses the views specified in this file. |