The CData Sync App provides a straightforward way to continuously pipeline your GraphQL data to any database, data lake, or data warehouse, making it easily available for Analytics, Reporting, AI, and Machine Learning.
The GraphQL connector can be used from the CData Sync application to pull data from GraphQL and move it to any of the supported destinations.
The Sync App leverages the GraphQL API to enable bidirectional access to GraphQL.
For required properties, see the Settings tab.
For connection properties that are not typically required, see the Advanced tab.
Set the following to connect:
To create GraphQL data sources on headless servers or other machines on which the Sync App cannot open a browser, you need to authenticate from another machine. Authentication is a two-step process.
Option 1: Obtain and Exchange a Verifier Code
Set the following properties on the headless machine:
You can then follow the steps below to authenticate from another machine and obtain the OAuthVerifier connection property.
On the headless machine, set the following connection properties to obtain the OAuth authentication values:
Connect to Data
After the OAuth settings file is generated, set the following properties to connect to data:
Option 2: Transfer OAuth Settings
Follow the steps below to install the Sync App on another machine, authenticate, and then transfer the resulting OAuth values.
On a second machine, install the Sync App and connect with the following properties set:
Test the connection to authenticate. The resulting authentication values are written, encrypted, to the location specified by OAuthSettingsLocation. After you have successfully tested the connection, copy the OAuth settings file to your headless machine. On the headless machine, set the following connection properties to connect to data:
If you want to use the Sync App with a user registered in a User Pool in AWS Cognito, set the following properties to authenticate:
This section shows how to control the various schemas that the Sync App offers to bridge the gap between relational SQL and GraphQL services.
GraphQL services offer a introspection query service which the Sync App can use to obtain view and column names.
All SCALAR mutation fields are exposed directly, and all object fields are expanded.
The Sync App will automatically scan for available Using Mutations. Given that there is no method provided by GraphQL for determining which mutations can be used for each table, each mutation is exposed as a stored procedure.
LIST fields are exposed as temporary tables (GraphQL tables of type TEMPORARY_TABLE). The discovered temporary tables can be obtained by querying the sys_tables and sys_tablecolumns system tables.
Operations details the process for configuring custom schema files. Setting up these custom schema files is a required step in establishing a connection to GraphQL data.
See System Tables to query the current table metadata.
By default, the Sync App will automatically read metadata from GraphQL.
GraphQL services offer a introspection query service which the Sync App can use to obtain view and column names.
A GraphQL introspection query service has a query object at its root. Other objects are nested into the root query object, which can in turn have their own nested objects.
The Sync App reads LIST or Relay Connection type objects as views. If a field is SCALAR, it's read as a column, and if a field is a simple OBJECT, it is expanded.
Set the metadata introspection depth as follows:
The Sync App will automatically scan for available mutations. Given that there is no method provided by GraphQL for determining which mutations can be used for each table, each mutation is exposed as a stored procedure. This replaces the traditional use of INSERT, UPDATE, and DELETE SQL statements when working with GraphQL.
All SCALAR mutation fields are exposed directly, and all object fields are expanded.
LIST fields are exposed as temporary tables (GraphQL tables of type TEMPORARY_TABLE). The discovered temporary tables can be obtained by querying the sys_tables and sys_tablecolumns system tables. These tables contain a RowId and ParentId field to denote the row and housing (parent) table of a given child table.
An example of a mutation is productCreate. Invoke mutations as a stored procedure after first loading the relevant child tables needed for the operation:
INSERT INTO productCreate_metafields#TEMP (namespace,key,value,type) VALUES ('MRproductInfo','ALU','449788022','string')
INSERT INTO productCreate_variants#TEMP (RowId,price,sku,inventoryManagement,weightUnit,weight,options,metafields,inventoryQuantities) VALUES (1,'39.99','38536314-0acb-4d3f-b8ff-a0f2014d2c75','SHOPIFY','POUNDS',1,'L,XL,XXL','productCreate_variants_metafields','productCreate_variants_inventoryQuantities')
INSERT INTO productCreate_variants_metafields#TEMP (ParentId,namespace,key,value,type) VALUES ('1','MRproductInfo','ALU','449788022-M-','string')
INSERT INTO productCreate_variants_metafields#TEMP (ParentId,namespace,key,value,type) VALUES ('1','MRproductInfo','ItemNumber','400000881201','string')
INSERT INTO productCreate_variants_inventoryQuantities#TEMP (ParentId,locationId,availableQuantity) VALUES ('1','gid://shopify/Location/1448280087',5)
INSERT INTO productCreate_media#TEMP (originalSource,alt,mediaContentType) VALUES ('https://static.nike.com/a/images/t_PDP_1280_v1/f_auto,q_auto:eco/qwqfyddzikcgc4ozwigp/revolution-5-road-running-shoes-szF7CS.png','Magic Shoes','IMAGE')
EXECUTE productCreate title='NIKE - 449788022', descriptionHtml='MEN''S SHOES 42-MENS L/S TEES',productType='Staging', vendor='NIKE', published='false', options='size,width',metafields='productCreate_metafields#TEMP', variants='productCreate_variants#TEMP', media='productCreate_media#TEMP'
Custom schemas are defined in configuration files. This chapter outlines the structure of these files.
Note: The GenerateSchemaFiles property enables you to persist table metadata in static schema files that are easy to customize (to persist your changes to column data types, for example). Set this property to "OnStart" to generate schema files for all tables in your database at connection.
Alternatively, set this property to "OnUse" to generate schemas as you execute SELECT queries to tables. It is also possible to create a specific schema file for a table using the CreateSchema stored procedure.
Tables and views are defined by authoring schema files in APIScript. APIScript is a simple configuration language that allows you to define the columns and the behavior of the table. It also has built-in Operations that enable you to process GraphQL. In addition to these data processing primitives, APIScript is a full-featured language with constructs for conditionals, looping, etc. However, as shown by the example schema, for most table definitions you will not need to use these features.
Below is a fully functional table schema that models the Labels table and contains all the components you will need to execute SQL to GraphQL data sources.
You can find more information on each of the components of a schema in Column Definitions, SELECT Execution.
<rsb:script xmlns:rsb="http://apiscript.com/ns?v1" xmlns:xs="http://www.cdata.com/ns/rsbscript/2" xmlns:other="http://apiscript.com/ns?v1">
<rsb:info title="Labels" desc="Lists information about the different labels you can apply on an issue." other:possiblePaths="{'path':'/repository/labels/edges/node','Name':{'path':'/repository/label'}}" other:paginationObjects="{'labels':{'cursorPath':'after','cursorType':'String','pageSizeArgumentPath':'first','pageSizeArgumentType':'Int','depth':'1','paginationType':'Cursor','isConnection':'True','pageInfo':['endCursor','hasNextPage','hasPreviousPage','startCursor']}}">
<attr name="Id" xs:type="string" key="true" other:relativePath="id" desc="The ID of the label." />
<attr name="RepositoryName" xs:type="string" other:relativePath="name" desc="The name of the repository." other:filter="name:=" other:argumenttype="String!" other:depth="1" references="Repositories.Name" />
<attr name="UserLogin" xs:type="string" desc="The login name of the user." other:filter="owner:=" other:argumenttype="String!" other:depth="1" references="Users.Login" other:mirror="true" other:canBeSliced="true" />
<attr name="Color" xs:type="string" other:relativePath="color" desc="Identifies the label color." />
<attr name="CreatedAt" xs:type="datetime" other:relativePath="createdAt" desc="Identifies the date and time when the label was created." other:orderby="CREATED_AT" />
<attr name="Description" xs:type="string" other:relativePath="description" desc="A brief description of this label." />
<attr name="IsDefault" xs:type="boolean" other:relativePath="isDefault" desc="Indicates whether or not this is a default label." />
<attr name="Name" xs:type="string" other:relativePath="name" desc="Identifies the label name." other:filter="name:=" other:argumenttype="String!" other:orderby="NAME" other:isPathFilter="true" />
<attr name="ResourcePath" xs:type="string" other:relativePath="resourcePath" desc="The HTTP path for this label." />
<attr name="UpdatedAt" xs:type="datetime" other:relativePath="updatedAt" desc="Identifies the date and time when the label was last updated." />
<attr name="Url" xs:type="string" other:relativePath="url" desc="The HTTP URL for this label." />
</rsb:info>
<rsb:script method="GET">
<rsb:push op="graphqladoSelect" />
</rsb:script>
</rsb:script>
The following example shows how to add static headers in the schema file. These headers are added to the request every time the schema file is called.
<rsb:script xmlns:rsb="http://apiscript.com/ns?v1" xmlns:xs="http://www.cdata.com/ns/rsbscript/2" xmlns:other="http://apiscript.com/ns?v1">
...
<input name="Ship1" other:headerName="DynamicValuedHeader" />
<input name="Ship2" other:headerName="DynamicValuedHeader" />
</rsb:info>
<api:set attr="Header:Name#1" value="StaticValuedHeader" />
<api:set attr="Header:Value#1" value="StaticValuedHeader__Value" />
The following example shows how to add dynamic headers in the schema file. These headers are added to the request every time the schema file is called.
<rsb:script xmlns:rsb="http://apiscript.com/ns?v1" xmlns:xs="http://www.cdata.com/ns/rsbscript/2" xmlns:other="http://apiscript.com/ns?v1">
...
<input name="Ship1" other:headerName="DynamicValuedHeader" />
<input name="Ship2" other:headerName="DynamicValuedHeader" />
<input name="Ship3" other:headerName="DynamicValuedHeader2" />
</rsb:info>
<api:set attr="Header:Name#1" value="DynamicValuedHeader" />
<api:set attr="Header:Value#1" value="[_input.Ship1] - [_input.Ship2]" />
SELECT * FROM [Table] WHERE [Ship1] = "Value1" AND [Ship2] = "Value2" AND [DynamicValuedHeader2] = "custom value"
In the above example, the value format of DynamicValuedHeader is parsed by the driver, but for DynamicValuedHeader2, it is the same as the value specified in the query.
The basic attributes of a column are the name of the column, the data type, whether the column is a primary key, the relative path and the depth. The Sync App uses the depth attribute to extract nodes from hierarchical data.
Mark up column attributes in the block of the schema file. You can also provide a description of each attribute using the desc property.
<rsb:script xmlns:rsb="http://apiscript.com/ns?v1" xmlns:xs="http://www.cdata.com/ns/rsbscript/2" xmlns:other="http://apiscript.com/ns?v1">
<rsb:info title="Labels" desc="Lists information about the different labels you can apply on an issue." other:possiblePaths="{'path':'/repository/labels/edges/node','Name':{'path':'/repository/label'}}" other:paginationObjects="{'labels':{'cursorPath':'after','cursorType':'String','pageSizeArgumentPath':'first','pageSizeArgumentType':'Int','depth':'1','paginationType':'Cursor','isConnection':'True','pageInfo':['endCursor','hasNextPage','hasPreviousPage','startCursor']}}">
<attr name="Id" xs:type="string" key="true" other:relativePath="id" desc="The ID of the label." />
<attr name="RepositoryName" xs:type="string" other:relativePath="name" desc="The name of the repository." other:filter="name:=" other:argumenttype="String!" other:depth="1" references="Repositories.Name" />
<attr name="UserLogin" xs:type="string" desc="The login name of the user." other:filter="owner:=" other:argumenttype="String!" other:depth="1" references="Users.Login" other:mirror="true" other:canBeSliced="true" />
<attr name="Color" xs:type="string" other:relativePath="color" desc="Identifies the label color." />
<attr name="CreatedAt" xs:type="datetime" other:relativePath="createdAt" desc="Identifies the date and time when the label was created." other:orderby="CREATED_AT" />
<attr name="Description" xs:type="string" other:relativePath="description" desc="A brief description of this label." />
<attr name="IsDefault" xs:type="boolean" other:relativePath="isDefault" desc="Indicates whether or not this is a default label." />
<attr name="Name" xs:type="string" other:relativePath="name" desc="Identifies the label name." other:filter="name:=" other:argumenttype="String!" other:orderby="NAME" other:isPathFilter="true" />
<attr name="ResourcePath" xs:type="string" other:relativePath="resourcePath" desc="The HTTP path for this label." />
<attr name="UpdatedAt" xs:type="datetime" other:relativePath="updatedAt" desc="Identifies the date and time when the label was last updated." />
<attr name="Url" xs:type="string" other:relativePath="url" desc="The HTTP URL for this label." />
</rsb:info>
<rsb:script method="GET">
<rsb:push op="graphqladoSelect" />
</rsb:script>
</rsb:script>
The following sections provide more detail on using paths to extract columns and rows. To see the column definitions in a complete schema, refer to Customizing Schemas.
The other:possiblePaths property is used to specify the base paths that select the column's value.
Base paths start with a '/' and contain the full path to the last GraphQL nested object.
<rsb:info title="Labels" desc="Lists information about the different labels you can apply to an issue." other:possiblePaths="{'path':'/repository/labels/edges/node','Name':{'path':'/repository/label'}}" other:paginationObjects="{'labels':{'cursorPath':'after','cursorType':'String','pageSizeArgumentPath':'first','pageSizeArgumentType':'Int','depth':'1''paginationType':'Cursor','isConnection':'True','pageInfo':['endCursor','hasNextPage','hasPreviousPage','startCursor']}}">
The following GraphQL query is based on the above script example:
{ # base path=/repository/labels/edges/node
repository {
labels {
edges {
node {
...
}
}
}
}
}
The other:relativePath property must be specified for each column. This property is used in conjuction with the other:possiblePaths property to build the GraphQL field path.
<attr name="Name" xs:type="string" other:relativePath="name" desc="Identifies the label name." />
Based on the above script example the Sync App will build the following GraphQL query:
{ # base path=/repository/labels/edges/node
repository { # depth=1
labels { # depth=2
edges {
node {
name # path=base path + relative path.
}
}
}
}
}
Use the other:depth property to specify an element inside a specific GraphQL object. The indexes are 1-based. If this attribute is not specified then the default value will be equal to the last nested GraphQL object.
<attr name="RepositoryName" xs:type="string" other:relativePath="name" desc="The name of the repository." other:depth="1" />
The following GraphQL query is built from the above script example:
{ # base path=/repository/labels/edges/node
repository { # depth=1
name # This is mapped to the RepositoryName column
labels { # depth=2
edges {
node {
...
}
}
}
}
}
Use the other:fragment property to specify a group of fields. This property can be used when the GraphQL server returns an array of objects and the Sync App may need to push this info as an aggregate.
<attr name="ColumnValues" xs:type="string" other:relativePath="column_values" desc="Column values." other:fragment="fragment ItemColumnValues on ColumnValue { id \\r\\n value }" />
Based on the above script example, the Sync App will build the following GraphQL query:
query {
items {
column_values {
...ItemColumnValues
}
}
}
fragment ItemColumnValues on ColumnValue {
id
value
}
Use the other:canbesliced property enable slicing behavior in the Sync App
For example,
SELECT * FROM Table WHERE Col IN ('1','2','3')
becomes
SELECT * FROM Table WHERE Col=1 SELECT * FROM Table WHERE Col=2 SELECT * FROM Table WHERE Col=3
Use the other:mirror property to reflect the value specified in the criteria. Use on columns that are not specified in the server response.
For example:
SELECT * FROM Table WHERE Col=X (If other:mirror=true the Sync App will artificially set the value of Col to X for every row.)
Use references to reference the key column of the parent table. Example: If there are two tables Orders and OrderLineItems and the OrderLineItems has a column OrderId, the references field for this column will be "Orders.Id".
Notes:
When a SELECT query is issued, the Sync App executes the GET method of the schema, which invokes the Sync App's built-in operations to process GraphQL. In the GET method, you have control over the request for data. The following procedures show several ways to use this: search the remote data, server-side, with SELECT WHERE, or implement paging.
The following sections show how to translate a SELECT WHERE statement into a GraphQL query to GraphQL APIs. The procedure uses the following statement:
SELECT * FROM <table> WHERE ModifiedAt < '2019-10-30 05:05:36.001'
If this filter is supported on the server via query parameters, you can use the other:filter property of the api:info column definition to specify the desired mapping. For the above query, the Sync App uses this property to map the modifiedAt < '<date>' filter to the query parameter that returns results modified before a given date, and the modifedAt > '<date>' filter to the query parameter that filters the results modified after that date.
To perform this mapping, the Sync App would use the following markup for the modifedAt column definition:
<attr name="ModifiedAt" xs:type="datetime" other:relativePath="modifiedAt" other:argumentType="DateTime" description="When the vendor was last modified." other:filter="modifiedAtAfter:>;modifiedAtBefore:<" />
This query results in the following postdata:
{
"variables": {
"ModifiedAt_modifiedAtBefore": "2019-10-30T09:05:36.001Z"
},
"query": "query($ModifiedAt_modifiedAtBefore:DateTime) {\r\nbusinesses {\r\nedges {\r\nnode {\r\ncustomers(modifiedAtBefore:$ModifiedAt_modifiedAtBefore) {\r\nedges {\r\nnode {\r\nid\r\nmodifiedAt\r\n}\r\n}\r\npageInfo {\r\ntotalPages\r\ncurrentPage\r\n}\r\n}\r\nid\r\n}\r\n}\r\npageInfo {\r\ntotalPages\r\ncurrentPage\r\n}\r\n}\r\n}\r\n"
}
Ex: other:possiblepaths="{'path':'/businesses/edges/node','id':{'path':'/business'}}"
<attr name="Id" xs:type="string" key="true" other:relativePath="id" other:isPathFilter="true" other:filter="id:=" />
SELECT Id, Name, CreatedAt FROM Businesses WHERE Id = 'QnVzaW5M6ZTY4ZDA2MmQtYzkzZS00MGZkLTk4YWUtNDg2YzcxMmExNzFl'is converted to the postdata:
{
"variables": {
"Id_id": "QnVzaW5M6ZTY4ZDA2MmQtYzkzZS00MGZkLTk4YWUtNDg2YzcxMmExNzFl"
},
"query": "query($Id_id:ID) {\r\nbusiness(id:$Id_id) {\r\nid\r\nname\r\ncreatedAt\r\n}\r\n}\r\n"
}
The driver supports two pagination modes.
other:paginationObjects = "{
'labels': {
'cursorPath': 'after',
'cursorType': 'String',
'pageSizeArgumentPath': 'first',
'pageSizeArgumentType': 'Int',
'depth':'1',
'paginationType': 'Cursor',
'isConnection': 'True',
'pageInfo': ['endCursor', 'hasNextPage', 'hasPreviousPage', 'startCursor']
}
}"
The following postdata is generated after processing the other:paginationObjects table extra info specified above:
{
"variables": {
"UserLogin_owner": "testaccount71",
"RepositoryName_name": "test",
"first": <Pagesize>
},
"query": "query($UserLogin_owner:String!, $RepositoryName_name:String!, $first:Int) {\r\nrepository(owner:$UserLogin_owner, name:$RepositoryName_name) {\r\nlabels(first:$first) {\r\nedges {\r\nnode {\r\nid\r\ncolor\r\ncreatedAt\r\ndescription\r\nisDefault\r\nname\r\nresourcePath\r\nupdatedAt\r\nurl\r\n}\r\n}\r\npageInfo {\r\nendCursor\r\nhasNextPage\r\n}\r\n}\r\nname\r\n}\r\n}\r\n"
}
other:paginationObjects="{
'businesses': {
'offsetArgumentPath': 'page',
'offsetArgumentType': 'Int',
'pageSizeArgumentPath': 'pageSize',
'pageSizeArgumentType': 'Int',
'depth':'1',
'paginationType': 'Offset',
'isConnectionObject': 'True',
'pageInfo': ['currentPage', 'totalPages', 'totalCount']
}
}"
The following postdata is generated after processing the other:paginationObjects table extra info specified above:
{
"variables": {
"pageSize_1": <Pagesize>
},
"query": "query($pageSize_1:Int) {\r\nbusinesses(pageSize:$pageSize_1) {\r\nedges {\r\nnode {\r\nid\r\n}\r\n}\r\npageInfo {\r\ntotalPages\r\ncurrentPage\r\n}\r\n}\r\n}\r\n"
}other:paginationObjects="{
'businesses': {
'offsetArgumentPath': 'query/pagination/page',
'offsetArgumentType': 'custom_query',
'pageSizeArgumentPath': 'query/pagination/pageSize',
'pageSizeArgumentType': 'custom_query',
'depth':'1',
'paginationType': 'Offset',
'isConnectionObject': 'True',
'pageInfo': ['currentPage', 'totalPages', 'totalCount']
}
}"
The following postdata is generated after processing the other:paginationObjects table extra info specified above:
{
"variables": {
"query": {
"pagination": {
"pageSize":<Pagesize>
}
}
},
"query": "query($query:custom_query) {\r\nbusinesses(query:$query) {\r\nedges {\r\nnode {\r\nid\r\n}\r\n}\r\npageInfo {\r\ntotalPages\r\ncurrentPage\r\n}\r\n}\r\n}\r\n"
}
<rsb:info title="Labels" desc="Lists information about the different labels you can apply on an issue." other:orderByFormat="{field: {orderByArgumentValue}, direction: {sortOrder}}">
<attr name="CreatedAt" xs:type="datetime" other:relativePath="createdAt" other:orderByFormat="{field: {orderByArgumentValue}, direction: {sortOrder}}" other:orderBy="orderBy:CREATED_AT" /><attr name="CreatedAt" xs:type="datetime" other:relativePath="createdAt" other:orderBy="orderBy:CREATED_AT" />
SELECT Id FROM Labels ORDER BY CreatedAt ASCis converted to this postdata:
{
"variables": {
"first": <Pagesize>
},
"query": "query($first:Int) {\r\nrepository {\r\nlabels(sort:{field: CREATED_AT, direction: ASC}, first:$first) {\r\nedges {\r\nnode {\r\nid\r\n}\r\n}\r\npageInfo {\r\nendCursor\r\nhasNextPage\r\n}\r\n}\r\n}\r\n}\r\n"
}
The Sync App has high-performance operations for processing GraphQL data sources. These operations are platform neutral: Schema files that invoke these operations can be used in both .NET and Java. You can also extend the Sync App with your own operations written in .NET or Java.
The Sync App has the following operations:
| Operation Name | Description | |
| OAuthGetAccessToken | For OAuth 1.0, exchange a request token for an access token. For OAuth 2.0, get an access token or get a new access token with the refresh token. | |
| OAuthGetUserAuthorizationURL | Generates the user authorization URL. OAuth 2.0 will not access the network in this operation. |
The OAuthGetAccessToken operation is an APIScript operation that is used to facilitate the OAuth authentication and refresh flows.
The Sync App includes stored procedures that invoke this operation to complete the OAuth exchange. The following example schema briefly lists some of the typically required inputs before the following sections explain them in more detail.
Invoke the OAuthGetAccessToken with the GetOAuthAccessToken stored procedure. The following inputs are required for most data sources and will provide default values for the connection properties of the same name.
<api:script xmlns:api="http://www.rssbus.com/ns/rsbscript/2">
<api:info title="GetOAuthAccessToken" description="Obtains the OAuth access token to be used for authentication with various APIs." >
<input name="AuthMode" desc="The OAuth flow. APP or WEB." />
<input name="CallbackURL" desc="The URL to be used as a trusted redirect URL, where the user will return with the token that verifies that they have granted your app access. " />
<input name="OAuthAccessToken" desc="The request token. OAuth 1.0 only." />
<input name="OAuthAccessTokenSecret" desc="The request token secret. OAuth 1.0 only." />
<input name="Verifier" desc="The verifier code obtained when the user grants permissions to your app." />
<output name="OAuthAccessToken" desc="The access token." />
<output name="OAuthTokenSecret" desc="The access token secret." />
<output name="OAuthRefreshToken" desc="A token that may be used to obtain a new access token." />
</api:info>
<!-- Set OAuthVersion to 1.0 or 2.0. -->
<api:set attr="OAuthVersion" value="MyOAuthVersion" />
<!-- Set RequestTokenURL to the URL where the request for the request token is made. OAuth 1.0 only.-->
<api:set attr="OAuthRequestTokenURL" value="http://MyOAuthRequestTokenURL" />
<!-- Set OAuthAuthorizationURL to the URL where the user logs into the service and grants permissions to the application. -->
<api:set attr="OAuthAuthorizationURL" value="http://MyOAuthAuthorizationURL" />
<!-- Set OAuthAccessTokenURL to the URL where the request for the access token is made. -->
<api:set attr="OAuthAccessTokenURL" value="http://MyOAuthAccessTokenURL" />
<!-- Set GrantType to the authorization grant type. OAuth 2.0 only. -->
<api:set attr="GrantType" value="CODE" />
<!-- Set SignMethod to the signature method used to calculate the signature of the request. OAuth 1.0 only.-->
<api:set attr="SignMethod" value="HMAC-SHA1" />
<api:call op="oauthGetAccessToken">
<api:push/>
</api:call>
</api:script>
You can also use OAuthGetAccessToken to refresh the access token by providing the following inputs:
<api:script xmlns:api="http://www.rssbus.com/ns/rsbscript/2">
<api:info title="RefreshOAuthAccessToken" description="Refreshes the OAuth access token used for authentication." >
<input name="OAuthRefreshToken" desc="A token that may be used to obtain a new access token." />
<output name="OAuthAccessToken" desc="The authentication token returned." />
<output name="OAuthTokenSecret" desc="The authentication token secret returned. OAuth 1.0 only." />
<output name="OAuthRefreshToken" desc="A token that may be used to obtain a new access token." />
<output name="ExpiresIn" desc="The remaining lifetime on the access token." />
</api:info>
<!-- Set OAuthVersion to 1.0 or 2.0. -->
<api:set attr="OAuthVersion" value="MyOAuthVersion" />
<!-- Set GrantType to REFRESH. OAuth 2.0 only. -->
<api:set attr="GrantType" value="REFRESH" />
<!-- Set SignMethod to the signature method used to calculate the signature of the request. OAuth 1.0 only.-->
<api:set attr="SignMethod" value="HMAC-SHA1" />
<!-- Set OAuthAccessTokenURL to the URL where the request for the access token is made. -->
<api:set attr="OAuthAccessTokenURL" value="http://MyOAuthAccessTokenURL" />
<!-- Set AuthMode to 'WEB' when calling RefreshOAuthAccessToken -->
<api:set attr="AuthMode" value="WEB"/>
<api:call op="oauthGetAccessToken">
<api:push/>
</api:call>
</api:script>
The OAuthGetUserAuthorizationURL is an APIScript operation that is used to facilitate the OAuth authentication flow for Web apps, for offline apps, and in situations where the Sync App is not allowed to open a Web browser. To pass the needed inputs to this operation, define the GetOAuthAuthorizationURL stored procedure. The Sync App can call this internally.
Define stored procedures in .rsb files with the same file name as the schema's title. The example schema briefly lists some of the typically required inputs before the following sections explain them in more detail.
Call OAuthGetUserAuthorizationURL in the GetOAuthAuthorizationURL stored procedure.
<api:script xmlns:api="http://www.rssbus.com/ns/rsbscript/2">
<api:info title="Get OAuth Authorization URL" description="Obtains the OAuth authorization URL used for authentication with various APIs." >
<input name="CallbackURL" desc="The URL to be used as a trusted redirect URL, where the user will return with the token that verifies that they have granted your app access. " />
<output name="URL" desc="The URL where the user logs in and is prompted to grant permissions to the app. " />
<output name="OAuthAccessToken" desc="The request token. OAuth 1.0 only." />
<output name="OAuthTokenSecret" desc="The request token secret. OAuth 1.0 only." />
</api:info>
<!-- Set OAuthVersion to 1.0 or 2.0. -->
<api:set attr="OAuthVersion" value="MyOAuthVersion" />
<!-- Set ResponseType to the desired authorization grant type. OAuth 2.0 only.-->
<api:set attr="ResponseType" value="code" />
<!-- Set SignMethod to the signature method used to calculate the signature. OAuth 1.0 only.-->
<api:set attr="SignMethod" value="HMAC-SHA1" />
<!-- Set OAuthAuthorizationURL to the URL where the user logs into the service and grants permissions to the application. -->
<api:set attr="OAuthAuthorizationURL" value="http://MyOAuthAuthorizationURL" />
<!-- Set OAuthAccessTokenURL to the URL where the request for the access token is made. -->
<api:set attr="OAuthAccessTokenURL" value="http://MyOAuthAccessTokenURL"/>
<!-- Set RequestTokenURL to the URL where the request for the request token is made. OAuth 1.0 only.-->
<api:set attr="OAuthRequestTokenURL" value="http://MyOAuthRequestTokenURL" />
<api:call op="oauthGetUserAuthorizationUrl">
<api:push/>
</api:call>
</api:script>
<p>
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider. Click the links for further details.
For more information on establishing a connection, see Establishing a Connection.
| Property | Description |
| AuthScheme | The type of authentication to use when connecting to remote services. |
| URL | The URL of the GraphQL service. |
| User | Specifies the user ID of the authenticating GraphQL user account. |
| Password | Specifies the password of the authenticating user account. |
| Property | Description |
| AWSCognitoRegion | The hosting region for AWS Cognito. |
| AWSUserPoolId | The User Pool Id. |
| AWSUserPoolClientAppId | The User Pool Client App Id. |
| AWSUserPoolClientAppSecret | Optional. The User Pool Client App Secret. |
| Property | Description |
| OAuthVersion | The version of OAuth being used. |
| OAuthClientId | Specifies the client Id that was assigned the custom OAuth application was created. (Also known as the consumer key.) This ID registers the custom application with the OAuth authorization server. |
| OAuthClientSecret | Specifies the client secret that was assigned when the custom OAuth application was created. (Also known as the consumer secret ). This secret registers the custom application with the OAuth authorization server. |
| OAuthGrantType | Specifies the grant type for the chosen OAuth flow. This value should be the same as the grant_type that was set during OAuth custom application creation. |
| OAuthIncludeCallbackURL | Whether to include the callback URL in an access token request. |
| OAuthAuthorizationURL | The authorization URL for the OAuth service. |
| OAuthAccessTokenURL | The URL to retrieve the OAuth access token from. |
| OAuthRefreshTokenURL | The URL to refresh the OAuth token from. |
| OAuthRequestTokenURL | The URL the service provides to retrieve request tokens from. This is required in OAuth 1.0. |
| AuthToken | The authentication token used to request and obtain the OAuth Access Token. |
| AuthKey | The authentication secret used to request and obtain the OAuth Access Token. |
| OAuthParams | A comma-separated list of other parameters to submit in the request for the OAuth access token in the format paramname=value. |
| Property | Description |
| OAuthJWTCert | The JWT Certificate store. |
| OAuthJWTCertType | The type of key store containing the JWT Certificate. |
| OAuthJWTCertPassword | The password for the OAuth JWT certificate used to access a certificate store that requires a password. If the certificate store does not require a password, leave this property blank. |
| OAuthJWTCertSubject | The subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate. |
| Property | Description |
| SSLClientCert | Specifies the TLS/SSL client certificate store for SSL Client Authentication (2-way SSL). This property works in conjunction with other SSL-related properties to establish a secure connection. |
| SSLClientCertType | Specifies the type of key store containing the TLS/SSL client certificate for SSL Client Authentication. Choose from a variety of key store formats depending on your platform and certificate source. |
| SSLClientCertPassword | Specifes the password required to access the TLS/SSL client certificate store. Use this property if the selected certificate store type requires a password for access. |
| SSLClientCertSubject | Specifes the subject of the TLS/SSL client certificate to locate it in the certificate store. Use a comma-separated list of distinguished name fields, such as CN=www.server.com, C=US. The wildcard * selects the first certificate in the store. |
| SSLServerCert | Specifies the certificate to be accepted from the server when connecting using TLS/SSL. |
| Property | Description |
| FirewallType | Specifies the protocol the provider uses to tunnel traffic through a proxy-based firewall. |
| FirewallServer | Identifies the IP address, DNS name, or host name of a proxy used to traverse a firewall and relay user queries to network resources. |
| FirewallPort | Specifies the TCP port to be used for a proxy-based firewall. |
| FirewallUser | Identifies the user ID of the account authenticating to a proxy-based firewall. |
| FirewallPassword | Specifies the password of the user account authenticating to a proxy-based firewall. |
| Property | Description |
| ProxyAutoDetect | Specifies whether the provider checks your system proxy settings for existing proxy server configurations, rather than using a manually specified proxy server. |
| ProxyServer | The hostname or IP address of the proxy server that you want to route HTTP traffic through. |
| ProxyPort | The TCP port on your specified proxy server (set in the ProxyServer connection property) that has been reserved for routing HTTP traffic to and from the client. |
| ProxyAuthScheme | Specifies the authentication method the provider uses when authenticating to the proxy server specified in the ProxyServer connection property. |
| ProxyUser | The username of a user account registered with the proxy server specified in the ProxyServer connection property. |
| ProxyPassword | The password associated with the user specified in the ProxyUser connection property. |
| ProxySSLType | The SSL type to use when connecting to the proxy server specified in the ProxyServer connection property. |
| ProxyExceptions | A semicolon separated list of destination hostnames or IPs that are exempt from connecting through the proxy server set in the ProxyServer connection property. |
| Property | Description |
| LogModules | Specifies the core modules to include in the log file. Use a semicolon-separated list of module names. By default, all modules are logged. |
| Property | Description |
| Location | Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path. |
| BrowsableSchemas | Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC . |
| Tables | Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA,TableB,TableC . |
| Views | Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC . |
| ExpandArgumentsDepth | This property is used to determine how far the provider should search for columns inside the arguments of type INPUT_OBJECT. |
| ExpandTablesDepth | This property is used to determine the depth of the child tables. |
| ExpandTemporaryTablesDepth | This property is used to determine the depth of the child temporary tables. Only works if ExposeDynamicProcedures is set to true. |
| ExpandColumnsDepth | This property is used to determine how far the provider should search for columns inside the GraphQL objects. |
| IncludeDeprecatedMetadata | This property is used to determine whether the provider should expose deprecated tables and columns or not. |
| ExposeDynamicProcedures | This property is used to determine whether the provider should expose mutations as dynamic procedures or not. |
| ExposeObjectTables | This property is used to determine the extent to which the provider exposes GraphQL object type fields as tables. |
| Property | Description |
| CustomHeaders | Specifies additional HTTP headers to append to the request headers created from other properties, such as ContentType and From. Use this property to customize requests for specialized or nonstandard APIs. |
| GenerateSchemaFiles | Indicates the user preference as to when schemas should be generated and saved. |
| MaxRows | Specifies the maximum rows returned for queries without aggregation or GROUP BY. |
| Other | Specifies additional hidden properties for specific use cases. These are not required for typical provider functionality. Use a semicolon-separated list to define multiple properties. |
| Pagesize | The maximum number of results to return per page from GraphQL. |
| PseudoColumns | Specifies the pseudocolumns to expose as table columns. Use the format 'TableName=ColumnName;TableName=ColumnName'. The default is an empty string, which disables this property. |
| Timeout | Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. The default is 60 seconds. Set to 0 to disable the timeout. |
| UserDefinedViews | Specifies a filepath to a JSON configuration file defining custom views. The provider automatically detects and uses the views specified in this file. |
This section provides a complete list of the Authentication properties you can configure in the connection string for this provider.
| Property | Description |
| AuthScheme | The type of authentication to use when connecting to remote services. |
| URL | The URL of the GraphQL service. |
| User | Specifies the user ID of the authenticating GraphQL user account. |
| Password | Specifies the password of the authenticating user account. |
The type of authentication to use when connecting to remote services.
The following options are generally available to all connections:
The URL of the GraphQL service.
The URL of the GraphQL service.
Specifies the user ID of the authenticating GraphQL user account.
The authenticating server requires both User and Password to validate the user's identity.
Specifies the password of the authenticating user account.
The authenticating server requires both User and Password to validate the user's identity.
This section provides a complete list of the AWS Authentication properties you can configure in the connection string for this provider.
| Property | Description |
| AWSCognitoRegion | The hosting region for AWS Cognito. |
| AWSUserPoolId | The User Pool Id. |
| AWSUserPoolClientAppId | The User Pool Client App Id. |
| AWSUserPoolClientAppSecret | Optional. The User Pool Client App Secret. |
The hosting region for AWS Cognito.
The hosting region for AWS Cognito. Available values are OHIO, NORTHERNVIRGINIA, NORTHERNCALIFORNIA, OREGON, CAPETOWN, HONGKONG, HYDERABAD, JAKARTA, MALAYSIA, MELBOURNE, MUMBAI, OSAKA, SEOUL, SINGAPORE, SYDNEY, TOKYO, CENTRAL, CALGARY, BEIJING, NINGXIA, FRANKFURT, IRELAND, LONDON, MILAN, PARIS, SPAIN, STOCKHOLM, ZURICH, TELAVIV, BAHRAIN, UAE, SAOPAULO, GOVCLOUDEAST, GOVCLOUDWEST, ISOLATEDUSEAST, ISOLATEDUSEASTB, ISOLATEDUSWEST, and ISOLATEDEUWEST.
The User Pool Id.
You can find this in AWS Cognito -> Manage User Pools -> select your user pool -> General settings -> Pool Id.
The User Pool Client App Id.
You can find this in AWS Cognito -> Manage Identity Pools -> select your user pool -> General settings -> App clients -> App client Id.
Optional. The User Pool Client App Secret.
You can find this in AWS Cognito -> Manage Identity Pools -> select your user pool -> General settings -> App clients -> App client secret.
This section provides a complete list of the OAuth properties you can configure in the connection string for this provider.
| Property | Description |
| OAuthVersion | The version of OAuth being used. |
| OAuthClientId | Specifies the client Id that was assigned the custom OAuth application was created. (Also known as the consumer key.) This ID registers the custom application with the OAuth authorization server. |
| OAuthClientSecret | Specifies the client secret that was assigned when the custom OAuth application was created. (Also known as the consumer secret ). This secret registers the custom application with the OAuth authorization server. |
| OAuthGrantType | Specifies the grant type for the chosen OAuth flow. This value should be the same as the grant_type that was set during OAuth custom application creation. |
| OAuthIncludeCallbackURL | Whether to include the callback URL in an access token request. |
| OAuthAuthorizationURL | The authorization URL for the OAuth service. |
| OAuthAccessTokenURL | The URL to retrieve the OAuth access token from. |
| OAuthRefreshTokenURL | The URL to refresh the OAuth token from. |
| OAuthRequestTokenURL | The URL the service provides to retrieve request tokens from. This is required in OAuth 1.0. |
| AuthToken | The authentication token used to request and obtain the OAuth Access Token. |
| AuthKey | The authentication secret used to request and obtain the OAuth Access Token. |
| OAuthParams | A comma-separated list of other parameters to submit in the request for the OAuth access token in the format paramname=value. |
The version of OAuth being used.
The version of OAuth being used. The following options are available: Disabled,1.0,2.0
Specifies the client Id that was assigned the custom OAuth application was created. (Also known as the consumer key.) This ID registers the custom application with the OAuth authorization server.
OAuthClientId is one of a handful of connection parameters that need to be set before users can authenticate via OAuth. For details, see Establishing a Connection.
Specifies the client secret that was assigned when the custom OAuth application was created. (Also known as the consumer secret ). This secret registers the custom application with the OAuth authorization server.
OAuthClientSecret is one of a handful of connection parameters that need to be set before users can authenticate via OAuth. For details, see Establishing a Connection.
Specifies the grant type for the chosen OAuth flow. This value should be the same as the grant_type that was set during OAuth custom application creation.
In most cases, the default grant type should not be modified. For information about the most common OAuth grant types and the trade-offs between them, see https://oauth.net/2/grant-types/.
Whether to include the callback URL in an access token request.
This defaults to true since standards-compliant OAuth services will ignore the redirect_uri parameter for grant types like CLIENT or PASSWORD that do not require it.
This option should only be enabled for OAuth services that report errors when redirect_uri is included.
The authorization URL for the OAuth service.
The authorization URL for the OAuth service. At this URL, the user logs into the server and grants permissions to the application. In OAuth 1.0, if permissions are granted, the request token is authorized.
The URL to retrieve the OAuth access token from.
The URL to retrieve the OAuth access token from. In OAuth 1.0, the authorized request token is exchanged for the access token at this URL.
The URL to refresh the OAuth token from.
The URL to refresh the OAuth token from. In OAuth 2.0, this URL is where the refresh token is exchanged for a new access token when the old access token expires.
The URL the service provides to retrieve request tokens from. This is required in OAuth 1.0.
The URL the service provides to retrieve request tokens from. This is required in OAuth 1.0. In OAuth 1.0, this is the URL where the app makes a request for the request token.
The authentication token used to request and obtain the OAuth Access Token.
This property is required only when performing headless authentication in OAuth 1.0. It can be obtained from the GetOAuthAuthorizationUrl stored procedure.
It can be supplied alongside the AuthKey in the GetOAuthAccessToken stored procedure to obtain the OAuthAccessToken.
The authentication secret used to request and obtain the OAuth Access Token.
This property is required only when performing headless authentication in OAuth 1.0. It can be obtained from the GetOAuthAuthorizationUrl stored procedure.
It can be supplied alongside the AuthToken in the GetOAuthAccessToken stored procedure to obtain the OAuthAccessToken.
A comma-separated list of other parameters to submit in the request for the OAuth access token in the format paramname=value.
A comma-separated list of other parameters to submit in the request for the OAuth access token in the format paramname=value.
This section provides a complete list of the JWT OAuth properties you can configure in the connection string for this provider.
| Property | Description |
| OAuthJWTCert | The JWT Certificate store. |
| OAuthJWTCertType | The type of key store containing the JWT Certificate. |
| OAuthJWTCertPassword | The password for the OAuth JWT certificate used to access a certificate store that requires a password. If the certificate store does not require a password, leave this property blank. |
| OAuthJWTCertSubject | The subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate. |
The JWT Certificate store.
The name of the certificate store for the client certificate.
The OAuthJWTCertType field specifies the type of the certificate store specified by OAuthJWTCert. If the store is password protected, specify the password in OAuthJWTCertPassword.
OAuthJWTCert is used in conjunction with the OAuthJWTCertSubject field in order to specify client certificates. If OAuthJWTCert has a value, and OAuthJWTCertSubject is set, a search for a certificate is initiated. Please refer to the OAuthJWTCertSubject field for details.
Designations of certificate stores are platform-dependent.
The following are designations of the most common User and Machine certificate stores in Windows:
| MY | A certificate store holding personal certificates with their associated private keys. |
| CA | Certifying authority certificates. |
| ROOT | Root certificates. |
| SPC | Software publisher certificates. |
In Java, the certificate store normally is a file containing certificates and optional private keys.
When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).
The type of key store containing the JWT Certificate.
This property can take one of the following values:
| USER | For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java. |
| MACHINE | For Windows, this specifies that the certificate store is a machine store. Note: this store type is not available in Java. |
| PFXFILE | The certificate store is the name of a PFX (PKCS12) file containing certificates. |
| PFXBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in PFX (PKCS12) format. |
| JKSFILE | The certificate store is the name of a Java key store (JKS) file containing certificates. Note: this store type is only available in Java. |
| JKSBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in Java key store (JKS) format. Note: this store type is only available in Java. |
| PEMKEY_FILE | The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate. |
| PEMKEY_BLOB | The certificate store is a string (base64-encoded) that contains a private key and an optional certificate. |
| PUBLIC_KEY_FILE | The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate. |
| PUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains a PEM- or DER-encoded public key certificate. |
| SSHPUBLIC_KEY_FILE | The certificate store is the name of a file that contains an SSH-style public key. |
| SSHPUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains an SSH-style public key. |
| P7BFILE | The certificate store is the name of a PKCS7 file containing certificates. |
| PPKFILE | The certificate store is the name of a file that contains a PPK (PuTTY Private Key). |
| XMLFILE | The certificate store is the name of a file that contains a certificate in XML format. |
| XMLBLOB | The certificate store is a string that contains a certificate in XML format. |
| BCFKSFILE | The certificate store is the name of a file that contains an Bouncy Castle keystore. |
| BCFKSBLOB | The certificate store is a string (base-64-encoded) that contains a Bouncy Castle keystore. |
The password for the OAuth JWT certificate used to access a certificate store that requires a password. If the certificate store does not require a password, leave this property blank.
This property specifies the password needed to open the certificate store, but only if the store type requires one. To determine if a password is necessary, refer to the documentation or configuration for your specific certificate store.
The subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate.
The value of this property is used to locate a matching certificate in the store. The search process works as follows:
You can set the value to '*' to automatically select the first certificate in the store. The certificate subject is a comma-separated list of distinguished name fields and values. For example: CN=www.server.com, OU=test, C=US, [email protected]. Common fields include:
| Field | Meaning |
| CN | Common Name. This is commonly a host name like www.server.com. |
| O | Organization |
| OU | Organizational Unit |
| L | Locality |
| S | State |
| C | Country |
| E | Email Address |
If a field value contains a comma, enclose it in quotes. For example: "O=ACME, Inc.".
This section provides a complete list of the SSL properties you can configure in the connection string for this provider.
| Property | Description |
| SSLClientCert | Specifies the TLS/SSL client certificate store for SSL Client Authentication (2-way SSL). This property works in conjunction with other SSL-related properties to establish a secure connection. |
| SSLClientCertType | Specifies the type of key store containing the TLS/SSL client certificate for SSL Client Authentication. Choose from a variety of key store formats depending on your platform and certificate source. |
| SSLClientCertPassword | Specifes the password required to access the TLS/SSL client certificate store. Use this property if the selected certificate store type requires a password for access. |
| SSLClientCertSubject | Specifes the subject of the TLS/SSL client certificate to locate it in the certificate store. Use a comma-separated list of distinguished name fields, such as CN=www.server.com, C=US. The wildcard * selects the first certificate in the store. |
| SSLServerCert | Specifies the certificate to be accepted from the server when connecting using TLS/SSL. |
Specifies the TLS/SSL client certificate store for SSL Client Authentication (2-way SSL). This property works in conjunction with other SSL-related properties to establish a secure connection.
This property specifies the client certificate store for SSL Client Authentication. Use this property alongside SSLClientCertType, which defines the type of the certificate store, and SSLClientCertPassword, which specifies the password for password-protected stores. When SSLClientCert is set and SSLClientCertSubject is configured, the driver searches for a certificate matching the specified subject.
Certificate store designations vary by platform. On Windows, certificate stores are identified by names such as MY (personal certificates), while in Java, the certificate store is typically a file containing certificates and optional private keys.
The following are designations of the most common User and Machine certificate stores in Windows:
| MY | A certificate store holding personal certificates with their associated private keys. |
| CA | Certifying authority certificates. |
| ROOT | Root certificates. |
| SPC | Software publisher certificates. |
For PFXFile types, set this property to the filename. For PFXBlob types, set this property to the binary contents of the file in PKCS12 format.
Specifies the type of key store containing the TLS/SSL client certificate for SSL Client Authentication. Choose from a variety of key store formats depending on your platform and certificate source.
This property determines the format and location of the key store used to provide the client certificate. Supported values include platform-specific and universal key store formats. The available values and their usage are:
| USER - default | For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note that this store type is not available in Java. |
| MACHINE | For Windows, this specifies that the certificate store is a machine store. Note that this store type is not available in Java. |
| PFXFILE | The certificate store is the name of a PFX (PKCS12) file containing certificates. |
| PFXBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in PFX (PKCS12) format. |
| JKSFILE | The certificate store is the name of a Java key store (JKS) file containing certificates. Note that this store type is only available in Java. |
| JKSBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in JKS format. Note that this store type is only available in Java. |
| PEMKEY_FILE | The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate. |
| PEMKEY_BLOB | The certificate store is a string (base64-encoded) that contains a private key and an optional certificate. |
| PUBLIC_KEY_FILE | The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate. |
| PUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains a PEM- or DER-encoded public key certificate. |
| SSHPUBLIC_KEY_FILE | The certificate store is the name of a file that contains an SSH-style public key. |
| SSHPUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains an SSH-style public key. |
| P7BFILE | The certificate store is the name of a PKCS7 file containing certificates. |
| PPKFILE | The certificate store is the name of a file that contains a PuTTY Private Key (PPK). |
| XMLFILE | The certificate store is the name of a file that contains a certificate in XML format. |
| XMLBLOB | The certificate store is a string that contains a certificate in XML format. |
| BCFKSFILE | The certificate store is the name of a file that contains an Bouncy Castle keystore. |
| BCFKSBLOB | The certificate store is a string (base-64-encoded) that contains a Bouncy Castle keystore. |
Specifes the password required to access the TLS/SSL client certificate store. Use this property if the selected certificate store type requires a password for access.
This property provides the password needed to open a password-protected certificate store. This property is necessary when using certificate stores that require a password for decryption, as is often recommended for PFX or JKS type stores.
If the certificate store type does not require a password, for example USER or MACHINE on Windows, this property can be left blank. Ensure that the password matches the one associated with the specified certificate store to avoid authentication errors.
Specifes the subject of the TLS/SSL client certificate to locate it in the certificate store. Use a comma-separated list of distinguished name fields, such as CN=www.server.com, C=US. The wildcard * selects the first certificate in the store.
This property determines which client certificate to load based on its subject. The Sync App searches for a certificate that exactly matches the specified subject. If no exact match is found, the Sync App looks for certificates containing the value of the subject. If no match is found, no certificate is selected.
The subject should follow the standard format of a comma-separated list of distinguished name fields and values. For example, CN=www.server.com, OU=Test, C=US. Common fields include the following:
| Field | Meaning |
| CN | Common Name. This is commonly a host name like www.server.com. |
| O | Organization |
| OU | Organizational Unit |
| L | Locality |
| S | State |
| C | Country |
| E | Email Address |
Note: If any field contains special characters, such as commas, the value must be quoted. For example: CN="Example, Inc.", C=US.
Specifies the certificate to be accepted from the server when connecting using TLS/SSL.
If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.
This property can take the following forms:
| Description | Example |
| A full PEM Certificate (example shortened for brevity) | -----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE----- |
| A path to a local file containing the certificate | C:\cert.cer |
| The public key (example shortened for brevity) | -----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY----- |
| The MD5 Thumbprint (hex values can also be either space or colon separated) | ecadbdda5a1529c58a1e9e09828d70e4 |
| The SHA1 Thumbprint (hex values can also be either space or colon separated) | 34a929226ae0819f2ec14b4a3d904f801cbb150d |
If not specified, any certificate trusted by the machine is accepted.
Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.
This section provides a complete list of the Firewall properties you can configure in the connection string for this provider.
| Property | Description |
| FirewallType | Specifies the protocol the provider uses to tunnel traffic through a proxy-based firewall. |
| FirewallServer | Identifies the IP address, DNS name, or host name of a proxy used to traverse a firewall and relay user queries to network resources. |
| FirewallPort | Specifies the TCP port to be used for a proxy-based firewall. |
| FirewallUser | Identifies the user ID of the account authenticating to a proxy-based firewall. |
| FirewallPassword | Specifies the password of the user account authenticating to a proxy-based firewall. |
Specifies the protocol the provider uses to tunnel traffic through a proxy-based firewall.
A proxy-based firewall (or proxy firewall) is a network security device that acts as an intermediary between user requests and the resources they access. The proxy accepts the request of an authenticated user, tunnels through the firewall, and transmits the request to the appropriate server.
Because the proxy evaluates and transfers data backets on behalf of the requesting users, the users never connect directly with the servers, only with the proxy.
Note: By default, the Sync App connects to the system proxy. To disable this behavior and connect to one of the following proxy types, set ProxyAutoDetect to false.
The following table provides port number information for each of the supported protocols.
| Protocol | Default Port | Description |
| TUNNEL | 80 | The port where the Sync App opens a connection to GraphQL. Traffic flows back and forth via the proxy at this location. |
| SOCKS4 | 1080 | The port where the Sync App opens a connection to GraphQL. SOCKS 4 then passes theFirewallUser value to the proxy, which determines whether the connection request should be granted. |
| SOCKS5 | 1080 | The port where the Sync App sends data to GraphQL. If the SOCKS 5 proxy requires authentication, set FirewallUser and FirewallPassword to credentials the proxy recognizes. |
To connect to HTTP proxies, use ProxyServer and ProxyPort. To authenticate to HTTP proxies, use ProxyAuthScheme, ProxyUser, and ProxyPassword.
Identifies the IP address, DNS name, or host name of a proxy used to traverse a firewall and relay user queries to network resources.
A proxy-based firewall (or proxy firewall) is a network security device that acts as an intermediary between user requests and the resources they access. The proxy accepts the request of an authenticated user, tunnels through the firewall, and transmits the request to the appropriate server.
Because the proxy evaluates and transfers data backets on behalf of the requesting users, the users never connect directly with the servers, only with the proxy.
Specifies the TCP port to be used for a proxy-based firewall.
A proxy-based firewall (or proxy firewall) is a network security device that acts as an intermediary between user requests and the resources they access. The proxy accepts the request of an authenticated user, tunnels through the firewall, and transmits the request to the appropriate server.
Because the proxy evaluates and transfers data backets on behalf of the requesting users, the users never connect directly with the servers, only with the proxy.
Identifies the user ID of the account authenticating to a proxy-based firewall.
A proxy-based firewall (or proxy firewall) is a network security device that acts as an intermediary between user requests and the resources they access. The proxy accepts the request of an authenticated user, tunnels through the firewall, and transmits the request to the appropriate server.
Because the proxy evaluates and transfers data backets on behalf of the requesting users, the users never connect directly with the servers, only with the proxy.
Specifies the password of the user account authenticating to a proxy-based firewall.
A proxy-based firewall (or proxy firewall) is a network security device that acts as an intermediary between user requests and the resources they access. The proxy accepts the request of an authenticated user, tunnels through the firewall, and transmits the request to the appropriate server.
Because the proxy evaluates and transfers data backets on behalf of the requesting users, the users never connect directly with the servers, only with the proxy.
This section provides a complete list of the Proxy properties you can configure in the connection string for this provider.
| Property | Description |
| ProxyAutoDetect | Specifies whether the provider checks your system proxy settings for existing proxy server configurations, rather than using a manually specified proxy server. |
| ProxyServer | The hostname or IP address of the proxy server that you want to route HTTP traffic through. |
| ProxyPort | The TCP port on your specified proxy server (set in the ProxyServer connection property) that has been reserved for routing HTTP traffic to and from the client. |
| ProxyAuthScheme | Specifies the authentication method the provider uses when authenticating to the proxy server specified in the ProxyServer connection property. |
| ProxyUser | The username of a user account registered with the proxy server specified in the ProxyServer connection property. |
| ProxyPassword | The password associated with the user specified in the ProxyUser connection property. |
| ProxySSLType | The SSL type to use when connecting to the proxy server specified in the ProxyServer connection property. |
| ProxyExceptions | A semicolon separated list of destination hostnames or IPs that are exempt from connecting through the proxy server set in the ProxyServer connection property. |
Specifies whether the provider checks your system proxy settings for existing proxy server configurations, rather than using a manually specified proxy server.
When this connection property is set to True, the Sync App checks your system proxy settings for existing proxy server configurations (no need to manually supply proxy server details).
This connection property takes precedence over other proxy settings. Set to False if you want to manually configure the Sync App to connect to a specific proxy server.
To connect to an HTTP proxy, see ProxyServer. For other proxies, such as SOCKS or tunneling, see FirewallType.
The hostname or IP address of the proxy server that you want to route HTTP traffic through.
The Sync App only routes HTTP traffic through the proxy server specified in this connection property when ProxyAutoDetect is set to False. If ProxyAutoDetect is set to True, which is the default, the Sync App instead routes HTTP traffic through the proxy server specified in your system proxy settings.
The TCP port on your specified proxy server (set in the ProxyServer connection property) that has been reserved for routing HTTP traffic to and from the client.
The Sync App only routes HTTP traffic through the proxy server port specified in this connection property when ProxyAutoDetect is set to False. If ProxyAutoDetect is set to True, which is the default, the Sync App instead routes HTTP traffic through the proxy server port specified in your system proxy settings.
For other proxy types, see FirewallType.
Specifies the authentication method the provider uses when authenticating to the proxy server specified in the ProxyServer connection property.
The authentication type can be one of the following:
For all values other than "NONE", you must also set the ProxyUser and ProxyPassword connection properties.
If you need to use another authentication type, such as SOCKS 5 authentication, see FirewallType.
The username of a user account registered with the proxy server specified in the ProxyServer connection property.
The ProxyUser and ProxyPassword connection properties are used to connect and authenticate against the HTTP proxy specified in ProxyServer.
After selecting one of the available authentication types in ProxyAuthScheme, set this property as follows:
| ProxyAuthScheme Value | Value to set for ProxyUser |
| BASIC | The user name of a user registered with the proxy server. |
| DIGEST | The user name of a user registered with the proxy server. |
| NEGOTIATE | The username of a Windows user who is a valid user in the domain or trusted domain that the proxy server is part of, in the format user@domain or domain\user. |
| NTLM | The username of a Windows user who is a valid user in the domain or trusted domain that the proxy server is part of, in the format user@domain or domain\user. |
| NONE | Do not set the ProxyPassword connection property. |
The Sync App only uses this username if ProxyAutoDetect is set to False. If ProxyAutoDetect is set to True, which is the default, the Sync App instead uses the username specified in your system proxy settings.
The password associated with the user specified in the ProxyUser connection property.
The ProxyUser and ProxyPassword connection properties are used to connect and authenticate against the HTTP proxy specified in ProxyServer.
After selecting one of the available authentication types in ProxyAuthScheme, set this property as follows:
| ProxyAuthScheme Value | Value to set for ProxyPassword |
| BASIC | The password associated with the proxy server user specified in ProxyUser. |
| DIGEST | The password associated with the proxy server user specified in ProxyUser. |
| NEGOTIATE | The password associated with the Windows user account specified in ProxyUser. |
| NTLM | The password associated with the Windows user account specified in ProxyUser. |
| NONE | Do not set the ProxyPassword connection property. |
For SOCKS 5 authentication or tunneling, see FirewallType.
The Sync App only uses this password if ProxyAutoDetect is set to False. If ProxyAutoDetect is set to True, which is the default, the Sync App instead uses the password specified in your system proxy settings.
The SSL type to use when connecting to the proxy server specified in the ProxyServer connection property.
This property determines when to use SSL for the connection to the HTTP proxy specified by ProxyServer. You can set this connection property to the following values :
| AUTO | Default setting. If ProxyServer is set to an HTTPS URL, the Sync App uses the TUNNEL option. If ProxyServer is set to an HTTP URL, the component uses the NEVER option. |
| ALWAYS | The connection is always SSL enabled. |
| NEVER | The connection is not SSL enabled. |
| TUNNEL | The connection is made through a tunneling proxy. The proxy server opens a connection to the remote host and traffic flows back and forth through the proxy. |
A semicolon separated list of destination hostnames or IPs that are exempt from connecting through the proxy server set in the ProxyServer connection property.
The ProxyServer is used for all addresses, except for addresses defined in this property. Use semicolons to separate entries.
Note that the Sync App uses the system proxy settings by default, without further configuration needed. If you want to explicitly configure proxy exceptions for this connection, set ProxyAutoDetect to False.
This section provides a complete list of the Logging properties you can configure in the connection string for this provider.
| Property | Description |
| LogModules | Specifies the core modules to include in the log file. Use a semicolon-separated list of module names. By default, all modules are logged. |
Specifies the core modules to include in the log file. Use a semicolon-separated list of module names. By default, all modules are logged.
This property lets you customize the log file content by specifying the logging modules to include. Logging modules categorize logged information into distinct areas, such as query execution, metadata, or SSL communication. Each module is represented by a four-character code, with some requiring a trailing space for three-letter names.
For example, EXEC logs query execution, and INFO logs general provider messages. To include multiple modules, separate their names with semicolons as follows: INFO;EXEC;SSL.
The Verbosity connection property takes precedence over the module-based filtering specified by this property. Only log entries that meet the verbosity level and belong to the specified modules are logged. Leave this property blank to include all available modules in the log file.
For a complete list of available modules and detailed guidance on configuring logging, refer to the Advanced Logging section in Logging.
This section provides a complete list of the Schema properties you can configure in the connection string for this provider.
| Property | Description |
| Location | Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path. |
| BrowsableSchemas | Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC . |
| Tables | Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA,TableB,TableC . |
| Views | Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC . |
| ExpandArgumentsDepth | This property is used to determine how far the provider should search for columns inside the arguments of type INPUT_OBJECT. |
| ExpandTablesDepth | This property is used to determine the depth of the child tables. |
| ExpandTemporaryTablesDepth | This property is used to determine the depth of the child temporary tables. Only works if ExposeDynamicProcedures is set to true. |
| ExpandColumnsDepth | This property is used to determine how far the provider should search for columns inside the GraphQL objects. |
| IncludeDeprecatedMetadata | This property is used to determine whether the provider should expose deprecated tables and columns or not. |
| ExposeDynamicProcedures | This property is used to determine whether the provider should expose mutations as dynamic procedures or not. |
| ExposeObjectTables | This property is used to determine the extent to which the provider exposes GraphQL object type fields as tables. |
Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path.
The Location property is only needed if you want to either customize definitions (for example, change a column name, ignore a column, etc.) or extend the data model with new tables, views, or stored procedures.
If left unspecified, the default location is %APPDATA%\\CData\\GraphQL Data Provider\\Schema, where %APPDATA% is set to the user's configuration directory:
| Platform | %APPDATA% |
| Windows | The value of the APPDATA environment variable |
| Linux | ~/.config |
Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC .
Listing all available database schemas can take extra time, thus degrading performance. Providing a list of schemas in the connection string saves time and improves performance.
Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA,TableB,TableC .
Listing all available tables from some databases can take extra time, thus degrading performance. Providing a list of tables in the connection string saves time and improves performance.
If there are lots of tables available and you already know which ones you want to work with, you can use this property to restrict your viewing to only those tables. To do this, specify the tables you want in a comma-separated list. Each table should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Tables=TableA,[TableB/WithSlash],WithCatalog.WithSchema.`TableC With Space`.
Note: If you are connecting to a data source with multiple schemas or catalogs, you must specify each table you want to view by its fully qualified name. This avoids ambiguity between tables that may exist in multiple catalogs or schemas.
Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC .
Listing all available views from some databases can take extra time, thus degrading performance. Providing a list of views in the connection string saves time and improves performance.
If there are lots of views available and you already know which ones you want to work with, you can use this property to restrict your viewing to only those views. To do this, specify the views you want in a comma-separated list. Each view should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Views=ViewA,[ViewB/WithSlash],WithCatalog.WithSchema.`ViewC With Space`.
Note: If you are connecting to a data source with multiple schemas or catalogs, you must specify each view you want to examine by its fully qualified name. This avoids ambiguity between views that may exist in multiple catalogs or schemas.
This property is used to determine how far the provider should search for columns inside the arguments of type INPUT_OBJECT.
This property is used to determine how far the Sync App should search for columns inside the arguments of type INPUT_OBJECT. For example:
{
"variables": {
"input": {
"filters": {
"type": "SUPPLIER"
}
}
},
"query": "query($input:FilteredCompaniesInput!) {\r\nfilteredCompanies(input:$input) {\r\nid:id\r\nvalue:value\r\n}\r\n}\r\n"
}
for the SQL query:
SELECT id,value FROM filteredCompanies WHERE type='SUPPLIER'In this case the nested "FilteredCompaniesInput" is itself of type INPUT_OBJECT. In a column search, the ExpandColumnsDepth property controls how many nested levels of type INPUT_OBJECT are subjected to searching.
This property is used to determine the depth of the child tables.
This property is used to determine the depth of the child tables.
This property is used to determine the depth of the child temporary tables. Only works if ExposeDynamicProcedures is set to true.
This property is used to determine the depth of the child temporary tables. Only works if ExposeDynamicProcedures is set to true.
This property is used to determine how far the provider should search for columns inside the GraphQL objects.
This property is used to determine how far the Sync App should search for columns inside the GraphQL objects.
This property is used to determine whether the provider should expose deprecated tables and columns or not.
This property is used to determine whether the Sync App should expose deprecated tables and columns or not.
This property is used to determine whether the provider should expose mutations as dynamic procedures or not.
This property is used to determine whether the Sync App should expose mutations as dynamic procedures or not.
This property is used to determine the extent to which the provider exposes GraphQL object type fields as tables.
This property is used to determine the extent to which the Sync App exposes GraphQL object type fields as tables. It applies only to fields that meet the following conditions:
This section provides a complete list of the Miscellaneous properties you can configure in the connection string for this provider.
| Property | Description |
| CustomHeaders | Specifies additional HTTP headers to append to the request headers created from other properties, such as ContentType and From. Use this property to customize requests for specialized or nonstandard APIs. |
| GenerateSchemaFiles | Indicates the user preference as to when schemas should be generated and saved. |
| MaxRows | Specifies the maximum rows returned for queries without aggregation or GROUP BY. |
| Other | Specifies additional hidden properties for specific use cases. These are not required for typical provider functionality. Use a semicolon-separated list to define multiple properties. |
| Pagesize | The maximum number of results to return per page from GraphQL. |
| PseudoColumns | Specifies the pseudocolumns to expose as table columns. Use the format 'TableName=ColumnName;TableName=ColumnName'. The default is an empty string, which disables this property. |
| Timeout | Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. The default is 60 seconds. Set to 0 to disable the timeout. |
| UserDefinedViews | Specifies a filepath to a JSON configuration file defining custom views. The provider automatically detects and uses the views specified in this file. |
Specifies additional HTTP headers to append to the request headers created from other properties, such as ContentType and From. Use this property to customize requests for specialized or nonstandard APIs.
Use this property to add custom headers to HTTP requests sent by the Sync App.
This property is useful when fine-tuning requests to interact with APIs that require additional or nonstandard headers. Headers must follow the format "header: value" as described in the HTTP specifications and each header line must be separated by the carriage return and line feed (CRLF) characters. Important: Use caution when setting this property. Supplying invalid headers may cause HTTP requests to fail.
Indicates the user preference as to when schemas should be generated and saved.
This property outputs schemas to .rsd files in the path specified by Location.
Available settings are the following:
When you set GenerateSchemaFiles to OnUse, the Sync App generates schemas as you execute SELECT queries. Schemas are generated for each table referenced in the query.
When you set GenerateSchemaFiles to OnCreate, schemas are only generated when a CREATE TABLE query is executed.
Another way to use this property is to obtain schemas for every table in your database when you connect. To do so, set GenerateSchemaFiles to OnStart and connect.
Specifies the maximum rows returned for queries without aggregation or GROUP BY.
This property sets an upper limit on the number of rows the Sync App returns for queries that do not include aggregation or GROUP BY clauses. This limit ensures that queries do not return excessively large result sets by default.
When a query includes a LIMIT clause, the value specified in the query takes precedence over the MaxRows setting. If MaxRows is set to "-1", no row limit is enforced unless a LIMIT clause is explicitly included in the query.
This property is useful for optimizing performance and preventing excessive resource consumption when executing queries that could otherwise return very large datasets.
Specifies additional hidden properties for specific use cases. These are not required for typical provider functionality. Use a semicolon-separated list to define multiple properties.
This property allows advanced users to configure hidden properties for specialized scenarios. These settings are not required for normal use cases but can address unique requirements or provide additional functionality. Multiple properties can be defined in a semicolon-separated list.
Note: It is strongly recommended to set these properties only when advised by the support team to address specific scenarios or issues.
Specify multiple properties in a semicolon-separated list.
| DefaultColumnSize | Sets the default length of string fields when the data source does not provide column length in the metadata. The default value is 2000. |
| ConvertDateTimeToGMT | Determines whether to convert date-time values to GMT, instead of the local time of the machine. |
| RecordToFile=filename | Records the underlying socket data transfer to the specified file. |
The maximum number of results to return per page from GraphQL.
The Pagesize property affects the maximum number of results to return per page from GraphQL. Setting a higher value may result in better performance at the cost of additional memory eaten up per page consumed. The pageSize is proportional to the GraphQL query cost.
Specifies the pseudocolumns to expose as table columns. Use the format 'TableName=ColumnName;TableName=ColumnName'. The default is an empty string, which disables this property.
This property allows you to define which pseudocolumns the Sync App exposes as table columns.
To specify individual pseudocolumns, use the following format: "Table1=Column1;Table1=Column2;Table2=Column3"
To include all pseudocolumns for all tables use: "*=*"
Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. The default is 60 seconds. Set to 0 to disable the timeout.
This property controls the maximum time, in seconds, that the Sync App waits for an operation to complete before canceling it. If the timeout period expires before the operation finishes, the Sync App cancels the operation and throws an exception.
The timeout applies to each individual communication with the server rather than the entire query or operation. For example, a query could continue running beyond 60 seconds if each paging call completes within the timeout limit.
Setting this property to 0 disables the timeout, allowing operations to run indefinitely until they succeed or fail due to other conditions such as server-side timeouts, network interruptions, or resource limits on the server. Use this property cautiously to avoid long-running operations that could degrade performance or result in unresponsive behavior.
Specifies a filepath to a JSON configuration file defining custom views. The provider automatically detects and uses the views specified in this file.
This property allows you to define and manage custom views through a JSON-formatted configuration file called UserDefinedViews.json. These views are automatically recognized by the Sync App and enable you to execute custom SQL queries as if they were standard database views. The JSON file defines each view as a root element with a child element called "query", which contains the SQL query for the view. For example:
{
"MyView": {
"query": "SELECT * FROM Users WHERE MyColumn = 'value'"
},
"MyView2": {
"query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)"
}
}
You can define multiple views in a single file and specify the filepath using this property. For example: UserDefinedViews=C:\Path\To\UserDefinedViews.json. When you use this property, only the specified views are seen by the Sync App.
Refer to User Defined Views for more information.