Skip to content
Scalekit Docs
Talk to an Engineer Dashboard

Snowflake

OAuth 2.0 dataanalytics

Snowflake

What you can do

Section titled “What you can do”

Connect this agent connector to let your agent:

  • Grants show — Run SHOW GRANTS in common modes (to role, to user, of role, on object)
  • Warehouses show — Run SHOW WAREHOUSES
  • Schemas show databases — Run SHOW DATABASES or SHOW SCHEMAS
  • Keys show imported exported, show primary — Run SHOW IMPORTED KEYS or SHOW EXPORTED KEYS for a table
  • Get get — Query INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS
  • Query cancel — Cancel a running Snowflake SQL API statement by statement handle

Authentication

Section titled “Authentication”

This connector uses OAuth 2.0. Scalekit acts as the OAuth client: it redirects your user to Snowflake, obtains an access token, and automatically refreshes it before it expires. Your agent code never handles tokens directly — you only pass a connectionName and a user identifier.

You supply your Snowflake Connected App credentials (Client ID + Secret) once per environment in the Scalekit dashboard.

Set up the connector

Register your Scalekit environment with the Snowflake connector so Scalekit handles the authentication flow and token lifecycle for you. The connection name you create will be used to identify and invoke the connection programmatically. You’ll need to create an OAuth Security Integration in your Snowflake account.

  1. Set up auth redirects

    • In Scalekit dashboard, go to Agent AuthCreate Connection.

    • Find Snowflake from the list of providers and click Create. Copy the redirect URI. It looks like https://<SCALEKIT_ENVIRONMENT_URL>/sso/v1/oauth/<CONNECTION_ID>/callback.

      Copy redirect URI from Scalekit dashboard

    • Log into your Snowflake account (Snowsight) and run the following SQL to create an OAuth Security Integration, replacing <redirect_uri> with the URI you copied:

      CREATE OR REPLACE SECURITY INTEGRATION scalekit_oauth
        TYPE = OAUTH
        OAUTH_CLIENT = CUSTOM
        OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
        OAUTH_REDIRECT_URI = '<redirect_uri>'
        ENABLED = TRUE;

  2. Get client credentials

    • After creating the integration, run the following SQL to retrieve the client credentials:

      SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('SCALEKIT_OAUTH');

    • This returns a JSON object containing:

      • Client ID — value of OAUTH_CLIENT_ID
      • Client Secret — value of OAUTH_CLIENT_SECRET_2 (or OAUTH_CLIENT_SECRET_1)

  3. Add credentials in Scalekit

    • In Scalekit dashboard, go to Agent AuthConnections and open the connection you created.

    • Enter your credentials:

      • Client ID (from the SQL output)
      • Client Secret (from the SQL output)

      Add credentials in Scalekit dashboard

    • Click Save.

Code examples

Connect a user’s Snowflake account and make API calls on their behalf — Scalekit handles OAuth and token management automatically.

Don’t worry about your Snowflake account domain in the path. Scalekit automatically resolves {{domain}} from the connected account’s configuration. For example, a request with path="/api/v2/statements" will be sent to https://myorg-myaccount.snowflakecomputing.com/api/v2/statements automatically.

Proxy API Calls

import { ScalekitClient } from '@scalekit-sdk/node';
import 'dotenv/config';


const connectionName = 'snowflake'; // get your connection name from connection configurations
const identifier = 'user_123';  // your unique user identifier


// Get your credentials from app.scalekit.com → Developers → Settings → API Credentials
const scalekit = new ScalekitClient(
  process.env.SCALEKIT_ENV_URL,
  process.env.SCALEKIT_CLIENT_ID,
  process.env.SCALEKIT_CLIENT_SECRET
);
const actions = scalekit.actions;


// Authenticate the user
const { link } = await actions.getAuthorizationLink({
  connectionName,
  identifier,
});
console.log('🔗 Authorize Snowflake:', link);
process.stdout.write('Press Enter after authorizing...');
await new Promise(r => process.stdin.once('data', r));


// Make a request via Scalekit proxy
const result = await actions.request({
  connectionName,
  identifier,
  path: '/api/v2/statements',
  method: 'POST',
});
console.log(result);

Tool list

Section titled “Tool list”
snowflake_cancel_query Cancel a running Snowflake SQL API statement by statement handle. 2 params

Cancel a running Snowflake SQL API statement by statement handle.

Name Type Required Description
statement_handle string required Snowflake statement handle to cancel
request_id string optional Optional request ID used when the statement was submitted
snowflake_execute_query Execute one or more SQL statements against Snowflake using the SQL API. Requires a valid Snowflake OAuth2 connection. Use semicolons to submit multiple statements. 12 params

Execute one or more SQL statements against Snowflake using the SQL API. Requires a valid Snowflake OAuth2 connection. Use semicolons to submit multiple statements.

Name Type Required Description
statement string required SQL statement to execute. Use semicolons to send multiple statements in one request.
async boolean optional Execute statement asynchronously and return a statement handle
bindings object optional Bind variables object for '?' placeholders in the SQL statement
database string optional Database to use when executing the statement
nullable boolean optional When false, SQL NULL values are returned as the string "null"
parameters object optional Statement-level Snowflake parameters as a JSON object
request_id string optional Unique request identifier (UUID) used for idempotent retries
retry boolean optional Set true when resubmitting a previously sent request with the same request_id
role string optional Role to use when executing the statement
schema string optional Schema to use when executing the statement
timeout integer optional Maximum number of seconds to wait for statement execution
warehouse string optional Warehouse to use when executing the statement
snowflake_get_columns Query INFORMATION_SCHEMA.COLUMNS for column metadata. 7 params

Query INFORMATION_SCHEMA.COLUMNS for column metadata.

Name Type Required Description
database string required Database name
column_name_like string optional Optional column name pattern
limit integer optional Maximum rows
role string optional Optional role
schema string optional Optional schema filter
table string optional Optional table filter
warehouse string optional Optional warehouse
snowflake_get_query_partition Get a specific result partition for a Snowflake SQL API statement. 3 params

Get a specific result partition for a Snowflake SQL API statement.

Name Type Required Description
partition integer required Partition index to fetch (0-based)
statement_handle string required Snowflake statement handle returned by Execute Query
request_id string optional Optional request ID used when the statement was submitted
snowflake_get_query_status Get Snowflake SQL API statement status and first partition result metadata by statement handle. 2 params

Get Snowflake SQL API statement status and first partition result metadata by statement handle.

Name Type Required Description
statement_handle string required Snowflake statement handle returned by Execute Query
request_id string optional Optional request ID used when the statement was submitted
snowflake_get_referential_constraints Query INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS. 6 params

Query INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS.

Name Type Required Description
database string required Database name
limit integer optional Maximum rows
role string optional Optional role
schema string optional Optional schema filter
table string optional Optional table filter
warehouse string optional Optional warehouse
snowflake_get_schemata Query INFORMATION_SCHEMA.SCHEMATA for schema metadata. 5 params

Query INFORMATION_SCHEMA.SCHEMATA for schema metadata.

Name Type Required Description
database string required Database name
limit integer optional Maximum rows
role string optional Optional role
schema_like string optional Optional schema pattern
warehouse string optional Optional warehouse
snowflake_get_table_constraints Query INFORMATION_SCHEMA.TABLE_CONSTRAINTS. 7 params

Query INFORMATION_SCHEMA.TABLE_CONSTRAINTS.

Name Type Required Description
database string required Database name
constraint_type string optional Optional constraint type filter
limit integer optional Maximum rows
role string optional Optional role
schema string optional Optional schema filter
table string optional Optional table filter
warehouse string optional Optional warehouse
snowflake_get_tables Query INFORMATION_SCHEMA.TABLES for table metadata in a Snowflake database. 6 params

Query INFORMATION_SCHEMA.TABLES for table metadata in a Snowflake database.

Name Type Required Description
database string required Database name
limit integer optional Maximum number of rows
role string optional Optional role
schema string optional Optional schema filter
table_name_like string optional Optional table name pattern
warehouse string optional Optional warehouse
snowflake_show_databases_schemas Run SHOW DATABASES or SHOW SCHEMAS. 5 params

Run SHOW DATABASES or SHOW SCHEMAS.

Name Type Required Description
object_type string required Object type to show
database_name string optional Optional database scope for SHOW SCHEMAS
like_pattern string optional Optional LIKE pattern
role string optional Optional role
warehouse string optional Optional warehouse
snowflake_show_grants Run SHOW GRANTS in common modes (to role, to user, of role, on object). 7 params

Run SHOW GRANTS in common modes (to role, to user, of role, on object).

Name Type Required Description
grant_view string required SHOW GRANTS variant
object_name string optional Object name for on_object
object_type string optional Object type for on_object
role string optional Optional execution role
role_name string optional Role name (for to_role/of_role)
user_name string optional User name (for to_user)
warehouse string optional Optional warehouse
snowflake_show_imported_exported_keys Run SHOW IMPORTED KEYS or SHOW EXPORTED KEYS for a table. For reliable execution in this environment, use fully-qualified scope (database_name + schema_name + table_name). 6 params

Run SHOW IMPORTED KEYS or SHOW EXPORTED KEYS for a table. For reliable execution in this environment, use fully-qualified scope (database_name + schema_name + table_name).

Name Type Required Description
key_direction string required Which command to run
table_name string required Table name (use with schema_name and database_name for fully-qualified scope)
database_name string optional Optional database name (recommended with schema_name)
role string optional Optional role
schema_name string optional Optional schema name (recommended with database_name)
warehouse string optional Optional warehouse
snowflake_show_primary_keys Run SHOW PRIMARY KEYS with optional scope. When using schema_name (or schema_name + table_name), database_name is required for fully-qualified scope. 5 params

Run SHOW PRIMARY KEYS with optional scope. When using schema_name (or schema_name + table_name), database_name is required for fully-qualified scope.

Name Type Required Description
database_name string optional Optional database name for scope (required when schema_name is set)
role string optional Optional role
schema_name string optional Optional schema name for scope
table_name string optional Optional table name for scope
warehouse string optional Optional warehouse
snowflake_show_warehouses Run SHOW WAREHOUSES. 3 params

Run SHOW WAREHOUSES.

Name Type Required Description
like_pattern string optional Optional LIKE pattern
role string optional Optional role
warehouse string optional Optional warehouse