> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation. > > - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install @scalekit-auth-stack` > - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install @scalekit-auth-stack` > - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `` > - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill ` > > `` / ``: `agentkit`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # Snowflake Key Pair Auth **Authentication:** Bearer Token **Categories:** Data, Analytics ## What you can do Connect this agent connector to let your agent: - **Warehouses show** — Run SHOW WAREHOUSES - **Keys show primary, show imported exported** — Run SHOW PRIMARY KEYS with optional scope - **Grants show** — Run SHOW GRANTS in common modes (to role, to user, of role, on object) - **Schemas show databases** — Run SHOW DATABASES or SHOW SCHEMAS - **Get get** — Query INFORMATION_SCHEMA.TABLES for table metadata in a Snowflake database - **Query cancel** — Cancel a running Snowflake SQL API statement by statement handle ## Authentication This connector uses **Bearer Token** authentication. Scalekit securely stores the token and injects it into API requests on behalf of your users. Your agent code never handles tokens directly — you only pass a `connectionName` and a user `identifier`. ## Code examples Connect a user's Snowflake account using key-pair authentication and make API calls on their behalf — Scalekit handles token management automatically. **Don't worry about your Snowflake account domain in the path.** Scalekit automatically resolves `{{domain}}` from the connected account's configuration. For example, a request with `path="/api/v2/statements"` will be sent to `https://myorg-myaccount.snowflakecomputing.com/api/v2/statements` automatically. ## Proxy API Calls ### Node.js ```typescript const connectionName = 'snowflakekeyauth'; // get your connection name from connection configurations const identifier = 'user_123'; // your unique user identifier // Get your credentials from app.scalekit.com → Developers → Settings → API Credentials const scalekit = new ScalekitClient( process.env.SCALEKIT_ENV_URL, process.env.SCALEKIT_CLIENT_ID, process.env.SCALEKIT_CLIENT_SECRET ); const actions = scalekit.actions; // Authenticate the user const { link } = await actions.getAuthorizationLink({ connectionName, identifier, }); console.log('🔗 Authorize Snowflake:', link); // present this link to your user for authorization, or click it yourself for testing process.stdout.write('Press Enter after authorizing...'); await new Promise(r => process.stdin.once('data', r)); // Make a request via Scalekit proxy const result = await actions.request({ connectionName, identifier, path: '/api/v2/statements', method: 'POST', body: { statement: 'SELECT CURRENT_USER()', timeout: 60 }, }); console.log(result); ``` ### Python ```python from dotenv import load_dotenv load_dotenv() connection_name = "snowflakekeyauth" # get your connection name from connection configurations identifier = "user_123" # your unique user identifier # Get your credentials from app.scalekit.com → Developers → Settings → API Credentials scalekit_client = scalekit.client.ScalekitClient( client_id=os.getenv("SCALEKIT_CLIENT_ID"), client_secret=os.getenv("SCALEKIT_CLIENT_SECRET"), env_url=os.getenv("SCALEKIT_ENV_URL"), ) actions = scalekit_client.actions # Authenticate the user link_response = actions.get_authorization_link( connection_name=connection_name, identifier=identifier ) # present this link to your user for authorization, or click it yourself for testing print("🔗 Authorize Snowflake:", link_response.link) input("Press Enter after authorizing...") # Make a request via Scalekit proxy result = actions.request( connection_name=connection_name, identifier=identifier, path="/api/v2/statements", method="POST", json={"statement": "SELECT CURRENT_USER()", "timeout": 60} ) print(result) ``` Before calling this connector from your code, create the Snowflake Key Pair Auth connection in **AgentKit** > **Connections** and copy the exact **Connection name** from that connection into your code. The value in code must match the dashboard exactly. ## Tool list Use the exact tool names from the **Tool list** below when you call `execute_tool`. If you're not sure which name to use, list the tools available for the current user first. ## Tool list ### `snowflakekeyauth_cancel_query` Cancel a running Snowflake SQL API statement by statement handle. Parameters: - `statement_handle` (`string`, required): Snowflake statement handle to cancel - `request_id` (`string`, optional): Optional request ID used when the statement was submitted ### `snowflakekeyauth_execute_query` Execute one or more SQL statements against Snowflake using the SQL API. Requires a valid Snowflake OAuth2 connection. Use semicolons to submit multiple statements. Parameters: - `statement` (`string`, required): SQL statement to execute. Use semicolons to send multiple statements in one request. - `async` (`boolean`, optional): Execute statement asynchronously and return a statement handle - `bindings` (`object`, optional): Bind variables object for '?' placeholders in the SQL statement - `database` (`string`, optional): Database to use when executing the statement - `nullable` (`boolean`, optional): When false, SQL NULL values are returned as the string "null" - `parameters` (`object`, optional): Statement-level Snowflake parameters as a JSON object - `request_id` (`string`, optional): Unique request identifier (UUID) used for idempotent retries - `retry` (`boolean`, optional): Set true when resubmitting a previously sent request with the same request_id - `role` (`string`, optional): Role to use when executing the statement - `schema` (`string`, optional): Schema to use when executing the statement - `timeout` (`integer`, optional): Maximum number of seconds to wait for statement execution - `warehouse` (`string`, optional): Warehouse to use when executing the statement ### `snowflakekeyauth_get_columns` Query INFORMATION_SCHEMA.COLUMNS for column metadata. Parameters: - `database` (`string`, required): Database name - `column_name_like` (`string`, optional): Optional column name pattern - `limit` (`integer`, optional): Maximum rows - `role` (`string`, optional): Optional role - `schema` (`string`, optional): Optional schema filter - `table` (`string`, optional): Optional table filter - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_get_query_partition` Get a specific result partition for a Snowflake SQL API statement. Parameters: - `partition` (`integer`, required): Partition index to fetch (0-based) - `statement_handle` (`string`, required): Snowflake statement handle returned by Execute Query - `request_id` (`string`, optional): Optional request ID used when the statement was submitted ### `snowflakekeyauth_get_query_status` Get Snowflake SQL API statement status and first partition result metadata by statement handle. Parameters: - `statement_handle` (`string`, required): Snowflake statement handle returned by Execute Query - `request_id` (`string`, optional): Optional request ID used when the statement was submitted ### `snowflakekeyauth_get_referential_constraints` Query INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS. Parameters: - `database` (`string`, required): Database name - `limit` (`integer`, optional): Maximum rows - `role` (`string`, optional): Optional role - `schema` (`string`, optional): Optional schema filter - `table` (`string`, optional): Optional table filter - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_get_schemata` Query INFORMATION_SCHEMA.SCHEMATA for schema metadata. Parameters: - `database` (`string`, required): Database name - `limit` (`integer`, optional): Maximum rows - `role` (`string`, optional): Optional role - `schema_like` (`string`, optional): Optional schema pattern - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_get_table_constraints` Query INFORMATION_SCHEMA.TABLE_CONSTRAINTS. Parameters: - `database` (`string`, required): Database name - `constraint_type` (`string`, optional): Optional constraint type filter - `limit` (`integer`, optional): Maximum rows - `role` (`string`, optional): Optional role - `schema` (`string`, optional): Optional schema filter - `table` (`string`, optional): Optional table filter - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_get_tables` Query INFORMATION_SCHEMA.TABLES for table metadata in a Snowflake database. Parameters: - `database` (`string`, required): Database name - `limit` (`integer`, optional): Maximum number of rows - `role` (`string`, optional): Optional role - `schema` (`string`, optional): Optional schema filter - `table_name_like` (`string`, optional): Optional table name pattern - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_show_databases_schemas` Run SHOW DATABASES or SHOW SCHEMAS. Parameters: - `object_type` (`string`, required): Object type to show - `database_name` (`string`, optional): Optional database scope for SHOW SCHEMAS - `like_pattern` (`string`, optional): Optional LIKE pattern - `role` (`string`, optional): Optional role - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_show_grants` Run SHOW GRANTS in common modes (to role, to user, of role, on object). Parameters: - `grant_view` (`string`, required): SHOW GRANTS variant - `object_name` (`string`, optional): Object name for on_object - `object_type` (`string`, optional): Object type for on_object - `role` (`string`, optional): Optional execution role - `role_name` (`string`, optional): Role name (for to_role/of_role) - `user_name` (`string`, optional): User name (for to_user) - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_show_imported_exported_keys` Run SHOW IMPORTED KEYS or SHOW EXPORTED KEYS for a table. For reliable execution in this environment, use fully-qualified scope (database_name + schema_name + table_name). Parameters: - `key_direction` (`string`, required): Which command to run - `table_name` (`string`, required): Table name (use with schema_name and database_name for fully-qualified scope) - `database_name` (`string`, optional): Optional database name (recommended with schema_name) - `role` (`string`, optional): Optional role - `schema_name` (`string`, optional): Optional schema name (recommended with database_name) - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_show_primary_keys` Run SHOW PRIMARY KEYS with optional scope. When using schema_name (or schema_name + table_name), database_name is required for fully-qualified scope. Parameters: - `database_name` (`string`, optional): Optional database name for scope (required when schema_name is set) - `role` (`string`, optional): Optional role - `schema_name` (`string`, optional): Optional schema name for scope - `table_name` (`string`, optional): Optional table name for scope - `warehouse` (`string`, optional): Optional warehouse ### `snowflakekeyauth_show_warehouses` Run SHOW WAREHOUSES. Parameters: - `like_pattern` (`string`, optional): Optional LIKE pattern - `role` (`string`, optional): Optional role - `warehouse` (`string`, optional): Optional warehouse --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |