> ## Documentation Index
> Fetch the complete documentation index at: https://docs.credibledata.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create database connection

> Creates a new database connection for the specified project with secure credential
storage and connection validation.

**Authorization**: Requires project admin permissions.
**Validation**: Tests connection before saving if dryRun is false.
**Security**: Credentials are encrypted and stored securely.




## OpenAPI

````yaml /controlplane-public-api-doc.yaml post /organizations/{organizationName}/projects/{projectName}/connections
openapi: 3.1.0
info:
  title: Credible Admin API
  description: >
    The Credible Admin API is a comprehensive REST API that empowers
    organizations to manage their Malloy data modeling ecosystem with
    enterprise-grade security and governance. This API provides programmatic
    access to all administrative functions, enabling seamless integration with
    existing workflows and automation systems.


    ## Key Features


    - **Organization Management**: Create and manage organizations with
    fine-grained access controls

    - **Project & Package Lifecycle**: Full CRUD operations for projects,
    packages, and versions

    - **Connection Management**: Secure database connection configuration and
    management

    - **Permission Management**: Granular role-based access control (RBAC) at
    organization, project, package, workspace, and document levels

    - **Workspace Management**: Collaborative workspaces for data modeling and
    analysis

    - **User & Group Management**: Comprehensive user administration with
    group-based permissions


    ## Resource Hierarchy


    The API follows a hierarchical resource structure with fine-grained
    permission management at each level:

    ```

    Organizations

    ├── Permissions

    ├── Projects

    │   ├── Permissions

    │   ├── Packages

    │   │   ├── Permissions

    │   │   └── Versions

    │   └── Connections

    ├── Workspaces

    │   ├── Permissions

    │   └── Documents

    │       └── Permissions

    └── Groups
        ├── Permissions
        └── Members

    System-Level Resources:

    ├── Users

    ├── System Permissions

    └── Demo Operations

    ```


    ## Authentication & Authorization


    All API endpoints require proper authentication. The API implements
    fine-grained authorization using role-based permissions:

    - **Admin**: Full access to all resources within scope

    - **Modeler**: Can create and modify data models and packages

    - **Viewer**: Read-only access to resources

    - **Manager**: Workspace management capabilities

    - **Editor**: Document editing permissions


    ## Rate Limiting & Best Practices


    - API requests are rate-limited to ensure system stability

    - Implement proper error handling and retry logic

    - Cache responses when appropriate to reduce API calls


    ## Support & Documentation


    For additional support, examples, and integration guides, visit our
    developer documentation or contact our support team.
  version: v0
  contact:
    name: Credible Support
    email: support@credibledata.com
    url: https://credibledata.com/support
  license:
    name: Proprietary
    url: https://credibledata.com/license
  termsOfService: https://credibledata.com/terms
servers:
  - url: https://{organization}.admin.credibledata.com/api/v0/
    description: Production API server
    variables:
      organization:
        default: demo
        description: Your organization subdomain
security:
  - bearerAuth: []
tags:
  - name: organizations
    description: >-
      Organization management operations for creating, updating, and managing
      organizational entities
  - name: organizationPermissions
    description: >-
      Fine-grained permission management for organizations, including role
      assignments and access controls
  - name: projects
    description: >-
      Project lifecycle management including creation, configuration, and
      deletion of data modeling projects
  - name: projectPermissions
    description: >-
      Permission management for projects, controlling access to project
      resources and capabilities
  - name: packages
    description: >-
      Package management for Malloy data models, including versioning,
      publishing, and distribution
  - name: packagePermissions
    description: >-
      Access control for packages, managing who can view, modify, or publish
      package versions
  - name: versions
    description: >-
      Version management for packages, including archiving, status updates, and
      lifecycle management
  - name: connections
    description: >-
      Database connection management for secure data source configuration and
      access
  - name: workspaces
    description: >-
      Collaborative workspace management for team-based data modeling and
      analysis
  - name: workspacePermissions
    description: >-
      Access control for workspaces, managing who can view, manage, or
      collaborate in workspaces
  - name: documents
    description: >-
      Document management within workspaces, including workbooks, dashboards,
      and other content
  - name: documentPermissions
    description: >-
      Access control for documents, managing who can view, edit, or share
      document content
  - name: groups
    description: >-
      User group management for organizing users and managing group-based
      permissions
  - name: users
    description: >-
      User account management including creation, updates, and profile
      management
  - name: demo
    description: Demo and self-service operations for quick setup and testing scenarios
  - name: permissions
    description: System-level permission management for administrative functions
  - name: bookmarks
    description: >-
      User bookmark management for saving references to workspaces, models, and
      chats
paths:
  /organizations/{organizationName}/projects/{projectName}/connections:
    post:
      tags:
        - connections
      summary: Create database connection
      description: >
        Creates a new database connection for the specified project with secure
        credential

        storage and connection validation.


        **Authorization**: Requires project admin permissions.

        **Validation**: Tests connection before saving if dryRun is false.

        **Security**: Credentials are encrypted and stored securely.
      operationId: createConnection
      parameters:
        - name: organizationName
          in: path
          required: true
          description: The unique identifier of the organization
          schema:
            $ref: '#/components/schemas/IdentifierPattern'
        - name: projectName
          in: path
          required: true
          description: The unique identifier of the project
          schema:
            $ref: '#/components/schemas/IdentifierPattern'
        - name: dryRun
          in: query
          required: false
          description: Whether to test the connection without saving it
          schema:
            type: boolean
            default: false
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Connection'
        required: true
      responses:
        '200':
          description: Connection created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Connection'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  schemas:
    IdentifierPattern:
      type: string
      pattern: ^[a-zA-Z0-9_-]+$
      description: Standard identifier pattern for resource names
    Connection:
      x-class-name: Connection
      allOf:
        - type: object
          description: Database connection configuration and metadata
          properties:
            resource:
              type: string
              description: Resource path to the connection
            name:
              type: string
              description: Name of the connection
            type:
              type: string
              description: Type of database connection
              enum:
                - postgres
                - bigquery
                - snowflake
                - trino
                - mysql
                - duckdb
                - motherduck
            attributes:
              $ref: '#/components/schemas/ConnectionAttributes'
            postgresConnection:
              $ref: '#/components/schemas/PostgresConnection'
            bigqueryConnection:
              $ref: '#/components/schemas/BigqueryConnection'
            snowflakeConnection:
              $ref: '#/components/schemas/SnowflakeConnection'
            trinoConnection:
              $ref: '#/components/schemas/TrinoConnection'
            mysqlConnection:
              $ref: '#/components/schemas/MysqlConnection'
            duckdbConnection:
              $ref: '#/components/schemas/DuckdbConnection'
            motherduckConnection:
              $ref: '#/components/schemas/MotherDuckConnection'
        - type: object
          properties:
            includeTables:
              type: array
              nullable: true
              description: >
                The list of tables to include, in the format
                `{dataset/schema}.{table}`. The first part represents the
                dataset or schema, and the second part is the table name. The
                second part can be a literal `*` to include all tables.
              items:
                $ref: '#/components/schemas/TableNamePattern'
                type: string
              example:
                - sales.orders
                - finance.*
            excludeAllTables:
              type: boolean
              description: Whether to exclude all tables.
              default: false
            excludeTables:
              type: array
              nullable: true
              description: >
                The list of tables to exclude, in the format
                `{dataset/schema}.{table}`. The first part represents the
                dataset or schema, and the second part is the table name. The
                second part can be a literal `*` to exclude all tables.
              items:
                $ref: '#/components/schemas/TableNamePattern'
                type: string
              example:
                - backup.records
                - temp_data.*
            indexingStatus:
              type: string
              enum:
                - UNKNOWN
                - PENDING
                - INDEXED
                - SKIPPED
                - FAILED
                - RETRY
              nullable: true
              description: >
                Current indexing status of the connection. UNKNOWN means
                indexing has not started yet, PENDING means indexing is in
                progress, INDEXED means indexing finished successfully, SKIPPED
                means the connection is excluded from indexing, FAILED means
                indexing failed, RETRY means the connection was updated while
                indexing was in progress and will be re-indexed when the current
                job finishes.
            indexingStatusLastUpdated:
              type: string
              format: date-time
              nullable: true
              description: ISO 8601 timestamp of when the indexing status was last updated
    ConnectionAttributes:
      type: object
      description: Connection capabilities and configuration attributes
      properties:
        dialectName:
          type: string
          description: SQL dialect name for the connection
        isPool:
          type: boolean
          description: Whether the connection uses connection pooling
        canPersist:
          type: boolean
          description: Whether the connection supports persistent storage operations
        canStream:
          type: boolean
          description: Whether the connection supports streaming query results
    PostgresConnection:
      type: object
      description: PostgreSQL database connection configuration
      properties:
        host:
          type: string
          description: PostgreSQL server hostname or IP address
        port:
          type: integer
          description: PostgreSQL server port number
        databaseName:
          type: string
          description: Name of the PostgreSQL database
        userName:
          type: string
          description: PostgreSQL username for authentication
        password:
          type: string
          description: PostgreSQL password for authentication
        connectionString:
          type: string
          description: >-
            Complete PostgreSQL connection string (alternative to individual
            parameters)
    BigqueryConnection:
      type: object
      description: Google BigQuery database connection configuration
      properties:
        defaultProjectId:
          type: string
          description: Default BigQuery project ID for queries
        billingProjectId:
          type: string
          description: BigQuery project ID for billing purposes
        location:
          type: string
          description: BigQuery dataset location/region
        serviceAccountKeyJson:
          type: string
          description: JSON string containing Google Cloud service account credentials
        maximumBytesBilled:
          type: string
          description: Maximum bytes to bill for query execution (prevents runaway costs)
        queryTimeoutMilliseconds:
          type: string
          description: Query timeout in milliseconds
    SnowflakeConnection:
      type: object
      description: Snowflake database connection configuration
      properties:
        account:
          type: string
          description: Snowflake account identifier
        username:
          type: string
          description: Snowflake username for authentication
        password:
          type: string
          description: Snowflake password for authentication
        privateKey:
          type: string
          description: Snowflake private key for authentication
        privateKeyPass:
          type: string
          description: Passphrase for the Snowflake private key
        warehouse:
          type: string
          description: Snowflake warehouse name
        database:
          type: string
          description: Snowflake database name
        schema:
          type: string
          description: Snowflake schema name
        role:
          type: string
          description: Snowflake role name
        responseTimeoutMilliseconds:
          type: integer
          description: Query response timeout in milliseconds
    TrinoConnection:
      type: object
      description: Trino database connection configuration
      properties:
        server:
          type: string
          description: Trino server hostname or IP address
        port:
          type: number
          description: Trino server port number
        catalog:
          type: string
          description: Trino catalog name
        schema:
          type: string
          description: Trino schema name
        user:
          type: string
          description: Trino username for authentication
        password:
          type: string
          description: Trino password for authentication
        peakaKey:
          type: string
          description: Peaka API key for authentication with Peaka-hosted Trino clusters
    MysqlConnection:
      type: object
      description: MySQL database connection configuration
      properties:
        host:
          type: string
          description: MySQL server hostname or IP address
        port:
          type: integer
          description: MySQL server port number
        database:
          type: string
          description: Name of the MySQL database
        user:
          type: string
          description: MySQL username for authentication
        password:
          type: string
          description: MySQL password for authentication
    DuckdbConnection:
      type: object
      description: DuckDB database connection configuration
      properties:
        attachedDatabases:
          type: array
          items:
            $ref: '#/components/schemas/AttachedDatabase'
    MotherDuckConnection:
      type: object
      description: MotherDuck database connection configuration
      properties:
        accessToken:
          type: string
          description: MotherDuck access token
        database:
          type: string
          description: MotherDuck database name
    TableNamePattern:
      type: string
      pattern: ^[a-zA-Z0-9_-]+\\.(?:[a-zA-Z0-9_-]+|\\*)$
      description: Table name pattern supporting slashes, dots, and dashes
    Error:
      type: object
      x-model-name: ModelError
      description: Standard error response format used across all API endpoints
      properties:
        code:
          type: string
          description: >
            Machine-readable error code that identifies the specific error
            condition.

            Common codes include:

            - `VALIDATION_ERROR`: Request validation failed

            - `AUTHENTICATION_REQUIRED`: Valid authentication is required

            - `INSUFFICIENT_PERMISSIONS`: User lacks required permissions

            - `RESOURCE_NOT_FOUND`: Requested resource does not exist

            - `CONFLICT`: Resource state conflict (e.g., duplicate name)

            - `RATE_LIMIT_EXCEEDED`: API rate limit exceeded

            - `INTERNAL_ERROR`: Unexpected server error
        message:
          type: string
          description: Human-readable error message providing details about what went wrong
    AttachedDatabase:
      type: object
      description: Attached DuckDB database
      properties:
        name:
          type: string
          pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
          example: test_connection, _connection, test_connection_1
        type:
          type: string
          description: Type of database connection
          enum:
            - bigquery
            - snowflake
            - postgres
            - gcs
            - s3
        attributes:
          $ref: '#/components/schemas/ConnectionAttributes'
        bigqueryConnection:
          $ref: '#/components/schemas/BigqueryConnection'
        snowflakeConnection:
          $ref: '#/components/schemas/SnowflakeConnection'
        postgresConnection:
          $ref: '#/components/schemas/PostgresConnection'
        gcsConnection:
          $ref: '#/components/schemas/GCSConnection'
        s3Connection:
          $ref: '#/components/schemas/S3Connection'
    GCSConnection:
      type: object
      description: Google Cloud Storage connection configuration for DuckDB
      properties:
        keyId:
          type: string
          description: GCS HMAC access key ID
        secret:
          type: string
          description: GCS HMAC secret key
      required:
        - keyId
        - secret
    S3Connection:
      type: object
      description: AWS S3 connection configuration for DuckDB
      properties:
        accessKeyId:
          type: string
          description: AWS access key ID
        secretAccessKey:
          type: string
          description: AWS secret access key
        region:
          type: string
          description: AWS region (e.g., us-east-1)
          default: us-east-1
        endpoint:
          type: string
          description: Custom S3-compatible endpoint URL (optional, for MinIO, etc.)
        sessionToken:
          type: string
          description: AWS session token for temporary credentials (optional)
      required:
        - accessKeyId
        - secretAccessKey
  responses:
    BadRequest:
      description: >-
        The request was malformed or can not be performed given the state of the
        system.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >-
        Can not perform the operation due to insufficient permissions or the
        state of the system.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: The specified resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

````