BigQuery Connection API

Name: BigQuery Connection API API
Brand: BigQuery Connection API
Availability: InStock

✓ Official Vendor SpecAnalyticsData Pipelinesoauth28 EndpointsREST

For Agents

Manage BigQuery connection resources that link external data sources (Cloud SQL, Spanner, AWS, Azure) into federated queries. Agents can create, list, and IAM-bind connections.

Quickstart

Get started with BigQuery Connection API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a BigQuery connection to an external data source"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with BigQuery Connection API API.

Create connection resources for Cloud SQL, Spanner, AWS, and Azure data sources

List and patch existing connections under a project and location

Delete connections that are no longer referenced by federated queries

Read and set IAM policies on connection resources for fine-grained sharing

GET STARTED

Start building with BigQuery Connection API API

Explore with Jentic

View OpenAPI Document

Use for: I need to create a BigQuery connection to a Cloud SQL Postgres database, List all BigQuery connections in a project and location, Get the details of a specific BigQuery connection by name, Update the credentials on an existing BigQuery connection

Not supported: Does not run SQL queries, transfer data, or manage column-level masking — use for managing federated connection resources only.

The BigQuery Connection API manages named connection resources that BigQuery uses to query external data sources such as Cloud SQL, Spanner, AWS, and Azure without copying the data. You can create connections, attach IAM policies, and reference them from federated queries and external tables in BigQuery. This is the control-plane API for federation; the connections it creates are then used by the main BigQuery query engine. Each connection isolates credentials for the underlying source so analysts can query across systems without holding direct database secrets.

Use Cases

Patterns agents use BigQuery Connection API API for, with concrete tasks.

★ Federated Query Setup

Provision named connections so BigQuery can run federated SELECTs against Cloud SQL, Spanner, or external clouds without bulk-copying the data. Connections are created at /v1/{parent}/connections and referenced by EXTERNAL_QUERY in SQL. This lets analysts join warehouse tables with operational stores in a single query.

Create a Cloud SQL Postgres connection named prod-orders in project myproj and location US, using the supplied instance and credential.

Cross-Cloud Data Access

Create AWS or Azure connections so BigQuery Omni can query S3 or Blob Storage tables from a Google Cloud project. Connections store the role mapping and present a stable resource name that BigQuery references in external table definitions. Users get one warehouse to query multi-cloud data instead of moving everything into BigQuery storage.

Create an AWS connection with the provided IAM role ARN in project myproj location aws-us-east-1 and return the generated AWS identity.

Connection Governance

Apply IAM bindings to each connection so only specific service accounts can use it, keeping analyst groups isolated from production source credentials. setIamPolicy/getIamPolicy at /v1/{resource}:getIamPolicy and :setIamPolicy enforce least privilege. Combined with audit logs, this gives data platform teams a clear control point for federation.

Grant roles/bigqueryconnection.connectionUser to service account etl@myproj.iam.gserviceaccount.com on connection projects/myproj/locations/US/connections/prod-orders.

Agent-Driven Federation Provisioning

Let an AI agent provision the connections required for a new federated query workload — read the user's request, pick the correct source type, create the connection, and bind the right IAM policy. Jentic exposes the create, get, and setIamPolicy operations so the agent can do the whole flow in one task. Credentials for Google OAuth stay in the Jentic vault.

Given the request 'connect our analytics warehouse to the orders Cloud SQL replica', create the connection and grant the analytics service account connectionUser role.

Key Endpoints

8 endpoints — the bigquery connection api manages named connection resources that bigquery uses to query external data sources such as cloud sql, spanner, aws, and azure without copying the data.

METHOD

PATH

DESCRIPTION

POST

/v1/{+parent}/connections

Create a connection in a project and location

GET

/v1/{+parent}/connections

List connections under a project and location

GET

/v1/{+name}

Get a single connection by resource name

PATCH

/v1/{+name}

Update an existing connection

DELETE

/v1/{+name}

Delete a connection

POST

/v1/{+resource}:setIamPolicy

Set the IAM policy on a connection

POST

/v1/{+resource}:getIamPolicy

Read the IAM policy on a connection

POST

/v1/{+parent}/connections

Create a connection in a project and location

GET

/v1/{+parent}/connections

List connections under a project and location

GET

/v1/{+name}

Get a single connection by resource name

PATCH

/v1/{+name}

Update an existing connection

DELETE

/v1/{+name}

Delete a connection

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 client credentials and refresh tokens are stored encrypted in the Jentic vault (MAXsystem). Source credentials embedded in the connection (Cloud SQL passwords, AWS role bindings) are sent through Google's API and never persisted by Jentic.

Intent-based discovery

Agents search Jentic with intents like 'create a BigQuery connection to Cloud SQL' and receive the operation schema for /v1/{parent}/connections, including the cloudSql, aws, and azure variant blocks.

Time to first call

Direct integration with the BigQuery Connection API: half a day to a day for OAuth and connection types. Through Jentic: under 30 minutes — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

BigQuery API

The query engine that uses connections created by this API.

Choose this when the agent needs to actually run a SQL query rather than provision the connection that powers it.

Alternative

BigQuery Data Transfer API

Pulls data into BigQuery on a schedule rather than querying it in place.

Choose Data Transfer when the data should be copied into BigQuery storage; choose Connection when it should remain federated.

Complementary

BigQuery Data Policy API

Adds column-level masking policies on top of BigQuery data.

Use Data Policy alongside Connection to control what columns federated queries can return.

FAQs

Specific to using BigQuery Connection API API through Jentic.

What authentication does the BigQuery Connection API use?

The BigQuery Connection API uses Google OAuth 2.0 with the https://www.googleapis.com/auth/bigquery and https://www.googleapis.com/auth/cloud-platform scopes. Through Jentic, the OAuth refresh token sits in the encrypted vault and the agent receives only a short-lived access token.

Can I create a Cloud SQL connection with this API?

Yes. POST /v1/{parent}/connections with cloudSql.instanceId, cloudSql.database, cloudSql.type, and a credential block returns a connection resource that BigQuery can then reference in EXTERNAL_QUERY federated SQL.

What are the rate limits for the BigQuery Connection API?

Quotas are project-level: typically 100 connections per project per location and a small write QPS for create/patch/delete on the same connection. Read calls (GET, list) are bursty up to several hundred QPS per project. Check Google Cloud's quotas page for the current numbers in your project.

How do I bind a service account to a connection through Jentic?

Search Jentic for 'set IAM policy on a BigQuery connection', load the schema for POST /v1/{resource}:setIamPolicy, and execute with a policy that grants roles/bigqueryconnection.connectionUser to the target service account. Jentic injects the OAuth token automatically.

Does this API run queries against the connected source?

No. This API only manages the connection resource; queries that use the connection are executed by the main BigQuery API via EXTERNAL_QUERY or external tables. Use the BigQuery API for query execution.