Getting Started
The Fivetran REST API allows you to programmatically manage your Fivetran account, groups, destinations, and connections, trigger syncs, and monitor status. Before you call the API, authenticate with an API key.
This guide explains how to get access, send your first request, and identify which connectors support API access and their authorization methods.
Only Account Administrators with an active Fivetran account can access the Fivetran API.
Authentication
The Fivetran REST API uses API key authentication. You can authenticate with either a Scoped API key or a System key.
Base URL
All API requests use this root URL: https://api.fivetran.com/v1/
Scoped API Key
A Scoped API key is a key-secret pair that you create as a Fivetran user to call the Fivetran REST API. The Scoped API key links to your account and inherits your RBAC permissions.
You cannot create service account keys.
Instructions
In the Fivetran dashboard, click your username.
Click API Key.
Click Generate API key (or Generate new API key if one already exists).
Creating a new API key and secret disables the previous API key.
Make a note of the key and secret as they disappear once you close the page or navigate away. You require the key and secret to access your Fivetran account using our API.
Scoped API Key FAQs
Read answers to frequently asked questions about our scoped API keys.
Expand for details
What happens when I delete a user?
The scoped API key is deleted and cannot be used anymore.
How do I revoke a Fivetran API key?
To revoke a key, delete the user.
How do I rotate a key without taking down my application?
You must have two valid Fivetran API keys. You may need to create another Fivetran user and assign the same RBAC permissions as the user whose key you want to rotate. Once you have two Fivetran API keys with the same permissions, do the following:
- In your application, switch from the original key you want to rotate to another user’s key.
- In Fivetran, rotate the original key:
- In your dashboard, click your username.
- Click API Key.
- Click Generate API key.
- Click Generate.
- Make a note of the new secret and store it in your relevant key management system.
- Switch back to using the original key.
System API key
A System key is an organization-managed API key–secret pair for the Fivetran REST API. Use System keys to replace user-oriented, scoped API keys. Instead of relying on RBAC to scope permissions, you set permission at the key level and manage them centrally. This solves for key pain points in securely managing keys, allowing you to understand usage, rotation, and other key information.
See our System Keys documentation for more details.
Use API key in requests
For each request to the API, send the Base64-encoded string api_key:api_secret in the Authorization HTTP header.
Authorization: Basic <base64(api_key:api_secret)>
You can use the -u flag for curl to encode to Base64:
curl -u api_key:api_secret "https://example.com"
Or, you can encode to Base64 by running one of the following commands in CLI (depending on your environment):
- On Linux/macOS:
echo -n '<API Key>:<Secret Key>' | base64 - On Linux/macOS (using OpenSSL):
echo -n '<API Key>:<Secret Key>' | openssl base64 - On Windows (Command Prompt with OpenSSL installed):
echo "<API Key>:<Secret Key>" | openssl base64 - On Windows (PowerShell):
[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("<API Key>:<Secret Key>"))
Example
- API key -
d9c4511349dd4b86 - Secret -
1f6f2d161365888a1943160ccdb8d968 - Concatenated string -
d9c4511349dd4b86:1f6f2d161365888a1943160ccdb8d968 - Base64-encoded string -
ZDljNDUxMTM0OWRkNGI4NjoxZjZmMmQxNjEzNjU4ODhhMTk0MzE2MGNjZGI4ZDk2OA==
Authorization HTTP header: Authorization: Basic ZDljNDUxMTM0OWRkNGI4NjoxZjZmMmQxNjEzNjU4ODhhMTk0MzE2MGNjZGI4ZDk2OA==
The API key is unique for the account and Account Administrator user pair. Different Account Administrators have different API keys.
API secret regeneration
To generate a new API secret, click Generate new secret. This action instantly replaces your API secret key with a new one.
When you regenerate your API secret, your previous API secret stops working immediately. Make sure that doesn't affect your system before you generate a new secret.
Request content type
The Fivetran Public API only accepts requests with the Content-Type: application/json header explicitly specified in them. Make sure this header is present on your POST and PATCH calls.
Example request
curl -X POST "https://api.fivetran.com/v1/groups" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-u "api_key:api_secret" \
-d '{"name":"Group_Name"}'
Response
Every response has the following format:
{
"code": "Success",
"message": "message",
"data": {}
}
Example response
{
"code": "Success",
"message": "Group has been created",
"data": {
"id": "group_id",
"name": "Group_Name",
"created_at": "2025-01-01T00:00:00Z"
}
}
Fields
| Name | Description |
|---|---|
code | Status or error identifier for programmatic handling. For example, Success, InvalidInput. |
message | Human-readable description of the outcome or error. |
data | Wrapper object containing the returned resource. |
Error codes
We respond with standard codes for errors that occur during request processing.
Authorization methods for connectors
Authorization gives a connector permission to read from the source system (for example, Instagram, Salesforce, DB). Until you authorize the connector, it can’t fetch data even though you have successfully authenticated to the API.
You can authorize some connectors entirely by API, while others require a Connect Card flow. Support varies by connector.
- Connect Card - Redirect end users to an embeddable setup flow so they can authorize without sharing credentials with you.
- API-based authorization - Provide credentials in the connection payload using one of these methods:
- Define an
authsection in the request body. - Provide the
loginandpasswordfields. - Provide a
tokenand any related fields. - Provide a
keyand any related fields.
- Define an
Refer to each connector’s API reference for the exact fields.
Connectors supported by API and their authorization methods
The following table lists the connectors supported by the Fivetran REST API and the authorization methods each one supports.
Expand to see the table
Don’t see your connector here? Submit your request in our Support Portal.
Common terms
| Term | Description |
|---|---|
| source | The application, database, storage or event service that creates the data that you are using Fivetran to access in your destination. |
| connection | The pipeline that you create every time you create a new Fivetran connection from your source to your destination. |
| connector type | The type of connector that you're creating based on the source. For example, Salesforce is a connector type. |
| group | Your Fivetran account can have multiple destinations associated with it and we call those groups. Users and connections can be provisioned within these groups. |
Next, learn how to use pagination (cursor and limit query parameters) to iterate through long responses and handle API rate limits.
Also, explore the Fivetran REST API Postman collection to try requests quickly, and review webhooks for event-driven updates.