Resources/The Agent API Atlas/Data/Fivetran

Everything an AI agent can do with the Fivetran API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints45

API versionv1

Last updated23 June 2026

Orientation

How the Fivetran API works.

The Fivetran API is how an app or AI agent manages a data pipeline: creating and listing connections, triggering syncs and historical re-syncs, editing destinations, and adjusting which schemas, tables, and columns are synced. Access is granted through an API key and secret sent in the request, and a scoped key is limited to what its owner's role can reach while a system key reaches the whole account. Fivetran can also push an event to a webhook URL when a sync starts or finishes.

45Endpoints

10Capability groups

17Read

28Write

0Permissions

Authentication

Every call needs an API key and an API secret, sent as the Base64-encoded string api_key:api_secret in the Authorization header using HTTP Basic auth. Two kinds of key exist: a scoped API key, generated by a user and inheriting that user's role-based access, and a system API key, managed at the organization level with permissions set on the key itself. The credentials are generated in the Fivetran dashboard.

Permissions

Fivetran has no per-endpoint scopes. An API key carries whatever access its owner has: a scoped key inherits the user's role-based access control, so it reaches only the connections, destinations, and groups that role allows, while a system key set as Account Administrator reaches everything. There is no way to grant a key access to one method but not another, so the boundary is the role behind the key, not the call being made.

Versioning

The REST API lives under a single path version, v1, at api.fivetran.com. Fivetran does not mint new dated API versions; it ships changes continuously and records the notable ones in dated release notes. Connection-related endpoints were renamed from connector to connection, with the older connector paths kept working for compatibility.

Data model

The API is resource-oriented JSON over HTTPS, and successful responses wrap the result in a data object while errors return only code and message. Core resources are connections, which sync a source into a destination, destinations, and the groups that hold them; schemas, tables, and columns nest under a connection and control what is synced. Users, teams, and roles govern who can reach what, and webhooks push sync events out.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Fivetran determines what it can reach. There is one main route, the REST API, plus a first-party MCP server, and both are governed by the API key and secret behind them.

Ways to connect

REST API

The REST API answers at https://api.fivetran.com under the v1 path. Calls authenticate with an API key and secret over HTTP Basic auth, and successful responses wrap the result in a data object.

Best forConnecting an app or AI agent to Fivetran.

Governed byThe API key and secret, and the role behind them.

Docs ↗

MCP server (Model Context Protocol)

Fivetran's first-party MCP server lets an agent call the Fivetran API through the Model Context Protocol. It is run locally, fetched and started with uvx from github.com/fivetran/fivetran-mcp, and exposes around 150 tools across connections, destinations, groups, webhooks, and more. Writes are off unless FIVETRAN_ALLOW_WRITES is set to true, and it confirms before each write.

Best forLetting an AI agent manage the pipeline in natural language.

Governed byThe FIVETRAN_API_KEY and FIVETRAN_API_SECRET it is given, and the role behind them.

Docs ↗

Webhooks

Webhooks deliver the chosen events, such as sync_start and sync_end, to a receiver URL registered at the account or group level, so an app learns when a sync starts or finishes without polling.

Best forReacting to sync events instead of polling.

Governed byThe API key and secret, and the role behind them.

Docs ↗

Authentication

Scoped API key

A scoped API key is generated by a user in the dashboard and inherits that user's role-based access, so it reaches only the connections, destinations, and groups that role allows. It is the least-privilege choice for connecting to Fivetran.

TokenAPI key + secret (HTTP Basic)

Best forLeast-privilege access tied to a user's role

Docs ↗

System API key

A system API key is managed at the organization level, with permissions set on the key itself rather than inherited from a user. A system key set as Account Administrator reaches the whole account.

TokenAPI key + secret (HTTP Basic)

Best forAccount-wide automation not tied to one person

Docs ↗

Capability map

What an AI agent can do in Fivetran.

The Fivetran API is split into areas an agent can act on, such as connections, destinations, groups, users, and schemas. Each area has its own methods, and the same API key reaches every area its account-level access allows.

Connections

9 endpoints

List, read, create, update, and delete connections, trigger an incremental sync or a historical re-sync, run setup tests, and generate a Connect Card.

Writes here change real pipeline data, including triggering syncs and deleting connections.

View endpoints →

Connection schemas

5 endpoints

Read a connection's schema config, reload it from the source, and change which schemas, tables, and columns are synced.

Writes here change what data is synced into the destination.

View endpoints →

Destinations

5 endpoints

List, read, create, update, and delete destinations, and run their setup tests.

Writes here change real destination data, where synced data lands.

View endpoints →

Groups

6 endpoints

List, read, create, update, and delete groups, and list the connections and users inside a group.

Writes here change real group data, which organizes connections and access.

View endpoints →

Users

5 endpoints

List users, invite a new user, read a user, update a user, and delete a user.

Writes here change who can reach the account and what they can do.

View endpoints →

Teams

3 endpoints

List teams, read a team, and list the users in a team.

Writes here change real team data, which groups users and their permissions.

View endpoints →

Roles

1 endpoint

List the predefined and custom roles in the account.

Reads only, listing the roles that govern access.

View endpoints →

Webhooks

6 endpoints

List webhooks, create an account or group webhook, read, update, delete, and test a webhook.

Writes here change which events Fivetran pushes and where it sends them.

View endpoints →

Certificates

2 endpoints

List a connection's approved certificates, read one by hash, and approve a certificate so Fivetran trusts it.

Writes here decide which TLS certificates a connection trusts.

View endpoints →

Log services

3 endpoints

List log services, create one, read it, update it, and delete it to stream Fivetran logs to an external service.

Writes here change where Fivetran activity logs are sent.

View endpoints →

Endpoint reference

Every Fivetran API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Connections List, read, create, update, and delete connections, trigger an incremental sync or a historical re-sync, run setup tests, and generate a Connect Card.9
GET	`/v1/connections`	List all connections in the account.	read	—	Current
Returns the connections the key's role can reach. Fivetran has no per-endpoint scopes; access follows the role behind the key. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/connections/{connectionId}`	Retrieve the details of a single connection.	read	—	Current
Access follows the role behind the key. The older /v1/connectors/{connectorId} path still works. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/connections`	Create a connection, naming the service, the group, and the connection config.	write	—	Current
Subject to a separate hourly cap on connection creation. Access follows the role behind the key. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitMax 100 connections created hourly SourceOfficial documentation ↗
PATCH	`/v1/connections/{connectionId}`	Update a connection, including pausing or resuming it through the paused field, and changing its schedule or config.	write	—	Current
Pausing and resuming a connection is done by setting paused here; there is no separate pause endpoint. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/connections/{connectionId}`	Delete a connection permanently.	write	—	Current
Permanent. Access follows the role behind the key. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/connections/{connectionId}/sync`	Trigger an incremental sync of a connection.	write	—	Current
Starting a sync fires the sync_start event to any webhook subscribed to it. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook event`sync_start` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/connections/{connectionId}/resync`	Trigger a historical re-sync of a connection, optionally for selected tables.	write	—	Current
A historical re-sync reloads data from the source and can run far longer than an incremental sync. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook event`sync_start` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/connections/{connectionId}/test`	Run a connection's setup tests.	write	—	Current
Setup-test calls fall under the separate, lower per-minute rate limit for setup tests. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitSetup-test limit: 250/min (25/min on trial) SourceOfficial documentation ↗
POST	`/v1/connections/{connectionId}/connect-card`	Generate a Connect Card URL so a user can finish authorizing a connection.	write	—	Current
The Connect Card hands the credential-entry step to an end user in a hosted page. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Connection schemas Read a connection's schema config, reload it from the source, and change which schemas, tables, and columns are synced.5
GET	`/v1/connections/{connectionId}/schemas`	Retrieve a connection's schema config, listing its schemas, tables, and columns and whether each is synced.	read	—	Current
The schema config exists only after the first sync or after a reload. Acts onschema Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/connections/{connectionId}/schemas/reload`	Reload a connection's schema config from the source to pick up new schemas, tables, and columns.	write	—	Current
An exclude_mode value controls how newly found objects are treated, such as EXCLUDE. Acts onschema Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/connections/{connectionId}/schemas`	Update a connection's schema config, setting the default behavior for new schemas and tables.	write	—	Current
Changes what gets synced into the destination, so it changes the data downstream tools see. Acts onschema Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/connections/{connectionId}/schemas/{schemaName}/tables/{tableName}`	Update a single table's config, enabling or disabling it and setting its sync mode.	write	—	Current
Schema and table names are case-sensitive; the wrong case returns 404. Acts ontable Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/connections/{connectionId}/schemas/{schemaName}/tables/{tableName}/columns/{columnName}`	Update a single column's config, enabling or disabling it or hashing it.	write	—	Current
Column names are case-sensitive; the wrong case returns 404. Acts oncolumn Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Destinations List, read, create, update, and delete destinations, and run their setup tests.5
GET	`/v1/destinations`	List all destinations in the account.	read	—	Current
Access follows the role behind the key. Acts ondestination Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/destinations/{destinationId}`	Retrieve the details of a single destination.	read	—	Current
Access follows the role behind the key. Acts ondestination Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/destinations`	Create a destination in a group, naming the warehouse service and its config.	write	—	Current
Access follows the role behind the key. Acts ondestination Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/destinations/{destinationId}`	Update an existing destination's config.	write	—	Current
Access follows the role behind the key. Acts ondestination Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/destinations/{destinationId}`	Delete a destination permanently.	write	—	Current
Permanent. Access follows the role behind the key. Acts ondestination Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Groups List, read, create, update, and delete groups, and list the connections and users inside a group.6
GET	`/v1/groups`	List all groups in the account.	read	—	Current
A group holds one destination and the connections that load into it. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/groups`	Create a group.	write	—	Current
Access follows the role behind the key. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/groups/{groupId}`	Update a group's settings, such as its name.	write	—	Current
Access follows the role behind the key. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/groups/{groupId}`	Delete a group permanently.	write	—	Current
Permanent. Access follows the role behind the key. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/groups/{groupId}/connections`	List the connections within a group.	read	—	Current
Access follows the role behind the key. Acts onconnection Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/groups/{groupId}/users`	List the users with access to a group.	read	—	Current
Access follows the role behind the key. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Users List users, invite a new user, read a user, update a user, and delete a user.5
GET	`/v1/users`	List the users in the account.	read	—	Current
Returns people, including their account-level role. Access follows the role behind the key. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/users`	Invite a new user to the account.	write	—	Current
Adds a person who can reach the account; an account-administrator key is needed. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/users/{userId}`	Retrieve the details of a single user.	read	—	Current
Access follows the role behind the key. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/users/{userId}`	Update a user's profile or account role.	write	—	Current
Can change what a person is allowed to do; an account-administrator key is needed. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/users/{userId}`	Remove a user from the account permanently.	write	—	Current
Permanent. An account-administrator key is needed. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Teams List teams, read a team, and list the users in a team.3
GET	`/v1/teams`	List the teams in the account.	read	—	Current
A team groups users and the permissions they share. Acts onteam Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/teams/{teamId}`	Retrieve the details of a single team.	read	—	Current
Access follows the role behind the key. Acts onteam Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/teams/{teamId}/users`	List the users in a team.	read	—	Current
Access follows the role behind the key. Acts onuser Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Roles List the predefined and custom roles in the account.1
GET	`/v1/roles`	List the predefined and custom roles in the account.	read	—	Current
Roles are the access levels assigned to users and teams; this lists them, it does not change them. Acts onrole Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Webhooks List webhooks, create an account or group webhook, read, update, delete, and test a webhook.6
GET	`/v1/webhooks`	List all webhooks in the account.	read	—	Current
Access follows the role behind the key. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/webhooks/account`	Create an account-level webhook that fires for the chosen events across the account.	write	—	Current
The events array names which events fire, such as sync_start and sync_end. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook event`sync_end` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/webhooks/group/{groupId}`	Create a group-level webhook that fires for the chosen events within one group.	write	—	Current
Scoped to one group, otherwise the same as an account webhook. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook event`sync_end` Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/webhooks/{webhookId}`	Update a webhook, such as its URL or its event list.	write	—	Current
Access follows the role behind the key. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/webhooks/{webhookId}`	Delete a webhook.	write	—	Current
Access follows the role behind the key. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/webhooks/{webhookId}/test`	Send a test event to a webhook to confirm its receiver works.	write	—	Current
Posts a sample payload of the chosen event to the receiver URL. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Certificates List a connection's approved certificates, read one by hash, and approve a certificate so Fivetran trusts it.2
GET	`/v1/connections/{connectionId}/certificates`	List the approved certificates for a connection.	read	—	Current
Certificates are the TLS certificates a connection is set to trust. Acts oncertificate Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/connections/{connectionId}/certificates`	Approve a certificate so Fivetran trusts it for a connection.	write	—	Current
Setup tests fail until a self-signed or private-CA certificate is approved here, by hash and base64-encoded cert. Acts oncertificate Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Log services List log services, create one, read it, update it, and delete it to stream Fivetran logs to an external service.3
GET	`/v1/external-logging`	List the log services configured in the account.	read	—	Current
A log service streams Fivetran activity logs to an external destination, such as Datadog or CloudWatch. Acts onlog service Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/external-logging`	Create a log service to stream Fivetran logs to an external service.	write	—	Current
Supported services include Datadog, CloudWatch, Azure Monitor, Google Cloud Logging, Splunk, Grafana Loki, and New Relic. Acts onlog service Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/external-logging/{logId}`	Update a log service's config.	write	—	Current
Access follows the role behind the key. Acts onlog service Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Fivetran can notify an app or AI agent when a sync starts or finishes, instead of the app repeatedly asking. Fivetran posts the event payload to a webhook URL that has been registered at the account or group level.

Event	What it signals	Triggered by
`sync_start`	Fires when a sync begins for a connection, whether it was triggered manually, on schedule, or by the API.	`/v1/connections/{connectionId}/sync` `/v1/connections/{connectionId}/resync`
`sync_end`	Fires when a sync finishes for a connection, carrying the outcome of the sync.	`/v1/webhooks/account` `/v1/webhooks/group/{groupId}`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Fivetran limits how fast an app or AI agent can call, splitting requests into setup-test calls and source-interaction calls, each with its own per-minute ceiling, plus separate hourly caps on actions like creating connections.

Request rate

Fivetran splits requests into two pools with separate per-minute ceilings. Setup-test calls, the ones that contact a source to validate a connection, are capped at 250 per minute on paid plans and 25 per minute on a trial. Source-interaction calls are capped at 500 per minute on paid plans and 25 per minute on a trial. Some actions also carry their own hourly cap, such as no more than 100 connections created per hour. The response headers X-Rate-Limit and X-Rate-Limit-Remaining report the request quota for the current rolling one-hour window. Exceeding a limit returns HTTP 429 with a Retry-After header giving the number of seconds to wait before retrying.

Pagination

List endpoints use cursor-based pagination. A response includes a next_cursor when more records remain, which is passed back as the cursor query parameter to fetch the next page. The limit parameter sets the page size, accepting 1 to 1000 with a default of 100.

Request size

Requests and responses are JSON. Successful responses wrap the result in a data object, while error responses return only a code and a message. There is no single documented payload size limit across the whole API.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`BadRequest`	The request was malformed, or a required field is missing or invalid. The body returns a code and a message naming the problem.	Read the message, correct the request body or parameters, and resend.
401	`Unauthorized`	The API key or secret is missing, malformed, or invalid.	Check the Base64-encoded api_key:api_secret in the Authorization header and send valid credentials.
403	`Forbidden`	The credentials are valid but the role behind the key does not have access to the resource or action.	Use a key whose role covers the resource, or grant that role the access in Fivetran.
404	`NotFound`	The resource does not exist, or a path part is in the wrong case. Schema, table, and column names are case-sensitive.	Confirm the id and the exact case of any schema, table, or column name, then retry.
429	`TooManyRequests`	A rate limit was exceeded, either the per-minute setup-test or source-interaction limit, or an hourly cap such as no more than 100 connections created hourly.	Honor the Retry-After header, which gives the seconds to wait, before retrying.

Versioning & freshness

Version history.

Fivetran serves a single REST API under one path version, v1, and ships changes continuously rather than minting new dated versions. Notable changes appear in the dated release notes.

Version history

What changed, and when

Latest versionv1

v1Current version

Single REST API version, updated continuously

The Fivetran REST API serves one path version, v1, at api.fivetran.com. Fivetran does not mint new dated API versions; it ships changes continuously and records them in monthly dated release notes. The timeline below tracks notable platform-level changes, not the steady stream of per-connector additions.

What changed

One path version, v1, with changes shipped continuously rather than as new dated versions
Access is governed by the role behind the API key, not per-endpoint scopes
Webhooks deliver sync_start and sync_end events at the account or group level

2025-12-01Feature update

Account role changes via API deprecated

Modifying a user's account_role through the API and the dashboard was deprecated, tightening how account-level access is changed programmatically.

What changed

Deprecated modifying account_role via the API and the dashboard

2025-02-01Feature update

Connector Management API renamed to Connection Management

The Connector Management API was renamed to the Connection Management API, the rename behind connector paths becoming connection paths. Response timestamps also moved to microsecond precision.

What changed

Connector Management API renamed to Connection Management API
Responses now use microsecond-precision timestamps

2024-11-01Feature update

Log Service Management API added

The Log Service Management API was implemented, letting an account stream Fivetran logs to an external service through the API. Connector SDK connections also became manageable via REST.

What changed

Log Service Management API endpoint implemented
Connector SDK connections became manageable via REST API

2024-08-01Feature update

System keys for non-user automation

The System Keys REST API resource was implemented, giving accounts an API key not tied to a single user, with permissions managed on the key itself.

What changed

System Keys REST API resource implemented for non-user-tied authentication

2023-08-01Feature update

Webhook Management API generally available

The Webhook Management API reached general availability, making account and group webhooks a supported way to receive sync events.

What changed

Webhook Management API achieved general availability
Webhook responses adopted the code, message, and data wrapper format

2023-01-01Feature update

Scoped API keys launched

Scoped API keys were launched, letting a user generate a key that inherits their role-based access rather than full account access.

What changed

Scoped API keys feature launched

There is one current path version; the timeline below tracks notable dated changes to it.

Fivetran REST API changelog ↗

Questions

Fivetran API, answered.

How do I authenticate with the Fivetran API?+

Every call uses an API key and an API secret, generated in the Fivetran dashboard. They are sent together as the Base64-encoded string api_key:api_secret in the Authorization header, the standard HTTP Basic auth scheme. A scoped key inherits the access of the user who created it, while a system key is managed at the organization level with permissions set on the key.

Can I limit an API key to certain endpoints or actions?+

No. Fivetran has no per-endpoint scopes. A key carries whatever access its owner's role allows, so a scoped key reaches only the connections, destinations, and groups in that role, and a key set as Account Administrator reaches everything. The boundary is the role behind the key, not the individual method, so narrowing access means giving the key a more limited role.

What are the rate limits?+

Requests fall into two pools. Setup-test calls are capped at 250 per minute on paid plans and 25 on a trial, and source-interaction calls at 500 per minute on paid plans and 25 on a trial. Some actions also have an hourly cap, such as no more than 100 connections created per hour. Going over returns HTTP 429 with a Retry-After header saying how many seconds to wait, and the X-Rate-Limit headers report the remaining quota.

How do I pause and resume a connection?+

There is no separate pause endpoint. Pausing and resuming are done by updating the connection and setting its paused field to true or false through the update connection method. A paused connection keeps its config but stops running syncs until it is resumed.

Does Fivetran have an MCP server for AI agents?+

Yes. Fivetran publishes a first-party MCP server at github.com/fivetran/fivetran-mcp, run locally and started with uvx, that exposes around 150 tools so an agent can list connections, check sync status, edit schema configs, trigger syncs, and more in natural language. It reads with the same API key and secret, and writes are turned off unless FIVETRAN_ALLOW_WRITES is set to true, with a confirmation before each write.

How do I receive events instead of polling?+

Register a webhook at the account or group level and choose the events it should fire, such as sync_start and sync_end. Fivetran then posts a JSON payload to the receiver URL when a sync starts or finishes, so an app learns the outcome without repeatedly asking. A test method sends a sample payload to confirm the receiver works.

Why am I getting a 404 on a schema, table, or column?+

Schema, table, and column names are case-sensitive in the API. If the case does not match the source exactly, the call returns 404 even when the object exists. Retrieve the schema config first to get the exact names, then use those in the path.

What is Bollard AI?

Control what every AI agent can do in Fivetran.

Bollard AI sits between a team's AI agents and Fivetran. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Fivetran key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Fivetran access in Bollard Browse all APIs →

Fivetran

Data Ops Agent

Read connections ResourceOffReadFull use

Trigger a sync ActionOffReadFull use

Delete a connection ActionOffReadFull use

Manage users ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Fivetran

How the Fivetran API works.

Connection & authentication methods.

REST API

MCP server (Model Context Protocol)

Webhooks

Scoped API key

System API key

What an AI agent can do in Fivetran.

Connections

Connection schemas

Destinations

Groups

Users

Teams

Roles

Webhooks

Certificates

Log services

Every Fivetran API method.

Connections

Connection schemas

Destinations

Groups

Users

Teams

Roles

Webhooks

Certificates

Log services

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Fivetran API, answered.

More data API guides for agents

Databricks

Snowflake

dbt

BigQuery

Supabase

Airbyte

Control what every AI agent can do in Fivetran.