Snowflake

Overview

Birdie integrates with Snowflake using read-only access. Two integration models are supported:

Reader Account (Snowflake Data Sharing) — recommended for shared-data environments
Direct OAuth Connection — recommended when Birdie connects directly to your main Snowflake account

Birdie can import data from Snowflake into Birdie for analytics, enrichment and reporting purposes, including:

Customers and accounts
Operational and reference tables
Feedback-related datasets exposed by the client

Because each Snowflake installation is unique, Birdie's team will work with your IT administrators to finalize details. This article explains how your Snowflake admin can generate and provide the credentials needed to enable the integration.

Schema requirements

All Birdie database connectors (Snowflake, Databricks, BigQuery, etc.) require one table or view per feedback type, following the Birdie schema definition.

Examples of feedback types:

nps
csat
review
social_media_post
support_ticket

Each feedback type must exist as a table or a view.

Birdie provides the detailed schema reference separately (same model as the S3 schema documentation).

Incremental Partition Column

Birdie uses a partition column to determine which rows to ingest on each run. Typical queries look like:

SELECT *
FROM <DATABASE>.<SCHEMA>.<TABLE>
WHERE DATE(<partition_column>) BETWEEN :start AND :end;

Requirements

The partition column must reflect when a row was added or last modified in the table, not when the original event occurred. For example:

LOAD_TIMESTAMP or UPDATED_AT (ETL/pipeline timestamp) — recommended
INSERTED_AT (row creation timestamp) — acceptable if the table is append-only

Why `POSTED_AT` is not sufficient

Using a business event timestamp like POSTED_AT can cause data gaps:

Historical updates missed: If a past row is updated (e.g., a ticket status changes), its POSTED_AT remains in the past and Birdie will not re-ingest it.
Pipeline timing gaps: If your ETL runs at specific times (e.g., every 6 hours), rows loaded between Birdie's query window and the ETL run may not appear until the next cycle. An UPDATED_AT or LOAD_TIMESTAMP column tied to the ETL timestamp ensures these rows are captured.

Recommendation

Add a LOAD_TIMESTAMP or UPDATED_AT column to your table that is set to CURRENT_TIMESTAMP() whenever a row is inserted or modified. Use this column as the partition_column when configuring the Birdie integration.

If your table is append-only and never updated, POSTED_AT is acceptable as the partition column.

Reader Account method

Overview

Birdie connects to a Snowflake Reader Account created via Snowflake Data Sharing. Birdie runs SELECT queries against databases instantiated from shared objects in that reader account.

This model is common when:

Your organization already uses provider-to-consumer data sharing
You want strict isolation between your production Snowflake account and external consumers such as Birdie

Requirements

Before starting:

Your account supports provider data sharing
You have ACCOUNTADMIN (or equivalent) access on the reader account
The provider account already exposes the necessary shares with the data Birdie will use

Setup in Snowflake

Log into the Reader Account

Use SnowSQL, the Snowflake Web UI, or another supported client:

Set a role

USE ROLE ACCOUNTADMIN;

(Optional) Create a dedicated role for Birdie

Create a dedicated role

CREATE ROLE BIRDIE_READ;

Create the Birdie user inside the reader account

Create user

CREATE USER BIRDIE_USER
  PASSWORD = '<STRONG_PASSWORD>'
  DEFAULT_ROLE = BIRDIE_READ
  MUST_CHANGE_PASSWORD = FALSE;

Grant user

GRANT ROLE BIRDIE_READ TO USER BIRDIE_USER;

(Optional) Create a resource monitor

Create monitor

CREATE RESOURCE MONITOR BIRDIE_MONITOR WITH CREDIT_QUOTA = 1000;
ALTER WAREHOUSE BIRDIE_WH SET RESOURCE_MONITOR = BIRDIE_MONITOR;

You can adapt the name and quota as needed.

Create a virtual warehouse in the reader account

Create warehouse

CREATE WAREHOUSE BIRDIE_WH
  WAREHOUSE_SIZE = SMALL
  AUTO_SUSPEND = 60
  AUTO_RESUME = TRUE;

Instantiate databases from provider shares

Create shares

CREATE DATABASE SHARED_DB_1 FROM SHARE <PROVIDER_ACCOUNT>.<SHARE_NAME_1>;
CREATE DATABASE SHARED_DB_2 FROM SHARE <PROVIDER_ACCOUNT>.<SHARE_NAME_2>;

Grant privileges to the Birdie role

Warehouse usage:

Grant role

GRANT USAGE ON WAREHOUSE BIRDIE_WH TO ROLE BIRDIE_READ;

Imported privileges on shared databases

Grant role

GRANT IMPORTED PRIVILEGES ON DATABASE SHARED_DB_1 TO ROLE BIRDIE_READ;
GRANT IMPORTED PRIVILEGES ON DATABASE SHARED_DB_2 TO ROLE BIRDIE_READ;

Depending on how the share was configured, you may instead need to grant a shared database role to BIRDIE_READ. See: Snowflake GRANT ROLE

Integration via Direct OAuth Connection

Overview

In this model, Birdie connects directly to your main Snowflake account using OAuth instead of static passwords. This is recommended when:

You prefer SSO or OAuth-based access
You do not use Snowflake Data Sharing
You want Birdie to access native production schemas directly

Requirements

ACCOUNTADMIN (or equivalent) privileges in the main Snowflake account
Access to the Snowflake web console or CLI
The Snowflake connector has been enabled on the Birdie side

Setup in Snowflake

Create the OAuth Security Integration

Create an integration

CREATE SECURITY INTEGRATION BIRDIE_OAUTH_INTEGRATION
   TYPE = OAUTH
   ENABLED = TRUE
   OAUTH_CLIENT = CUSTOM
   OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'
   OAUTH_REDIRECT_URI = 'https://api.birdie.ai/oauth/callback'
   OAUTH_ISSUE_REFRESH_TOKENS = TRUE
   OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;

Verify

DESC SECURITY INTEGRATION BIRDIE_OAUTH_INTEGRATION;

Create a role and user for Birdie

Create role

CREATE ROLE BIRDIE_READ;

Grant role

GRANT USAGE ON WAREHOUSE <WAREHOUSE_NAME> TO ROLE BIRDIE_READ;
GRANT USAGE ON DATABASE <DATABASE_NAME> TO ROLE BIRDIE_READ;
GRANT USAGE ON SCHEMA <SCHEMA_NAME> TO ROLE BIRDIE_READ;
GRANT SELECT ON ALL TABLES IN SCHEMA <SCHEMA_NAME> TO ROLE BIRDIE_READ;

Create user

CREATE USER BIRDIE_INTEGRATION_USER
  PASSWORD = '<SECURE_PASSWORD>'
  DEFAULT_ROLE = BIRDIE_READ
  MUST_CHANGE_PASSWORD = FALSE;

Grant role

GRANT ROLE BIRDIE_READ TO USER BIRDIE_INTEGRATION_USER;

Generate and test an OAuth token

Example using SnowSQL

snowsql
  -a <ACCOUNT_IDENTIFIER>
  -u BIRDIE_INTEGRATION_USER
  -o authenticator=oauth
  -o oauthAccessToken="<ACCESS_TOKEN>"
  -r BIRDIE_READ
  -w <WAREHOUSE_NAME>
  -d <DATABASE_NAME>
  -s <SCHEMA_NAME>

To configure the integration, securely provide Birdie with the following information.

For Reader Account (Password auth):

{
  "connection_details": {
    "account": "your-account-identifier",
    "warehouse": "BIRDIE_WH",
    "role": "BIRDIE_READ",
    "auth": {
      "method": "password",
      "username": "BIRDIE_USER",
      "password": "your-secure-password"
    }
  },
  "data_source": {
    "database": "SHARED_DB_1",
    "schema": "PUBLIC",
    "table": "NPS_FEEDBACK",
    "partition_column": "LOAD_TIMESTAMP"
  },
  "metadata": {
    "data_kind": "Support Ticket, NPS, Account"
  }
}

For Direct OAuth:

{
  "connection_details": {
    "account": "your-account-identifier",
    "warehouse": "BIRDIE_WH",
    "role": "BIRDIE_READ",
    "auth": {
      "method": "oauth",
      "username": "BIRDIE_INTEGRATION_USER",
      "password": "your-secure-password",
      "oauth_client_id": "your-oauth-client-id",
      "oauth_client_secret": "your-oauth-client-secret"
    }
  },
  "data_source": {
    "database": "MARKETING_DB",
    "schema": "PUBLIC",
    "table": "NPS_FEEDBACK",
    "partition_column": "LOAD_TIMESTAMP"
  },
  "metadata": {
    "data_kind": "Support Ticket, NPS, Account"
  }
}

Section

Field

Required

Description

connection_details

account

Yes

Snowflake account identifier, e.g. abc12345.us-east-1.

connection_details

warehouse

Yes

Snowflake warehouse name, e.g. BIRDIE_WH.

connection_details

role

Yes

Snowflake role, e.g. BIRDIE_READ.

connection_details.auth

method

Yes

Authentication mode: password (default) or oauth.

connection_details.auth

username

Yes

Snowflake username, e.g. BIRDIE_USER.

connection_details.auth

password

Password

Password for the Birdie user.

connection_details.auth

oauth_client_id

OAuth

OAuth client ID from the security integration.

connection_details.auth

oauth_client_secret

OAuth

OAuth client secret from the security integration.

data_source

database

Yes

Snowflake database name.

data_source

schema

Yes

Snowflake schema name.

data_source

table

Yes

Table or view name.

data_source

partition_column

Column for date filtering. Defaults to posted_at.

metadata

data_kind

Yes

The type(s) of data in the table, e.g. Support Ticket, NPS, CSAT, Review, Account.

Share credentials securely with the Birdie team. Never send credentials via email or unencrypted channels.

Security notes

Birdie never requires admin privileges for day-to-day operations
Access granted to Birdie is read-only, unless a specific export pipeline is explicitly configured
All credentials must be shared via a secure channel
OAuth is preferred over static passwords whenever possible

Data in scope

Once enabled, the Snowflake connector can import data from Snowflake into Birdie (for example, customer, account, or operational tables you expose to the Birdie role) and export Birdie data such as feedback records, areas, opportunities, and metrics back into Snowflake.

References

PreviousSlack NextSprinklr

Last updated 2 months ago

Overview

Schema requirements

Incremental Partition Column

Requirements

Why POSTED_AT is not sufficient

Recommendation

Reader Account method

Overview

Requirements

Setup in Snowflake

Log into the Reader Account

(Optional) Create a dedicated role for Birdie

Create the Birdie user inside the reader account

(Optional) Create a resource monitor

Create a virtual warehouse in the reader account

Instantiate databases from provider shares

Grant privileges to the Birdie role

Integration via Direct OAuth Connection

Overview

Requirements

Setup in Snowflake

Create the OAuth Security Integration

Create a role and user for Birdie

Generate and test an OAuth token

Share Connection Details with Birdie

Security notes

Data in scope

References

Why `POSTED_AT` is not sufficient