External Functions

Call out to a process external to Snowflake through a REST API.

External Functions

Snowflake provides an External Function capability used to call out to a process external to Snowflake through a REST request over TLS encryption. In the Protegrity Serverless for Snowflake solution, this external service is the Protegrity Endpoint for data re-identification operations.

Security Operation Parameters

The following table describes optional and required security operation parameters.

Parameter

Type

Example

Description

op_type

String

“op_type”:“UNPROTECT” “op_type”:“PROTECT”

Required operation name, can be either UNPROTECT or PROTECT

data_element

String

“data_element”:“TOK_ALPHA”

Required data element name defined in Protegrity Security Policy

external_iv

String

“external_iv”:“abc-123”

Optional external intialization vector, which allows for different tokenized results for the same input data and data element of the same security policy. Refer to the External Initialization Vector (IV) in the Protection Methods Reference for more details.

External Function Sample Definition with External IV:

CREATE SECURE EXTERNAL FUNCTION PTY_PROTECT_ALPHA ( val varchar )
  RETURNS varchar
  NULL
  IMMUTABLE
  COMMENT = 'Protects using an ALPHA data element using External IV'
  API_INTEGRATION = REPLACE_WITH_YOUR_API_INTEGRATION_ID
  HEADERS = (
    'X-Protegrity-HCoP-Rules'=
    '{"jsonpaths":[{"op_type":"PROTECT","data_element":"TOK_ALPHA","external_iv":"abc-123"}]}'
  )
  CONTEXT_HEADERS = ( current_user, current_timestamp, current_account )
  AS '<AWS API GATEWAY URL>/SF_CUSTOMER';


Last modified : January 13, 2026