Snowflake MCP Server Integration Guide
This guide provides comprehensive instructions for setting up a Model Context Protocol (MCP) server for Snowflake integration using Bearer token authentication.
Overview
This integration allows you to:
- Connect to Snowflake with Bearer token authentication
- Execute SQL statements programmatically
- Manage database operations (list, create, modify, delete databases)
- Implement secure network access controls
- Create an MCP server for seamless integration
Prerequisites
- Snowflake account with appropriate privileges (ACCOUNTADMIN or SECURITYADMIN)
- Access to Snowflake web interface
- Node.js environment for MCP server development
- Understanding of REST API concepts
Step 1: Identify Your Snowflake Organization Details
1.1 Locate Your Server URL
Your Snowflake server URL follows this format:
https://<org-name>-<account-name>.snowflakecomputing.com
Example from our implementation:
https://NBTLVBU-JX39884.snowflakecomputing.com
1.2 Extract Organization Information
From the URL NBTLVBU-JX39884.snowflakecomputing.com:
- Organization Name:
NBTLVBU - Account Name:
JX39884
Note: You can find your account URL in the Snowflake web interface after logging in, or from your account administrator.
Step 2: Configure Network Security
2.1 Identify Client IP Addresses
Determine the IP addresses that need access to your Snowflake account:
# Check your current public IP
curl https://ipinfo.io/ip
2.2 Create or Update Network Policy
Log into your Snowflake web interface and execute the following SQL commands:
-- Check existing network policies
SHOW NETWORK POLICIES;
-- Create a new network policy for API access
CREATE OR REPLACE NETWORK POLICY api_access_policy
ALLOWED_IP_LIST = (
-- Development IP,
-- Production IP
);
-- Apply the policy to your user account
ALTER USER <your_username> SET NETWORK_POLICY = 'api_access_policy';
-- Alternative: Apply account-wide (requires ACCOUNTADMIN role)
-- ALTER ACCOUNT SET NETWORK_POLICY = 'api_access_policy';
2.3 Verify Network Policy
-- Verify the policy is applied
DESC USER <your_username>;
-- Check policy details
DESC NETWORK POLICY api_access_policy;
Step 3: Configure Bearer Token Authentication
3.1 Generate Snowflake OAuth Token
Snowflake provides built-in OAuth support. To generate a Bearer token:
Go to Account -> Settings -> Authentication -> Access Tokens -> Generate Token
Example token format:
eyJraWQiOiIxNDQ3NjUzMzc2NSIsImFsZyI6IkVTMjU2In0...
Step 4: Create an MCP Server
- Go to AI Gateway -> Apps -> Third-party -> Snowflake -> Create MCP Server
- Configure the MCP Server
- Click on the MCP Server -> Configure API Endpoints
- Configure the API Endpoints
- Click on the MCP Server -> Configure Authentication
- Configure the Authentication (Select Bearer token)
- Choose/ Create a user-level token
- Review and create the MCP Server
Conclusion
This guide provides a complete implementation for integrating Snowflake with an MCP server using Bearer token authentication. The setup includes:
- ✅ Snowflake organization identification
- ✅ Network security configuration
- ✅ Bearer token authentication
- ✅ REST API testing
- ✅ Complete MCP server implementation
- ✅ Security best practices
The MCP server enables seamless integration between Claude and Snowflake, allowing natural language queries to be converted into SQL operations and database management tasks.
Next Steps
- Extend Functionality: Add more Snowflake API endpoints (schemas, tables, warehouses)
- Error Handling: Implement robust error handling and retry logic
- Caching: Add response caching for better performance
- Monitoring: Integrate logging and monitoring solutions
- Security: Implement OAuth 2.0 flow for enhanced security (future enhancement)
For OAuth integration (Azure AD or other providers), refer to the advanced configuration documentation.