How Atlan connects to Cyera

Atlan connects directly to Cyera's cloud API to extract data classification metadata—including classifications, sensitivity context, and security issue findings—while maintaining security and compliance. Cyera uses a fixed API endpoint (api.cyera.io) and JWT-based authentication via Client ID and Client Secret.

warning

The Cyera App doesn't yet support Self-Deployed Runtime. Only direct network connectivity is available.

Connect directly to Cyera

Atlan's Cyera workflow establishes a direct HTTPS connection to the Cyera API from the Atlan SaaS tenant using a Client ID and Client Secret that you generate in Cyera.

• Atlan authenticates using short-lived JWT tokens obtained via the /v1/login endpoint with Client ID and Client Secret.
• Atlan queries three Cyera API surfaces:
  • /v2/datastores: datastore inventory for mapping in the workflow UI.
  • /v1/tables/stream: table and column classifications, streamed as NDJSON.
  • /v3/issues: security issue findings, aggregated at the database level.
• You can browse and select Cyera Datastores from a dropdown list in the workflow configuration, populated by querying the Cyera datastores endpoint.

For details on how direct connectivity works, see Direct connectivity.

Security

Atlan extracts only classification metadata—data class names, sensitivity levels, tokenization status, and security issue summaries. For example, if Cyera has classified a CUSTOMERS table as containing PII, Atlan discovers the classification and sensitivity information, but never accesses or stores the customer records themselves.

• Read-only operations: All Cyera API calls are read-only. The connector can't modify classifications, create or delete policies, or change any Cyera configuration. The permissions granted to the API token control exactly what the connector can access.

• Credential encryption: Cyera Client ID and Client Secret values are encrypted at rest and in transit. Atlan encrypts credentials before storage and uses them only to obtain short-lived JWT tokens for API calls.

• Fixed API endpoint: Cyera exposes a single cloud API endpoint (api.cyera.io). Atlan connects only to this endpoint—no direct access to your underlying data stores occurs during the crawl.

See also

• Direct connectivity: How Atlan connects directly to data sources
• Set up Cyera: Create an API token and obtain credentials
• Crawl Cyera: Configure and run the crawler