Skip to main content

Choose right way to automate Atlan

Connect docs via MCP

Atlan exposes several programmatic surfaces—a REST API, the PyAtlan SDK, pre-built packages, the Metadata Lakehouse (MDLH), webhooks, and an MCP server for AI agents. The decision that matters most is picking the simplest mechanism that meets the requirement: use direct, deterministic mechanisms for repeatable pipelines and reserve AI-driven mechanisms for open-ended, interactive work.

When to use what

Match the shape of the task to the mechanism. Pick one primary mechanism with a fallback, not a menu.

Your requirementUseWhy
A repeatable, deterministic recipe (PR impact analysis, schema-change sentinel, scheduled stamping)REST API or the Atlan GitHub ActionNo LLM tokens, deterministic, auditable
Python metadata CRUD, enrichment, relationships, or type definitions from a developer teamPyAtlan SDKA clean, readable wrapper over the API; supports bulk writes and append/remove relationships
Bulk fetch → transform → publish for a developer teamPyAtlan SDK (bulk-write script)Full control; bulk writes with autobatching and append/remove relationships
One-time or periodic bulk load from a CSV/spreadsheet, or a schedulable batch jobImport/CSV upload or a pre-built packageNo code; schedulable batch utilities
Large-scale read/extraction for BI, dashboards, or custom monitoringMetadata Lakehouse (MDLH)SQL-queryable; more maintainable than SDK code and reduces API load
A deterministic lookup (for example, lineage) inside a pipeline where LLMs aren't approvedMDLH via SQLAuditable, no AI-governance approval needed
Ad-hoc/interactive discovery, natural-language self-serve, or context for an AI agentMCP serverDynamic scope; the agent reasons at runtime
A live integration triggered by an Atlan event, without pollingWebhookA reverse API—Atlan POSTs to your endpoint on a metadata change
Invoke an existing governance workflow and get its statusREST APIOne POST submits and triggers; poll with GET for status

The one-liner worth remembering: MCP for exploration and dynamic analysis; direct APIs for automated, high-frequency, deterministic pipelines. If you have already built deterministic automations on direct APIs, that's the right choice—don't migrate them to MCP, which adds cost, latency, and non-determinism.

Availability of the newer surfaces (hosted MCP, agentic enrichment) changes with each release—confirm current status in the Atlan product documentation before you design around one, and anchor durable designs on the generally available mechanisms.

For source with no native connector

Map it to existing type definitions (database → schema → table → column) so it joins the metadata graph and can be queried, enriched, and governed. If no suitable type exists, create the asset as a custom entity. Consult the product reference for the supported type categories.

Work these in order for any automation or integration:

  1. Clarify the requirement and your AI-governance posture. Visibility vs alerting? Deterministic vs interactive? Are LLMs approved in this pipeline? This single question decides between MCP, MDLH, and the direct API.
  2. Pick the simplest mechanism from the preceding table. Default to one mechanism with an escape hatch.
  3. Line up prerequisites early and in parallel. Generate an API token and note your tenant's base URL; secure any source-connection approvals; set up personas or OAuth; enable the mechanism you chose. Start long-lead approvals (security review, SSO/SCIM, AI-governance sign-off) before you build, not after.
  4. Confirm maturity of anything you plan to demo, and build the durable plan on generally available mechanisms.
  5. Design for scale before you write the loop (see the enterprise patterns below).
  6. Smoke-test on a few real assets: write to draft/proposed status, confirm the result, then widen scope.
  7. Roll out progressively: pilot one use case → validate metadata quality on verified assets → expand → make it company-wide through an IT-managed connector.

Canonical write pattern: Trigger → draft → approve

For "write metadata to Atlan when something happens externally" (a Jira status change, a job completion, an SLA breach, a dbt run):

  1. Trigger: prefer a scheduled poll over an event trigger; it's simpler and more robust. Use an event trigger or webhook only when latency genuinely requires it.
  2. Read context from the source system through its own API.
  3. Write to Atlan in draft/proposed status via PyAtlan or MCP: never straight to verified/production.
  4. Gate promotion to verified/certified behind a human.

Before you design a custom field, check whether the signal already flows in dynamically (for example dbt test alerts or freshness incidents). Redundant custom fields create inconsistent data.

Two named automation patterns come up repeatedly and are worth building early because their ROI is high:

  • Warehouse-computed score write-back. Compute a quality or completeness score in your warehouse (or in the automation layer), then write it back to a custom-metadata field on the asset so it's searchable and drives workflows. The build itself is small; the gating items are usually warehouse auth for the service account, approval to create the connection, and the metadata-lakehouse sync being live—start those approvals in parallel so they don't serialize.
  • Certification-review cycle. Add custom date fields (original certification date, next review date), update them programmatically, and build filtered views that surface assets whose certification has lapsed. This turns certification from a one-time badge into a maintained signal.

Bulk-loading from spreadsheet

Read the CSV, match assets by their qualified name (never by display name—names duplicate across the workspace), and update only the target field. Prompt for the API token at runtime; never hardcode or store it in a config file. Frame the script as reusable on every source-file refresh.

Enterprise-scale design patterns

The shared metadata service isn't always fast or available—design clients for resilience, efficiency, and accountability. The durable patterns:

  • Never write one asset per call. Use bulk writes that accept a list of entities.
  • Retry with exponential backoff on rate-limit and transient server errors, and route exhausted retries to a dead letter queue so nothing is lost.
  • Send client-identification headers so the platform can trace and prioritize your traffic; log the request ID on every failure.
  • Minimize callbacks to the metadata service. Design event-driven flows where the event already carries the data you need, so you process locally instead of reading back.
  • Append or remove individual relationship attributes rather than resending an asset's full relationship list—this is dramatically cheaper at scale.
  • Avoid create-delete cycles (for example, re-creating a catalog daily); use status flags or TTL cleanup instead.
  • For multi-region writers to one instance, put a global queue in front of the instance to coordinate throttling.

The exact rate limit, batch sizes, backoff intervals, and required header names are versioned facts—take them from the Atlan API/developer reference rather than this guide, and design to the documented conservative limit.

Governance workflows, programmatically

Governance workflows are authored in the UI today; to drive them programmatically, create the workflow, reference its identifier, then invoke it—confirm current create/manage API and SDK support in the Atlan API/developer reference:

  • Invoke and poll: a single POST submits and triggers the workflow; poll with GET for status. There is no completion webhook—you must poll.
  • Bulk-approving a backlog: there is no official, public bulk-approve endpoint. Treat any bulk-approval automation as an advanced, one-time backlog-cleanup pattern that isn't covered by the public API contract—it may rely on an internal endpoint that can change without notice. Confirm the supported approach with Atlan support and the developer reference before you build. If you do proceed for a one-off cleanup, filter narrowly and test on a small filter first, deduplicate processed runs, and keep a log as your audit trail. Approvals are final—there is no undo.
  • Integrating with an ITSM tool (ServiceNow, Jira Service Management): when the ticketing system owns approval and audit, configure the Atlan workflow to autoapprove and pass the full form payload downstream—requestor, form responses, and the asset or product identifier—so the ITSM flow has everything it needs. Use a webhook only as the last resort when the native path can't carry the payload. Design the request flow and the revoke flow together, not request-only; and confirm any asset types the form depends on are enabled in your tenant before building.
  • Cross-tenant portability: playbooks are connection- and query-specific per tenant—they don't copy across tenants. Live cross-tenant sync is custom services scope, not a product feature—plan it as such.

Building agent or self-serve analytics on Atlan MCP

  • Scope the use case first and start with read-only discovery (metadata smart search). Defer write-back enrichment—security teams push back on open write access for large user populations.
  • Run a three-gate rollout: (1) scope: read-only first, defer writes until personas are configured; (2) environment: prove it in dev/staging, promote to production only when enrichment and asset completeness match; (3) enrichment prerequisite: confirm target assets actually have descriptions before any demo.
  • Default authentication to an OAuth client, not a shared API key, whenever per-user identity matters—it preserves each user's persona and permission mapping and avoids a costly rework during security review.
  • Use separate skill files, not system-prompt stuffing. A skill narrows the agent's search scope and prescribes the response format, which cuts query fan-out (faster, more deterministic) and lets you encode query completeness once ("when asked about a report, retrieve its pages, underlying tables, column descriptions, and measures in the first query"). The MCP returns only what's asked and won't expand scope on its own—encode breadth in the skill, not in every prompt.
  • For self-serve analytics, compose two MCPs: Atlan MCP as the semantic/context layer (glossary, disambiguation, lineage) and a separate database MCP for query execution. The real enabler is metadata quality—enrich and certify the one or two highest-value ambiguous metrics first, prove the end-to-end flow, then broaden.
  • Roll out company-wide through an IT-managed org-level connector, never per-user local setup.
  • Answer quality equals metadata quality. Enrich descriptions, certify assets, and link glossary terms before you widen the audience.

Common pitfalls

  • Recommending MCP for a repeatable deterministic pipeline: it adds token cost, latency, and non-determinism. Use the direct API or GitHub Action.
  • A one-asset-per-call write loop, or resending full relationship lists instead of appending/removing individual relationships.
  • Ignoring the platform rate limit: design to the documented conservative limit from the start.
  • Presenting a preview capability as shipped. State maturity plainly and anchor durable plans on generally available mechanisms.
  • Assuming you can create governance workflows programmatically without confirming current create/manage API support, or designing for a completion webhook that doesn't exist (you must poll). Treat bulk-approval as an unsupported, undocumented path unless the developer reference says otherwise.
  • Defaulting to a shared API key when per-user identity matters: this is a production-approval blocker in regulated environments.
  • Indexing Atlan metadata into your own vector store instead of using the MCP's live search—you lose built-in search and the ability to fetch context mid-reasoning, and you inherit re-indexing overhead.
  • Referencing assets by display name. Names duplicate; always use the qualified name.
  • Rolling out company-wide before testing metadata quality on verified assets, or building event-trigger automation before the connection is even configured.

Troubleshooting

SymptomLikely causeNext move
Rate-limit (429) errors on writesThe platform's global programmatic rate limit was exceededSwitch to bulk writes, add retry-with-backoff, reduce request frequency, and upgrade to the latest SDK. Confirm the current limit in the API reference.
Local MCP setup failsA missing runtime dependency or unmet prerequisite, not a config errorConfirm the MCP server's documented runtime prerequisites in the product/developer reference and verify they're installed before touching config.
Agent ignores the MCP or routes around itPrompt/tool-selection in the agent, or missing skill filesConfirm skill files (tool-invocation hints) are configured; capture the specific bypassed prompts and model name before diagnosing.
Agent answers are slow or non-deterministicA one-shot context fetch, or no skill filesReplace static/vector retrieval with live MCP calls so the agent can fetch iteratively; add separate skill files that enforce a reasoning model and query completeness.
MCP returns only high-level metadata for an assetThe MCP returns only what's askedEncode the needed breadth in the first query or a skill file—this is prompt design, not a limitation.
MCP returns results from unintended databases/domainsAmbiguous promptsSupply the fully qualified name; medium-term, add a domain-scoped skill template.
MCP updated an archived asset instead of the live oneA name collision across live and archived assetsInclude the full qualified name and asset type in the prompt; clean up archived assets so the search surface is unambiguous.
An API token expired and you can't tell what uses itNo token-usage view is available in your tenantIf no usage view is available, use the token's creation date and scope in the admin panel as a proxy, and coordinate rotation with the integration owner before the next scheduled run. Check the product reference for current token-observability support.
Uncertain whether a change breaks a custom workflow or an API is publicCompatibility/roadmap questionDon't answer speculatively—open a support ticket listing the specific endpoints, workflow identifiers, and custom logic.

For rate limits, batching sizes, retry intervals, header names, connector coverage, and endpoint specifics, route to the Atlan API/developer reference. For which mechanisms are generally available versus preview, route to the product maturity documentation.