Capabilities
The Treasure AI connector syncs the following resources from Treasure AI CDP (REST API v3):- Users: All Treasure AI users with email, name, and admin status. Delete user supported.
- Roles: Account roles derived from the
administratorfield (Admin or User). Read-only — roles are determined when a user is created in the Treasure AI Console and cannot be granted or revoked via the API. Role membership is not tracked as grants in the sync bundle. - Policies: Access control policies defining fine-grained permissions on databases, workflows, segments, etc. Only available when PBAC (Policy-Based Access Control) is enabled.
- Policy Groups: Delegated access groups that associate users and policies. Only available when PBAC is enabled.
PBAC configuration
Policies and Policy Groups require the PBAC paid add-on. These resources are opt-in and can be enabled from the C1 connector settings. Without opt-in, only Users and Roles are synced. Required permissions by resource type:Grant and revoke operations for Policy Groups replace the entire member list for a group. The connector reads current membership before writing to preserve existing members not involved in the operation.
Gather Treasure AI credentials
1
Log in to the Treasure AI Console.
2
Navigate to My Settings > API Keys.
3
Copy your Master API key.For production use, we recommend creating a dedicated service user (for example,
c1-service@your-domain.com) with read-only access to:- Access control APIs (users, policies, policy groups, permissions)
- User and account metadata
4
Determine your region endpoint:
5
If your account has IP allowlisting enabled, add C1’s egress IP range(s) to the allowlist for the service user.
Configure the Treasure AI connector
- Cloud-hosted
- Self-hosted
Follow these instructions to use a built-in, no-code connector hosted by C1.Done. Your Treasure AI connector is now pulling access data into C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for Treasure AI and click Add.
3
Choose how to set up the new Treasure AI connector:
- Add the connector to a currently unmanaged app
- Add the connector to a managed app
- Create a new managed app
4
Set the owner for this connector.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Enter the required configuration:
- API Key: Your Treasure AI Master API key (TD1 scheme).
- Base URL (optional): API base URL for your region. Defaults to
https://api.treasuredata.com(US). Set tohttps://api.eu01.treasuredata.comfor EU,https://api.treasuredata.co.jpfor Japan, orhttps://api.ap02.treasuredata.comfor Korea.
8
Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.