HTTP Sink Connector for Confluent Cloud

Tip

Confluent recommends upgrading to version 2 of this connector if you are using the OpenAPI specification to avoid future migration issues. For more information, see Moving from V1 to V2.

The fully-managed HTTP Sink connector for Confluent Cloud integrates Apache Kafka® with an API via HTTP or HTTPS.

The connector consumes records from Kafka topics and converts each record value to STRING or JSON format before sending it, in the request body, to the configured http.api.url. The API URL can reference a record key or topic name using substitution variables ${topic} and ${key} in the URL property. You can also use fields from the Kafka record. The targeted API must support either a POST, PATCH, or PUT request.

The connector batches records up to the set Batch max size (batch.max.size) before sending the batched request to the API. Each record is converted to its String representation or its JSON representation with Request Body Format (request.body.format=json) and then separated with the Batch separator (batch.separator). See Configuration Properties for configuration property descriptions.

The HTTP Sink connector supports connecting to APIs using SSL along with Basic Authentication, OAuth2, or a Proxy Authentication Server.

Note

• This Quick Start is for the fully-managed Confluent Cloud connector. If you are installing the connector locally for Confluent Platform, see HTTP Sink Connector for Confluent Platform.

• If you require private networking for fully-managed connectors, make sure to set up the proper networking beforehand. For more information, see Manage Networking for Confluent Cloud Connectors.

Features

The HTTP Sink connector supports the following features:

• At least once delivery: This connector guarantees that records from the Kafka topic are delivered at least once.

• Supports multiple tasks: The connector supports running one or more tasks. More tasks may improve performance (that is, consumer lag is reduced with multiple tasks running).

• Automatically creates topics: The following three topics are automatically created when the connector starts:

  • Success topic

  • Error topic

  • Dead letter queue (DLQ) topic

  The suffix for each topic name is the connector’s logical ID. In the example below, there are the three connector topics and one pre-existing Kafka topic named pageviews.

  

  Connector Topics

  If the records sent to the topic are not in the correct format, or if important fields are missing in the record, the errors are recorded in the error topic, and the connector continues to run.

• Supported data formats: The connector supports Avro, JSON Schema (JSON-SR), Protobuf, JSON (schemaless), and Bytes formats. Schema Registry must be enabled to use a Schema Registry-based format (for example, Avro, JSON Schema, or Protobuf). See Schema Registry Enabled Environments for additional information.

• Template parameters: The connector allows you to specify fields from the Kafka record, other than {$topic} and {$key} and constructs a unique URL using these parameters.

• Regex Replacements: The connector can take a number of regex patterns and replacement strings that are applied to a record before it is submitted to the destination API. To do this, the connector uses the configuration options regex.patterns, regex.replacements, and regex.separator.

• Supports Batching: The connector batches requests submitted to HTTP APIs for efficiency. Batches can be built with the configuration options batch.prefix, batch.suffix and batch.separator. All regex options apply when batching and are applied to individual records before being submitted to the batch.

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Connect Usage Examples section.

Limitations

Be sure to review the following information.

• For connector limitations, see HTTP Sink Connector limitations.

• If you plan to use one or more Single Message Transforms (SMTs), see SMT Limitations.

• If you plan to use Confluent Cloud Schema Registry, see Schema Registry Enabled Environments.

• The connector does not batch requests for messages containing Kafka header values that are different.

Template Parameters

The connector forwards the message (record) value to the HTTP API. You can add parameters to have the connector construct a unique HTTP API URL containing the record key and topic name. For example, you enter http://eshost1:9200/api/messages/${topic}/${key} to have the HTTP API URL contain the topic name and record key.

In addition to the ${topic} and ${key} parameters, you can also refer to fields from the Kafka record. As shown in the following example, you may want the connector to construct a URL that uses the Order ID and Customer ID.

The Avro format that the producer uses to generate records in the Apache Kafka® topic order is shown below:

{
  "name": "MyClass",
  "type": "record",
  "namespace": "com.acme.avro",
  "fields": [
    {
      "name": "customerId",
      "type": "int"
    },
    {
      "name": "order",
      "type": {
        "name": "order",
        "type": "record",
        "fields": [
          {
            "name": "id",
            "type": "int"
          },
          {
            "name": "amount",
            "type": "int"
          }
        ]
      }
    }
  ]
}

To send the Order ID and Customer ID, you would use the following URL in the HTTP API URL (http.api.url) configuration property:

"http.api.url" : "http://eshost1:9200/api/messages/order/${order.id}/customer/${customerId}/"

Assuming the data in the Kafka topic contains the following values:

{
  "customerId": 123,
  "order": {
    "id": 1,
    "amount": 12345
  }
}

The connector constructs the following URL:

http://eshost1:9200/api/messages/order/1/customer/123/

Note

• The maximum depth for added parameters is 10. For example, connector validation fails if you were to use the URL https://eshost1:9200/api/messages/order/${a.b.c.d.e.f.g.h.i.j.k}.

• When you add parameters to the HTTP API URL, each record can result in a unique URL. For this reason, batching is disabled when using additional URL parameters.

• The connector throws a runtime exception if fields referred to in the HTTP API URL do not exist in the Kafka record.

Quick Start

Use this quick start to get up and running with the Confluent Cloud HTTP Sink connector. The quick start provides the basics of selecting the connector and configuring it to stream events to an HTTP endpoint.

Prerequisites

• Authorized access to a Confluent Cloud cluster on Amazon Web Services (AWS), Microsoft Azure (Azure), or Google Cloud.

• The Confluent CLI installed and configured for the cluster. See Install the Confluent CLI.

• Schema Registry must be enabled to use a Schema Registry-based format (for example, Avro, JSON_SR (JSON Schema), or Protobuf). See Schema Registry Enabled Environments for additional information.

• At least one source Kafka topic must exist in your Confluent Cloud cluster before creating the sink connector.

Using the Confluent Cloud Console

Step 1: Launch your Confluent Cloud cluster

To create and launch a Kafka cluster in Confluent Cloud, see Create a kafka cluster in Confluent Cloud.

Step 2: Add a connector

In the left navigation menu, click Connectors. If you already have connectors in your cluster, click + Add connector.

Step 3: Select your connector

Click the HTTP Sink connector card.

Step 4: Enter the connector details

Note

• Ensure you have all your prerequisites completed.

• An asterisk ( * ) designates a required entry.

At the Add HTTP Sink Connector screen, complete the following:

Select topic

If you’ve already populated your Kafka topics, select the topics you want to connect from the Topics list.

To create a new topic, click +Add new topic.

Kafka credentials

1. Select the way you want to provide Kafka Cluster credentials. You can choose one of the following options:

   • My account: This setting allows your connector to globally access everything that you have access to. With a user account, the connector uses an API key and secret to access the Kafka cluster. This option is not recommended for production.

   • Service account: This setting limits the access for your connector by using a service account. This option is recommended for production.

   • Use an existing API key: This setting allows you to specify an API key and a secret pair. You can use an existing pair or create a new one. This method is not recommended for production environments.

   Note

   Freight clusters support only service accounts for Kafka authentication.

1. Click Continue.

Authentication

1. Enter your HTTP API URL. Use an HTTP or HTTPS connection URL. For example, http://eshost1:9200/api/messages or https://eshost3:9200/api/messages. The connector sends the record value to the API as part of the request body. You can specify a static URL (for example, http://eshost1:9200/api/messages) or a dynamic URL (for example, http://eshost1:9200/api/messages/${topic}/${key}). You can also specify a dynamic URL using fields from the Kafka record.

   Note

   • Note that if the connection URL is HTTPS, HTTPS is used for all connections. A URL with no protocol is considered HTTP.

   • For additional information, see HTTP Sink Connector limitations.

2. Select an Endpoint Authentication Type. Defaults to NONE.

   • BASIC: The connector authenticates with a username and password.

   • NONE (the default): The endpoint requires no authentication.

   • OAUTH2: The connector authenticates using OAuth credentials. Supports OAuth Client Credentials grant type only.

3. Enter the following authentication details:

   • Auth username: The username to be used with an endpoint requiring authentication.

   • Auth password: The password to be used with an endpoint requiring authentication.

   • OAuth2 token URL: The URL to be used for fetching the OAuth2 token in the field. Client Credentials is the only supported grant type.

   • OAuth2 client ID: The client ID used when fetching the OAuth2 token.

   • OAuth2 secret: The secret used when fetching the OAuth2 token.

   • OAuth2 token property name: The name of the property containing the OAuth2 token returned by the HTTP proxy. Defaults to access_token.

   • OAuth2 auth mode mechanism: Specifies how to encode client_id and client_secret in the OAuth2 authorization request. If set to header, the connector encodes credentials as an Authorization:Basic <base-64 encoded client_id:client_secret> HTTP header. If set to url, then client_id and client_secret are sent in body as URL encoded parameters. Defaults to header.

   • OAuth2 scope: The scope used when fetching OAuth2 token. If left empty, this parameter is not set in the authorization request. Defaults to any.

   • Add JWT token: Whether to generate and add a JSON Web Token (JWT) to a request. The signing algorithm used is the RS256 algorithm. If set to true, the JWT is added as a jwt_token request parameter. Defaults to false. When set to true, the following additional configuration properties appear:

     • JWT keystore: Click and upload the key store containing the private key used to sign the JWT.

     • JWT keystore password: Enter the password used to access the key store.

     • JWT keystore type: Sets the key store type to JKS or PKCS12. Defaults to JKS.

     • JWT JSON claims: Add any necessary JWT claims as a JSON string. For example:

       {
        "iss": "<issuer>",
        "aud": "<audience>",
        "sub": "<subject>"
        }
       

       Note

       The connector sets the JWT claim iat (issued at) to the JWT creation time (current time). The connector sets exp (expiry) to five minutes from time of issue. The claim jti is set to a random string. The connector overwrites these values if you add values for them here.

   • Key Password: The password of the private key in the key store file. This is optional for a client.

   • Key Store: The key store containing the server certificate. Only required if using HTTPS.

   • Keystore Password: The store password for the key store file. This is optional for a client and is only needed if https.ssl.keystore.location is configured.

   • Trust store: The trust store containing the server CA certificate. Only required if using HTTPS.

   • Trust store password: The trust store password containing the server CA certificate. Only required if using HTTPS.

   • SSL Protocol: The protocol to use for SSL connections. Defaults to TLSv1.3.

   • Enable host verification: Whether SSL host verification should be enabled. Defaults to true.

4. Click Continue.

Configuration

1. Select the Input Kafka record value format (data coming from the Kafka topic): AVRO, PROTOBUF, JSON_SR, JSON, or BYTES. A valid schema must be available in Schema Registry to use a schema-based message format (for example, Avro, JSON Schema, or Protobuf). See Schema Registry Enabled Environments for additional information.

   Tip

   Select schemaless JSON to consume STRING data.

   Show advanced configurations

   • Schema context: Select a schema context to use for this connector, if using a schema-based data format. This property defaults to the Default context, which configures the connector to use the default schema set up for Schema Registry in your Confluent Cloud environment. A schema context allows you to use separate schemas (like schema sub-registries) tied to topics in different Kafka clusters that share the same Schema Registry environment. For example, if you select a non-default context, a Source connector uses only that schema context to register a schema and a Sink connector uses only that schema context to read from. For more information about setting up a schema context, see What are schema contexts and when should you use them?.

   • HTTP Request Method: The request method to use. Options are PUT, POST, and PATCH. Defaults to POST.

   • HTTP Headers: HTTP headers to be included in all requests. Individual headers should be separated by the Header Separator.

   • HTTP Headers Separator: Separator character used in headers.

   • Behavior for null valued records: How to handle records with a non-null key and a null value (that is–Kafka tombstone records). Valid options are ignore, delete and fail. Defaults to ignore.

   • Behavior on errors: Error handling behavior config for handling error responses from HTTP requests. Valid options are ignore and fail. Defaults to ignore.

   • Report errors as: Dictates the content of records produced to the error topic. If set to error_string, the value is a human readable string describing the failure. The error string includes the following information if available: HTTP response code, reason phrase, submitted payload, URL, response content, exception and error message.

   • Retry on HTTP codes: Comma-separated list of HTTP codes or range of codes to retry on.

   • Maximum Retries: The maximum number of times to retry on errors before failing the task.

   • Retry Backoff (milliseconds): The time in milliseconds to wait following an error before a retry attempt is made.

   • Connect timeout (milliseconds): The time in milliseconds to wait for a connection to be established.

   • Request timeout (milliseconds): The time in milliseconds to wait for a request response from the server.

   • Request Body Format: Used to produce request body in either JSON or String format.

   • Batch key pattern: Pattern used to build the key for a given batch.

   • Batch max size: The number of records accumulated in a batch before the HTTP API is invoked. Note that batching is disabled if you use template parameters other than $key and $topic. Defaults to 1.

   • Batch prefix: Prefix added to record batches. This is applied once at the beginning of the batch of records. Only used when request.body.format is set to string.

   • Batch suffix: Suffix added to record batches. This is applied once at the end of the batch of records. Only used when request.body.format is set to string.

   • Batch separator: Separator for records in a batch.

   • Batch json as array: Whether or not to use an array to bundle JSON records. Only used when request.body.format is set to JSON.

   • Regular expression patterns: Regular expression patterns used for replacements in the message sent to the HTTP service.

   • Regular expression replacements: Regex replacements to use with the patterns in regex.patterns.

   • Regular expression separator: Separator character used in regex.patterns and regex.replacements property.

   Auto-restart policy

   • Enable Connector Auto-restart: Control the auto-restart behavior of the connector and its task in the event of user-actionable errors. Defaults to true, enabling the connector to automatically restart in case of user-actionable errors. Set this property to false to disable auto-restart for failed connectors. In such cases, you would need to manually restart the connector.

   Consumer configuration

   • Max poll interval(ms): Set the maximum delay between subsequent consume requests to Kafka. Use this property to improve connector performance in cases when the connector cannot send records to the sink system. The default is 300,000 milliseconds (5 minutes).

   • Max poll records: Set the maximum number of records to consume from Kafka in a single request. Use this property to improve connector performance in cases when the connector cannot send records to the sink system. The default is 500 records.

   Transforms

   • Single Message Transforms: To add a new SMT, see Add transforms. For more information about unsupported SMTs, see Unsupported transformations.

   See Configuration Properties for all property values and definitions.

2. Click Continue.

Sizing

Based on the number of topic partitions you select, you will be provided with a recommended number of tasks.

1. To change the number of recommended tasks, enter the number of tasks for the connector to use in the Tasks field.

2. Click Continue.

Review and Launch

1. Verify the connection details.

2. Click Launch.

   

   The status for the connector should go from Provisioning to Running.

   

Step 5: Check for records

Verify that records are being produced at the endpoint.

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Connect Usage Examples section.

Tip

When you launch a connector, a Dead Letter Queue topic is automatically created. See View Connector Dead Letter Queue Errors in Confluent Cloud for details.

Using the Confluent CLI

To set up and run the connector using the Confluent CLI, complete the following steps.

Note

Make sure you have all your prerequisites completed.

Step 1: List the available connectors

Enter the following command to list available connectors:

confluent connect plugin list

Step 2: List the connector configuration properties

Enter the following command to show the connector configuration properties:

confluent connect plugin describe <connector-plugin-name>

The command output shows the required and optional configuration properties.

Step 3: Create the connector configuration file

Create a JSON file that contains the connector configuration properties. The following example shows the required connector properties.

{
  "connector.class": "HttpSink",
  "input.data.format": "JSON",
  "name": "HttpSinkConnector_0",
  "kafka.auth.mode": "KAFKA_API_KEY",
  "kafka.api.key": "<my-kafka-api-key>",
  "kafka.api.secret": "<my-kafka-api-secret>",
  "http.api.url": "http:://eshost1:9200/api/messages",
  "request.method": "POST",
  "tasks.max": "1",
  "topics": "orders",
}

Note the following property definitions:

• "connector.class": Identifies the connector plugin name.

• "input.data.format": Sets the input Kafka record value format (data coming from the Kafka topic). Valid entries are AVRO, JSON_SR, PROTOBUF, JSON, or BYTES. You must have Confluent Cloud Schema Registry configured if using a schema-based message format (for example, Avro, JSON_SR (JSON Schema), or Protobuf).

  Tip

  Select schemaless JSON to consume STRING data.

• "name": Sets a name for your new connector.

• "kafka.auth.mode": Identifies the connector authentication mode you want to use. There are two options: SERVICE_ACCOUNT or KAFKA_API_KEY (the default). To use an API key and secret, specify the configuration properties kafka.api.key and kafka.api.secret, as shown in the example configuration (above). To use a service account, specify the Resource ID in the property kafka.service.account.id=<service-account-resource-ID>. To list the available service account resource IDs, use the following command:

  confluent iam service-account list
  

  For example:

  confluent iam service-account list
  
     Id     | Resource ID |       Name        |    Description
  +---------+-------------+-------------------+-------------------
     123456 | sa-l1r23m   | sa-1              | Service account 1
     789101 | sa-l4d56p   | sa-2              | Service account 2
  

• "http.api.url": Use an HTTP or HTTPS connection URL. For example, http://eshost1:9200/api/messages or https://eshost3:9200/api/messages. The connector sends the record value to the API as part of the request body. You can specify a static URL (for example, http://eshost1:9200/api/messages) or a dynamic URL (for example, http://eshost1:9200/api/messages/${topic}/${key}). You can also specify a dynamic URL using fields from the Kafka record.

  Note

  • Note that if the connection URL is HTTPS, HTTPS is used for all connections. A URL with no protocol is considered HTTP.

  • For additional information, see HTTP Sink Connector limitations.

• "request.method": Enter an HTTP API Request Method: PUT, POST, or PATCH. Defaults to POST.

• "tasks.max": Enter the maximum number of tasks for the connector to use. More tasks may improve performance (that is, consumer lag is reduced with multiple tasks running).

• "topics": Enter the topic name or a comma-separated list of topic names.

Single Message Transforms: See the Single Message Transforms (SMT) documentation for details about adding SMTs using the CLI.

See Configuration Properties for all property values and descriptions.

Step 3: Load the properties file and create the connector

Enter the following command to load the configuration and start the connector:

confluent connect cluster create --config-file <file-name>.json

For example:

confluent connect cluster create --config-file http-sink-config.json

Example output:

Created connector HttpSinkConnector_0 lcc-do6vzd

Step 4: Check the connector status.

Enter the following command to check the connector status:

confluent connect cluster list

Example output:

ID           |             Name              | Status  | Type | Trace
+------------+-------------------------------+---------+------+-------+
lcc-do6vzd   | HttpSinkConnector_0           | RUNNING | sink |       |

Step 5: Check for records

Verify that records are populating the endpoint.

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Connect Usage Examples section.

Tip

When you launch a connector, a Dead Letter Queue topic is automatically created. See View Connector Dead Letter Queue Errors in Confluent Cloud for details.

Configuration Properties

Use the following configuration properties with the fully-managed connector. For self-managed connector property definitions and other details, see the connector docs in Self-managed connectors for Confluent Platform.

Note

These are properties for the fully-managed cloud connector. If you are installing the connector locally for Confluent Platform, see HTTP Sink Connector for Confluent Platform.

Which topics do you want to get data from?

topics

Identifies the topic name or a comma-separated list of topic names.

• Type: list

• Importance: high

Schema Config

schema.context.name

Add a schema context name. A schema context represents an independent scope in Schema Registry. It is a separate sub-schema tied to topics in different Kafka clusters that share the same Schema Registry instance. If not used, the connector uses the default schema configured for Schema Registry in your Confluent Cloud environment.

• Type: string

• Default: default

• Importance: medium

Input messages

input.data.format

Sets the input Kafka record value format. Valid entries are AVRO, JSON_SR, PROTOBUF, JSON or BYTES. Note that you need to have Confluent Cloud Schema Registry configured if using a schema-based message format like AVRO, JSON_SR, and PROTOBUF.

• Type: string

• Default: JSON

• Importance: high

input.key.format

Sets the input Kafka record key format. Valid entries are BYTES or STRING.

• Type: string

• Default: BYTES

• Valid Values: BYTES, STRING

• Importance: high

How should we connect to your data?

name

Sets a name for your connector.

• Type: string

• Valid Values: A string at most 64 characters long

• Importance: high

Kafka Cluster credentials

kafka.auth.mode

Kafka Authentication mode. It can be one of KAFKA_API_KEY or SERVICE_ACCOUNT. It defaults to KAFKA_API_KEY mode.

• Type: string

• Default: KAFKA_API_KEY

• Valid Values: KAFKA_API_KEY, SERVICE_ACCOUNT

• Importance: high

kafka.api.key

Kafka API Key. Required when kafka.auth.mode==KAFKA_API_KEY.

• Type: password

• Importance: high

kafka.service.account.id

The Service Account that will be used to generate the API keys to communicate with Kafka Cluster.

• Type: string

• Importance: high

kafka.api.secret

Secret associated with Kafka API key. Required when kafka.auth.mode==KAFKA_API_KEY.

• Type: password

• Importance: high

HTTP server details

http.api.url

Specifies the API endpoint to which connector should write to.

• Type: string

• Importance: high

request.method

Specifies the HTTP request method (POST, PUT, PATCH) the connector should use for sending API request.

• Type: string

• Default: POST

• Importance: high

headers

HTTP headers to be included in all requests. Individual headers should be separated by the Header Separator

• Type: string

• Importance: high

header.separator

Separator character used in headers

• Type: string

• Importance: high

sensitive.headers

Sensitive HTTP headers (eg: credentials) to be included in all requests. Individual headers should be separated by the Header Separator

• Type: password

• Importance: high

behavior.on.null.values

How to handle records with a non-null key and a null value (i.e. Kafka tombstone records). Valid options are ignore, delete and fail

• Type: string

• Default: ignore

• Importance: low

HTTP server error handling

behavior.on.error

Describes the error handling behavior configuration for handling error responses from HTTP requests. Accepted values are ignore and fail.

• Type: string

• Default: ignore

• Importance: medium

report.errors.as

Dictates the content of records produced to the error topic. Accepted values are error_string and http_response. If set to error_string, the value would be a human readable string describing the failure. The value will include some or all of the following information if available: http response code, reason phrase, submitted payload, url, response content, exception and error message. If set to http_response, the value would be the plain response content for the request which failed to write the record. In both modes, any information about the failure will also be included in the error record’s headers.

• Type: string

• Default: error_string

• Importance: medium

HTTP server batches

request.body.format

Used to produce request body in either JSON or String format

• Type: string

• Default: string

• Importance: medium

batch.key.pattern

Pattern used to build the key for a given batch. ${key} and ${topic} can be used to include message attributes here

• Type: string

• Importance: high

batch.max.size

The number of records accumulated in a batch before the HTTP API is invoked

• Type: int

• Default: 1

• Importance: high

batch.prefix

Prefix added to record batches. This is applied once at the beginning of the batch of records

• Type: string

• Importance: high

batch.suffix

Suffix added to record batches. This is applied once at the end of the batch of records

• Type: string

• Importance: high

batch.separator

Separator for records in a batch

• Type: string

• Importance: high

batch.json.as.array

Whether or not to use an array to bundle json records. Only used when request.body.format is set to json. This can be disabled only when batch.max.size is set to 1.

• Type: boolean

• Importance: high

HTTP server authentication

auth.type

Specifies the authentication type of the API endpoint. Valid values are NONE, BASIC, OAUTH2 (Client Credentials grant type only).

• Type: string

• Default: NONE

• Importance: high

connection.user

The username to be used with an endpoint requiring authentication

• Type: string

• Importance: high

connection.password

The password to be used with an endpoint requiring authentication

• Type: password

• Importance: high

oauth2.token.url

The URL to be used for fetching OAuth2 token. Client Credentials is the only supported grant type.

• Type: string

• Importance: high

oauth2.client.id

The client id used when fetching OAuth2 token

• Type: string

• Importance: high

oauth2.client.secret

The secret used when fetching OAuth2 token

• Type: password

• Importance: high

oauth2.token.property

The name of the property containing the OAuth2 token returned by the http proxy.

• Type: string

• Default: access_token

• Importance: high

oauth2.client.auth.mode

Specifies how to encode client_id and client_secret in the OAuth2 authorization request. If set to ‘header’, the credentials are encoded as an 'Authorization: Basic <base-64 encoded client_id:client_secret>' HTTP header. If set to ‘url’, then client_id and client_secret are sent in body as URL encoded parameters.

• Type: string

• Default: header

• Importance: low

oauth2.client.scope

The scope used when fetching OAuth2 token. If empty, this parameter is not set in the authorization request

• Type: string

• Default: any

• Importance: low

oauth2.jwt.enabled

Whether to generate and add JWT token to request. If selected, JWT token will be added as ‘jwt_token’ request param

• Type: boolean

• Default: false

• Importance: medium

oauth2.jwt.keystore.path

Keystore containing private key to use to sign JWT.

• Type: password

• Default: [hidden]

• Importance: medium

oauth2.jwt.keystore.password

Password to access keystore

• Type: password

• Default: [hidden]

• Importance: medium

oauth2.jwt.keystore.type

JWT keystore type

• Type: string

• Default: JKS

• Importance: medium

oauth2.jwt.claimset

JSON containing JWT claims

• Type: string

• Default: “”

• Importance: medium

oauth2.client.headers

HTTP headers to be included in the OAuth2 client endpoint. Individual headers should be separated by OAuth2 Client Headers Separator

• Type: string

• Importance: low

oauth2.client.header.separator

Separator character used in OAuth2 Client Headers

• Type: string

• Importance: low

HTTP server retries

retry.on.status.codes

The HTTP error codes to retry on. Comma-separated list of codes or range of codes to retry on. Ranges are specified with start and optional end code. Range boundaries are inclusive. For instance, ‘400-’ includes all codes greater than or equal to 400. ‘400-500’ includes codes from 400 to 500, including 500. Multiple ranges and single codes can be specified together to achieve fine grained control over retry behavior. For example, ‘404,408,500-’ will retry on 404 NOT FOUND, 408 REQUEST TIMEOUT, and all 5xx error codes

• Type: string

• Default: 400-

• Importance: medium

max.retries

The maximum number of times to retry on errors before failing the task

• Type: int

• Default: 3

• Importance: medium

retry.backoff.ms

The initial duration in milliseconds to wait following an error before a retry attempt is made. Subsequent backoff attempts will be exponentially larger than the first duration. Note that this value is the initial backoff before retrying. After that, the connector will retry using exponential jitter. Jitter adds randomness to the exponential backoff algorithm to prevent synchronized retries.

• Type: int

• Default: 3000 (3 seconds)

• Valid Values: [100,…]

• Importance: medium

http.connect.timeout.ms

The time in milliseconds to wait for a connection to be established

• Type: int

• Default: 30000 (30 seconds)

• Importance: medium

http.request.timeout.ms

The time in milliseconds to wait for a request response from the server

• Type: int

• Default: 30000 (30 seconds)

• Importance: medium

retry.backoff.policy

The backoff policy to use in terms of retry - CONSTANT_VALUE or EXPONENTIAL_WITH_JITTER

• Type: string

• Default: EXPONENTIAL_WITH_JITTER

• Importance: medium

HTTP server regular expressions

regex.patterns

Regular expression patterns used for replacements in the message sent to the HTTP service. Multiple regular expression patterns can be specified, but must be separated by regex.separator

• Type: string

• Importance: medium

regex.replacements

Regex replacements to use with the patterns in regex.patterns. Multiple replacements can be specified, but must be separated by regex.separator. ${key} and ${topic} can be used here.

• Type: string

• Importance: medium

regex.separator

Separator character used in regex.patterns and regex.replacements property.

• Type: string

• Importance: medium

HTTP server SSL

https.ssl.key.password

The password of the private key in the key store file. This is optional for client

• Type: password

• Importance: high

https.ssl.keystorefile

The key store containing server certificate. Only required if using https

• Type: password

• Default: [hidden]

• Importance: low

https.ssl.keystore.password

The store password for the key store file. This is optional for a client and is only needed if https.ssl.keystore.location is configured

• Type: password

• Importance: high

https.ssl.truststorefile

The trust store containing server CA certificate. Only required if using https

• Type: password

• Default: [hidden]

• Importance: high

https.ssl.truststore.password

The trust store password containing server CA certificate. Only required if using https

• Type: password

• Importance: high

https.ssl.protocol

The protocol to use for SSL connections

• Type: string

• Default: TLSv1.3

• Importance: medium

https.host.verifier.enabled

True if SSL host verification should be enabled

• Type: boolean

• Default: true

• Importance: medium

Consumer configuration

max.poll.interval.ms

The maximum delay between subsequent consume requests to Kafka. This configuration property may be used to improve the performance of the connector, if the connector cannot send records to the sink system. Defaults to 300000 milliseconds (5 minutes).

• Type: long

• Default: 300000 (5 minutes)

• Valid Values: [60000,…,1800000] for non-dedicated clusters and [60000,…] for dedicated clusters

• Importance: low

max.poll.records

The maximum number of records to consume from Kafka in a single request. This configuration property may be used to improve the performance of the connector, if the connector cannot send records to the sink system. Defaults to 500 records.

• Type: long

• Default: 500

• Valid Values: [1,…,500] for non-dedicated clusters and [1,…] for dedicated clusters

• Importance: low

Number of tasks for this connector

tasks.max

Maximum number of tasks for the connector.

• Type: int

• Valid Values: [1,…]

• Importance: high

Additional Configs

value.converter.connect.meta.data

Allow the Connect converter to add its metadata to the output schema. Applicable for Avro Converters.

• Type: boolean

• Importance: low

errors.tolerance

Use this property if you would like to configure the connector’s error handling behavior. WARNING: This property should be used with CAUTION for SOURCE CONNECTORS as it may lead to dataloss. If you set this property to ‘all’, the connector will not fail on errant records, but will instead log them (and send to DLQ for Sink Connectors) and continue processing. If you set this property to ‘none’, the connector task will fail on errant records.

• Type: string

• Default: all

• Importance: low

key.converter.key.subject.name.strategy

How to construct the subject name for key schema registration.

• Type: string

• Default: TopicNameStrategy

• Importance: low

value.converter.decimal.format

Specify the JSON/JSON_SR serialization format for Connect DECIMAL logical type values with two allowed literals:

BASE64 to serialize DECIMAL logical types as base64 encoded binary data and

NUMERIC to serialize Connect DECIMAL logical type values in JSON/JSON_SR as a number representing the decimal value.

• Type: string

• Default: BASE64

• Importance: low

value.converter.ignore.default.for.nullables

When set to true, this property ensures that the corresponding record in Kafka is NULL, instead of showing the default column value. Applicable for AVRO,PROTOBUF and JSON_SR Converters.

• Type: boolean

• Default: false

• Importance: low

value.converter.reference.subject.name.strategy

Set the subject reference name strategy for value. Valid entries are DefaultReferenceSubjectNameStrategy or QualifiedReferenceSubjectNameStrategy. Note that the subject reference name strategy can be selected only for PROTOBUF format with the default strategy being DefaultReferenceSubjectNameStrategy.

• Type: string

• Default: DefaultReferenceSubjectNameStrategy

• Importance: low

value.converter.replace.null.with.default

Whether to replace fields that have a default value and that are null to the default value. When set to true, the default value is used, otherwise null is used. Applicable for JSON Converter.

• Type: boolean

• Default: true

• Importance: low

value.converter.schemas.enable

Include schemas within each of the serialized values. Input messages must contain schema and payload fields and may not contain additional fields. For plain JSON data, set this to false. Applicable for JSON Converter.

• Type: boolean

• Default: false

• Importance: low

value.converter.value.subject.name.strategy

Determines how to construct the subject name under which the value schema is registered with Schema Registry.

• Type: string

• Default: TopicNameStrategy

• Importance: low

Auto-restart policy

auto.restart.on.user.error

Enable connector to automatically restart on user-actionable errors.

• Type: boolean

• Default: true

• Importance: medium

Next Steps

For an example that shows fully-managed Confluent Cloud connectors in action with Confluent Cloud for Apache Flink, see the Cloud ETL Demo. This example also shows how to use Confluent CLI to manage your resources in Confluent Cloud.