> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Create an environment connection override

> Creates a new environment-specific override for an existing project connection. If the override already exists, a 409 Conflict is returned. Use the PUT endpoint to update an existing override. The override's connection type is determined by the parent project connection.



## OpenAPI

````yaml /openapi/public-api-endpoint-reference.yaml post /v1/projects/{projectId}/connections/environment-overrides
openapi: 3.1.0
info:
  title: Maia Public REST API
  version: '1.0'
servers:
  - description: EU1
    url: https://eu1.api.matillion.com/dpc
  - description: US1
    url: https://us1.api.matillion.com/dpc
security:
  - bearerAuth: []
tags:
  - description: Manage Schedules
    name: Schedules
  - description: Manage Connections
    name: Connections
  - description: Operations for managing Project Variables
    name: Project Variables
  - description: Manage Pipelines
    name: Pipelines
  - description: Review pipelines against quality rules
    name: Pipeline Quality Review
  - description: Execute tests within a project
    name: Test Execution
  - description: Manage your AI agent tasks
    name: AI Agent Tasks
  - description: SCIM endpoints for user/group permission management
    name: Directory Integration
  - description: Publish shared pipeline artifacts
    name: Shared Pipeline Artifacts
  - description: Manage Repositories
    name: Repositories
  - description: Report on Credit Consumption
    name: Consumption
  - description: Manage Artifacts
    name: Artifacts
  - description: Operations for data lineage and governance
    name: Data Lineage
  - description: Manage Streaming Pipelines
    name: Streaming Pipelines
  - description: Execute a pipeline
    name: Pipeline Execution
  - description: ''
    name: Environments
  - description: ''
    name: Projects
  - description: Manage Agents
    name: Agents
  - description: Operations for managing Environment-level Overrides of Project Variables
    name: Project Variable Environment Overrides
  - description: Query audit events
    name: Audit Events
  - description: Connector Profiles
    name: Connectors
paths:
  /v1/projects/{projectId}/connections/environment-overrides:
    post:
      tags:
        - Connections
      summary: Create an environment connection override
      description: >-
        Creates a new environment-specific override for an existing project
        connection. If the override already exists, a 409 Conflict is returned.
        Use the PUT endpoint to update an existing override. The override's
        connection type is determined by the parent project connection.
      operationId: createEnvironmentOverride
      parameters:
        - description: The unique identifier of the project containing the connection
          example: 550e8400-e29b-41d4-a716-446655440002
          in: path
          name: projectId
          required: true
          schema:
            type: string
            pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
      requestBody:
        content:
          application/json:
            examples:
              CLOUD_PLATFORM_CREDENTIALS Environment Override:
                description: >-
                  Overrides a cloud credentials connection in the PROD
                  environment to use a production-specific AWS credentials
                  secret.
                value:
                  environmentName: PROD
                  connectionName: my-aws-connection
                  authType: CLOUD_PROVIDER_SECRET
                  connectionOverrides:
                    secretsLocation:
                      type: AWS_SECRET_MANAGER
                      region: us-east-1
                    connectionProperties:
                      credentialSecretName: prod-aws-platform-credentials
              COMPONENT_BASIC Environment Override:
                description: >-
                  Example request for creating an environment override with AWS
                  Secrets Manager
                value:
                  environmentName: PROD
                  connectionName: Salesforce
                  authType: GENERIC_SECRET
                  connectionOverrides:
                    secretsLocation:
                      type: AWS_SECRET_MANAGER
                      region: us-east-1
                    connectionProperties:
                      secretName: prod-salesforce-credentials
                      secretKey: apiKey
              Override pointing at OAuth Secret:
                description: >-
                  Example request overriding a connection in the PROD
                  environment to point at an OAuth-typed secret stored in the
                  customer's vault. authType should match the parent project
                  connection's auth type.
                value:
                  environmentName: PROD
                  connectionName: powerbi-cc-connection
                  authType: OAUTH_CLIENT_CRED
                  connectionOverrides:
                    secretsLocation:
                      type: AWS_SECRET_MANAGER
                      region: eu-west-1
                    connectionProperties:
                      secretName: powerbi-oauth-creds-prod
              Override with Default Vault:
                description: >-
                  Example request using the default vault location configured on
                  the agent
                value:
                  environmentName: dev
                  connectionName: Salesforce
                  authType: GENERIC_SECRET
                  connectionOverrides:
                    connectionProperties:
                      secretName: dev-credentials
            schema:
              $ref: '#/components/schemas/CreateEnvironmentOverrideRequest'
        description: >
          Create a new environment connection override. Returns 409 Conflict if
          the override already exists — use the PUT endpoint to update.


          Provide `environmentName` and `connectionName` to identify the
          override, plus the type-specific fields inside `connectionOverrides`.

          The combinations of `platformConnectionType`, `authProvider` and
          `authType` follow the same rules as the main create-connection request
          — see the combinations table on `POST
          /v1/projects/{projectId}/connections`.
        required: true
      responses:
        '201':
          content:
            application/json:
              examples:
                CLOUD_PLATFORM_CREDENTIALS Environment Override Response:
                  description: >-
                    A successfully created override that swaps in a production
                    AWS credentials secret for the PROD environment.
                  value:
                    name: my-aws-connection
                    platformConnectionType: CLOUD_PLATFORM_CREDENTIALS
                    authProvider: aws
                    authType: CLOUD_PROVIDER_SECRET
                    createdBy: 550e8400-e29b-41d4-a716-446655440001
                    createdDate: '2024-01-15T10:30:00.123Z'
                    projectId: 550e8400-e29b-41d4-a716-446655440002
                    connectionOverrides:
                      secretsLocation:
                        type: AWS_SECRET_MANAGER
                        region: us-east-1
                      connectionProperties:
                        credentialSecretName: prod-aws-platform-credentials
                COMPONENT_BASIC Environment Override Response:
                  description: >-
                    Example response for a successfully created environment
                    connection override
                  value:
                    name: Salesforce
                    platformConnectionType: COMPONENT_BASIC
                    authProvider: NONE
                    authType: GENERIC_SECRET
                    createdBy: 550e8400-e29b-41d4-a716-446655440001
                    createdDate: '2024-01-15T10:30:00.123Z'
                    projectId: 550e8400-e29b-41d4-a716-446655440002
                    connectionOverrides:
                      secretsLocation:
                        type: AWS_SECRET_MANAGER
                        region: us-east-1
                      connectionProperties:
                        secretName: prod-salesforce-credentials
                        secretKey: apiKey
              schema:
                $ref: '#/components/schemas/EnvironmentConnectionOverrideResponse'
          description: Environment connection override created successfully
        '400':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Bad Request
        '403':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Forbidden
        '409':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: >-
            An environment connection override already exists for this
            connection and environment
        '422':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Unprocessable Entity
        '500':
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/ProblemDetail'
          description: Unexpected error occurred
components:
  schemas:
    CreateEnvironmentOverrideRequest:
      type: object
      description: The environment override request containing all necessary details
      properties:
        authType:
          type: string
          description: >-
            The kind of secret being referenced. Must match the parent project
            connection's `authType`. See the combinations table on `POST
            /v1/projects/{projectId}/connections` for valid values per
            connection type.
          enum:
            - GENERIC_SECRET
            - CLOUD_PROVIDER_SECRET
            - OAUTH_USER_TOKENS
            - OAUTH_AUTHORIZATION_CODE
            - OAUTH_CLIENT_CRED
            - COMPOSITE_TOKEN
            - OAUTH_1_0_X_ADS
          example: OAUTH_CLIENT_CRED
        connectionName:
          type: string
          description: The name of the connection to override
          example: Salesforce
          minLength: 1
        connectionOverrides:
          $ref: '#/components/schemas/ConnectionOverrideDetails'
          description: Connection override configuration
        environmentName:
          type: string
          description: The name of the environment to apply the override in
          example: PROD
          minLength: 1
      required:
        - authType
        - connectionName
        - environmentName
    EnvironmentConnectionOverrideResponse:
      type: object
      properties:
        authProvider:
          type: string
          description: The authentication provider
          example: NONE
        authType:
          type: string
          description: The authentication type
          enum:
            - GENERIC_SECRET
            - CLOUD_PROVIDER_SECRET
            - OAUTH_USER_TOKENS
            - OAUTH_AUTHORIZATION_CODE
            - OAUTH_CLIENT_CRED
          example: GENERIC_SECRET
        connectionOverrides:
          $ref: '#/components/schemas/ConnectionOverrideDetails'
          description: Connection override configuration
        createdBy:
          type: string
          description: The user who created the connection
        createdDate:
          type: string
          format: date-time
          description: The date and time when the connection was created
        name:
          type: string
          description: The name of the connection
          example: my-jira-connection
        platformConnectionType:
          type: string
          description: The platform connection type
          enum:
            - DWH
            - COMPONENT_BASIC
            - CLOUD_PLATFORM_CREDENTIALS
          example: COMPONENT_BASIC
        projectId:
          type: string
          format: uuid
          description: The project ID this connection belongs to
    ProblemDetail:
      type: object
      properties:
        detail:
          type: string
        instance:
          type: string
        status:
          type: integer
          format: int32
        title:
          type: string
        type:
          type: string
          format: uri
        violations:
          type: array
          items:
            type: string
    ConnectionOverrideDetails:
      type: object
      properties:
        connectionProperties:
          description: >-
            Connection properties specific to the platform connection type. For
            COMPONENT_BASIC connections, this contains secretName and secretKey
            fields.
          example:
            secretName: db-credentials
            secretKey: password
          oneOf:
            - $ref: >-
                #/components/schemas/CloudPlatformCredentialsConnectionProperties
            - $ref: '#/components/schemas/ComponentBasicConnectionProperties'
        secretsLocation:
          description: The vault location configuration where secrets are stored
          oneOf:
            - $ref: '#/components/schemas/AwsVaultLocation'
            - $ref: '#/components/schemas/AzureVaultLocation'
            - $ref: '#/components/schemas/DefaultVaultLocation'
            - $ref: '#/components/schemas/GcpVaultLocation'
            - $ref: '#/components/schemas/MatillionHostedVaultLocation'
    CloudPlatformCredentialsConnectionProperties:
      allOf:
        - $ref: '#/components/schemas/ConnectionProperties'
        - type: object
          properties:
            credentialSecretName:
              type: string
              description: The name of the secret containing the cloud platform credentials
              example: aws-platform-credentials
      description: Connection properties for cloud platform credentials connections
      title: Cloud Platform Credentials
    ComponentBasicConnectionProperties:
      allOf:
        - $ref: '#/components/schemas/ConnectionProperties'
        - type: object
          properties:
            secretKey:
              type: string
              description: Optional key within the secret
              example: password
            secretName:
              type: string
              description: The name of the secret
              example: some-secret-name
              minLength: 1
      description: Connection properties for component basic connections
      required:
        - secretName
      title: Component Basic
    AwsVaultLocation:
      allOf:
        - $ref: '#/components/schemas/VaultLocation'
        - type: object
          properties:
            region:
              type: string
      title: AWS Secrets Manager
    AzureVaultLocation:
      allOf:
        - $ref: '#/components/schemas/VaultLocation'
        - type: object
          properties:
            vaultName:
              type: string
      title: Azure Key Vault
    DefaultVaultLocation:
      allOf:
        - $ref: '#/components/schemas/VaultLocation'
      title: Default Vault
    GcpVaultLocation:
      allOf:
        - $ref: '#/components/schemas/VaultLocation'
        - type: object
          properties:
            gcpProjectId:
              type: string
      title: GCP Secret Manager
    MatillionHostedVaultLocation:
      allOf:
        - $ref: '#/components/schemas/VaultLocation'
      title: Matillion-hosted Vault
    ConnectionProperties:
      description: Connection properties for different connection types
    VaultLocation:
      type: object
      discriminator:
        propertyName: type
      properties:
        type:
          type: string
          enum:
            - AWS_SECRET_MANAGER
            - AZURE_SECRET_MANAGER
            - GCP_SECRET_MANAGER
            - MATILLION_CUSTOMER_VAULT
            - DEFAULT_SECRET_VAULT
  securitySchemes:
    bearerAuth:
      bearerFormat: JWT
      description: a valid bearer token
      scheme: bearer
      type: http

````