Skip to main content

Authorization

Follow this guide to create a new Veeva Vault credential that will allow Nexla to authenticate to and exchange data with your Veeva Vault instance.
veeva_vault_api_auth.png

Veeva Vault

Prerequisites

Nexla connects to Veeva Vault using your Vault username (email address), password, and Vault DNS. Before creating a credential in Nexla, ensure you have the following:

Veeva Vault Account with API Access

Nexla authenticates to the Veeva Vault API using standard Vault username and password credentials. The Vault user account used for the integration must have sufficient permissions to access the documents, objects, binders, or other Vault resources that will be included in your data flows.

  • The account must be an active Vault user in the relevant Vault instance.
  • For data source operations, the user should have at least read access to the documents, objects, or binders you plan to retrieve.
  • For destination operations, the user must have the appropriate write, create, or update permissions on the target Vault objects or document types.
  • API access is available to all standard Vault users by default — no additional developer role or API subscription is required for most Vault configurations.

For information about managing user roles and permissions in Veeva Vault, refer to the Veeva Vault Help documentation.

Your Vault DNS

The Vault DNS is the subdomain of your Veeva Vault instance URL. For example, if your Vault URL is https://mycompany.veevavault.com, then your Vault DNS is mycompany.veevavault.com.

To find your Vault DNS:

  1. Log in to your Veeva Vault instance in a web browser.

  2. Look at the URL in your browser's address bar. The Vault DNS is the portion of the URL between https:// and the first / — for example, in https://veepharm.veevavault.com/ui/#/, the Vault DNS is veepharm.veevavault.com.

  3. Alternatively, navigate to Admin > Settings > General Settings in your Vault to view the Vault URL and domain information.

Enter the Vault DNS as a fully qualified domain name including the .veevavault.com suffix — for example, mycompany.veevavault.com. Do not include https:// or a trailing slash.

Create a Veeva Vault Credential

  • To create a new Veeva Vault credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Token Authentication Settings

Nexla authenticates to Veeva Vault by submitting your username and password to the Vault authentication endpoint, obtaining a session token, and then using that token as a Bearer Authorization header for all subsequent API calls. This is the standard Vault API authentication method as described in the Veeva Vault API documentation.

  1. Enter your Veeva Vault username (email address) in the Username field. This is the email address you use to log in to your Vault instance.

  2. Enter your Veeva Vault password in the Password field. This is the same password you use to log in to your Vault instance.

    Important

    Store your Vault credentials securely. Avoid sharing credentials between integrations. Consider creating a dedicated Vault service account for Nexla with only the permissions needed for your integration.

  3. Enter the fully qualified domain name of your Veeva Vault instance in the Vault DNS field — for example, mycompany.veevavault.com. This value is used to construct all API endpoint URLs for this credential.

    The Vault DNS field accepts the domain without a protocol prefix or trailing slash. Nexla will prepend https:// automatically when making API calls. If you have multiple Vault instances (for example, a production vault and a validation vault), create a separate credential for each instance using the corresponding DNS.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.