Data integrations
CRITICAL INFORMATION
Only users that are part of an Organization can create data integrations.
Create and manage data integrations from the Integrations section. Click Add integration to create a new integration.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/create-integration1.png)
Encord can integrate with the following cloud storage providers:
Integration Type And Scenarios | Supported Cloud Providers | Supported URL | Secure? | Supported Data Types | Supported Feature(s) |
---|---|---|---|---|---|
Standard | GCP, AWS, AZURE | SIGNED_URL | TRUE | IMAGE, VIDEO, IMAGE_SEQUENCE, IMAGE_GROUP, DICOM, NIfTI | SAM, tracking, interpolation, micro_models |
Standard With Strict-Client | GCP, AWS, AZURE | SIGNED_URL | TRUE | VIDEO | N/A |
Standard With Strict-Client Over VPN | GCP, AWS, AZURE | SIGNED_URL | TRUE | VIDEO | N/A |
Direct-Access | GCP, AWS, AZURE, MINIO, DROPBOX, GOOGLE-DRIVE, ONE-DRIVE, DIGITAL-OCEAN OBJECT STORAGE, ANY OBJECT STORAGE, ANY STATIC HOSTED FILES | UNSIGNED_URL or SIGNED_URL | FALSE | VIDEO | N/A |
Direct-Access Over VPN | GCP, AWS, AZURE, MINIO, ANY STATIC HOSTED FILES | UNSIGNED_URL | TRUE | VIDEO | N/A |
User roles and permissions
Integrations have the following user based access controls.
Permission | Admin | User |
---|---|---|
View integration | ✅ | ✅ |
Upload data using the integration | ✅ | ❌ |
Delete integration | ✅ | ❌ |
Add users | ✅ | ❌ |
Add and remove users
Note
The user who creates the cloud integration becomes its administrator and gains immediate access to use it. Only integration admins can add users to an integration.
Users must be added to a cloud integration before they can use it to upload data to Encord.
Add users
![](https://storage.googleapis.com/docs-media.encord.com/static/img/share-integration.png)
Add individual users to an integration:
-
Click the Add or remove users button on the integration.
A dialog appears. -
Ensure the Invite tab is selected.
-
Ensure the Individual tab is selected
-
Type the email addresses of the users you want to share the integration with and press Enter on your keyboard to confirm.
-
Select the integration user role you want to assign to the users.
-
Click Add.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/share-integration-2.png)
Add user groups to an integration:
-
Click the Add or remove users button on the integration.
A dialog appears. -
Ensure the Invite tab is selected.
-
Click the Groups tab.
-
Select a user group you want to add to the integration
-
Select the integration user role you want to assign to all users in the group.
-
Click Add.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/share-integration-groups.png)
Remove users
Note
Individuals with the Admin user role cannot be removed from an integration. To remove an admin, contact [email protected]
![](https://storage.googleapis.com/docs-media.encord.com/static/img/share-integration.png)
To remove individual users from an integration:
-
Click the Add or remove users button on the integration.
A dialog appears. -
Select the Manage tab.
-
Ensure the Individuals tab is selected.
-
Click the delete icon
next to the user you want to remove from the integration.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/delete-users-integration.png)
To remove a user group from an integration:
-
Click the Add or remove users button on the integration.
A dialog appears. -
Select the Manage tab.
-
Select the Groups tab.
-
Click the delete icon
next to the user group you want to remove from the integration.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/delete-group-integration.png)
Strict client-only access
Strict client-only access allows Encord to sign URLs without temporarily processing information on our servers. Strict client-only access is available for all types of private cloud integrations, including Direct access.
Tip
For enhanced security, create a Direct Access integration with Strict client-only access. This combination ensures the highest level of data protection: Strict client-only access prevents Encord from accessing your data, while Direct Access keeps Encord from signing the URLs, maintaining your data's confidentiality.
There are two main consequences of making an integration client-only access:
- All features that rely on any kind of data conversion will not work. This includes features such as:
- Image groups & image sequences
- Re-encoding videos.
- All models.
- Object tracking.
- Segment-anything model (SAM).
- Metadata must be specified for all data in the JSON file when adding data to a dataset. The video metadata section shows how to specify the metadata.
Enabling Strict client-only access
Strict client-only access is enabled by checking the Strict client-only access, server-side media features will not be available checkbox in the Advanced settings section when creating an integration.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/client-only access.png)
A green tick and the words Client-only access are visible on all client-only access integrations.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/client-only-access-tick.png)
Video metadata
The JSON format allows you to specify videoMetadata
for video files. videoMetadata
is essential information used by the Label Editor and is crucial for aligning annotations to the correct frame.
CRITICAL INFORMATION
When the
videometadata
flag is included in the JSON file, we directly use the supplied metadata without performing any additional validation, and do not store the file on our servers. To guarantee accurate labels, it is crucial that the metadata you provide is accurate.
Note
videoMetadata
must be specified when a Strict client-only access integration is used. In all other casesvideoMetadata
is optional.
👍 TipEncord assumes the
videoMetadata
is correct and our servers do not download or pre-process your data. This is particularly useful for customers with strict data compliance concerns.
Note
videoMetadata
is distinct fromclientMetadata
.videoMetadata
is required for videos when using Strict client-only access, whileclientMetadata
is optional and can be included for all types of data.
One way to find the required metadata is shown below. Run the following commands in your terminal.
ffmpeg -i 'video_title.mp4'
to retrieve fps, duration, width, and height:
![](https://storage.googleapis.com/docs-media.encord.com/static/img/admins/settings/video-metadata-1.png)
ls -l 'video_title.mp4'
to retrieve the file size:
![](https://storage.googleapis.com/docs-media.encord.com/static/img/admins/settings/video-metadata-2.png)
Example JSON including video metadata
{
"videos": [
{
"objectUrl": "video_file.mp4",
"videoMetadata": {
"fps": 23.98,
"duration": 29.09,
"width": 1280,
"height": 720,
"file_size": 5468354,
"mime_type": "video/mp4"
}
}
]
}
- fps: Frames per second.
- duration: Duration of the video (in seconds).
- width / height: Dimensions of the video (in pixels).
- file_size: The size of the file (in bytes).
- mime_type: Specifies the file type extension according to the MIME standard.
Custom signed URL expiration time
A custom signed URL expiration time allows you to set the duration that an integration's pre-signed URL remains valid.
Note
Custom signed URL expiration times are only available for AWS, GCP, and OTC integrations.
Shorter signed URL expiration times are more secure, but can negatively impact the annotation and review experiences in the Label Editor. Ensure that the URL expiration time exceeds the amount of time that files from the integration take to annotate and review. The default value for signed URL expiration times when creating an integration is 1 week.
Setting custom signed url expiration times
To set up a custom signed URL expiration time for a new integration:
-
Click the Custom signed URL integration time checkbox in the Advanced settings when setting up your GCP, AWS, or OTC integration.
-
Set the duration for which pre-signed URLs should remain valid. We recommend configuring the URL expiration time to exceed the time required to annotate and review files from the integration in the Label Editor.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/custom-signed-url.png)
Edit custom signed url expiration times
Note
Custom signed URL expiration times are only available for AWS, GCP, and OTC integrations. For Azure integrations,expired SAS tokens must be updated regularly.
To change the custom signed URL expiration time for an existing integration:
-
Click the
icon on your integration.
-
Select Update Signed Url Expiration.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/update-signed-url-exp.png)
- Set the duration for which pre-signed URLs should remain valid. We recommend configuring the URL expiration time to exceed the time required to annotate and review files from the integration in the Label Editor.
View and join integrations in your Org
Organization Admins can search for and join any data integration that exist within the Organization. Integrations are managed in the Integrations tab of your Organization's dashboard.
![](https://storage.googleapis.com/docs-media.encord.com/static/img/integrations-tab.png)
When an Organization Admin joins an integration, they are automatically assigned the Admin user role for that integration.
Tip
Integrations can be filtered by the owner of the integration.
Tip
See all integrations you belong to by clicking the Filter by search bar, and selecting My integrations only.
Updated 15 days ago