ConnectorsBigQuery

BigQuery

Live

OAUTH 2.0

DATA WAREHOUSE

Every dataset, table, and analytical query your team runs lives in BigQuery. BigQuery MCP gives your agent authenticated access to your data warehouse scoped to the user who authorized it.

  • Acts as the user: Access and write actions stay tied to the BigQuery account that authorized the agent.
  • Credentials stay vaulted: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: User permissions enforced. 90-day audit trail.
Get Started free
View docs
BigQuery
agent · Acme Q3
Run
Query our events table for daily signup count over the last 14 days, grouped by source.
S
bigquery_query_run
1.2s
Analytics agent
Query ran in 1.2s, scanned 8.4 GB. Source breakdown: organic 4,820, paid 3,210, referral 1,890, direct 2,140 across 14 days.
Sources: events.signups table, 14 days
bigquerymcp
1 query
18:29
Message Claude...

Tools your analytics agent reaches for on BigQuery, scoped per user.

CALL ANY TOOL
List datasets and tables, inspect schemas, run SQL queries, and monitor jobs.
bigquery_datasets_list
List datasets
List all datasets in a project the user has access to.
Parameters
Name
Type
Required
Description
project_id
string
Required
GCP project ID
max_results
integer
Optional
Max results
bigquery_tables_list
List tables
bigquery_table_schema
Get table schema
bigquery_query_run
Run query
bigquery_job_get
Get job status
Build your Agent
Drop the toolkit in, point it at the user, and your analytics agent can use BigQuery from the first run.
Langchain
Open AI
Anthropic
Google ADK
Copied
import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["bigquery"], toolNames: ["bigquery_datasets_list", "bigquery_tables_list", "bigquery_table_schema"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });
Copied
import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["bigquery"], toolNames: ["bigquery_datasets_list", "bigquery_tables_list", "bigquery_table_schema"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});
import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["bigquery"], toolNames: ["bigquery_datasets_list", "bigquery_tables_list", "bigquery_table_schema"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});
Copied
import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/bigquery",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});
Try these prompts
Paste any prompt into your agent to start using BigQuery.
Search & schema
Copy the prompt
Copied
List all datasets in [project].
Copy the prompt
Copied
Show me the schema of [dataset.table].
Copy the prompt
Copied
Which tables are in [dataset]?
Copy the prompt
Copied
How large is [table_id] right now?
Query & analysis
Copy the prompt
Copied
Run: SELECT date, COUNT(*) FROM events.signups GROUP BY date.
Copy the prompt
Copied
Top 10 customers by revenue this quarter.
Copy the prompt
Copied
Daily active users for the last 30 days.
Copy the prompt
Copied
Failed payment count by gateway last week.
Monitoring & cost
Copy the prompt
Copied
Which queries scanned more than 100GB today?
Copy the prompt
Copied
Job status for [job_id].
Copy the prompt
Copied
Slowest queries in the last hour.
Copy the prompt
Copied
Cost by user for the current month.
SEE HOW AUTH WORKS
Users authorize BigQuery once. Their credentials stay vaulted, every call is checked, and every action is logged.
1
Authorize
Your user connects
BigQuery
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
BigQuery
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
BigQuery
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
BigQuery
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
Same per-user auth pattern across other analytics agents and MCP connectors. Working code, live demos, fork what fits.
GTM
HubSpot to Slack updates agent
Watch HubSpot deal stage changes and post structured updates to the right Slack channel. Reps stop checking the CRM all day.
HubSpot
Slack
View agent
ENGINEERING
Engineering standup agent
Aggregate GitHub and GitLab activity, link to Jira, and post a daily standup digest to Slack. No async updates.
GitHub
GitLab
Jira
Slack
View agent
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.
01.
Queries bypass IAM and row-level security
A shared BigQuery service account looks fine in a demo. In production, every query runs with elevated permissions that bypass IAM roles, dataset-level access, and row-level security. Scalekit resolves the actual user's token so every query respects their real permissions.
// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
BigQuery today. Snowflake, Redshift, Databricks tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
On this page
Tool and actionsFramework CompatibilityStarter PromptAuth LifecycleTry Other AgentsWhy Scalekit
Quick links
OverviewQuickstartAll connectors
Similar connectors
Airtable
HubSpot
Salesforce
Notion
Frequently Asked Questions
Does the agent access BigQuery as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the BigQuery oauth 2.0 stored?
Can I limit what the agent is allowed to do in BigQuery?
What happens when a user revokes BigQuery access?
Can the agent query datasets the user lacks access to?
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code
Cursor
Codex
Copilot
Claude Code REPL
CopyCopied
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
CopyCopied
# ~/.cursor/mcp.json
{
""mcpServers"": {
""bigquery"": {
""url"": ""https://mcp.scalekit.com/bigquery"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
CopyCopied
# ~/.codex/config.toml
[mcp_servers.bigquery]
url = ""https://mcp.scalekit.com/bigquery""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
CopyCopied
# .vscode/mcp.json
{
""servers"": {
""bigquery"": {
""url"": ""https://mcp.scalekit.com/bigquery"",
""type"": ""http""
}
}
}
The auth stack for agents.
hi@scalekit.com
Scalekit Inc
2261 Market Street, STE 86971
San Francisco, CA 94114
Join our community
AgentKit
QuickstartConnectorsAGENTKIT SDKCODE SAMPLESAgentKit Pricing
Auth for SaaS  
org and UserSSOSCIMMCP AUth
RBACPasswordlessAUTH FOR SAAS PRICING
Developers
DocsAPI ReferenceSDKsGitHubBlog
Company
LegalTrust centerCustomers
COMPLIANCE
Follow us on
All systems operational
© 2026 SCALEKIT, INC.

We use cookies, so things load fast, we learn what to fix, and you can always reach us on chat

Okay, got it!