)){kind=logo}
Connections & Data Sources
inferonIQ connects to your existing databases and document stores. All credentials are encrypted at rest.
Supported Databases
| Database | Auth Method | Default Port | Notes |
|---|---|---|---|
| PostgreSQL | Username/Password | 5432 | + SSL, pgvector support |
| Snowflake | Username/Password or Key Pair | 443 | Account identifier required |
| BigQuery | Service Account JSON | — | Project ID + dataset |
| Oracle | Username/Password | 1521 | Service name or SID |
| SQL Server | SQL Auth or Windows Auth | 1433 | TDS encryption supported |
| MySQL / MariaDB | Username/Password | 3306 | SSL optional |
Supported Document Sources
| Source | Auth | Use Case |
|---|---|---|
| SharePoint | OAuth 2.0 (Microsoft) | Enterprise document libraries |
| OneDrive | OAuth 2.0 (Microsoft) | Personal/shared invoice folders |
| AWS S3 | Access Key + Secret | Cloud document storage |
| Google Drive | OAuth 2.0 (Google) | Team drives and shared folders |
| Email (IMAP) | OAuth 2.0 or App Password | Auto-ingest emailed invoices |
How It Works — Secure Agent
All database connections go through a lightweight inferonIQ Agent deployed inside your network. The agent connects outbound on port 443 — no firewall changes, no IP whitelisting, no public database exposure.
Your Database ←── Agent (your network) ── WSS 443 ──→ inferonIQ Relay ←── HTTPS ──→ Platform
- Add Connection — Select database type → Generate Agent Token
- Deploy Agent — Run our Docker container inside your network (Azure VNET, AWS VPC, on-prem, etc.)
- Enter Credentials — Host, port, database, username, password (as seen from the agent's network)
- Test & Save — Agent connects to your DB locally, verifies connectivity, reports back
- Auto-Profile — Schema discovery runs through the agent (tables, columns, types, relationships)
- Ready — Connection available for AI queries, matching, and pipelines
Security
- Outbound-only — Agent initiates all connections on port 443. No inbound firewall rules
- No data storage — Agent is a stateless query executor. Results stream back in real-time
- Encrypted transport — TLS 1.3 (WSS) end-to-end, same encryption as HTTPS
- Credentials encrypted at rest — AES-256-GCM encrypted in the platform
- Read-only access recommended — inferonIQ only needs SELECT permissions
- HMAC-authenticated — Each agent has a unique signed token
- Auto-reconnect — Exponential backoff recovery (5s → 60s)
- SOC 2 compliant — Principle of least privilege throughout
Firewall Requirements
| Rule | Direction | Port | Destination |
|---|---|---|---|
| Allow outbound HTTPS | Outbound | 443 | relay.inferoniq.com |
No inbound rules needed. No IP whitelisting. No VPN. If your network allows outbound HTTPS, the agent will work.