Summary
Clockspring includes several categories of controller services. Each type provides a different shared capability for processors, such as database connectivity, caching, SSL configuration, and record parsing. Understanding the categories helps you choose the right service when building flows.
Database Connection Services
Used by: QueryDatabaseTable, PutDatabaseRecord, PutSQL, QueryRecord
Database services define connection strings, drivers, credentials, and pooling behavior.
They allow all database processors to share the same configuration.
Common example:
DBCPConnectionPool – Standard JDBC connection pool for relational databases.
When you update a password or hostname here, all referencing processors update automatically.
Cache Services
Used by: DetectDuplicate, LookupAttribute, enrichment flows
Cache services store simple key/value or membership data used across processors.
Common cases include deduplication, fast lookups, or temporary state tracking.
Common examples:
MapCache – Key/value cache
SetCache – Membership-only cache (fast “have we seen this?” checks)
These caches are required for processors like DetectDuplicate to function.
SSL and Security Services
Used by: InvokeHTTP, ListenHTTP, etc.
SSL-related controller services centralize certificates, truststores, and keystores.
They ensure consistent TLS configuration across all processors that communicate securely.
Common example:
StandardSSLContextService
Centralizing SSL config prevents mismatches and makes certificate rotation easier.
Record Reader and Writer Services
Used by: ConvertRecord, QueryRecord, PutDatabaseRecord
Record-based processors depend on readers and writers to parse and transform data formats.
Common examples:
JsonTreeReader
JsonRecordSetWriter
CSVReader
AvroReader
These services define exactly how Clockspring interprets or outputs structured data.
Credential Services
Used by: InvokeHTTP, cloud APIs, OAuth-secured services, and any processor that needs to generate or manage authentication tokens.
Credential services centralize authentication logic so processors don’t need to manage tokens, refresh cycles, or signed credentials individually. This keeps flows cleaner and avoids duplicating sensitive configuration across processors.
Common examples:
StandardOauth2AccessTokenProvider
Generates and refreshes OAuth 2.0 access tokens using client credentials or other supported grant types. Useful for APIs that require standard OAuth authentication.JWTBearerOAuth2AccessTokenProvider
Creates short-lived OAuth tokens using a signed JWT (service account style). Often needed for enterprise APIs that require private-key–based authentication.GCPCredentialsControllerService
Provides Google Cloud credentials (service account keys, metadata-based auth, scopes), enabling access to GCP services such as Cloud Storage, BigQuery, and Pub/Sub.These services ensure that processors always use valid authentication without embedding raw secrets or tokens directly into processor properties.
Specialized Controller Services
Clockspring includes a number of specialized services for specific technologies:
Examples include:
SFTP key management
Encryption services
Script engines
Custom Clockspring features that expose shared configuration for specific processors
These appear when certain processors require shared, repeatable configuration that is not suited to inline properties.
How to choose the right type
A quick rule of thumb:
If it’s related to connecting to something (DB, API, secure endpoint) → It uses a controller service.
If it’s related to caching or deduplication → MapCache or SetCache.
If it’s related to transforming structured data → Record Reader/Writer.
If it’s related to SSL/TLS → SSLContextService.
If the processor requires a controller service, the UI will show it explicitly.
Related articles
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article