Using the Fides postman collection
A minimal Postman collection is included to assist in setting up your privacy request configurations, and in executing example access
and erasure
requests against mock external databases.
Loading the collection
- Get Postman
-
Postman > File > Import
-
Upload the Fides collection found in
docs/fides/docs/postman/Fides.postman_collection.json
-
Click on the imported
fidesops
collection in the left pane, and then findVariables
to edit thefidesops
collection variables.- Some variables are populated for you, and some will be added in this guide's next steps.
-
Add your
oauth_root_client_id
andoauth_root_client_secret
underCURRENT VALUE
.fidesadmin
andfidesadminsecret
are default configurations for testing, found in yourfides.toml
. Add the appropriate values for your instance if they differ.- Important: Click
Save
!
Bring up local servers and mock databases
- Run
nox -s dev -- <datastore>
in your terminal.- This brings up the Fides server and the list of datastores specified, i.e.
nox -s dev -- postgres mongodb
. These mock datastores are pre-populated with test data to represent your datastores.
- This brings up the Fides server and the list of datastores specified, i.e.
The following list of requests is kept in the Minimum API calls to create an Access Privacy Request
folder. Some of the returned data will need to be saved as additional variables for use in other steps.
Saving Authentication variables
-
Click on the
Get Root Client Token
request, and clickSend
to send aPOST
request to Fides to create a root token. -
Copy the
access_token
returned in the response body, and paste it as theCurrent Value
ofroot_client_token
in Fides' variables.- Important: Click
Save
!
- Important: Click
-
Similarly, click on
Create Client
, and clickSend
to send aPOST
request to Fides to create a new client.- Copy the
client_id
andclient_secret
and paste intoCurrent Value
slots in Fides variables and click "Save".
- Copy the
-
Finally, click on the
Get Client Token
request, and clickSend
to send anotherPOST
request to Fides. This will create a token for the client made in the previous step.- If you click on Body, you can see that the
client_id
andclient_secret
have been added as form data for you.
- If you click on Body, you can see that the
-
Save the returned token under
client_token
in the Fides variables. Theclient_token
will be automatically passed into the rest of your requests as the Bearer Token.
Building out remaining privacy request configuration
Run through the remaining requests in the Minimum API calls to create an Access Privacy Request
folder. Because variables are automatically being populated for you, you should be able to click on each request, clicking Send
for each one.
Inspect the Body
of each request to see what is sent to Fides:
- Specify where your data is going:
- SEND
Create/Update Storage
- Local Storage Config - Sets up a local folder for uploading your privacy request results (local testing only)
- SEND
- Configure what data you care about, and what to do with it:
- SEND
Create/Update Policies
- Creates a Policy to handle Privacy Requests - SEND
Create/Update Access Rule
- Defines anaccess
Rule on the previous Policy, which specifies results will be uploaded to the configured local storage - SEND
Create/Update Rule Targets
- Specify a RuleTarget that says to will return data that has been marked as having auser
data category
- SEND
- Create ConnectionConfigs, and add connection secrets for the
postgres_example
andmongodb_example
mock databases:- SEND
Create/Update Connection Configs: Postgres
- SEND
Create/Update Connection Configs: Mongo
- SEND
Update Connection Secrets: Postgres
- SEND
Update Connection Secrets: Mongo
- SEND
- Add annotations of the Postgres and Mongo datastores:
- SEND
Create/Update Postgres Dataset
- SEND
Create/Update Dataset Mongo
- SEND
API calls to additional supported datastores (MsSQL, MySQL) are in separate folders within the collection.
Run a privacy request
You have now completed the basic configuration required to create an Access Request.
-
SEND
Create Access Privacy Requests
- If "succeeded", note the "id" that is returned. Succeeded means the privacy request has been created and is pending, not that its execution is complete.
-
Check your local
fides_uploads
folder, configured earlier, to see access request results.- This is run asynchronously, so it may take a few moments to complete. This particular request should have retrieved data from both the
postgres_example
andmongodb_example
databases with theuser
data_category
- This is run asynchronously, so it may take a few moments to complete. This particular request should have retrieved data from both the
Next steps
- Check out other requests in the collection!
- The
Calls to create an Erasure Request
folder walks you through configuring a separate erasure policy, and executing an erasure request.
- The
Note that these erasure requests will mask data in your connected datastores (postgres_example
and mongo_example
here. If you connect your own live databases, data may be deleted.
Happy experimenting!