Connect to SaaS Applications
What is a SaaS connection?
A SaaS (Software as a Service) connection is a connection type within fidesops that allows a user to connect to a SaaS application (e.g., Mailchimp, Stripe, Slack, etc.) and execute data access and erasure requests against that application. These connections use functionality introduced in earlier sections (ConnectionConfigs and Datasets) but also use a new SaaS configuration specification to define how to connect to specific SaaS applications.
Supported SaaS applications
The current implementation of the SaaS framework can support any SaaS application that uses these features:
- Basic auth, bearer auth, OAuth2 (Authorization Code Flow)
- Data access via HTTP requests
- Erasure via HTTP requests
- Pagination based on headers and response contents
The following features are planned for future releases and will allow for the configuration of broader types of connections:
- Custom Python functions for access and erasure requests
- Retry logic based on status codes and response contents
Full examples of a valid SaaS config and Dataset are currently available for Mailchimp.
How to configure a SaaS connector
For convenience we've included a SaaS Connector Postman collection to execute the necessary steps to configure a SaaS connector.
- Create a ConnectionConfig of type
saas
1 2 3 4 5 6 7 8 9 10
PATCH api/v1/connection [ { "name": "SaaS Application", "key": {saas_key}, "connection_type": "saas", "access": "read" } ]
- Add a SaaS Config (in JSON format)
1 2 3 4 5 6 7 8
PATCH api/v1/connection/{saas_key}/saas_config { "fides_key": "mailchimp_connector_example", "name": "Mailchimp SaaS Config", "type": "mailchimp", "description": "A sample schema representing the Mailchimp connector for fidesops" ...
- Configure the secrets. The SaaS config must already defined to provide validation for the secrets.
1 2 3 4 5 6 7
PUT api/v1/connection/{saas_key}/secret { "domain": "{mailchimp_domain}", "username": "{mailchimp_username}", "api_key": "{mailchimp_api_key}" }
- Add a Dataset (in JSON format)
1 2 3 4 5 6 7 8 9 10
PUT api/v1/connection/{saas_key}/dataset [ { "fides_key":"mailchimp_connector_example", "name":"Mailchimp Dataset", "description":"A sample dataset representing the Mailchimp connector for fidesops", "collections":[ { "name":"messages" ...
Additional considerations
These are constraints enforced by the API validation but it is important to keep these in mind.
- A SaaS connector dataset cannot have any
identities
orreferences
in thefidesops_meta
. These relationships must be defined in the SaaS config. - SaaS config references can only have a direction of
from
. - The
fides_key
between the SaaS config and the Dataset must match. This is how we associate the two pieces together.