Skip to content
Developer Docs
Fides Configuration
Integrations
Third-Party Integrations

Connect to SaaS Applications

What is a SaaS integration?

A Fides SaaS (Software as a Service) Integration allows a user to connect to a third-party application (e.g., Mailchimp, Stripe, Hubspot), and execute data access and erasure requests against that application. Fides represents your SaaS connections as a Dataset, accessed via a Connection, and configured by a SaaS config.

Supported SaaS applications

The current implementation of the SaaS framework can support any SaaS application that uses these features:

  • Basic auth, bearer auth, OAuth2 (Authorization Code Flow)
  • Data access via HTTP requests
  • Erasure via HTTP requests
  • Pagination based on headers and response contents

The following features are planned for future releases and will allow for the configuration of broader types of connections:

  • Custom Python functions for access and erasure requests
  • Retry logic based on status codes and response contents

For full examples of supported Integrations, see the example configurations.

Configure a SaaS Integration

When running the Fides webserver, you may navigate to the interactive API docs at http://{server_url}/docs (e.g., http://0.0.0.0:8080/docs) to access the following endpoints.

Create a Connection of type saas

PATCH /api/v1/connection
[
  {
    "name": "SaaS Application",
    "key": {saas_key},
    "connection_type": "saas",
    "access": "read"
  }
]

Add a SaaS Config (in JSON format)

PATCH /api/v1/connection/{saas_key}/saas_config
{
    "fides_key": "mailchimp_connector_example",
    "name": "Mailchimp SaaS Config",
    "type": "mailchimp",
    "description": "A sample schema representing the Mailchimp integration for fides"
    ...

Configure your secrets

PUT /api/v1/connection/{saas_key}/secret
{
  "domain": "{mailchimp_domain}",
  "username": "{mailchimp_username}",
  "api_key": "{mailchimp_api_key}"
}

Add a Dataset (in JSON format)

PUT /api/v1/connection/{saas_key}/dataset
[
  {
    "fides_key":"mailchimp_connector_example",
    "name":"Mailchimp Dataset",
    "description":"A sample dataset representing the Mailchimp connector for fidesops",
    "collections":[
      {
        "name":"messages"
    ...

Additional considerations

The following constraints are enforced by the API validation:

  1. A SaaS Integration dataset cannot have any identities or references in the fidesops_meta. These relationships must be defined in the SaaS config.
  2. SaaS config references can only have a direction of from.
  3. The fides_key between the SaaS config and the Dataset must match in order to be associated.

Set up a SaaS integration from a template

To create all the resources necessary to set up a SaaS Integration in one request, you can create an integration from a template. This creates a saas Integration with your supplied name and description, using your supplied secrets.

The example below creates a mailchimp saas connector, and would need the relevant mailchimp secrets.

Your instance_key will become the identifier for the related Dataset. By default, the saas connection config is enabled with write access.

POST /connection/instantiate/mailchimp
{
    "name": "My Mailchimp integration",
    "description": "Production Mailchimp Instance",
    "secrets": {
        "domain": "{{mailchimp_domain}}",
        "api_key": "{{mailchimp_api_key}}",
        "username": "{{mailchimp_username}}"
    },
    "instance_key": "primary_mailchimp",
}
IntegrationsSaaS Configuration Reference