Skip to content
Fides Configuration
Third-Party Integrations

Connect to SaaS Applications

What is a SaaS integration?

A Fides SaaS (Software as a Service) Integration allows a user to connect to a third-party application (e.g., Mailchimp, Stripe, Hubspot), and execute data access and erasure requests against that application. Fides represents your SaaS connections as a Dataset, accessed via a Connection, and configured by a SaaS config.

Supported SaaS applications

The current implementation of the SaaS framework can support any SaaS application that uses these features:

  • Basic auth, bearer auth, OAuth2 (Authorization Code Flow)
  • Data access via HTTP requests
  • Erasure via HTTP requests
  • Pagination based on headers and response contents

The following features are planned for future releases and will allow for the configuration of broader types of connections:

  • Custom Python functions for access and erasure requests
  • Retry logic based on status codes and response contents

For full examples of supported Integrations, see the example configurations.

Configure a SaaS Integration

When running the Fides webserver, you may navigate to the interactive API docs at http://{server_url}/docs (e.g., to access the following endpoints.

Create a Connection of type saas

PATCH /api/v1/connection
    "name": "SaaS Application",
    "key": {saas_key},
    "connection_type": "saas",
    "access": "read"

Add a SaaS Config (in JSON format)

PATCH /api/v1/connection/{saas_key}/saas_config
    "fides_key": "mailchimp_connector_example",
    "name": "Mailchimp SaaS Config",
    "type": "mailchimp",
    "description": "A sample schema representing the Mailchimp integration for fides"

Configure your secrets

PUT /api/v1/connection/{saas_key}/secret
  "domain": "{mailchimp_domain}",
  "username": "{mailchimp_username}",
  "api_key": "{mailchimp_api_key}"

Add a Dataset (in JSON format)

PUT /api/v1/connection/{saas_key}/dataset
    "name":"Mailchimp Dataset",
    "description":"A sample dataset representing the Mailchimp connector for fidesops",

Additional considerations

The following constraints are enforced by the API validation:

  1. A SaaS Integration dataset cannot have any identities or references in the fidesops_meta. These relationships must be defined in the SaaS config.
  2. SaaS config references can only have a direction of from.
  3. The fides_key between the SaaS config and the Dataset must match in order to be associated.

Set up a SaaS integration from a template

To create all the resources necessary to set up a SaaS Integration in one request, you can create an integration from a template. This creates a saas Integration with your supplied name and description, using your supplied secrets.

The example below creates a mailchimp saas connector, and would need the relevant mailchimp secrets.

Your instance_key will become the identifier for the related Dataset. By default, the saas connection config is enabled with write access.

POST /connection/instantiate/mailchimp
    "name": "My Mailchimp integration",
    "description": "Production Mailchimp Instance",
    "secrets": {
        "domain": "{{mailchimp_domain}}",
        "api_key": "{{mailchimp_api_key}}",
        "username": "{{mailchimp_username}}"
    "instance_key": "primary_mailchimp",