BigID API/DSAR Tutorial: Difference between revisions
Line 57: | Line 57: | ||
<html> | <html> | ||
<iframe style="border:0px; width:100%; height:400px; border-radius:10px;" src="https://apibrowser.mybigid.com/?url=sar%2Fattributes%3FprofileId%3D5d93e8431810782ce9173ae0&method=GET&selectedSetting= | <iframe style="border:0px; width:100%; height:400px; border-radius:10px;" src="https://apibrowser.mybigid.com/?url=sar%2Fattributes%3FprofileId%3D5d93e8431810782ce9173ae0&method=GET&selectedSetting=none&headers=%5B%7B%22name%22%3A%22Authorization%22%2C%22value%22%3A%22SAMPLE%22%7D%5D"></iframe> | ||
</html> | </html> | ||
Revision as of 17:57, 26 October 2021
- Find a DSAR profile using the BigID API
- Search for individuals using attributes using the BigID API
- Run a DSAR scan using the BigID API
- Get a DSAR report using the BigID API
In this tutorial, we'll use SAMPLE as our session token. This is unique to the training sandbox and will not work in other environments. See BigID API/Tutorial for information on authenticating with BigID.
Getting DSAR Profiles[edit]
BigID uses DSAR profiles to specify which databases to look for users. You can create these using the APIs, but creating them via the UI is preferred since the UI will provide suggestions as you work. In our case, we already have a few data sources within our system.
Add a new header named "Authorization" and paste the session token you got in the previous request to authenticate yourself.
From this API call we can see a list of DSAR profiles. This also gives us insight into why organizations use DASR profiles. Different groups of systems can have users with the same unique ID (employee number 1 and customer number 1 are probably different people). Profiles allow us to segment those user groups. Below we see a different profile for US customers to illustrate that.
{
"profiles": [
{
"_id": "5d93e8431810782ce9173ae0",
"name": "Default Profile",
"allEnabledEs": true,
"allEnabledDs": true,
"scopes": [
"root"
],
"isCustom": false
},
{
"_id": "614d7794dfa3fdf8bd71cacb",
"allEnabledDs": true,
"allEnabledEs": false,
"name": "ALL PI for US Customer",
"scopes": [
"root"
],
"shouldAttributesEnrichment": true,
"isCustom": true
}
]
}
In our case, we know a user with the email [email protected] is present in the default profile. However, we need to figure out what attributes we can use to execute a DSAR with this profile so we get the names correct.
Let's initiate a DSAR on this user.
Initiating a DSAR[edit]
We now know the API calls we need and can use our programming language of choice to prepare our report. Below are some samples.
import fetch from 'node-fetch';
let credentials = { username: "bigid", password: "learner" };
let env = "https://sandbox.mybigid.com/";
async function getDataSources(credentials, env) {
// Request API Key using user/pass authentication
const sessionRequest = fetch(env + 'api/v1/sessions', {
method: 'POST',
body: JSON.stringify(credentials),
headers: { 'Content-Type': 'application/json' }
});
const sessionData = await request.json();
const dsRequest = fetch(env + 'api/v1/ds-connections', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': sessionData.auth_token
}
});
return await dsRequest.json();
}
let credentials = { username: "bigid", password: "bigid111" };
let env = "https://sandbox.mybigid.com/";
async function getDataSources(credentials, env) {
// Request API Key using user/pass authentication
const sessionRequest = window.fetch(env + 'api/v1/sessions', {
method: 'POST',
body: JSON.stringify(credentials),
headers: { 'Content-Type': 'application/json' }
});
const sessionData = await request.json();
const dsRequest = window.fetch(env + 'api/v1/ds-connections', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': sessionData.auth_token
}
});
return await dsRequest.json();
}
import requests
credentials = {'username':'bigid', 'password':'bigid111'}
env = 'https://sandbox.mybigid.com/'
def getDataSources(credentials, env):
sessionRequest = requests.post(env+'api/v1/sessions', data = credentials)
sessionData = sessionRequest.json()
dsRequest = requests.get(env+'api/v1/ds-connections', headers = {'Authorization':sessionData.get('auth_token')})
return dsRequest.json()