Skip to content
Developer Docs
Fides API
Managing resources
privacy-request-redaction-patterns

Privacy Request Redaction Patterns API

The Privacy Request Redaction Patterns API allows you to manage global regex patterns that automatically mask sensitive dataset, collection, and field names in DSR (Data Subject Request) package reports.

🔒

This API is part of the Privacy Request management system and requires appropriate OAuth scopes to access.

Prerequisites

  • Valid OAuth token with appropriate scopes
  • One of the following scopes:
    • PRIVACY_REQUEST_REDACTION_PATTERNS_READ (to view patterns)
    • PRIVACY_REQUEST_REDACTION_PATTERNS_UPDATE (to modify patterns)

Endpoints

Get Current Patterns

Retrieves all currently configured redaction patterns.

Request:

GET /api/v1/privacy-request-redaction-patterns
Authorization: Bearer {token}
Content-Type: application/json

Response:

{
  "patterns": [
    "sensitive_.*",
    ".*_private", 
    "^email$",
    "customer.*",
    ".*user.*"
  ]
}

Response Codes:

  • 200 OK: Successfully retrieved patterns
  • 401 Unauthorized: Invalid or missing authentication
  • 403 Forbidden: Insufficient permissions

Update Patterns

Updates the global redaction patterns. This replaces all existing patterns with the new set.

Request:

PUT /api/v1/privacy-request-redaction-patterns
Authorization: Bearer {token}
Content-Type: application/json
 
{
  "patterns": [
    "sensitive_.*",
    ".*_private",
    "^email$",
    "customer.*",
    ".*user.*"
  ]
}

Request Body:

  • patterns (array, required): Array of regex patterns to apply for redaction
    • Maximum 100 patterns allowed
    • Each pattern limited to 500 characters
    • Must be valid regex syntax

Response:

{
  "patterns": [
    "sensitive_.*",
    ".*_private",
    "^email$", 
    "customer.*",
    ".*user.*"
  ]
}

Response Codes:

  • 200 OK: Successfully updated patterns
  • 400 Bad Request: Invalid request body or regex syntax
  • 401 Unauthorized: Invalid or missing authentication
  • 403 Forbidden: Insufficient permissions
  • 422 Unprocessable Entity: Validation errors

Pattern Validation

All regex patterns are validated for correct syntax before being saved. Invalid patterns will result in a 400 Bad Request response with details about the validation error.

Supported Regex Features

  • Basic character classes: [a-z], [0-9], [A-Za-z]
  • Quantifiers: *, +, ?, {n}, {n,m}
  • Anchors: ^ (start of string), $ (end of string)
  • Alternation: |
  • Groups: ()
  • Character escapes: \., \*, \+, etc.

Example Valid Patterns

{
  "patterns": [
    "^email$",           // Exact match for "email"
    "sensitive_.*",      // Anything starting with "sensitive_"
    ".*_private",        // Anything ending with "_private"
    "customer.*",        // Anything starting with "customer"
    ".*user.*",          // Anything containing "user"
    "^(email|phone)$",   // Either "email" or "phone"
    ".*@.*",             // Anything containing "@"
    "data_[0-9]+"        // "data_" followed by one or more digits
  ]
}

Error Handling

Common Error Responses

Invalid Regex Pattern:

{
  "detail": [
    {
      "loc": ["body", "patterns", 0],
      "msg": "Invalid regex pattern: [invalid",
      "type": "value_error"
    }
  ]
}

Too Many Patterns:

{
  "detail": "Maximum 100 patterns allowed"
}

Pattern Too Long:

{
  "detail": [
    {
      "loc": ["body", "patterns", 0],
      "msg": "Pattern exceeds maximum length of 500 characters",
      "type": "value_error"
    }
  ]
}

Usage Examples

Python Example

import requests
import json
 
# Configuration
base_url = "https://your-fides-instance.com"
token = "your-oauth-token"
 
headers = {
    "Authorization": f"Bearer {token}",
    "Content-Type": "application/json"
}
 
# Get current patterns
response = requests.get(
    f"{base_url}/api/v1/privacy-request-redaction-patterns",
    headers=headers
)
 
if response.status_code == 200:
    patterns = response.json()["patterns"]
    print(f"Current patterns: {patterns}")
else:
    print(f"Error: {response.status_code} - {response.text}")
 
# Update patterns
new_patterns = [
    "sensitive_.*",
    ".*_private",
    "^email$",
    "customer.*"
]
 
response = requests.put(
    f"{base_url}/api/v1/privacy-request-redaction-patterns",
    headers=headers,
    json={"patterns": new_patterns}
)
 
if response.status_code == 200:
    print("Patterns updated successfully")
else:
    print(f"Error: {response.status_code} - {response.text}")

cURL Example

# Get current patterns
curl -X GET \
  "https://your-fides-instance.com/api/v1/privacy-request-redaction-patterns" \
  -H "Authorization: Bearer your-oauth-token" \
  -H "Content-Type: application/json"
 
# Update patterns
curl -X PUT \
  "https://your-fides-instance.com/api/v1/privacy-request-redaction-patterns" \
  -H "Authorization: Bearer your-oauth-token" \
  -H "Content-Type: application/json" \
  -d '{
    "patterns": [
      "sensitive_.*",
      ".*_private",
      "^email$",
      "customer.*"
    ]
  }'

Integration with Entity-Specific Redaction

Global regex patterns work in conjunction with entity-specific redaction configurations in dataset YAML files. The precedence order is:

  1. Entity-specific redaction (highest priority)
  2. Global regex patterns (applied when no entity-specific configuration exists)

This allows for flexible redaction strategies where you can have global patterns for common cases and specific overrides for particular datasets, collections, or fields.

Related Documentation

privacy-requestregistry