List Audit Events | Skyflow

Lists audit events that match query parameters.

Authentication

AuthorizationBearer

Access token, prefixed by Bearer: Bearer <token>. Retrieved using OAuth2 security scheme.

Access token, prefixed by Bearer: Bearer <token>. Retrieved using <a href='https://readme.skyflow.com/reference/Authentication/OAuth2'>OAuth2</a> security scheme.

Query parameters

filterOps.context.changeIDstringOptionalformat: "uuid"<=36 characters

ID for the audit event.

filterOps.context.requestIDstringOptionalformat: "uuid"<=36 characters

ID for the request that caused the event.

filterOps.context.traceIDstringOptional<=2048 characters

ID for the request set by the service that received the request.

filterOps.context.sessionIDstringOptionalformat: "uuid"<=36 characters

ID for the session in which the request was sent.

filterOps.context.actorstringOptional<=2048 characters

Member who sent the request. Depending on actorType, this may be a user ID or a service account ID.

filterOps.context.actorTypeenumOptional

Type of member who sent the request.

Allowed values:

filterOps.context.accessTypeenumOptional

Type of access for the request.

Allowed values:

filterOps.context.ipAddressstringOptionalformat: "ipv4"<=15 characters

IP Address of the client that made the request.

filterOps.context.originstringOptional<=2048 characters

HTTP Origin request header (including scheme, hostname, and port) of the request.

filterOps.context.authModeenumOptional

Authentication mode the actor used.

Allowed values:

filterOps.context.jwtIDstringOptional<=2048 characters

ID of the JWT token.

filterOps.context.bearerTokenContextIDstringOptional<=2048 characters

Embedded User Context.

filterOps.parentAccountIDstringOptional<=2048 characters

Resources with the specified parent account ID.

filterOps.accountIDstringRequired<=2048 characters

Resources with the specified account ID.

filterOps.workspaceIDstringOptional<=2048 characters

Resources with the specified workspace ID.

filterOps.vaultIDstringOptional<=2048 characters

Resources with the specified vault ID.

filterOps.resourceIDsstringOptional<=2048 characters

Resources with a specified ID. If a resource matches at least one ID, the associated event is returned. Format is a comma-separated list of “<resourceType>/<resourceID>”. For example, “VAULT/12345, USER/67890”.

filterOps.actionTypeenumOptional

Events with the specified action type.

filterOps.resourceTypeenumOptional

Resources with the specified type.

filterOps.tagsstringOptional<=2048 characters

Events with associated tags. If an event matches at least one tag, the event is returned. Comma-separated list. For example, “login, get”.

filterOps.responseCodeintegerOptional>=100<=599

HTTP response code of the request.

filterOps.startTimestringOptionalformat: "date-time"<=100 characters

Start timestamp for the query, in SQL format.

filterOps.endTimestringOptionalformat: "date-time"<=100 characters

End timestamp for the query, in SQL format.

filterOps.apiNamestringOptional<=2048 characters

Name of the API called in the request.

filterOps.responseMessagestringOptional<=2048 characters

Response message of the request.

filterOps.httpMethodstringOptional<=2048 characters

HTTP method of the request.

filterOps.httpURIstringOptional<=2048 characters

HTTP URI of the request.

sortOps.sortBystringOptional<=2048 characters

Fully-qualified field by which to sort results. Field names should be in camel case (for example, “capitalization.camelCase”).

sortOps.orderByenumOptionalDefaults to ASCENDING

Ascending or descending ordering of results.

Allowed values:

afterOps.timestampstringOptionalformat: "date-time"<=100 characters

Timestamp provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.

afterOps.changeIDstringOptionalformat: "uuid"<=36 characters

Change ID provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.

limitlongOptionalDefaults to 25

Number of results to return.

offsetlongOptionalDefaults to 0

Record position at which to start returning results.

Response

A successful response.

eventlist of objects or null

Events matching the query.

nextOpsobject or null

1	import requests
2
3	url = "https://{{vault_url_identifier}}.vault.skyflowapis.com/v1/audit/events"
4
5	querystring = {"filterOps.context.changeID":"d4410ea0-1d83-473c-a09a-24c6b03096d4","filterOps.context.requestID":"d4410ea0-1d83-473c-a09a-24c6b03096d4","filterOps.context.sessionID":"d4410ea0-1d83-473c-a09a-24c6b03096d4","filterOps.context.actor":"a451b783713e4424a7c761bb7bbc84ea","filterOps.context.actorType":"SERVICE_ACCOUNT","filterOps.context.accessType":"API","filterOps.context.ipAddress":"74.160.148.217","filterOps.context.origin":"https://try.skyflow.com","filterOps.context.authMode":"SERVICE_ACCOUNT_JWT","filterOps.context.jwtID":"a451b783713e4424a7c761bb7bbc84ea","filterOps.context.bearerTokenContextID":"a451b783713e4424a7c761bb7bbc84ea","filterOps.parentAccountID":"a451b783713e4424a7c761bb7bbc84ea","filterOps.accountID":"a451b783713e4424a7c761bb7bbc84ea","filterOps.workspaceID":"a451b783713e4424a7c761bb7bbc84ea","filterOps.vaultID":"a451b783713e4424a7c761bb7bbc84ea","filterOps.resourceIDs":"VAULT/12345, USER/67890","filterOps.actionType":"CREATE","filterOps.resourceType":"VAULT","filterOps.tags":"login, get","filterOps.responseCode":"201","filterOps.startTime":"2023-06-27 14:01:14.271659365","filterOps.endTime":"2023-06-27 14:01:14.271659365","filterOps.apiName":"Create Vault","filterOps.responseMessage":"Vault created successfully","filterOps.httpMethod":"POST","filterOps.httpURI":"/v1/vaults","sortOps.sortBy":"persons.name","sortOps.orderBy":"DESCENDING","afterOps.timestamp":"2023-06-27 14:01:14.271659365","afterOps.changeID":"d4410ea0-1d83-473c-a09a-24c6b03096d4","limit":"25","offset":"26"}
6
7	headers = {"Authorization": "Bearer <token>"}
8
9	response = requests.get(url, headers=headers, params=querystring)
10
11	print(response.json())

1	{
2	"event": [
3	{
4	"context": {
5	"changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d",
6	"requestID": "5a682b12-1a44-922b-a487-ab108f018cc4",
7	"traceID": "9f1707bd-3da0-4946-bf7a-ca99e7e12e5b",
8	"sessionID": "cb598f8c-786e-48da-898d-830ec92417b7",
9	"actor": "web31628f5a74bf7994459921c67eef8",
10	"actorType": "USER",
11	"accessType": "API",
12	"ipAddress": "27.116.16.50",
13	"origin": "https://acme.skyflow.com",
14	"authMode": "PAT_JWT",
15	"jwtID": "o82d1d5bcbf148eb890a937593321ff8",
16	"bearerTokenContextID": "bcf4b254-a415-4b3f-a8b9-0a1f02e52e18",
17	"keyID": "y72c0826fb1146b3bb8a0d48ab4d0653"
18	},
19	"request": {
20	"data": {
21	"content": "select * from persons where skyflow_id=\"5b6c8110-58b3-4aa0-8b36-d2cfd5c7b259\""
22	},
23	"apiName": "/.QueryService/ExecuteQuery",
24	"workspaceID": "e01054d5ff3411eab9f2360c405de1ab",
25	"vaultID": "cd1d815aa09b4cbfbb803bd20349f202",
26	"tags": [
27	"dml"
28	],
29	"timestamp": "2023-06-27 14:01:14.264739714",
30	"actionType": "READ",
31	"resourceType": "RECORD",
32	"httpInfo": {
33	"URI": "//vaults/cd1d815aa09b4cbfbb803bd20349f202/query",
34	"method": "POST"
35	}
36	},
37	"response": {
38	"code": 200,
39	"message": "success",
40	"timestamp": "2023-06-27 14:01:14.271659365"
41	},
42	"parentAccountID": "b894gg34fbn866eabd6c2ce1457r4b45",
43	"accountID": "f244fg04bgh876qemk6c3a32256e2k90",
44	"resourceIDs": [
45	"ACCOUNT/f244fg04bgh876qemk6c3a32256e2k90",
46	"TABLE/persons",
47	"VAULT/cd1d815aa09b4cbfbb803bd20349f202"
48	]
49	}
50	],
51	"nextOps": {
52	"timestamp": "2023-06-27 14:01:14.264739714",
53	"changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d"
54	}
55	}

Authentication

Query parameters

Response

Errors