DocsAPI Reference
  • Data API
    • POSTGet BIN
LogoLogo
Login
Login
Data APIAudit

List Audit Events

GET
/v1/audit/events
GET
/v1/audit/events
1curl -G https://{{vault_url_identifier}}.vault.skyflowapis.com/v1/audit/events \
2     -H "Authorization: Bearer <token>" \
3     -d filterOps.context.changeID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
4     -d filterOps.context.requestID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
5     -d filterOps.context.sessionID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
6     -d filterOps.context.actor=a451b783713e4424a7c761bb7bbc84ea \
7     -d filterOps.context.actorType=SERVICE_ACCOUNT \
8     -d filterOps.context.accessType=API \
9     -d filterOps.context.ipAddress=74.160.148.217 \
10     --data-urlencode filterOps.context.origin=https://try.skyflow.com \
11     -d filterOps.context.authMode=SERVICE_ACCOUNT_JWT \
12     -d filterOps.context.jwtID=a451b783713e4424a7c761bb7bbc84ea \
13     -d filterOps.context.bearerTokenContextID=a451b783713e4424a7c761bb7bbc84ea \
14     -d filterOps.parentAccountID=a451b783713e4424a7c761bb7bbc84ea \
15     -d filterOps.accountID=a451b783713e4424a7c761bb7bbc84ea \
16     -d filterOps.workspaceID=a451b783713e4424a7c761bb7bbc84ea \
17     -d filterOps.vaultID=a451b783713e4424a7c761bb7bbc84ea \
18     --data-urlencode "filterOps.resourceIDs=VAULT/12345, USER/67890" \
19     -d filterOps.actionType=CREATE \
20     -d filterOps.resourceType=VAULT \
21     --data-urlencode "filterOps.tags=login, get" \
22     -d filterOps.responseCode=201 \
23     --data-urlencode "filterOps.startTime=2023-06-27 14:01:14.271659365" \
24     --data-urlencode "filterOps.endTime=2023-06-27 14:01:14.271659365" \
25     --data-urlencode "filterOps.apiName=Create Vault" \
26     --data-urlencode "filterOps.responseMessage=Vault created successfully" \
27     -d filterOps.httpMethod=POST \
28     --data-urlencode filterOps.httpURI=/v1/vaults \
29     -d sortOps.sortBy=persons.name \
30     -d sortOps.orderBy=DESCENDING \
31     --data-urlencode "afterOps.timestamp=2023-06-27 14:01:14.271659365" \
32     -d afterOps.changeID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
33     -d limit=25 \
34     -d offset=26
Try it
1{
2  "event": [
3    {
4      "context": {
5        "changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d",
6        "requestID": "5a682b12-1a44-922b-a487-ab108f018cc4",
7        "traceID": "9f1707bd-3da0-4946-bf7a-ca99e7e12e5b",
8        "sessionID": "cb598f8c-786e-48da-898d-830ec92417b7",
9        "actor": "web31628f5a74bf7994459921c67eef8",
10        "actorType": "USER",
11        "accessType": "API",
12        "ipAddress": "27.116.16.50",
13        "origin": "https://acme.skyflow.com",
14        "authMode": "PAT_JWT",
15        "jwtID": "o82d1d5bcbf148eb890a937593321ff8",
16        "bearerTokenContextID": "bcf4b254-a415-4b3f-a8b9-0a1f02e52e18",
17        "keyID": "y72c0826fb1146b3bb8a0d48ab4d0653"
18      },
19      "request": {
20        "data": {
21          "content": "select * from persons where skyflow_id=\"5b6c8110-58b3-4aa0-8b36-d2cfd5c7b259\""
22        },
23        "apiName": "/.QueryService/ExecuteQuery",
24        "workspaceID": "e01054d5ff3411eab9f2360c405de1ab",
25        "vaultID": "cd1d815aa09b4cbfbb803bd20349f202",
26        "tags": [
27          "dml"
28        ],
29        "timestamp": "2023-06-27 14:01:14.264739714",
30        "actionType": "READ",
31        "resourceType": "RECORD",
32        "httpInfo": {
33          "URI": "//vaults/cd1d815aa09b4cbfbb803bd20349f202/query",
34          "method": "POST"
35        }
36      },
37      "response": {
38        "code": 200,
39        "message": "success",
40        "timestamp": "2023-06-27 14:01:14.271659365"
41      },
42      "parentAccountID": "b894gg34fbn866eabd6c2ce1457r4b45",
43      "accountID": "f244fg04bgh876qemk6c3a32256e2k90",
44      "resourceIDs": [
45        "ACCOUNT/f244fg04bgh876qemk6c3a32256e2k90",
46        "TABLE/persons",
47        "VAULT/cd1d815aa09b4cbfbb803bd20349f202"
48      ]
49    }
50  ],
51  "nextOps": {
52    "timestamp": "2023-06-27 14:01:14.264739714",
53    "changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d"
54  }
55}
Lists audit events that match query parameters.
Was this page helpful?
Previous

Batch Operation

Next
Built with
Batch Operation
Lists audit events that match query parameters.

Authentication

AuthorizationBearer
Bearer authentication of the form `Bearer <token>`, where token is your auth token.

Query parameters

filterOps.context.changeIDstringOptionalformat: "uuid"<=36 characters
ID for the audit event.
filterOps.context.requestIDstringOptionalformat: "uuid"<=36 characters
ID for the request that caused the event.
filterOps.context.traceIDstringOptional<=2048 characters
ID for the audit event.
ID for the request that caused the event.
ID for the request set by the service that received the request.
filterOps.context.sessionIDstringOptionalformat: "uuid"<=36 characters
ID for the session in which the request was sent.
filterOps.context.actorstringOptional<=2048 characters
Member who sent the request. Depending on `actorType`, this may be a user ID or a service account ID.
filterOps.context.actorTypeenumOptional
Type of member who sent the request.
Allowed values:
filterOps.context.accessTypeenumOptional
Type of access for the request.
Allowed values:
filterOps.context.ipAddressstringOptionalformat: "ipv4"<=15 characters
IP Address of the client that made the request.
filterOps.context.originstringOptional<=2048 characters
HTTP Origin request header (including scheme, hostname, and port) of the request.
filterOps.context.authModeenumOptional
Authentication mode the `actor` used.
Allowed values:
filterOps.context.jwtIDstringOptional<=2048 characters
ID of the JWT token.
filterOps.context.bearerTokenContextIDstringOptional<=2048 characters
Embedded User Context.
filterOps.parentAccountIDstringOptional<=2048 characters
Resources with the specified parent account ID.
filterOps.accountIDstringRequired<=2048 characters
Resources with the specified account ID.
filterOps.workspaceIDstringOptional<=2048 characters
Resources with the specified workspace ID.
filterOps.vaultIDstringOptional<=2048 characters
Resources with the specified vault ID.
filterOps.resourceIDsstringOptional<=2048 characters
Resources with a specified ID. If a resource matches at least one ID, the associated event is returned. Format is a comma-separated list of "\<resourceType\>/\<resourceID\>". For example, "VAULT/12345, USER/67890".
filterOps.actionTypeenumOptional
Events with the specified action type.
filterOps.resourceTypeenumOptional
Resources with the specified type.
filterOps.tagsstringOptional<=2048 characters
Events with associated tags. If an event matches at least one tag, the event is returned. Comma-separated list. For example, "login, get".
filterOps.responseCodeintegerOptional>=100<=599
HTTP response code of the request.
filterOps.startTimestringOptionalformat: "date-time"<=100 characters
Start timestamp for the query, in SQL format.
filterOps.endTimestringOptionalformat: "date-time"<=100 characters
End timestamp for the query, in SQL format.
filterOps.apiNamestringOptional<=2048 characters
Name of the API called in the request.
filterOps.responseMessagestringOptional<=2048 characters
Response message of the request.
filterOps.httpMethodstringOptional<=2048 characters
HTTP method of the request.
filterOps.httpURIstringOptional<=2048 characters
HTTP URI of the request.
sortOps.sortBystringOptional<=2048 characters
Fully-qualified field by which to sort results. Field names should be in camel case (for example, "capitalization.camelCase").
sortOps.orderByenumOptionalDefaults to ASCENDING
Ascending or descending ordering of results.
Allowed values:
afterOps.timestampstringOptionalformat: "date-time"<=100 characters
Timestamp provided in the previous audit response's `nextOps` attribute. An alternate way to manage response pagination. Can't be used with `sortOps` or `offset`. For the first request in a series of audit requests, leave blank.
afterOps.changeIDstringOptionalformat: "uuid"<=36 characters
Change ID provided in the previous audit response's `nextOps` attribute. An alternate way to manage response pagination. Can't be used with `sortOps` or `offset`. For the first request in a series of audit requests, leave blank.
limitlongOptionalDefaults to 25
Number of results to return.
offsetlongOptionalDefaults to 0
Record position at which to start returning results.

Response

A successful response.
eventlist of objects or null
Events matching the query.
nextOpsobject or null

Errors

Bearer authentication of the form Bearer <token>, where token is your auth token.

HTTP Origin request header (including scheme, hostname, and port) of the request.

Member who sent the request. Depending on actorType, this may be a user ID or a service account ID.

Change ID provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.

Authentication mode the actor used.

Timestamp provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.

Resources with a specified ID. If a resource matches at least one ID, the associated event is returned. Format is a comma-separated list of “<resourceType>/<resourceID>”. For example, “VAULT/12345, USER/67890”.

Fully-qualified field by which to sort results. Field names should be in camel case (for example, “capitalization.camelCase”).

Events with associated tags. If an event matches at least one tag, the event is returned. Comma-separated list. For example, “login, get”.