Query Audit Events
- Bash
- Node
- Python
- Response
curl -X POST 'https://<my_api_endpoint>/api/v1/audit_events/query' \
-H "Authorization: Bearer $REINFER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"filter": {
"timestamp": {
"maximum": "2021-07-10T00:00:00Z",
"minimum": "2021-06-10T00:00:00Z"
}
}
}'
const request = require("request");
request.post(
{
url: "https://<my_api_endpoint>/api/v1/audit_events/query",
headers: {
Authorization: "Bearer " + process.env.REINFER_TOKEN,
},
json: true,
body: {
filter: {
timestamp: {
maximum: "2021-07-10T00:00:00Z",
minimum: "2021-06-10T00:00:00Z",
},
},
},
},
function (error, response, json) {
// digest response
console.log(JSON.stringify(json, null, 2));
}
);
import json
import os
import requests
response = requests.post(
"https://<my_api_endpoint>/api/v1/audit_events/query",
headers={"Authorization": "Bearer " + os.environ["REINFER_TOKEN"]},
json={
"filter": {
"timestamp": {
"minimum": "2021-06-10T00:00:00Z",
"maximum": "2021-07-10T00:00:00Z",
}
}
},
)
print(json.dumps(response.json(), indent=2, sort_keys=True))
{
"audit_events": [
{
"actor_user_id": "e2148a6625225593",
"dataset_ids": ["1fe230edc85ffc1a"],
"event_id": "2555880060c23eb5",
"event_type": "get_datasets",
"project_ids": ["ce3c61dcf210f425", "274400867ab17af9"],
"tenant_ids": ["c59b6e209da438a8"],
"timestamp": "2021-06-10T16:32:53Z"
}
],
"continuation": "2555880060c23eb5",
"datasets": [
{
"id": "1fe230edc85ffc1a",
"name": "collateral-sharing",
"project_id": "ce3c61dcf210f425",
"title": "Collateral Sharing"
},
{
"id": "274400867ab17af9",
"name": "Customer-Feedback",
"project_id": "ce3c61dcf210f425",
"title": "Customer Feedback"
}
],
"projects": [
{
"id": "ce3c61dcf210f425",
"name": "bank-collateral",
"tenant_id": "c59b6e209da438a8"
}
],
"status": "ok",
"tenants": [
{
"id": "c59b6e209da438a8",
"name": "acme"
}
],
"users": [
{
"display_name": "Alice",
"email": "alice@acme.example",
"id": "e2148a6625225593",
"tenant_id": "c59b6e209da438a8",
"username": "alice"
}
]
}
An audit event is a record of an action taken by a user of the Re:infer platform. Example auditable events include:
- a user logging in
- a user changing their password
- a user changing another user's permissions
Name | Type | Required | Description |
---|---|---|---|
continuation | string | no | If a previous query returned a continuation in the response, another page of events is available. Set the returned continuation value here to fetch the next page. |
limit | number | no | The number of audit events to return per page. Defaults to 128. |
filter | Filter | no | A filter specifying which audit events to return. |
Where Filter
has the following format:
Name | Type | Required | Description |
---|---|---|---|
timestamp | TimestampFilter | no | A filter specifying what time range to return events in. |
Where TimestampFilter
has the following format:
Name | Type | Required | Description |
---|---|---|---|
minimum | string | no | An ISO-8601 timestamp. If provided, only returns audit event after or including this timestamp. |
maximum | string | no | An ISO-8601 timestamp. If provided, only returns audit event before this timestamp. |
Response format
The list of audit events can be found under the audit_events
key at the top
level of the response. Each AuditEvent
can reference other resources (such as
sources, datasets, users, etc) by ID. For each referenced resource, additional
information can be found under the respective key (sources
, datasets
,
users
, etc) at the top level of the response.
An AuditEvent
represents an action taken by a user in the platform, and has
the following base format. Additional keys may be present depending on the value
of event_type
. For example, a get_datasets
audit event will have a list of
dataset_ids
that were read by the user.
Name | Type | Description |
---|---|---|
event_id | string | The unique ID of this event. |
event_type | string | The type of this event. |
timestamp | string | The ISO-8601 timestamp of this event, to the nearest second. |
actor_user_id | string | The ID of the user who executed this action. |
actor_tenant_id | string | The tenant ID of the user who executed this action. |
Finally, if the response contains a continuation
key, you should fetch the
next page of events by setting the continuation
field in the request to this
value.