Query Audit Events

POST/api/v1/audit_events/query

Permissions required: Read audit logs

Bash

curl -X POST 'https://<my_api_endpoint>/api/v1/audit_events/query' \
    -H "Authorization: Bearer $REINFER_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
  "filter": {
    "timestamp": {
      "maximum": "2021-07-10T00:00:00Z",
      "minimum": "2021-06-10T00:00:00Z"
    }
  }
}'

Node

const request = require("request");

request.post(
  {
    url: "https://<my_api_endpoint>/api/v1/audit_events/query",
    headers: {
      Authorization: "Bearer " + process.env.REINFER_TOKEN,
    },
    json: true,
    body: {
      filter: {
        timestamp: {
          maximum: "2021-07-10T00:00:00Z",
          minimum: "2021-06-10T00:00:00Z",
        },
      },
    },
  },
  function (error, response, json) {
    // digest response
    console.log(JSON.stringify(json, null, 2));
  }
);

Python

import json
import os

import requests

response = requests.post(
    "https://<my_api_endpoint>/api/v1/audit_events/query",
    headers={"Authorization": "Bearer " + os.environ["REINFER_TOKEN"]},
    json={
        "filter": {
            "timestamp": {
                "minimum": "2021-06-10T00:00:00Z",
                "maximum": "2021-07-10T00:00:00Z",
            }
        }
    },
)

print(json.dumps(response.json(), indent=2, sort_keys=True))

Response

{
  "audit_events": [
    {
      "actor_user_id": "e2148a6625225593",
      "dataset_ids": ["1fe230edc85ffc1a"],
      "event_id": "2555880060c23eb5",
      "event_type": "get_datasets",
      "project_ids": ["ce3c61dcf210f425", "274400867ab17af9"],
      "tenant_ids": ["c59b6e209da438a8"],
      "timestamp": "2021-06-10T16:32:53Z"
    }
  ],
  "continuation": "2555880060c23eb5",
  "datasets": [
    {
      "id": "1fe230edc85ffc1a",
      "name": "collateral-sharing",
      "project_id": "ce3c61dcf210f425",
      "title": "Collateral Sharing"
    },
    {
      "id": "274400867ab17af9",
      "name": "Customer-Feedback",
      "project_id": "ce3c61dcf210f425",
      "title": "Customer Feedback"
    }
  ],
  "projects": [
    {
      "id": "ce3c61dcf210f425",
      "name": "bank-collateral",
      "tenant_id": "c59b6e209da438a8"
    }
  ],
  "status": "ok",
  "tenants": [
    {
      "id": "c59b6e209da438a8",
      "name": "acme"
    }
  ],
  "users": [
    {
      "display_name": "Alice",
      "email": "alice@acme.example",
      "id": "e2148a6625225593",
      "tenant_id": "c59b6e209da438a8",
      "username": "alice"
    }
  ]
}

An audit event is a record of an action taken by a user of the Re:infer platform. Example auditable events include:

• a user logging in
• a user changing their password
• a user changing another user's permissions

Name	Type	Required	Description
continuation	string	no	If a previous query returned a continuation in the response, another page of events is available. Set the returned continuation value here to fetch the next page.
limit	number	no	The number of audit events to return per page. Defaults to 128.
filter	Filter	no	A filter specifying which audit events to return.

Where Filter has the following format:

Name	Type	Required	Description
timestamp	TimestampFilter	no	A filter specifying what time range to return events in.

Where TimestampFilter has the following format:

Name	Type	Required	Description
minimum	string	no	An ISO-8601 timestamp. If provided, only returns audit event after or including this timestamp.
maximum	string	no	An ISO-8601 timestamp. If provided, only returns audit event before this timestamp.

Response format

The list of audit events can be found under the audit_events key at the top level of the response. Each AuditEvent can reference other resources (such as sources, datasets, users, etc) by ID. For each referenced resource, additional information can be found under the respective key (sources, datasets, users, etc) at the top level of the response.

An AuditEvent represents an action taken by a user in the platform, and has the following base format. Additional keys may be present depending on the value of event_type. For example, a get_datasets audit event will have a list of dataset_ids that were read by the user.

Name	Type	Description
event_id	string	The unique ID of this event.
event_type	string	The type of this event.
timestamp	string	The ISO-8601 timestamp of this event, to the nearest second.
actor_user_id	string	The ID of the user who executed this action.
actor_tenant_id	string	The tenant ID of the user who executed this action.

Finally, if the response contains a continuation key, you should fetch the next page of events by setting the continuation field in the request to this value.