Skip to main content

Query Audit Events

POST/api/v1/audit_events/query
Permissions required: Read audit logs
curl -X POST 'https://<my_api_endpoint>/api/v1/audit_events/query' \
-H "Authorization: Bearer $REINFER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"filter": {
"timestamp": {
"maximum": "2021-07-10T00:00:00Z",
"minimum": "2021-06-10T00:00:00Z"
}
}
}'

An audit event is a record of an action taken by a user of the Re:infer platform. Example auditable events include:

  • a user logging in
  • a user changing their password
  • a user changing another user's permissions
NameTypeRequiredDescription
continuationstringnoIf a previous query returned a continuation in the response, another page of events is available. Set the returned continuation value here to fetch the next page.
limitnumbernoThe number of audit events to return per page. Defaults to 128.
filterFilternoA filter specifying which audit events to return.

Where Filter has the following format:

NameTypeRequiredDescription
timestampTimestampFilternoA filter specifying what time range to return events in.

Where TimestampFilter has the following format:

NameTypeRequiredDescription
minimumstringnoAn ISO-8601 timestamp. If provided, only returns audit event after or including this timestamp.
maximumstringnoAn ISO-8601 timestamp. If provided, only returns audit event before this timestamp.

Response format

The list of audit events can be found under the audit_events key at the top level of the response. Each AuditEvent can reference other resources (such as sources, datasets, users, etc) by ID. For each referenced resource, additional information can be found under the respective key (sources, datasets, users, etc) at the top level of the response.

An AuditEvent represents an action taken by a user in the platform, and has the following base format. Additional keys may be present depending on the value of event_type. For example, a get_datasets audit event will have a list of dataset_ids that were read by the user.

NameTypeDescription
event_idstringThe unique ID of this event.
event_typestringThe type of this event.
timestampstringThe ISO-8601 timestamp of this event, to the nearest second.
actor_user_idstringThe ID of the user who executed this action.
actor_tenant_idstringThe tenant ID of the user who executed this action.

Finally, if the response contains a continuation key, you should fetch the next page of events by setting the continuation field in the request to this value.