REST API Reference > Platform REST API version 3 resources > Security logs
  

Security logs

Use the securityLog resource to receive security log entries. Security logs include information about events such as login actions and creating, updating, and deleting users, user groups, and roles. To use this resource, you must be logged in with an administrator role.

GET request

To request entries for the last 24 hours with a maximum of 200 entries, use the following URI.
/public/core/v3/securityLog
Alternatively, you can use query parameters to specify which entries to return. For example, the following URI returns entries created on July 26, 2019 between 8:00AM and 5:00PM:
/public/core/v3/securityLog?q=entryTime>="2019-07-26T08:00:00.000Z";entryTime<="2019-07-26T17:00:00.000Z"
You can include the following query parameters in the URI:
Parameter
Type
Description
entryTime
String
Start time or end time of the entry in UTC format.
Use one of the following formats:
  • - yyyy-MM-dd'T'HH:mm:ss'Z'
  • - yyyy-MM-dd'T'HH:mm:ssZ
  • - yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
  • - yyyy-MM-dd'T'HH:mm:ss.SSSZ
The maximum date range is 14 days.
You can use the following operators:
  • - <=
  • - =>
  • - >
  • - ==
  • - !=
Default is to return entries for the last 24 hours with a maximum of 200.
actionCategory
String
Category of the security log entry.
You can use the following operators:
  • - ==
  • - !=
To use this query parameter, you must also include a valid time range using the entryTime query parameter.
actor
String
User name who performed the action.
You can use the following operators:
  • - ==
  • - !=
To use this query parameter, you must also include a valid time range using the entryTime query parameter.
objectName
String
Name of the object acted upon.
You can use the following operators:
  • - ==
  • - !=
To use this query parameter, you must also include a valid time range using the entryTime query parameter.
skip
Int
Number of records to skip.
To use this query parameter, you must also include a valid time range using the entryTime query parameter.
Default is 0.
limit
Int
Number of entries to include in the response.
You can specify a minimum of 100 and maximum of 1000.
Default is 200.

GET response

Returns a securityLogEntry object for each security log entry returned. Returns the error object if errors occur.
The securityLogEntry object includes the following attributes:
Field
Type
Description
id
String
Security log entry ID.
orgId
String
Organization ID.
actor
String
User who performed the action.
entryTime
Timestamp
Time the action occurred.
objectId
String
ID of the object used.
objectName
String
Name of the object used.
actionCategory
String
Category of security log entry. Returns one of the following codes:
  • - Authentication
  • - Organization
  • - Sub-organization
  • - User
  • - Group
  • - Role
  • - Privilege
  • - Agent
  • - Privilege-Category
  • - Preference
actionEvent
String
Type of action performed. Returns one of the following codes:
  • - CREATE
  • - UPDATE
  • - DELETE
  • - DISABLE
  • - AGENT_LOGIN
  • - USER_LOGIN
  • - LOGOUT
  • - PASSWORD_RESET

GET example

To view entries for the actions that the user "admin" performed on July 26, 2019 between 8:00AM and 5:00PM, you might use the following URI:
GET <baseApiUrl>/public/core/v3/securityLog?q=entryTime>="2019-07-26T08:00:00.000Z";entryTime<="2019-07-26T17:00:00.000Z";actor=='admin'
Content-Type: application/json
Accept: application/json
INFA-SESSION-ID: <sessionId>
The response might look similar to the following example:
{
"entries": [
{
"id": "1AoqT9lYsrUhu7kl49kGsx",
"orgId": "9l10ywsSnqadMx1NtEEbKT",
"actor": "admin",
"entryTime": "2019-07-23T22:28:07.000Z",
"objectId": "9l10ywsSnqadMx1NtEEbKT",
"objectName": "idsv3_org_1563920884151",
"actionCategory": "Organization",
"actionEvent": "CREATE"
},
{
"id": "595EZai5YqFi6X8GIpVVu0",
"orgId": "9l10ywsSnqadMx1NtEEbKT",
"actor": "admin",
"entryTime": "2019-07-23T22:28:13.000Z",
"objectId": "9pieratUfEWkhFHnzY1r49",
"objectName": "idsv3_user_1563920884151",
"actionCategory": "User",
"actionEvent": "CREATE"
}
]
}