RSA SecurID Access Retrieve Authentication Audit Logs API

Document created by RSA Information Design and Development on Nov 16, 2018
Version 1Show Document
  • View in full screen mode

The RSA SecurID Access Retrieve Authentication Audit Logs API enables Help Desk administrators to retrieve authentication audit logs for a specific user for the 100 most recent events sorted in descending order by event time. Filtering by event code is supported. Pagination is not supported.

Authentication

Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration REST APIs .

Software Developer Kit

You can download the API Software Developer Kit (SDK) from RSA SecurID Access Administration REST API Download.

Request Requirements

Use the following information to retrieve authentication audit logs for a specific user. The <userId> parameter is a unique user identifier that is sent in the response to the RSA SecurID Access User Details API .

                     
MethodRequest URLResponse Content TypeResponse Codes
GET /AdminInterface/restapi/v1/users/
<userId>/authlogs/
application/json200, 400, 403, 404, 500

Request Parameter

The Retrieve Authentication Audit Logs API allows the following optional parameter.

                  
NameDescriptionType

eventCode

User event code.

For more information, see User Event Monitor Messages for the Cloud Authentication Service.

Integer

Example Request Data

The following example displays a request.

GET https://localhost/AdminInterface/restapi/v1/users/<userId>/authlogs

Authorization: Bearer <JWT token>

Example Response Data

The following example displays a response when the request succeeds.

[

{

"eventId": "9a6772f1-d80c-4b6f-8841-c0f32521a534",

"eventLogDate": "2018-10-08T15:54:44.000Z",

"eventType": "user",

"eventLevel": "error",

"eventCategory": "Authentication",

"customerName": "mycompanyname",

"user": "mabbott",

"sourceIPAddress": "191.237.22.167",

"eventCode": "902",

"eventDescription": "Portal logon failed - Authentication failed.",

"application": "Portal",

"method": "password",

"deviceName": "John Doe's device",

"authenticationDetails": null,

"assuranceLevel": null

}

]

Property Response Descriptions

The following table shows API response data.

                                                                                        
PropertyDescriptionType
eventIdIdentifies the user event log.String
eventLogDate

Date/time of user event log, in Universal Time Coordinated (UTC) timezone. Example: 2018-05-13T16:29:59.000Z
See https://www.w3.org/TR/NOTE-datetime

for information on formatting timestamps in ISO 8601 format.

String
eventType The event type is set to user. Event log level values are notice and error.String
eventLevel
  • notice: Activity is successfully completed.
  • error: Activity completed with an error.
String
eventCategoryAuthentication or Device Management.String
customerNameSpecified in the Cloud Administration Console on the Company Settings page.String
userUser identifier.String
sourceIPAddressIP address of the user who generated the event.String
eventCodeUser event code.

For more information, see User Event Monitor Messages for the Cloud Authentication Service.

String
eventDescriptionUser event description.String
applicationApplication authenticated.String
methodAuthentication method.String
deviceNameAuthentication device name.String
authenticationDetailsAuthentication details.String
assuranceLevelAuthentication assurance level.String

Response Codes

The API returns the following response codes.

                               
CodeDescription
200Authentication logs are successfully found.
400Invalid User ID.
403Not authorized to perform the request.
404User ID is not found.
500Internal error occurred when processing the request.

 

 

 

You are here
Table of Contents > Cloud Administration REST APIs > RSA SecurID Access Retrieve Authentication Audit Logs API

Attachments

    Outcomes