Cloud Administration Retrieve Authentication Audit Logs API Cloud Administration Retrieve Authentication Audit Logs API
The Cloud Administration Retrieve Authentication Audit Logs API enables Help Desk administrators to retrieve authentication audit logs for a specific user for the 100 most recent events sorted in descending order by event time. The API filters by event code and specified date range. Pagination is not supported.
AuthenticationAuthentication
Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration REST APIs.
Administrative RolesAdministrative Roles
This API can use an API key that is associated with either the Super Administrator or Help Desk Administrator role. For more information, see Manage the Cloud Administration REST API Keys.
Software Developer KitSoftware Developer Kit
You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.
Request RequirementsRequest Requirements
Use the following information to retrieve authentication audit logs for a specific user. The <userId> parameter is a unique user identifier that is sent in the response to the SecurID User Details API.
| Method | Request URL | Response Content Type | Response Codes |
|---|---|---|---|
| GET |
/AdminInterface/restapi/v1/users/ <userId>/authlogs/ |
application/json | 200, 400, 403, 404, 500 |
Resource IdentifiersResource Identifiers
The following table describes resource identifiers for the Retrieve Authentication Audit Logs API.
Note: The request query parameter values may contain reserve characters that need to be URL encoded. Otherwise, the server may send a 400 Bad Request error. For example, the ISO 8601 Date and Time format may contain the + character if the specific time zone has an offset from UTC, such as+05:30. The + character needs to be encoded as %2B.
| Property | Description | Type |
|---|---|---|
| <userId> | Identifies the user. | String |
| eventCode |
(Optional) User event code. Limits results to events with the specified eventCode value. For more information, see User Event Monitor Messages for the Cloud Authentication Service. |
Integer |
| startTimeAfter | (Optional) Limits results to events that occurred after the specified date. Must be before endTimeOnOrBefore if that is also specified. |
ISO 8601 Date Time See https://www.w3.org/TR/NOTE-datetime for information on ISO 8601 format. |
| endTimeOnOrBefore | (Optional) Limits results to events that occurred before or on the specified date. Must be after startTimeAfter if that is also specified. |
ISO 8601 Date Time See https://www.w3.org/TR/NOTE-datetime for information on ISO 8601 format.. |
Example Request DataExample Request Data
The following example displays a request.
GET http://localhost:8886/AdminInterface/restapi/v1/users/a780e57f-98e7-4303-9ce4-34afed539928/authlogs?
startTimeAfter=2018-11-08T22:44:00.000Z&endTimeOnOrBefore=2018-11-10T22:44:00.000Z&eventCode=902
Authorization: Bearer <JWT token>
Example Response DataExample Response Data
The following example displays a response when the request succeeds.
[
{
"eventId": "9a6772f1-d80c-4b6f-8841-c0f32521a534",
"eventLogDate": "2018-11-09T15:54:44.000Z",
"eventType": "user",
"eventLevel": "error",
"eventCategory": "Authentication",
"customerName": "mycompanyname",
"user": "mabbott",
"sourceIPAddress": "191.237.22.167",
"eventCode": "902",
"eventDescription": "Portal logon failed - Authentication failed.",
"application": "Portal",
"method": "password",
"deviceName": "null",
"authenticationDetails": null,
"assuranceLevel": null
}
]
Response Property DescriptionsResponse Property Descriptions
The following table shows API response data.
| Property | Description | Type |
|---|---|---|
| eventId | The user event log. | String |
| eventLogDate |
Date/time of user event log, in Universal Time Coordinated (UTC) time. Example: 2018-05-13T16:29:59.000Z See https://www.w3.org/TR/NOTE-datetime for information on ISO 8601 format. |
ISO 8601 Date Time |
| eventType | Set to user. | String |
| eventLevel |
Event log level values are:
|
String |
| eventCategory | Authentication or Device Management. | String |
| customerName | Specified in the Cloud Administration Console on the Company Settings page. | String |
| user | User identifier. | String |
| sourceIPAddress | IP address of the user who generated the event. | IP Address |
| eventCode | User event code. For more information, see User Event Monitor Messages for the Cloud Authentication Service. |
Integer |
| eventDescription | User event description. | String |
| application | Application authenticated. | String |
| method | Authentication method. | Integer |
| deviceName | Authentication device name. | String |
| authenticationDetails | Authentication details. | String |
| assuranceLevel | Authentication assurance level. | String |
Response CodesResponse Codes
The API returns the following response codes.
| Code | Description |
|---|---|
| 200 | Authentication logs are successfully found. |
| 400 |
Operation is not performed. One of the following messages is returned:
|
| 403 | Not authorized to perform the request. |
| 404 | User ID is not found. |
| 429 | Too many requests. |
| 500 | Internal error occurred when processing the request. |
