search
Release Notes

System Audit Logs

Endpoints for monitoring Veza user activity

Operation
Syntax

List audit events

GET /api/preview/system/audit

Export audit events

GET /api/preview/system/audit/export

Audit Logs record every API call, providing a record of actions conducted within Veza. Depending on your use case, you can export a continuous list of events, or get events matching a filter in chronological order. Developers, administrators, and security teams can use these requests to:

  • Integrate Veza with an SIEM platform or other auditing tools

  • Detect potential inappropriate access or usage

  • Get insight into how users are interacting with the Veza platform

See Audit events for more details about the audit event object.

hashtag
Pagination

Responses will include a next_page_token. Use this page_token in the request query to get the next batch of results.

Setting a page size is required for requests. The maximum page size is currently 10,000 records.

hashtag
List audit events

get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters
filterstringOptional
page_sizeinteger · int32Optional
page_tokenstringOptional
Responses
chevron-right
200

OK

application/json
next_page_tokenstringOptional
get
/api/preview/system/audit

This endpoint supports filtering by ended_at timestamp, method, user_id, and url. Results are ordered by time completed.

A timestamp filter is always required. The API allows querying events for up to 90 days in the past.

Example:

hashtag
Export audit events

Returns a paginated list of events, intended for exporting entries into an external log management system.

get
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters
filterstringOptional
page_sizeinteger · int32Optional
page_tokenstringOptional
Responses
chevron-right
200

OK

application/json
next_page_tokenstringOptional
get
/api/preview/system/audit/export

To ingest events as they become available without skipping any entries, first make call with a persisted_at GE "TIMESTAMP" filter. Then, continuously call the next page. The export endpoint can return the error code ResourceExhaused. If encountered, clients should wait for a minute before retrying the request.

Example:

circle-info

Question: If a customer includes the persisted_at timestamp hard-coded in a script, and Veza only exports events for 1 month, what happens after a month?

Answer: The persisted_at parameter is ignored if you send a page_token in the API call. It won’t matter if the date is more than 90 or 30 days in the past.

hashtag
Audit events

An event describes an API-level action, including the IP address and user agent of the caller. Requests can originate from user sessions, or from applications using API keys. The following is a sample event for a successful API key generation:

hashtag
Identity

Field
Description

user_id

Unique user identifier.

session_id

Unique session identifier.

api_key_id

Unique identifier of an API key.

email

User email address.

hashtag
Status

Field
Description

grpc_code

gRPC code indicating request status.

http_status

HTTP status code of the response.

error_reason

Details about a bad request.

hashtag
Client

Field
Description

ip

Client IP address.

user_agent

Client user agent string.

hashtag
Event

Field
Description

endpoint

The API endpoint that was accessed.

method

The HTTP method used for the request.

url

The URL of the request.

request_id

The unique identifier for the request.

request

The contents of the API request.

response

Excerpt of the API response.

started_at

RFC 3339 timestamp when the event started.

ended_at

RFC 3339 timestamp when the event ended.

  • request and response both only contain some whitelisted fields. Due to size limitations, the entire message is not recorded.

PreviousAlternate Reviewer SettingsNextSystem Events

Last updated

Was this helpful?