LogoLogo
User GuideDeveloper DocumentationIntegrationsRelease Notes
  • ๐Ÿ Veza Documentation
  • โ˜‘๏ธGetting Started
  • ๐Ÿ“–Veza Glossary
  • โ“Product FAQ
  • ๐Ÿ›ก๏ธSecurity FAQ
    • Advanced Security FAQ
  • Release Notes
    • ๐Ÿ—’๏ธRelease Notes
      • Release Notes: 2025-05-14
      • Release Notes: 2025-04-30
      • Release Notes: 2025-04-16
      • Release Notes: 2025-04-02
      • Release Notes: 2025-03-19
      • Archive
        • 2024.9.23
        • 2024.9.16
        • 2024.9.9
        • 2024.9.2
        • 2024.8.26
        • 2024.8.19
        • 2024.8.12
        • 2024.8.5
        • 2024.7.29
        • 2024.7.22
        • 2024.7.15
        • 2024.7.1
        • 2024.6.24
        • 2024.6.17
        • 2024.6.10
        • 2024.6.3
        • 2024.5.27
        • 2024.5.20
        • 2024.5.13
        • 2024.5.6
        • 2024.4.29
        • 2024.4.22
        • 2024.4.15
        • 2024.4.8
        • 2024.4.1
        • 2024.3.25
        • 2024.3.18
        • 2024.3.11
        • 2024.3.4
        • 2024.2.26
        • 2024.2.19
        • 2024.2.12
        • 2024.2.5
        • 2024.1.29
        • 2024.1.22
        • 2024.1.15
        • 2024.1.8
        • 2024.1.1
        • 2023.12.18
        • 2023.12.11
        • 2023.12.4
        • 2023.11.27
        • 2023.11.20
        • 2023.11.13
        • 2023.11.6
        • 2023.10.30
        • 2023.10.23
        • 2023.10.16
        • 2023.10.9
        • 2023.10.2
        • 2023.9.25
        • 2023.9.18
        • 2023.9.11
        • 2023.9.4
        • 2023.8.28
        • 2023.8.21
        • 2023.8.14
        • 2023.8.7
        • 2023.7.31
        • 2023.7.24
        • 2023.7.17
        • 2023.7.10
        • 2023.7.3
        • 2023.6.26
        • 2023.6.19
        • 2023.6.12
        • 2023.6.5
        • 2023.5.29
        • 2023.5.22
        • 2023.5.15
        • 2023.5.8
        • 2023.5.1
        • 2023.4.24
        • 2023.4.17
        • 2023.4.10
        • 2023.4.3
        • 2023.3.27
        • 2023.3.20
        • 2023.3.13
        • 2023.3.6
        • 2023.2.27
        • 2023.2.20
        • 2023.2.13
        • 2023.2.6
        • 2023.1.30
        • 2023.1.23
        • 2023.1.16
        • 2023.1.9
        • 2023.1.2
        • 2022.12.12
        • 2022.12.5
        • 2022.11.28
        • 2022.11.14
        • 2022.11.7
        • 2022.10.31
        • 2022.10.24
        • 2022.10.17
        • 2022.10.1
        • 2022.6.2
        • 2022.6.1
        • 2022.5.1
        • 2022.4.1
        • 2022.3.1
  • Features
    • ๐Ÿ”ŽAccess Visibility
      • Graph
      • Query Builder
      • Saved Queries
      • Filters
      • Query Mode
      • Intermediate Entities
      • Regular Expressions
      • Tags
      • Tagged Entity Search
      • Assumed AWS IAM Roles
      • Veza Query Language
        • Quick Start
        • Syntax
        • VQL API
    • ๐Ÿ’กAccess Intelligence
      • Overview
      • Dashboards
        • Reports
        • Scheduled Exports of Query Results via a Secure Email Link
      • Risks
      • Analyze
      • Compare
      • Rules and Alerts
      • Entities
      • NHI Identify Classification Logic
      • NHI Secrets
    • ๐Ÿ”Access Reviews
      • Get Started: Access Reviewers
      • Get Started: Review Operators
      • Access Review Tasks
        • Assign Reviewers
        • Create a Configuration
        • Create a Review
        • Draft Reviews
        • Edit a Configuration
        • Filters and Bulk Actions
        • Manage Access Reviews
        • Using the Reviewer Interface
        • Row Grouping for Access Reviews
        • Schedule an Access Review
      • Access Review Configuration
        • Access Reviews Query Builder
        • Access Reviews Global Settings
        • Configuring a Global Identity Provider
          • Alternate Manager Lookup
        • Customizing Default Columns
        • Email Notifications and Reminders
        • Identity Provider and HRIS Enrichment
        • Entity Owners and Resource Manager Tags
        • Multi-Level Review
        • 1-Step Access Reviews
        • On-Demand Reviews
        • Veza Actions for Access Reviews
        • Review Intelligence Policies
        • Review Presentation Options
        • Reviewer Selection Methods
        • Reviewer Digest Notifications
      • Access Review Scenarios
        • Access Reviews: Active Directory Security Groups
        • Access Reviews: Okta App Assignments
        • Access Reviews: Okta Group Membership
        • Access Reviews: Okta Admin Roles
        • Access Reviews: Azure AD Roles
        • Access Reviews with Saved Queries
        • Source-Only Access Reviews
    • ๐Ÿ“ŠAccess Monitoring
    • ๐Ÿ”„Lifecycle Management
      • Implementation and Core Concepts
      • Access Profiles
      • Policies
      • Conditions and Actions
      • Attribute Sync and Transformers
        • Lookup Tables
      • Integrations
        • Active Directory
        • Exchange Server
        • Okta
        • Salesforce
        • Workday
    • โš–๏ธSeparation of Duties (SoD)
      • Managing SoD Risks with Veza
      • Creating SoD Detection Queries
      • Analyzing Separation of Duties Query Results
      • Example Separation of Duties Queries
      • SoD Manager Assignment
      • Access Reviews for SoD
  • Integrations
    • โœจVeza Integrations
      • Adobe Enterprise
      • Amazon Web Services
        • Add Existing AWS Accounts
        • Automatically Add New AWS Accounts
        • AWS DynamoDB
        • AWS KMS
        • AWS RDS MySQL
        • AWS RDS PostgreSQL
        • AWS Redshift
        • Activity Monitoring for AWS
        • Using AWS Secrets Manager for RDS Extraction
        • Notes & Supported Entities
      • Anaplan
      • Atlassian Cloud Products
      • Auth0
      • BambooHR
      • Bitbucket Data Center
      • BlackLine
      • Beeline
      • Boomi
      • Box
      • Bullhorn
      • Cassandra
      • Cisco Duo
      • Clickhouse
      • Concur
      • Confluence Server
      • Confluent
      • Coupa
      • Coupa Contingent Workforce
      • Crowdstrike Falcon
      • CSV Upload
        • CSV Upload Examples
        • CSV Upload Troubleshooting
        • CSV Upload API
      • Databricks (Single Workspace)
      • Databricks (Unity Catalog)
      • Delinea Secret Server
      • Device42
      • DocuSign
      • Dropbox
      • Egnyte
      • Expensify
      • Exchange Online (Microsoft 365)
      • Fastly
      • Google Cloud
        • Check Google Cloud Permissions
        • Notes & Supported Entities
      • Google Drive
      • GitHub
      • GitLab
      • HashiCorp Vault
      • HiBob
      • Hubspot
      • IBM Aspera
      • iManage
      • Ivanti Neurons
      • Jamf Pro
      • Jenkins
      • JFrog Artifactory
      • Jira Data Center
      • Kubernetes
      • LastPass
      • Looker
      • MongoDB
      • Microsoft Active Directory
      • Microsoft Azure
        • Azure SQL Database
        • Azure PostgreSQL Database
        • Microsoft Dynamics 365 CRM
        • Microsoft Dynamics 365 ERP
        • Notes & Supported Entities
      • Microsoft Azure AD
      • Microsoft SharePoint Online
      • Microsoft SharePoint Server
      • Microsoft SQL Server
      • MuleSoft
      • MySQL
      • NetSuite
      • New Relic
      • Okta
        • Okta MFA status
      • OneLogin
      • OpenAI
      • Oracle Cloud Infrastructure
      • Oracle Database
      • Oracle Database (AWS RDS)
      • Oracle E-Business Suite (EBS)
      • Oracle EPM
      • Oracle Fusion Cloud
      • Oracle JD Edwards EnterpriseOne
      • PagerDuty
      • Palo Alto Networks SASE/Prisma Access
      • PingOne
      • PostgreSQL
      • Power BI
      • Privacera
      • PTC Windchill
      • Qualys
      • QNXT
      • Ramp
      • Redis Cloud
      • Rollbar
      • Salesforce
      • Salesforce Commerce Cloud
      • SCIM integration
      • ServiceNow
      • Slack
      • Smartsheet
      • Snowflake
        • Snowflake Native Application
        • Snowflake Row Access Policies
        • Snowflake Masking Policies
        • Exporting Saved Query Results to Snowflake
        • Audit Log Export
        • Event Export
      • Solarwinds
      • Spotio
      • Sumo Logic
      • Tableau Cloud
      • Teleport
      • Terraform
      • ThoughtSpot
      • Trello
      • Trino (PrestoSQL)
      • UKGPro
      • Veza
      • Windows Server
        • Enterprise Deployment
      • Workato
      • Workday
      • YouTrack
      • Zendesk
      • Zip
      • Zoom
      • Zscaler
      • 1Password
    • ๐ŸŽฏIntegrations Overview
    • โš ๏ธPrerequisites and Connectivity
      • Insight Point
        • Deploying an Insight Point using the install script
        • Deploy with AWS EC2
        • Deploy with Virtual Appliance
          • Deploy with Virtual Appliance (Legacy)
        • Deploy with Azure Container Instances
        • Insight Point (Helm Chart)
      • Certificates with OpenSSL
    • โš™๏ธConfiguring Integrations
      • Integrations FAQ
      • Extraction and Discovery Intervals
      • Custom Identity Mappings
      • Limiting Extractions
      • Enrichment Rules
      • โ„น๏ธRunning Veza Scripts with Python
  • Administration
    • ๐Ÿ› ๏ธVeza Administration
      • Securing Your Veza Tenant
      • Veza Actions
        • Slack
        • ServiceNow
        • Jira
        • Webhooks
      • Virtual Private Veza
      • System Events
      • Sign-In Settings
        • Single Sign-On with Okta
        • Single Sign-On with Okta (OIDC)
        • Single Sign-On with Microsoft Entra
      • User Management
        • Multi-factor Authentication
        • Team Management
        • Support User Access
  • Developers
    • ๐ŸŒVeza APIs
      • Authentication
      • Troubleshooting
      • Pagination
      • Open Authorization API
        • Getting Started
        • Core Concepts
          • Connector Requirements
          • Using OAA Templates
          • Providers, Data Sources, Names and Types
          • Sourcing and Extracting Metadata
          • Naming and Identifying OAA Entities
          • Modeling Users, Permissions, and Roles
          • Custom Properties
          • Tagging with OAA
          • Cross Service IdP Connections
          • Incremental Updates
        • OAA Push API
          • OAA Operations
        • OAA Templates
          • Custom Application
          • Custom Identity Provider
          • Custom HRIS Provider
        • OAA .NET SDK
          • C# OAA Application Connector
        • OAA Python SDK
          • Application Outline
          • oaaclient modules
            • Client
            • Structures
            • Templates
            • Utils
        • Sample Apps
        • Example Connectors
      • Integration APIs
        • Enable/Disable Providers
        • Cloud Platforms and Data Providers
        • Identity Providers
        • Data Sources
        • Sync and Parse Status
      • Query APIs
        • Quick Start
        • Query Builder Terminology
        • Query Builder Parameters
        • Query Builder Results
        • List saved queries
        • Save a query
        • Get a saved query
        • Update a query
        • Delete a query
        • Get query node destinations
        • Get query nodes
        • Get query result
        • Get query spec node destinations
        • Get query spec nodes
        • Get query spec results
        • Private APIs
          • Get Access Relationship
          • Role Existence
          • Role Maintenance
          • Cohort Role Analysis
        • Tags
          • Create, Add, Remove Tag
          • Promoted Tags
      • Access Reviews APIs
        • Workflow Parameters Reference
        • List Workflows
        • List Certifications
        • List Certification Results
        • Update Certification Result
        • Force Update Result
        • Update Webhook Info
        • Get Certification Result
        • Manage Reviewer Deny List
        • Quick Filters
        • Help Page Templates
        • Smart Action Definitions
        • Delegate Reviewers
        • List Reviewer Infos
        • Get Access Graph
        • Automations API
        • Global Settings APIs
      • System Audit Logs
      • System Events
      • Notification Templates
        • Notification Templates API
      • Team and User Management APIs
        • Team API Keys
      • SCIM Provisioning
        • SCIM API Reference
        • SCIM Provisioning with Okta
  • Product Updates
    • ๐Ÿ†•Product Updates
      • Product Update: March'25
      • Product Update: February'25
      • UX Update - Integration Management
      • Product Update: January'25
      • Product Update: December'24
      • Product Update: November'24
      • Product Update: October'24
      • Product Update: September'24
      • Product Update: August'24
      • UX Update: Veza Integrations
      • Product Update: July'24
      • Product Update: June'24
      • Product Update: May'24
      • Product Update: April'24
      • UX Update - Enhanced Reviewer Experience for Veza Access Reviews
      • Product Update: March'24
      • Product Update: February'24
      • Design Update: February'24
      • UX Update - New Navigation Experience
      • UX Update - Access Review Dashboards
      • Building Vezaโ€™s Platform and Products
      • Veza Product Update - Jan'24
      • Veza Product Update - 2H 2023
      • Veza Product Update - December'23
      • Veza Product Update - November'23
      • Veza Product Update - October'23
      • Veza Product Update - September'23
      • Veza Product Update - August'23
      • Veza Product Update - July'23
      • Veza Product Update - June'23
      • Veza Product Update - May'23
      • Veza Product Update - April'23
      • Veza Product Update - March'23
      • Veza Product Update - Feb'23
      • Veza Product Update - Jan'23
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Developers
  2. Veza APIs

System Events

Get Veza platform events, including notifications and integration logs.

PreviousSystem Audit LogsNextNotification Templates

Last updated 1 year ago

Was this helpful?

Operation
Syntax

GET /api/preview/events

GET /api/preview/events/export

Event objects represent Veza platform activity, including integration parsing, notification activity, and user logins. You can list events that match a filter (such as a category or severity), or export a continuous list for integration with an external monitoring system,

For logging Veza API activity, see .

List events

Returns an array of Veza platform events. If a filter is specified, the endpoint only returns events matching the SCIM filter expression. This can get events with a matching category or severity, for example:

GET /api/preview/events?page_size=10&filter=category+eq+"INTEGRATIONS"+and+timestamp+ge+"2023-04-17T22:29:22.440Z"

Export events

Returns a paginated list of platform events, intended for exporting a continuous log into an external system.

The export endpoint can return the error code ResourceExhaused. When encountered, wait for one minute before retrying the request.

To capture events when they become available without skipping any entries, first make call with a persisted_at GE "TIMESTAMP" filter:

curl -X GET "$VEZA_URL/api/preview/events/export?filter=persisted_at+GE+%222023-09-14T23:59:59.999999999Z%22&page_size=5" \
-H "authorization: Bearer $VEZA_TOKEN"

Use the next_page_token in the response to continuously call the next page:

curl -X GET "$VEZA_URL/api/preview/events/export?page_token=eyJMaXNfQ==" \
-H "authorization: Bearer $VEZA_TOKEN"

Example response:

{
  "events": [
    {
      "id": "e1560da1-bb88-4ef0-8d7f-e220fa2b33ca",
      "timestamp": "2023-09-21T12:41:27.111852371Z",
      "category": "INTEGRATIONS",
      "severity": "WARNING",
      "name": "OAA push",
      "message": "OAA data source pushed \"VEZAFILESERVER\"",
      "entity": "DATASOURCE",
      "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2",
      "error": {
        "reason": "OAA_PUSH_WARNINGS",
        "metadata": {
          "0": "Cannot find identity by names (values: CN=Domain Admins,CN=Users,DC=evergreentrucks,DC=local)",
          "1": "Cannot find identity by names (values: CN=Domain Users,CN=Users,DC=evergreentrucks,DC=local)",
          "2": "Empty permissions field",
          "3": "Empty identity_to_permissions field"
        },
        "message": "OAA push had warnings.",
        "resolution": "Address the warnings and push the datasource again.",
        "request_id": "be920721634911577b8223f36f06ff1e"
      },
      "entity_name": "VEZAFILESERVER",
      "event_type": "OAA push",
      "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac"
    },
    {
      "id": "ee79c82d-4574-42d9-840a-7fa5c32e8c37",
      "timestamp": "2023-09-21T12:42:16.300711343Z",
      "category": "INTEGRATIONS",
      "severity": "INFO",
      "name": "Data Source extracted",
      "message": "\"VEZAFILESERVER\" Data Source extracted (0s)",
      "entity": "DATASOURCE",
      "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2",
      "error": null,
      "entity_name": "VEZAFILESERVER",
      "event_type": "Data Source extracted",
      "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac"
    }
  ],
  "next_page_token": "eyJMaXN0SW5wdXQiOnsiQ2F0ZWdvcnkiOjAsIlNldmVyaXR5IjowLCJTdGFydFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVuZFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVudGl0eUlEIjoiIiwiUHJvdmlkZXJJRCI6IiIsIkV2ZW50VHlwZSI6MCwiUGVyc2lzdGVkQXRHZSI6IjIwMjMtMDktMjFUMTI6NDI6MjAuOTc4MjA0MDA5WiIsIlBhZ2luYXRpb25MYXN0SUQiOiJlZTc5YzgyZC00NTc0LTQyZDktODQwYS03ZmE1YzMyZThjMzciLCJQYWdlU2l6ZSI6NSwiT3JkZXIiOjB9fQ=="
}

Veza event schema

Field
Description
Example Value

id

Unique identifier for the event

d95ccc9c-9051-4ef7-9147-124a16409baa

timestamp

Timestamp when the event occurred

2023-05-18T14:23:35.151842912Z

category

Category of the event

SYSTEM, INTEGRATIONS, RULE, TAG, NOTIFICATION

severity

Severity level of the event

INFO, WARNING, ERROR

name

Title of the event

Tagging request failed

message

Descriptive message for the event

Tagging request failed for node test1

provider_id

Provider data source unique identifier

e88f5d72-6f79-41d1-99e3-8777e1727311

entity

Type of entity related to the event

DATASOURCE, PROVIDER, RULE, TAG, NOTIFICATION

entity_id

Unique identifier for the entity

e88f5d72-6f79-41d1-99e3-8777e1727311

entity_name

Name of entity related to the event

SYSTEM_resource_managers:500008

error

Error details

See "error object structure"

event_type

Type or category of the event

Tagging request failed

Error object structure:

  • message: Error message

  • metadata: Additional metadata for the failed request.

  • reason: Reason for the error

  • resolution: Details to prevent the error

  • request_id: Unique identifier for the failed request

Event types

Veza events will have one of the following event types:

  • OUTDATED_AWS_EXTRACTION_POLICY

  • DATASOURCE_PARSED

  • DATASOURCE_EXTRACTED

  • DATASOURCE_REGISTERED

  • DATASOURCE_REMOVED

  • DISCOVERY_FAILED

  • DISCOVERY_SUCCESS

  • OAA_PUSH

  • RULE_NOTIFICATION_FAILED

  • TAGGING_REQUEST_FAILED

  • EMAIL_NOTIFICATION

  • USER_LOGIN

  • USER_LOGOUT

  • USER_CREATED

  • USER_DELETED

  • USER_EMAIL_UPDATED

  • USER_ROLES_UPDATED

  • USER_ENABLED

  • USER_DISABLED

  • USER_PASSWORD_FORCED_RESET

  • API_KEY_CREATED

  • API_KEY_UPDATED

  • API_KEY_DELETED

  • API_KEY_REVOKED

  • API_KEY_REINSTATED

Event retention

Veza retains system events for one month. When requesting events outside that range, the response will have a field error message indicating the oldest valid timestamp:

{
  "field": "filter.start_time",
  "description": "Must be after or equal to 2023-05-13T21:39:21Z"
}

Pagination

Responses will contain a next_page_token when more events are available. Include this page_token in the request query to get the next batch of results.

If no page size is specified, the default is 1,000. The maximum page size is currently 10,000 records.

๐ŸŒ
List Events
Export Events
Audit Log API
get
Authorizations
Query parameters
filterstringOptional

Available filters: timestamp (ge, lt), category (eq), severity (eq), entity_id (eq), event_type (eq), provider_id (eq)

page_sizeinteger ยท int32Optional
page_tokenstringOptional
Responses
200
A successful response.
application/json
401
Authorization information is missing or invalid.
403
Returned when the user does not have permission to access the resource.
application/json
404
Returned when the resource does not exist.
500
Server error
502
Returned when the service is temporarily unavailable.
503
Returned when the resource is temporarily unavailable.
get
GET /api/preview/events HTTP/1.1
Host: 
Bearer: YOUR_API_KEY
Accept: */*
{
  "next_page_token": "text",
  "events": [
    {
      "id": "text",
      "timestamp": "2025-05-28T04:54:37.222Z",
      "category": "UNKNOWN",
      "severity": "UNKNOWN",
      "name": "text",
      "message": "text",
      "entity": "UNKNOWN_ENTITY",
      "entity_id": "text",
      "error": {
        "reason": "UNKNOWN",
        "metadata": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "message": "text",
        "resolution": "text",
        "request_id": "text"
      },
      "entity_name": "text",
      "event_type": "text",
      "provider_id": "text"
    }
  ]
}
get
Authorizations
Query parameters
filterstringOptional

persisted_at (GE)

page_sizeinteger ยท int32Optional
page_tokenstringOptional
Responses
200
A successful response.
application/json
401
Authorization information is missing or invalid.
403
Returned when the user does not have permission to access the resource.
application/json
404
Returned when the resource does not exist.
500
Server error
502
Returned when the service is temporarily unavailable.
503
Returned when the resource is temporarily unavailable.
get
GET /api/preview/events/export HTTP/1.1
Host: 
Bearer: YOUR_API_KEY
Accept: */*
{
  "events": [
    {
      "id": "text",
      "timestamp": "2025-05-28T04:54:37.222Z",
      "category": "UNKNOWN",
      "severity": "UNKNOWN",
      "name": "text",
      "message": "text",
      "entity": "UNKNOWN_ENTITY",
      "entity_id": "text",
      "error": {
        "reason": "UNKNOWN",
        "metadata": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "message": "text",
        "resolution": "text",
        "request_id": "text"
      },
      "entity_name": "text",
      "event_type": "text",
      "provider_id": "text"
    }
  ],
  "next_page_token": "text"
}
  • GET/api/preview/events
  • GET/api/preview/events/export