# System Events | Operation | Syntax | | ------------------------------- | ------------------------------ | | [List Events](#list-events) | GET /api/preview/events | | [Export Events](#export-events) | GET /api/preview/events/export | Event objects represent Veza platform activity, including integration parsing, notification activity, and user logins. You can list events that match a filter (such as a category or severity), or export a continuous list for integration with an external monitoring system, For logging Veza API activity, see [Audit Log API](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/audit-logs). #### List events Returns an array of Veza platform `events`. If a `filter` is specified, the endpoint only returns events matching the SCIM filter expression. This can get events with a matching category or severity, for example: `GET /api/preview/events?page_size=10&filter=category+eq+"INTEGRATIONS"+and+timestamp+ge+"2023-04-17T22:29:22.440Z"` {% openapi src="" path="/api/preview/events" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-78f548f68894fbfb26b0fd9627c7e562be046dfa%2Fopenapi.yaml?alt=media) {% endopenapi %} #### Export events Returns a paginated list of platform events, intended for exporting a continuous log into an external system. The export endpoint can return the error code `ResourceExhaused`. When encountered, wait for one minute before retrying the request. {% openapi src="" path="/api/preview/events/export" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-78f548f68894fbfb26b0fd9627c7e562be046dfa%2Fopenapi.yaml?alt=media) {% endopenapi %} To capture events when they become available without skipping any entries, first make call with a `persisted_at GE "TIMESTAMP"` filter: ```shell curl -X GET "$VEZA_URL/api/preview/events/export?filter=persisted_at+GE+%222023-09-14T23:59:59.999999999Z%22&page_size=5" \ -H "authorization: Bearer $VEZA_TOKEN" ``` Use the `next_page_token` in the response to continuously call the next page: ```shell curl -X GET "$VEZA_URL/api/preview/events/export?page_token=eyJMaXNfQ==" \ -H "authorization: Bearer $VEZA_TOKEN" ``` Example response: ```json { "events": [ { "id": "e1560da1-bb88-4ef0-8d7f-e220fa2b33ca", "timestamp": "2023-09-21T12:41:27.111852371Z", "category": "INTEGRATIONS", "severity": "WARNING", "name": "OAA push", "message": "OAA data source pushed \"VEZAFILESERVER\"", "entity": "DATASOURCE", "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2", "error": { "reason": "OAA_PUSH_WARNINGS", "metadata": { "0": "Cannot find identity by names (values: CN=Domain Admins,CN=Users,DC=evergreentrucks,DC=local)", "1": "Cannot find identity by names (values: CN=Domain Users,CN=Users,DC=evergreentrucks,DC=local)", "2": "Empty permissions field", "3": "Empty identity_to_permissions field" }, "message": "OAA push had warnings.", "resolution": "Address the warnings and push the datasource again.", "request_id": "be920721634911577b8223f36f06ff1e" }, "entity_name": "VEZAFILESERVER", "event_type": "OAA push", "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac" }, { "id": "ee79c82d-4574-42d9-840a-7fa5c32e8c37", "timestamp": "2023-09-21T12:42:16.300711343Z", "category": "INTEGRATIONS", "severity": "INFO", "name": "Data Source extracted", "message": "\"VEZAFILESERVER\" Data Source extracted (0s)", "entity": "DATASOURCE", "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2", "error": null, "entity_name": "VEZAFILESERVER", "event_type": "Data Source extracted", "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac" } ], "next_page_token": "eyJMaXN0SW5wdXQiOnsiQ2F0ZWdvcnkiOjAsIlNldmVyaXR5IjowLCJTdGFydFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVuZFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVudGl0eUlEIjoiIiwiUHJvdmlkZXJJRCI6IiIsIkV2ZW50VHlwZSI6MCwiUGVyc2lzdGVkQXRHZSI6IjIwMjMtMDktMjFUMTI6NDI6MjAuOTc4MjA0MDA5WiIsIlBhZ2luYXRpb25MYXN0SUQiOiJlZTc5YzgyZC00NTc0LTQyZDktODQwYS03ZmE1YzMyZThjMzciLCJQYWdlU2l6ZSI6NSwiT3JkZXIiOjB9fQ==" } ``` #### Veza event schema | Field | Description | Example Value | | ------------- | -------------------------------------- | ------------------------------------------------------- | | `id` | Unique identifier for the event | d95ccc9c-9051-4ef7-9147-124a16409baa | | `timestamp` | Timestamp when the event occurred | 2023-05-18T14:23:35.151842912Z | | `category` | Category of the event | `SYSTEM`, `INTEGRATIONS`, `RULE`, `TAG`, `NOTIFICATION` | | `severity` | Severity level of the event | `INFO`, `WARNING`, `ERROR` | | `name` | Title of the event | Tagging request failed | | `message` | Descriptive message for the event | Tagging request failed for node test1 | | `provider_id` | Provider data source unique identifier | e88f5d72-6f79-41d1-99e3-8777e1727311 | | `entity` | Type of entity related to the event | `DATASOURCE`, `PROVIDER`, `RULE`, `TAG`, `NOTIFICATION` | | `entity_id` | Unique identifier for the entity | e88f5d72-6f79-41d1-99e3-8777e1727311 | | `entity_name` | Name of entity related to the event | SYSTEM\_resource\_managers:500008 | | `error` | Error details | See "error object structure" | | `event_type` | Type or category of the event | Tagging request failed | Error object structure: * `message`: Error message * `metadata`: Additional metadata for the failed request. * `reason`: Reason for the error * `resolution`: Details to prevent the error * `request_id`: Unique identifier for the failed request #### Event types The following table describes all Veza platform event types, organized by functional area:
Integration Events | Event Type | Description | | ------------------------------------ | ------------------------------------------------------------------------------------------- | | `OUTDATED_AWS_EXTRACTION_POLICY` | AWS extraction policy requires updating | | `DATASOURCE_PARSED` | Data source metadata successfully processed | | `DATASOURCE_PARSED_NO_CHANGE` | Data source parsed but no changes detected | | `DATASOURCE_EXTRACTED` | Data source extraction completed successfully | | `DATASOURCE_EXTRACTED_NO_CHANGE` | Extraction completed but Access Graph unchanged | | `DATASOURCE_REGISTERED` | New data source registered in Veza | | `DATASOURCE_REMOVED` | Data source removed from Veza | | `DISCOVERY_FAILED` | Integration discovery process failed | | `DISCOVERY_SUCCESS` | Integration discovery completed successfully | | `OAA_PUSH` | Open Authorization API data push event | | `PROVIDER_CONFIG_CHANGED` | Integration provider configuration modified | | `AUDITLOG_EXTRACTED` | Audit log data extracted from integration | | `INSIGHT_POINT_UNAVAILABLE` | Insight Point connector offline (all instances unavailable) | | `INSIGHT_POINT_DEGRADED` | Insight Point operating with reduced functionality (some instances unavailable/out of sync) | | `INSIGHT_POINT_INSTANCE_OUT_OF_SYNC` | Insight Point instance has time drift issues (time not synchronized with control plane) | | `SNOWFLAKE_EXPORT` | Data export to Snowflake completed |
User Management Events | Event Type | Description | | -------------------------------- | ----------------------------------- | | `USER_LOGIN` | User successfully authenticated | | `USER_LOGOUT` | User session terminated | | `USER_CREATED` | New user account created | | `USER_DELETED` | User account permanently removed | | `USER_ENABLED` | User account activated or enabled | | `USER_DISABLED` | User account deactivated | | `USER_EMAIL_UPDATED` | User email address changed | | `USER_ROLES_UPDATED` | User role assignments modified | | `USER_PASSWORD_FORCED_RESET` | Administrator forced password reset | | `USER_PASSWORD_RESET` | User password reset initiated | | `USER_AUTH_FACTORS_RESET` | Authentication factors reset | | `USER_AUTH_FACTORS_FORCED_RESET` | Administrator forced MFA reset |
API Key Management Events | Event Type | Description | | -------------------- | -------------------------------------- | | `API_KEY_CREATED` | New API key generated | | `API_KEY_UPDATED` | API key properties modified | | `API_KEY_DELETED` | API key permanently removed | | `API_KEY_REVOKED` | API key temporarily disabled | | `API_KEY_REINSTATED` | Previously revoked API key reactivated |
System and Infrastructure Events | Event Type | Description | | -------------------------- | --------------------------------------- | | `RULE_NOTIFICATION_FAILED` | Alert rule notification delivery failed | | `TAGGING_REQUEST_FAILED` | Entity tagging operation failed | | `EMAIL_NOTIFICATION` | System email notification sent | | `EMAIL_SENT` | Email delivery confirmed | | `DOMAIN_NOT_IN_ALLOWLIST` | External domain access blocked | | `WEBHOOK_NOT_IN_ALLOWLIST` | Webhook URL blocked by allowlist |
Access Review Events | Event Type | Description | | -------------------------------------- | ------------------------------------- | | `ACCESS_REVIEW_CONFIGURATION_MODIFIED` | Review configuration settings changed | | `EMPTY_ACCESS_REVIEW_CLEANED_UP` | Empty review automatically removed |
Auth Changes Events | Event Type | Description | | ---------------------------- | ------------------------------------- | | `MFA_ENABLED` | Multi-factor authentication enabled | | `MFA_DISABLED` | Multi-factor authentication disabled | | `SCIM_PROVISIONING_ENABLED` | SCIM provisioning enabled | | `SCIM_PROVISIONING_DISABLED` | SCIM provisioning disabled | | `SSO_REDIRECT_ENABLED` | SSO redirect enabled | | `SSO_REDIRECT_DISABLED` | SSO redirect disabled | | `IDP_MANAGED_ROLES_ENABLED` | IdP-managed roles enabled | | `IDP_MANAGED_ROLES_DISABLED` | IdP-managed roles disabled | | `LOCAL_ACCOUNTS_ENABLED` | Local account authentication enabled | | `LOCAL_ACCOUNTS_DISABLED` | Local account authentication disabled | | `AUTH_PROVIDER_ENABLED` | Authentication provider enabled | | `AUTH_PROVIDER_DISABLED` | Authentication provider disabled |
**Event retention** Veza retains system events for one month. When requesting events outside that range, the response will have a field error message indicating the oldest valid timestamp: ```json { "field": "filter.start_time", "description": "Must be after or equal to 2023-05-13T21:39:21Z" } ``` **Pagination** Responses will contain a `next_page_token` when more events are available. Include this `page_token` in the request query to get the next batch of results. If no page size is specified, the default is 1,000. The maximum page size is currently 10,000 records. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/events-api.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.