System Events

Get Veza platform events, including notifications and integration logs.

Operation

Syntax

GET /api/preview/events

GET /api/preview/events/export

Event objects represent Veza platform activity, including integration parsing, notification activity, and user logins. You can list events that match a filter (such as a category or severity), or export a continuous list for integration with an external monitoring system,

For logging Veza API activity, see Audit Log API.

List events

Returns an array of Veza platform events. If a filter is specified, the endpoint only returns events matching the SCIM filter expression. This can get events with a matching category or severity, for example:

GET /api/preview/events?page_size=10&filter=category+eq+"INTEGRATIONS"+and+timestamp+ge+"2023-04-17T22:29:22.440Z"

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters

filterstringOptional

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

next_page_tokenstringOptional

default

Default error response

application/json

get

/api/preview/events

GET /api/preview/events HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "next_page_token": "text",
  "events": [
    {
      "id": "text",
      "timestamp": "2026-02-20T01:29:17.654Z",
      "category": 1,
      "severity": 1,
      "name": "text",
      "message": "text",
      "entity": 1,
      "entity_id": "text",
      "error": {
        "reason": 1,
        "metadata": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "message": "text",
        "resolution": "text",
        "request_id": "text"
      },
      "entity_name": "text",
      "event_type": "text",
      "provider_id": "text",
      "metadata": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      }
    }
  ]
}

Export events

Returns a paginated list of platform events, intended for exporting a continuous log into an external system.

The export endpoint can return the error code ResourceExhaused. When encountered, wait for one minute before retrying the request.

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters

filterstringOptional

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

next_page_tokenstringOptional

default

Default error response

application/json

get

/api/preview/events/export

GET /api/preview/events/export HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "events": [
    {
      "id": "text",
      "timestamp": "2026-02-20T01:29:17.654Z",
      "category": 1,
      "severity": 1,
      "name": "text",
      "message": "text",
      "entity": 1,
      "entity_id": "text",
      "error": {
        "reason": 1,
        "metadata": {
          "ANY_ADDITIONAL_PROPERTY": "text"
        },
        "message": "text",
        "resolution": "text",
        "request_id": "text"
      },
      "entity_name": "text",
      "event_type": "text",
      "provider_id": "text",
      "metadata": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      }
    }
  ],
  "next_page_token": "text"
}

To capture events when they become available without skipping any entries, first make call with a persisted_at GE "TIMESTAMP" filter:

curl -X GET "$VEZA_URL/api/preview/events/export?filter=persisted_at+GE+%222023-09-14T23:59:59.999999999Z%22&page_size=5" \
-H "authorization: Bearer $VEZA_TOKEN"

Use the next_page_token in the response to continuously call the next page:

curl -X GET "$VEZA_URL/api/preview/events/export?page_token=eyJMaXNfQ==" \
-H "authorization: Bearer $VEZA_TOKEN"

Example response:

{
  "events": [
    {
      "id": "e1560da1-bb88-4ef0-8d7f-e220fa2b33ca",
      "timestamp": "2023-09-21T12:41:27.111852371Z",
      "category": "INTEGRATIONS",
      "severity": "WARNING",
      "name": "OAA push",
      "message": "OAA data source pushed \"VEZAFILESERVER\"",
      "entity": "DATASOURCE",
      "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2",
      "error": {
        "reason": "OAA_PUSH_WARNINGS",
        "metadata": {
          "0": "Cannot find identity by names (values: CN=Domain Admins,CN=Users,DC=evergreentrucks,DC=local)",
          "1": "Cannot find identity by names (values: CN=Domain Users,CN=Users,DC=evergreentrucks,DC=local)",
          "2": "Empty permissions field",
          "3": "Empty identity_to_permissions field"
        },
        "message": "OAA push had warnings.",
        "resolution": "Address the warnings and push the datasource again.",
        "request_id": "be920721634911577b8223f36f06ff1e"
      },
      "entity_name": "VEZAFILESERVER",
      "event_type": "OAA push",
      "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac"
    },
    {
      "id": "ee79c82d-4574-42d9-840a-7fa5c32e8c37",
      "timestamp": "2023-09-21T12:42:16.300711343Z",
      "category": "INTEGRATIONS",
      "severity": "INFO",
      "name": "Data Source extracted",
      "message": "\"VEZAFILESERVER\" Data Source extracted (0s)",
      "entity": "DATASOURCE",
      "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2",
      "error": null,
      "entity_name": "VEZAFILESERVER",
      "event_type": "Data Source extracted",
      "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac"
    }
  ],
  "next_page_token": "eyJMaXN0SW5wdXQiOnsiQ2F0ZWdvcnkiOjAsIlNldmVyaXR5IjowLCJTdGFydFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVuZFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVudGl0eUlEIjoiIiwiUHJvdmlkZXJJRCI6IiIsIkV2ZW50VHlwZSI6MCwiUGVyc2lzdGVkQXRHZSI6IjIwMjMtMDktMjFUMTI6NDI6MjAuOTc4MjA0MDA5WiIsIlBhZ2luYXRpb25MYXN0SUQiOiJlZTc5YzgyZC00NTc0LTQyZDktODQwYS03ZmE1YzMyZThjMzciLCJQYWdlU2l6ZSI6NSwiT3JkZXIiOjB9fQ=="
}

Veza event schema

Field

Description

Example Value

id

Unique identifier for the event

d95ccc9c-9051-4ef7-9147-124a16409baa

timestamp

Timestamp when the event occurred

2023-05-18T14:23:35.151842912Z

category

Category of the event

SYSTEM, INTEGRATIONS, RULE, TAG, NOTIFICATION

severity

Severity level of the event

INFO, WARNING, ERROR

name

Title of the event

Tagging request failed

message

Descriptive message for the event

Tagging request failed for node test1

provider_id

Provider data source unique identifier

e88f5d72-6f79-41d1-99e3-8777e1727311

entity

Type of entity related to the event

DATASOURCE, PROVIDER, RULE, TAG, NOTIFICATION

entity_id

Unique identifier for the entity

e88f5d72-6f79-41d1-99e3-8777e1727311

entity_name

Name of entity related to the event

SYSTEM_resource_managers:500008

error

Error details

See "error object structure"

event_type

Type or category of the event

Tagging request failed

Error object structure:

message: Error message
metadata: Additional metadata for the failed request.
reason: Reason for the error
resolution: Details to prevent the error
request_id: Unique identifier for the failed request

Event types

The following table describes all Veza platform event types, organized by functional area:

Integration Events

Event Type

Description

OUTDATED_AWS_EXTRACTION_POLICY

AWS extraction policy requires updating

DATASOURCE_PARSED

Data source metadata successfully processed

DATASOURCE_PARSED_NO_CHANGE

Data source parsed but no changes detected

DATASOURCE_EXTRACTED

Data source extraction completed successfully

DATASOURCE_EXTRACTED_NO_CHANGE

Extraction completed but Access Graph unchanged

DATASOURCE_REGISTERED

New data source registered in Veza

DATASOURCE_REMOVED

Data source removed from Veza

DISCOVERY_FAILED

Integration discovery process failed

DISCOVERY_SUCCESS

Integration discovery completed successfully

OAA_PUSH

Open Authorization API data push event

PROVIDER_CONFIG_CHANGED

Integration provider configuration modified

AUDITLOG_EXTRACTED

Audit log data extracted from integration

INSIGHT_POINT_UNAVAILABLE

Insight Point connector offline (all instances unavailable)

INSIGHT_POINT_DEGRADED

Insight Point operating with reduced functionality (some instances unavailable/out of sync)

INSIGHT_POINT_INSTANCE_OUT_OF_SYNC

Insight Point instance has time drift issues (time not synchronized with control plane)

SNOWFLAKE_EXPORT

Data export to Snowflake completed

User Management Events

Event Type

Description

USER_LOGIN

User successfully authenticated

USER_LOGOUT

User session terminated

USER_CREATED

New user account created

USER_DELETED

User account permanently removed

USER_ENABLED

User account activated or enabled

USER_DISABLED

User account deactivated

USER_EMAIL_UPDATED

User email address changed

USER_ROLES_UPDATED

User role assignments modified

USER_PASSWORD_FORCED_RESET

Administrator forced password reset

USER_PASSWORD_RESET

User password reset initiated

USER_AUTH_FACTORS_RESET

Authentication factors reset

USER_AUTH_FACTORS_FORCED_RESET

Administrator forced MFA reset

API Key Management Events

Event Type

Description

API_KEY_CREATED

New API key generated

API_KEY_UPDATED

API key properties modified

API_KEY_DELETED

API key permanently removed

API_KEY_REVOKED

API key temporarily disabled

API_KEY_REINSTATED

Previously revoked API key reactivated

System and Infrastructure Events

Event Type

Description

RULE_NOTIFICATION_FAILED

Alert rule notification delivery failed

TAGGING_REQUEST_FAILED

Entity tagging operation failed

EMAIL_NOTIFICATION

System email notification sent

EMAIL_SENT

Email delivery confirmed

DOMAIN_NOT_IN_ALLOWLIST

External domain access blocked

WEBHOOK_NOT_IN_ALLOWLIST

Webhook URL blocked by allowlist

Access Review Events

Event Type

Description

ACCESS_REVIEW_CONFIGURATION_MODIFIED

Review configuration settings changed

EMPTY_ACCESS_REVIEW_CLEANED_UP

Empty review automatically removed

Auth Changes Events

Event Type

Description

MFA_ENABLED

Multi-factor authentication enabled

MFA_DISABLED

Multi-factor authentication disabled

SCIM_PROVISIONING_ENABLED

SCIM provisioning enabled

SCIM_PROVISIONING_DISABLED

SCIM provisioning disabled

SSO_REDIRECT_ENABLED

SSO redirect enabled

SSO_REDIRECT_DISABLED

SSO redirect disabled

IDP_MANAGED_ROLES_ENABLED

IdP-managed roles enabled

IDP_MANAGED_ROLES_DISABLED

IdP-managed roles disabled

LOCAL_ACCOUNTS_ENABLED

Local account authentication enabled

LOCAL_ACCOUNTS_DISABLED

Local account authentication disabled

AUTH_PROVIDER_ENABLED

Authentication provider enabled

AUTH_PROVIDER_DISABLED

Authentication provider disabled

Event retention

Veza retains system events for one month. When requesting events outside that range, the response will have a field error message indicating the oldest valid timestamp:

{
  "field": "filter.start_time",
  "description": "Must be after or equal to 2023-05-13T21:39:21Z"
}

Pagination

Responses will contain a next_page_token when more events are available. Include this page_token in the request query to get the next batch of results.

If no page size is specified, the default is 1,000. The maximum page size is currently 10,000 records.

PreviousSystem Audit Logs NextTeam and User Management APIs

Last updated 20 days ago

Was this helpful?

hashtagList events

hashtagExport events

hashtagVeza event schema

hashtagEvent types

List events

Export events

Veza event schema

Event types