Endpoints for monitoring Veza user activity
curl -X GET "$VEZA_URL/api/preview/system/audit?page_token=&page_size=1&filter=ended_at+GE+%222023-08-04T22:11:25.915674671Z%22" \
-H "authorization: Bearer $VEZA_TOKEN"curl -X GET "$VEZA_URL/api/v1/system/audit/export?filter=persisted_at+GE+%222023-08-07T22:11:25.915674671Z%22&page_size=5&next_page_token=" \
-H "authorization: Bearer $VEZA_TOKEN"{
"identity": {
"user_id": "aeaa34cf-e97f-4315-b185-249018cf191c",
"session_id": "b0ba024d-0158-4c7e-a47f-bbe8f7b98806",
"api_key_id": "",
"email": "cookie@cookie.ai"
},
"status": {
"grpc_code": "OK",
"http_status": 200,
"error_reason": "OK"
},
"client": {
"ip": "10.42.1.1",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"endpoint": "/api_protos.v1.APIKeyService/CreateAPIKey",
"method": "POST",
"url": "/api/preview/keys",
"request_id": "1a98184880f9952551c53d836598b258",
"request": {
"name": "KeyName1"
},
"response": {
"value": {
"id": "fde4386f-3d85-4ef2-82d0-324dacb6e9ba",
"name": "KeyName1",
"team_id": "613df06e-9a40-4331-947c-5c327b54b228",
"user_id": "aeaa34cf-e97f-4315-b185-249018cf191c"
}
},
"started_at": "2023-07-26T08:23:17.134994459Z",
"ended_at": "2023-07-26T08:23:17.151080751Z"
}Veza API key for authentication. Generate keys in Administration > API Keys.
Filter expression (required). Must include an ended_at GE timestamp filter that is within the last 90 days. Supports filtering by ended_at, method, user_id, and url. Cannot be set when page_token is provided. Example: ended_at GE "2025-01-01T00:00:00Z"
Number of results per page (required). Minimum: 1, maximum: 10,000.
Pagination token from a previous response. When provided, the filter parameter must not be set — the page token carries forward the original filter constraints.
OK
action_name and resource_type are resolved by cp-api at request time from the (audit.v1.method) proto annotation on the gRPC method and carried in the Kafka message so the auditor does not need proto reflection.
event_type is the unique, customer-facing identifier for classifying the event type and shape
event is the protojson form of the event encoded as a Struct so the
payload renders as a nested JSON object both at the DB column and across
the gRPC trailer wire format. Using bytes here would force protojson to
emit a base64-encoded string for what is otherwise structured data.
Default error response
Veza API key for authentication. Generate keys in Administration > API Keys.
OK
action_name and resource_type are resolved by cp-api at request time from the (audit.v1.method) proto annotation on the gRPC method and carried in the Kafka message so the auditor does not need proto reflection.
event_type is the unique, customer-facing identifier for classifying the event type and shape
event is the protojson form of the event encoded as a Struct so the
payload renders as a nested JSON object both at the DB column and across
the gRPC trailer wire format. Using bytes here would force protojson to
emit a base64-encoded string for what is otherwise structured data.
Default error response
{
"values": [
{
"id": "text",
"timestamp": "2026-07-07T16:04:34.425Z",
"intent": {
"trace_id": "text",
"user_id": "text",
"session_id": "text",
"api_key_id": "text",
"oauth2_token_id": "text",
"endpoint": "text",
"method": "text",
"url": "text",
"client": {
"ip_address": "text",
"user_agent": "text"
},
"request": {},
"delegate": "text",
"actor_full_name": "text",
"token_type": "text",
"actor_type": "text",
"action_name": "text",
"resource_type": "text",
"resources": [
{
"id": "text",
"name": "text",
"type": "text"
}
]
},
"result": {
"code": 1,
"error_reason": 1,
"response": {},
"resources": [
{
"id": "text",
"name": "text",
"type": "text"
}
],
"context_events": [
{
"event_type": "text",
"event": {}
}
]
}
}
],
"next_page_token": "text"
}GET /api/preview/system/audit?filter=text&page_size=1 HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
GET /api/v1/system/audit/export HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"values": [
{
"id": "text",
"timestamp": "2026-07-07T16:04:34.425Z",
"intent": {
"trace_id": "text",
"user_id": "text",
"session_id": "text",
"api_key_id": "text",
"oauth2_token_id": "text",
"endpoint": "text",
"method": "text",
"url": "text",
"client": {
"ip_address": "text",
"user_agent": "text"
},
"request": {},
"delegate": "text",
"actor_full_name": "text",
"token_type": "text",
"actor_type": "text",
"action_name": "text",
"resource_type": "text",
"resources": [
{
"id": "text",
"name": "text",
"type": "text"
}
]
},
"result": {
"code": 1,
"error_reason": 1,
"response": {},
"resources": [
{
"id": "text",
"name": "text",
"type": "text"
}
],
"context_events": [
{
"event_type": "text",
"event": {}
}
]
}
}
],
"next_page_token": "text"
}