home

Explore

DiscoverStartExploreModelIntegrateEngage
DiscoverStartExploreModelIntegrateEngage

Accelerate the Value of Data

Show Contents

thumbnailExplore

Security Audit Log API

Export security audit log reports

Learn about exporting Security Audit Log details with the Sync.

Use the Security Audit Log - Sync to filter audit log details and export them to a report in CSV and JSON formats.

You need to have a role with the appropriate access permissions (rights and privileges) to run this API:
  • ROLE_ADMIN_CUSTOMER: Provides EXECUTE privileges for the Auth.Audit.Export.Privilege resource.

For more information, see topic Customer Administrator Role Across all Services.

Request

POST /audit/export

This topic describes the properties in this API endpoint and provides examples of requests and responses. For more information on the syntax of this API, see Security audit log in the Reltio Developer Portal. For more specific usage scenarios for this API, see the sub topics in this section.

Table 1. Parameters
ParameterTypeRequiredDescription
Header
AuthorizationstringYesThe bearer token URL returned by the Authentication in this format: https://auth.reltio.com/oauth/token. For information on obtaining an authorization token to run Reltio REST APIs using the Security OAuth 2.0 security method, see topic Authentication API.
Content-type stringYesThe format to use to transmit data:
application/json
Reltio APIs transmit data in the JavaScript Object Notation (JSON) standard text-based format.

Body

payloadarrayYesA task definition in JSON format:
%customerId;
(Optional) Defaults to the same customer ID as the user. Specifies the customer for the export. For example: if you are a partner and have the proper permissions for your customer, you should use this parameter to get your customer logs instead of yours.
%startTimestamp;
(Use either start or startTimestamp)The Unix timestamp marking the start of the report period.
%start;
(Use either start or startTimestamp) ISO format start time for the report period.
%endTimestamp;
(Use either end or endTimestamp) The Unix timestamp marking the end of the report period.
%end;
(Use either end or endTimestamp) ISO format end time for the report period.
%ip;
(Optional) Wildcard filter for IP addresses. Supports '%' (any multiple characters) and '_' (any single character).
%usernames;
(Optional) Filters events by username.
%events;
(Required) List of event types to include in the report:
  • LOGIN
  • LOGIN_SSO
  • LOGOUT
  • USER_CREATED
  • USER_MODIFIED
  • USER_DELETED
  • USER_LOCKED
  • USER_UNLOCKED
  • ROLE_CREATED
  • ROLE_MODIFIED
  • ROLE_DELETED
  • GROUP_CREATED
  • GROUP_MODIFIED
  • GROUP_DELETED
%eventTargetObjects;
(Optional) Filters by event object target name.
%format;
(Optional) Defaults to CSV. Format of the output report.

Response

The API endpoint returns a report in the specified format (JSON or CSV) .

Table 2. Status code
Status CodeMessageDescription
200 
Success
The audit report was returned.
400 
Bad Request
The request body is not correctly formatted or required fields are missing.
401 
Unauthorized
The token is missing, invalid, or does not have the necessary privileges.
429 
Too Many requests
 The user has exceeded the number of allowable synchronous requests.
Table 3. Response body
Data returnedTypeDescription
Audit reportCSV or JSON fileColumns in report:
%timestamp;
(ISO format)
%ipAddress;
Origin IP address
%userName;
(Optional) Filters events by username.
%eventName;
LOGIN or LOGIN_SSO (if the authorization_code is the grant type)
%eventObject;
Optional; by default not applied.
%eventDetail;

  • for LOGIN - grant type

  • for LOGIN_SSO

Examples

Table 4. Request examples
This example shows how to request an audit log in CSV format for all events for user1 between midnight and 7:40PM on 03-Sep-2023. 
{
    "customerId": "Reltio",
    "startTimestamp": 1693738800000,
    "start": "2023-09-03T12:00:00Z",
    "endTimestamp": 1693766400000,
    "end": "2023-09-03T19:40:00Z",
    "ip": "13.15.12.52",
    "usernames": [
        "user1@reltio.com",
        "user2@reltio.com"
    ],
    "events": [
        "LOGIN",
        "LOGIN_SSO",
        "LOGOUT",
        "USER_CREATED",
        "USER_MODIFIED",
        "USER_DELETED",
        "USER_LOCKED",
        "USER_UNLOCKED",
        "ROLE_CREATED",
        "ROLE_MODIFIED",
        "ROLE_DELETED",
        "GROUP_CREATED",
        "GROUP_MODIFIED",
        "GROUP_DELETED"
    ],
    "eventTargetObjects": [
        "user1"
    ],
    "format": "CSV"
}
This example shows how to request specific audit log details for the filters shown. 
[
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "GROUP_CREATED",
        "eventDetail": [
            {
                "groupId": "testGp",
                "groupName": "testGp",
                "description": "testGp",
                "roles": {
                    "ROLE_ADMIN_READONLY": []
                }
            }
        ]
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "GROUP_DELETED",
        "eventObject": "testGp"
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "GROUP_MODIFIED",
        "eventObject": "testGp",
        "eventDetail": [
            {
                "groupId": "testGp",
                "groupName": "testGp",
                "description": "A Group testGp",
                "roles": {
                    "ROLE_WORKFLOW_ADMIN": [
                        "EQ0L0f"
                    ],
                    "ROLE_WORKFLOW": [
                        "EQ0L0f"
                    ]
                }
            }
        ]
    }
]
Table 5. Response examples
This example shows the response returned for the request example above in CSV format. 
"timestamp","originIP","username","eventName","eventObject","eventDetails"
"2023-09-03T12:05:00Z","13.15.12.52","user1@reltio.com","LOGIN","user1","grantType: password"
"2023-09-03T12:07:00Z","13.15.12.53","user2@reltio.com","USER_CREATED","user2","userDefinition: {""firstName"": ""Jane"", ""lastName"": ""Doe"", ""email"": ""user2@reltio.com""}"
This example shows the response returned for the request example above in JSON format. 
[
    {
        "timestamp": "2023-09-27T11:17:15.254907Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "LOGIN",
        "eventDetail": [
            {
                "grant_type": "password"
            }
        ]
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "LOGIN_SSO"
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "LOGOUT"
    }
]

Updated on November 10, 2023