Accelerate the Value of Data

Export security audit log reports

Learn about exporting Security Audit Log details with the Sync.

Use the Security Audit Log - Sync to filter audit log details and export them to a report in CSV and JSON formats.

You need to have a role with the appropriate access permissions (rights and privileges) to run this API:
  • ROLE_ADMIN_CUSTOMER: Provides EXECUTE privileges for the Auth.Audit.Export.Privilege resource.

For more information, see topic ROLE_ADMIN_CUSTOMER Access permissions.

Request

POST /audit/export

This topic describes the properties in this API endpoint and provides examples of requests and responses. For more information on the syntax of this API, see Security audit log in the Reltio Developer Portal. For more specific usage scenarios for this API, see the sub topics in this section.

Table 1. Parameters
ParameterTypeRequiredDescription
Header
AuthorizationstringYesThe bearer token URL returned by the Authentication in this format: https://auth.reltio.com/oauth/token. For information on obtaining an authorization token to run Reltio REST APIs using the Security OAuth 2.0 security method, see topic Authentication API.
Content-type stringYesThe format to use to transmit data:
application/json
Reltio APIs transmit data in the JavaScript Object Notation (JSON) standard text-based format.

Body

payloadarrayYesA task definition in JSON format:
%customerId;
(Optional) Defaults to the same customer ID as the user. Specifies the customer for the export. For example: if you are a partner and have the proper permissions for your customer, you should use this parameter to get your customer logs instead of yours.
%startTimestamp;
Use either start or startTimestamp. The Unix timestamp (in seconds) marking the start of the report period.
%start;
Use either start or startTimestamp. The ISO format start time for the report period.
%endTimestamp;
Use either end or endTimestamp. The Unix timestamp (in seconds) marking the end of the report period.
%end;
Use either end or endTimestamp. The ISO format end time for the report period.
%ip;
(Optional) Wildcard filter for IP addresses. Supports '%' (any multiple characters) and '_' (any single character).
%usernames;
(Optional) Filters events by username.
%events;
(Required) List of event types to include in the report:
  • LOGIN
  • LOGIN_FAILED
  • LOGIN_SSO
  • LOGOUT
  • USER_CREATED
  • USER_MODIFIED
  • USER_DELETED
  • USER_LOCKED
  • USER_UNLOCKED
  • ROLE_CREATED
  • ROLE_MODIFIED
  • ROLE_DELETED
  • GROUP_CREATED
  • GROUP_MODIFIED
  • GROUP_DELETED
%eventTargetObjects;
(Optional) Filters by event object target name.
Note: Currently payload supports USER, ROLE, and GROUP event types. You can only provide one set of event type at a time.
%format;
(Optional) Defaults to CSV. Format of the output report.

Response

The API endpoint returns a report in the specified format (JSON or CSV) .

Table 2. Status code
Status CodeMessageDescription
200
Success
The audit report was returned.
400
Bad Request
The request body is not correctly formatted or required fields are missing.
401
Unauthorized
The token is missing, invalid, or does not have the necessary privileges.
429
Too Many requests
The user has exceeded the number of allowable synchronous requests.
Table 3. Response body
Data returnedTypeDescription
Audit reportCSV or JSON fileColumns in report:
%timestamp;
(ISO format)
%ipAddress;
Origin IP address
%userName;
(Optional) Filters events by username.
%eventName;
LOGIN, LOGIN_FAILED, LOGIN_SSO (if the authorization_code is the grant type)
%eventObject;
Optional; by default not applied.
%eventDetail;
  • for LOGIN - grant type
  • for LOGIN_FAILED
  • for LOGIN_SSO
  • for LOGOUT
  • for USER_CREATED - JSON user definition
  • for USER_MODIFIED - JSON user definition
  • for USER_DELETED
  • for USER_LOCKED - Reason
  • for USER_UNLOCKED - Reason
  • for ROLE_CREATED - JSON role definition
  • for ROLE_MODIFIED - JSON role definition
  • for ROLE_DELETED
  • for GROUP_CREATED - JSON group definition
  • for GROUP_MODIFIED - JSON group definition
  • for GROUP_DELETED

Examples

Table 4. Request examples
This example shows how to request an audit log in CSV format for all events for user1 between midnight and 7:40PM on 03-Sep-2023.
{
    "customerId": "Reltio",
    "startTimestamp": 1693738800,
    "start": "2023-09-03T12:00:00Z",
    "endTimestamp": 1693766400,
    "end": "2023-09-03T19:40:00Z",
    "ip": "13.15.12.52",
    "usernames": [
        "user1@reltio.com",
        "user2@reltio.com"
    ],
    "events": [
        "LOGIN",
        "LOGIN_SSO",
        "LOGOUT",
        "USER_CREATED",
        "USER_MODIFIED",
        "USER_DELETED",
        "USER_LOCKED",
        "USER_UNLOCKED",
        "ROLE_CREATED",
        "ROLE_MODIFIED",
        "ROLE_DELETED",
        "GROUP_CREATED",
        "GROUP_MODIFIED",
        "GROUP_DELETED"
    ],
    "eventTargetObjects": [
        "user1"
    ],
    "format": "CSV"
}
This example shows how to request specific audit log details for the filters shown.
[
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "GROUP_CREATED",
        "eventDetail": [
            {
                "groupId": "testGp",
                "groupName": "testGp",
                "description": "testGp",
                "roles": {
                    "ROLE_ADMIN_READONLY": []
                }
            }
        ]
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "GROUP_DELETED",
        "eventObject": "testGp"
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "GROUP_MODIFIED",
        "eventObject": "testGp",
        "eventDetail": [
            {
                "groupId": "testGp",
                "groupName": "testGp",
                "description": "A Group testGp",
                "roles": {
                    "ROLE_WORKFLOW_ADMIN": [
                        "EQ0L0f"
                    ],
                    "ROLE_WORKFLOW": [
                        "EQ0L0f"
                    ]
                }
            }
        ]
    }
]
Table 5. Response examples
This example shows the response returned for the request example above in CSV format.
"timestamp","originIP","username","eventName","eventObject","eventDetails"
"2023-09-03T12:05:00Z","13.15.12.52","user1@reltio.com","LOGIN","user1","grantType: password"
"2023-09-03T12:07:00Z","13.15.12.53","user2@reltio.com","USER_CREATED","user2","userDefinition: {""firstName"": ""Jane"", ""lastName"": ""Doe"", ""email"": ""user2@reltio.com""}"
This example shows the response returned for the request example above in JSON format.
[
    {
        "timestamp": "2023-09-27T11:17:15.254907Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "LOGIN",
        "eventDetail": [
            {
                "grant_type": "password"
            }
        ]
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "LOGIN_SSO"
    },
    {
        "timestamp": "2023-09-27T11:17:13.995740Z",
        "ipAddress": [
            "10.0.0.1"
        ],
        "userName": "userB",
        "eventName": "LOGOUT"
    }
]