This page describes the audit
endpoint API. The audit API allows users to programmatically search for audit records in Immuta.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
Workflow
Search for audit records
GET
/audit
Search for audit records.
Query parameters
Attribute | Description | Required |
---|
| array[integer] The data source ID.
| |
| array[integer] The project ID.
| |
| array[integer] The user profile ID.
| |
| array[integer] The type of audit event being captured. This also corresponds to the additional information in the record field.
| |
| | |
| timestamp The minimum date.
| |
| timestamp The maximum date.
| |
| | |
| | |
| integer Used in combination with size to fetch pages.
| |
| integer Pages results by default; size is the number of results to return per page. Default 50
| |
| string Sorts results by field. Default dateTime
| |
| string Sorts results by order, which must be asc or desc . Default desc
| |
Response parameters
Attribute | Description |
---|
| metadata Details regarding the returned list of audits.
|
Request example
The following request searches for all audit records.
curl \
--request GET \
--header "Content-Type: application/json" \
--header "Authorization: Bearer dea464c07bd07300095caa8" \
https://your-immuta-url.com/audit?size=2&sortField=dateTime&sortOrder=desc
Response example
{
"hits": [
{
"dateTime": "1632756753272",
"dataSourceName": null,
"projectName": null,
"recordType": "auditQuery",
"blobId": null,
"userId": "first.last@immuta.com",
"profileId": 2,
"purposeIds": null,
"success": true,
"failureReason": null,
"id": "480d9d3f-4128-445d-8eec-3cccb34f9935",
"fingerprintVersionName": null,
"email": "first.last@immuta.com"
},
{
"dateTime": "1632755783628",
"dataSourceName": null,
"projectName": null,
"recordType": "authenticate",
"blobId": null,
"userId": "first.last@immuta.com",
"profileId": 2,
"purposeIds": null,
"success": true,
"failureReason": null,
"id": "d143719b-6af9-4af3-aa99-8055be40e877",
"fingerprintVersionName": null,
"email": "first.last@immuta.com"
}
],
}
Retrieve a specific audit record
GET
/audit/{recordId}
Retrieve a specific audit record.
Query parameters
Attribute | Description | Required |
---|
| string The audit record ID.
| |
Response parameters
Attribute | Description |
---|
| metadata Details regarding the returned audit record.
|
Request example
The following request retrieves a specific audit record.
curl \
--request GET \
--header "Content-Type: application/json" \
--header "Authorization: Bearer dea464c07bd07300095caa8" \
https://your-immuta-url.com/audit/480d9d3f-4128-445d-8eec-3cccb34f9935
Response Example
{
"id": "480d9d3f-4128-445d-8eec-3cccb34f9935",
"dateTime": "1632756753272",
"month": 1460,
"profileId": 2,
"userId": "first.last@immuta.com",
"dataSourceId": null,
"dataSourceName": null,
"projectId": null,
"projectName": null,
"purposeIds": null,
"policyId": null,
"policyName": null,
"fingerprintVersionId": null,
"fingerprintVersionName": null,
"count": 1,
"recordType": "auditQuery",
"success": true,
"failureReason": null,
"failureDetails": null,
"subscriptionState": null,
"accessedId": null,
"accessedIdType": null,
"accessedIamId": null,
"accessedUserId": null,
"groupAccessType": null,
"groupIamId": null,
"accessedGroupId": null,
"component": "audit",
"accessType": null,
"blobId": null,
"query": null,
"queryId": null,
"extra": {
"params": {
"size": 50,
"sortField": "dateTime",
"sortOrder": "desc",
"offset": 0
}
},
"dataSourceSchemaName": null,
"dataSourceTableName": null,
"featureKey": null,
"sqlUser": null,
"action": null,
"blobSize": null,
"hardDelete": null,
"keyAction": null,
"keyId": null,
"keyIamId": null,
"keyUserId": null,
"createdAt": "2021-09-27T15:32:33.274Z",
"updatedAt": "2021-09-27T15:32:33.274Z"
}
Query for activity by API key
GET
/audit/apikey/activity
Queries for the recent activity using the API key.
Query parameters
Attribute | Description | Required |
---|
| string The audit record ID.
| |
Response parameters
Attribute | Description |
---|
| metadata regarding the recent activity.
|
Request example
The following request queries for the recent activity using the API key.
curl \
--request GET \
--header "Content-Type: application/json" \
--header "Authorization: Bearer dea464c07bd07300095caa8" \
https://your-immuta-url.com/audit/apikey/activity?keyid=650&count=1
Response example
{
"id": "480d9d3f-4128-445d-8eec-3cccb34f9935",
"dateTime": "1632756753272",
"month": 1460,
"profileId": 2,
"userId": "first.last@immuta.com",
"dataSourceId": null,
"dataSourceName": null,
"projectId": null,
"projectName": null,
"purposeIds": null,
"policyId": null,
"policyName": null,
"fingerprintVersionId": null,
"fingerprintVersionName": null,
"count": 1,
"recordType": "auditQuery",
"success": true,
"failureReason": null,
"failureDetails": null,
"subscriptionState": null,
"accessedId": null,
"accessedIdType": null,
"accessedIamId": null,
"accessedUserId": null,
"groupAccessType": null,
"groupIamId": null,
"accessedGroupId": null,
"component": "audit",
"accessType": null,
"blobId": null,
"query": null,
"queryId": null,
"extra": {
"params": {
"size": 50,
"sortField": "dateTime",
"sortOrder": "desc",
"offset": 0
}
},
"dataSourceSchemaName": null,
"dataSourceTableName": null,
"featureKey": null,
"sqlUser": null,
"action": null,
"blobSize": null,
"hardDelete": null,
"keyAction": null,
"keyId": null,
"keyIamId": null,
"keyUserId": null,
"createdAt": "2021-09-27T15:32:33.274Z",
"updatedAt": "2021-09-27T15:32:33.274Z"
}
Search for query list by data source
GET
/audit/queries/dataSource/{dataSourceId}/mine
Returns the list of the current user's distinct queries for the specified data source.
Query parameters
Attribute | Description | Required |
---|
| array[integer] The data source ID.
| |
| integer Used in combination with size to fetch pages.
| |
| integer Pages results by default; size is the number of results to return per page. Default 50
| |
| string Sorts results by field. Default dateTime
| |
| string Sorts results by order, which must be asc or desc . Default desc
| |
Response parameters
Attribute | Description |
---|
| array[integer] The audit ID.
|
| string The query run for the data source.
|
| integer The date and time the query was last run in Unix.
|
| integer The number of times the audit has been run.
|
| string The name of the query.
|
Request example
The following request returns the list of the current user's distinct queries.
curl \
--request GET \
--header "Content-Type: application/json" \
--header "Authorization: Bearer dea464c07bd07300095caa8" \
https://your-immuta-url.com/audit/queries/dataSource/23/mine?size=10&sortField=lastrun&sortOrder=desc
Response example
{
"hits": [
{
"auditId": "ff264e8e-2ccc-468f-9129-bb0995c9cdf5",
"query": "select * from \"public\".\"foobar\"",
"lastrun": "1631627763345",
"timesrun": "5",
"name": "Name"
},
{
"auditId": "f722042f-f0f3-4c83-bd33-7672892d918f",
"query": "SELECT * FROM \"public\".\"foobar\" LIMIT 100",
"lastrun": "1631200121550",
"timesrun": "3",
"name": null
}
],
"count": 2
}
Last updated