Concerned about Okta's acquisition of Auth0?   Learn how to migrate from Auth0 to FusionAuth

FusionAuth logo
FusionAuth logo
  • Features
    FusionAuth Reactor

    FusionAuth Reactor is a powerful suite of features developed to extend FusionAuth's core functionality.

    • Flexible Architecture   Flexible Architecture
    • Auth the Way You Want It   Auth the Way You Want It
    • Security & Compliance   Security & Compliance
    • Ultimate Password Control   Ultimate Password Control
    • Customizable User Experience   Customizable User Experience
    • Advanced Registration Forms   Advanced Registration Forms
    • Built for Devs   Built for Devs
    • User Management & Reporting   User Management & Reporting
    • Scalability   Scalability
    • Single Sign-on   Single Sign-on
    • Breached Password Detection   Breached Password Detection
    • Connectors   Connectors
    • FusionAuth Reactor   FusionAuth Reactor
  • Pricing
    Cloud Pricing

    Let us host, monitor, manage, and maintain your deployments in your own private cloud.

    SEE PRICING cloud pricing   See FusionAuth Cloud Pricing
    Editions Pricing

    A powerful set of features with available support that extends FusionAuth's core functionality.

    SEE PRICING edition pricing   See FusionAuth Edition Pricing
    Editions + Cloud

    FusionAuth will handle everything so you can get back to building something awesome.

    GET STARTED Get started
  • Docs
  • Downloads
  • Resources
    FusionAuth Resources
    • Upgrade from SaaS
    • Upgrade from Open Source
    • Upgrade from Home Grown
    • Blog   Blog
    • Forum   Forum
    • Community & Support   Community & Support
    • Customer & Partners   Customers & Partners
    • Video & Podcasts   Videos & Podcasts
    • Getting Started   Getting Started
    • Auth0 Migration   Migrate from Auth0
  • Expert Advice
    Expert Advice for Developers

    Learn everything you need to know about authentication, authorization, identity, and access management from our team of industry experts.

    • Authentication   Authentication
    • CIAM   CIAM
    • Identity Basics   Identity Basics
    • OAuth   OAuth
    • Security   Security
    • Tokens   Tokens
    • Dev Tools   Dev Tools
  • Account
Navigate to...
  • Welcome
  • Getting Started
  • 5-Minute Setup Guide
  • Reactor
  • Core Concepts
    • Overview
    • Users
    • Roles
    • Groups
    • Entity Management
    • Registrations
    • Applications
    • Tenants
    • Identity Providers
    • Search
    • Authentication and Authorization
    • Integration Points
    • Localization and Internationalization
    • Roadmap
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kickstart™
    • Homebrew
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Securing
    • Upgrading
  • APIs
    • Overview
    • Authentication
    • Errors
    • Actioning Users
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consent
    • Emails
    • Entity Types
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Apple
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Twitter
      • OpenID Connect
      • SAML v2
      • External JWT
    • Integrations
    • JWT
    • Keys
    • Lambdas
    • Login
    • Passwordless
    • Registrations
    • Reports
    • System
    • Tenants
    • Themes
    • Two Factor
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • Webhooks
  • Client Libraries
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • Node
    • PHP
    • Python
    • Ruby
    • Typescript
  • Themes
    • Overview
    • Localization
    • Examples
  • Email & Templates
    • Overview
    • Configure Email
    • Email Templates
  • Events & Webhooks
    • Overview
    • Events
    • Writing a Webhook
    • Securing Webhooks
  • Example Apps
    • Overview
    • Go
    • Java
    • JavaScript
    • .NET Core
    • PHP
    • Python
    • Ruby
  • Lambdas
    • Overview
    • Apple Reconcile
    • External JWT Reconcile
    • Facebook Reconcile
    • Google Reconcile
    • HYPR Reconcile
    • JWT Populate
    • LDAP Connector Reconcile
    • LinkedIn Reconcile
    • OpenID Connect Reconcile
    • SAML v2 Populate
    • SAML v2 Reconcile
    • Twitter Reconcile
  • Identity Providers
    • Overview
    • Apple
    • Facebook
    • Google
    • HYPR
    • LinkedIn
    • Twitter
    • OpenID Connect
      • Overview
      • Azure AD
      • Github
      • Discord
    • SAML v2
      • Overview
      • ADFS
    • External JWT
      • Overview
      • Example
  • Connectors
    • Overview
    • Generic Connector
    • LDAP Connector
    • FusionAuth Connector
  • Integrations
    • Overview
    • CleanSpeak
    • Kafka
    • Twilio
  • OpenID Connect & OAuth 2.0
    • Overview
    • Endpoints
    • Tokens
  • SAML v2 IdP
    • Overview
    • Google
    • Zendesk
  • Plugins
    • Writing a Plugin
    • Password Encryptors
  • Guides
    • Overview
    • Advanced Registration Forms
    • Breached Password Detection
    • Migration
    • Migration From Auth0
    • Passwordless
    • Securing Your APIs
    • Silent Mode
    • Single Sign-on
  • Tutorials
    • Overview
    • Setup Wizard & First Login
    • Register/Login a User
    • Migrate Users
    • JSON Web Tokens
    • Authentication Tokens
    • Start and Stop FusionAuth
    • Switch Search Engines
    • User Account Lockout
    • Two Factor
  • Reference
    • CORS
    • Configuration
    • Data Types
    • Known Limitations
    • Password Encryptors
  • Release Notes
  • Troubleshooting

Audit Logs

Overview

This page contains the APIs that are used to manage the Audit Log. Here are the APIs:

  • Add an Entry to the Audit Log

  • Retrieve an Audit Log

  • Search the Audit Log

  • Export Audit Logs

Add an Entry to the Audit Log

This API allows you to insert an Audit Log. Generally, Audit Logs are created automatically whenever an admin does something from the FusionAuth UI. However, you can use this API to insert Audit Logs directly if you need.

Request

Create an Audit Log

URI

POST /api/system/audit-log

Request Body

auditLog.data [Object] Optional

An object that can hold additional details of an audit log.

auditLog.newValue [String] Optional

Intended to be utilized during a change to record the new value.

auditLog.oldValue [String] Optional

Intended to be utilized during a change to record the old value prior to the change.

auditLog.reason [String] Optional

Intended to be utilized during a change to indicate the reason for the modification.

auditLog.insertUser [String] Required

The user that took the action that is being written to the Audit Logs. We suggest you use email addresses for this field.

auditLog.message [String] Required

The message of the Audit Log.

Example Request JSON
{
  "auditLog": {
    "data": {
      "externalId": "_applicationA"
    },
    "newValue:": "{\"name\": \"bar\"}",
    "oldValue": "{\"name\": \"foo\"}",
    "reason": "Because I like to change things.",
    "insertUser": "user@fusionauth.io",
    "message": "Example audit log"
  }
}

Response

The response for this API does not contain a body. It only contains a status code.

Table 1. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Retrieve an Audit Log

Request

Retrieve an Audit Log by Id

URI

GET /api/system/audit-log/{logId}

Request Parameters

logId [Long] Required

The unique Id of the Audit Log to retrieve.

Response

Table 2. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you requested doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

auditLog.data [Object]

Additional details of an audit log.

auditLog.newValue [String]

The new value of a changed object.

auditLog.oldValue [String]

The previous value of a changed object.

auditLog.reason [String]

The reason why the audit log was created.

auditLog.id [Long]

The Audit Log unique Id.

auditLog.insertInstant [Long]

The instant when the Audit Log was created.

auditLog.insertUser [String]

The user that created the Audit Log.

auditLog.message [String]

The message of the Audit Log.

Example JSON Response
{
  "auditLog": {
    "data": {
      "externalId": "_applicationA"
    },
    "newValue:": "{\"name\": \"bar\"}",
    "oldValue": "{\"name\": \"foo\"}",
    "reason": "Because I like to change things.",
    "id": 3,
    "insertInstant": 1471796483322,
    "insertUser": "user@fusionauth.io",
    "message": "Changed Application"
  }
}

Search the Audit Log

This API allows you to search and paginate through the Audit Logs.

Request

Searches the Audit Logs using the given search criteria

URI

GET /api/system/audit-log/search?message={message}&start={start}&end={end}&user={user}

When calling the API using a GET request you will send the search criteria on the URL using request parameters. In order to simplify the example URL above, not every possible parameter is shown, however using the provided pattern you may add any of the documented request parameters to the URL.

Request Parameters

end [Long] Optional

The end instant of the date/time range to search within.

message [String] Optional

The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).

numberOfResults [Integer] Optional defaults to 25

The number of results to return from the search.

orderBy [String] Optional defaults to insert_instant DESC

The database column to order the search results on plus the order direction.

The columns you can use for this are:

  • insert_instant - the instant when the Audit Log was created

  • insert_user - the user that create the Audit Log

  • message - the message of the Audit Log

For example, to order the results by the insert instant in a descending order, the value would be provided as insert_instant DESC. The final string is optional can be set to ASC or DESC.

start [Long] Optional

The start instant of the date/time range to search within.

startRow [Integer] Optional defaults to 0

The offset row to return results from. If the search has 200 records in it and this is 50, it starts with row 50.

user [String] Optional

The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).

Searches the Audit Logs using the given search criteria

URI

POST /api/system/audit-log/search

When calling the API using a POST request you will send the search criteria in a JSON request body.

Request Body

search.end [Long] Optional

The end instant of the date/time range to search within.

search.message [String] Optional

The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).

search.numberOfResults [Integer] Optional defaults to 25

The number of results to return from the search.

search.orderBy [String] Optional defaults to insert_instant DESC

The database column to order the search results on plus the order direction.

The columns you can use for this are:

  • insert_instant - the instant when the Audit Log was created

  • insert_user - the user that create the Audit Log

  • message - the message of the Audit Log

    For example, to order the results by the insert instant in a descending order, the value would be provided as insert_instant DESC. The final string is optional can be set to ASC or DESC.

search.start [Long] Optional

The start instant of the date/time range to search within.

search.startRow [Integer] Optional defaults to 0

The offset row to return results from. If the search has 200 records in it and this is 50, it starts with row 50.

search.user [String] Optional

The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).

Response

The response for this API contains the Audit Logs matching the search criteria in paginated format.

Table 3. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you requested doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

auditLogs [Array]

The list of Audit Logs returned by the search.

auditLogs[x].data [Object]

Additional details of an audit log.

auditLogs[x].data.newValue [String]

The new value of a changed object.

auditLogs[x].data.oldValue [String]

The previous value of a changed object.

auditLogs[x].data.reason [String]

The reason why the audit log was created.

auditLogs[x].id [Long]

The Audit Log unique Id.

auditLogs[x].insertInstant [Long]

The instant when the Audit Log was created.

auditLogs[x].insertUser [String]

The user that created the Audit Log.

auditLogs[x].message [String]

The message of the Audit Log.

total [Integer]

The total number of Audit Logs in the search. This can help with pagination.

Example JSON Response
{
  "auditLogs": [
    {
      "id": 1,
      "insertInstant": 1471786483322,
      "insertUser": "user@fusionauth.io",
      "message": "Audit Log 1"
    },
    {
      "id": 2,
      "insertInstant": 1471786489322,
      "insertUser": "user@fusionauth.io",
      "message": "Audit Log 2"
    },
    {
      "data": {
        "externalId": "_applicationA"
      },
      "newValue:": "{\"name\": \"bar\"}",
      "oldValue": "{\"name\": \"foo\"}",
      "reason": "Because I like to change things.",
      "id": 3,
      "insertInstant": 1471796483322,
      "insertUser": "user@fusionauth.io",
      "message": "Changed Application"
    }
  ],
  "total": 100
}

Export Audit Logs

Available Since Version 1.7.0

This API is used to export the Audit Logs, the response will be a compressed zip archive.

Request

Export the Audit Logs matching the criteria

URI

GET /api/system/audit-log/export?message={message}&start={start}&end={end}&user={user}

When calling the API using a GET request you will send the export criteria on the URL using request parameters. In order to simplify the example URL above, not every possible parameter is shown, however using the provided pattern you may add any of the documented request parameters to the URL.

Request Parameters

dateTimeSecondsFormat [String] Optional defaults to [see description]

The format string used to format the date and time columns in the export result.

When this parameter is omitted a default format of M/d/yyyy hh:mm:ss a z will be used. See the DateTimeFormatter patterns for additional examples.

end [Long] Optional

The end instant of the date/time range to search within.

message [String] Optional

The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).

start [Long] Optional

The start instant of the date/time range to search within.

user [String] Optional

The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).

zoneId [String] Optional defaults to [see description]

The time zone used to adjust the stored UTC time in the export result.

For example:

America/Denver or US/Mountain

 

When this parameter is omitted the configured default report time zone will be used. See reportTimezone in the System Configuration API.

Export the Audit Logs matching the criteria

URI

POST /api/system/audit-log/export

When calling the API using a POST request you will send the export criteria in a JSON request body.

Request Body

criteria.end [Long] Optional

The end instant of the date/time range to include in the export.

criteria.message [String] Optional

The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).

criteria.start [Long] Optional

The start instant of the date/time range to include in the export.

criteria.user [String] Optional

The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).

dateTimeSecondsFormat [String] Optional defaults to [see description]

The format string used to format the date and time columns in the export result.

When this parameter is omitted a default format of M/d/yyyy hh:mm:ss a z will be used. See the DateTimeFormatter patterns for additional examples.

zoneId [String] Optional defaults to [see description]

The time zone used to adjust the stored UTC time in the export result.

For example:

America/Denver or US/Mountain

 

When this parameter is omitted the configured default report time zone will be used. See reportTimezone in the System Configuration API.

Response

The response for this API will contain a compressed zip of the audit logs.

Table 4. Response Codes
Code Description

200

The request was successful. The response will be a compressed archive byte stream with a Content-Type of application/zip.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you requested doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Feedback

How helpful was this page?

See a problem?

File an issue in our docs repo

Quick Links

  • Download
  • Cloud Pricing
  • Editions Pricing
  • Contact Us
  • Jobs (come work with us)
  • My Account

Resources

  • Docs
  • Blog
  • Community & Support
  • Upgrade from SaaS
  • Upgrade from Homegrown
  • Upgrade from Open Source

Everything Else

  • Privacy Policy
  • Product Privacy Policy
  • License
  • License FAQ
  • Security (contact, bug bounty, etc)
  • Technical Support

Connect with Us

logo
Subscribe for Updates
We only send dev friendly newsletters. No marketing fluff!
© 2021 FusionAuth