Audit Logs - FusionAuth

1. Overview

This page contains the APIs that are used to manage the Audit Log. Here are the APIs:

Add an Entry to the Audit Log
Retrieve an Audit Log
Search the Audit Log
Export Audit Logs

2. Add an Entry to the Audit Log

This API allows you to insert an Audit Log. Generally, Audit Logs are created automatically whenever an admin does something from the FusionAuth UI. However, you can use this API to insert Audit Logs directly if you need.

2.1. Request

Create an Audit Log

URI

POST /api/system/audit-log

Table 1. Request Body
auditLog.data [Object] Optional	An object that can hold additional details of an audit log.
auditLog.newValue [String] Optional	Intended to be utilized during a change to record the new value.
auditLog.oldValue [String] Optional	Intended to be utilized during a change to record the old value prior to the change.
auditLog.reason [String] Optional	Intended to be utilized during a change to indicate the reason for the modification.
auditLog.insertUser [String] Required	The user that took the action that is being written to the Audit Logs. We suggest you use email addresses for this field.
auditLog.message [String] Required	The message of the Audit Log.

Example Request JSON

{
  "auditLog": {
    "data": {
      "externalId": "_applicationA"
    },
    "newValue:": "{\"name\": \"bar\"}",
    "oldValue": "{\"name\": \"foo\"}",
    "reason": "Because I like to change things.",
    "insertUser": "user@fusionauth.io",
    "message": "Example audit log"
  }
}

2.2. Response

The response for this API does not contain a body. It only contains a status code.

Table 2. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

3. Retrieve an Audit Log

3.1. Request

Retrieve an Audit Log by Id

URI

GET /api/system/audit-log/{logId}

Table 3. Request Parameters
logId [Long] Required	The unique Id of the Audit Log to retrieve.

3.2. Response

Table 4. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you requested doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 5. Response Body
auditLog.data [Object]	Additional details of an audit log.
auditLog.newValue [String]	The new value of a changed object.
auditLog.oldValue [String]	The previous value of a changed object.
auditLog.reason [String]	The reason why the audit log was created.
auditLog.id [Long]	The Audit Log unique Id.
auditLog.insertInstant [Long]	The instant when the Audit Log was created.
auditLog.insertUser [String]	The user that created the Audit Log.
auditLog.message [String]	The message of the Audit Log.

Example JSON Response

{
  "auditLog": {
    "data": {
      "externalId": "_applicationA"
    },
    "newValue:": "{\"name\": \"bar\"}",
    "oldValue": "{\"name\": \"foo\"}",
    "reason": "Because I like to change things.",
    "id": 3,
    "insertInstant": 1471796483322,
    "insertUser": "user@fusionauth.io",
    "message": "Changed Application"
  }
}

4. Search the Audit Log

This API allows you to search and paginate through the Audit Logs.

4.1. Request

Searches the Audit Logs using the given search criteria

URI

GET /api/system/audit-log/search?message={message}&start={start}&end={end}&user={user}

When calling the API using a GET request you will send the search criteria on the URL using request parameters. In order to simplify the example URL above, not every possible parameter is shown, however using the provided pattern you may add any of the documented request parameters to the URL.

Table 6. Request Parameters
end [Long] Optional	The end instant of the date/time range to search within.
message [String] Optional	The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).
numberOfResults [Integer] Optional defaults to `25`	The number of results to return from the search.
orderBy [String] Optional defaults to `insert_instant DESC`	The database column to order the search results on plus the order direction. The columns you can use for this are: `insert_instant` - the instant when the Audit Log was created `insert_user` - the user that create the Audit Log `message` - the message of the Audit Log For example, to order the results by the insert instant in a descending order, the value would be provided as `insert_instant DESC`. The final string is optional can be set to `ASC` or `DESC`.
start [Long] Optional	The start instant of the date/time range to search within.
startRow [Integer] Optional defaults to `0`	The offset row to return results from. If the search has 200 records in it and this is 50, it starts with row 50.
user [String] Optional	The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).

Searches the Audit Logs using the given search criteria

URI

POST /api/system/audit-log/search

When calling the API using a POST request you will send the search criteria in a JSON request body.

Table 7. Request Body
search.end [Long] Optional	The end instant of the date/time range to search within.
search.message [String] Optional	The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).
search.numberOfResults [Integer] Optional defaults to `25`	The number of results to return from the search.
search.orderBy [String] Optional defaults to `insert_instant DESC`	The database column to order the search results on plus the order direction. The columns you can use for this are: `insert_instant` - the instant when the Audit Log was created `insert_user` - the user that create the Audit Log `message` - the message of the Audit Log For example, to order the results by the insert instant in a descending order, the value would be provided as `insert_instant DESC`. The final string is optional can be set to `ASC` or `DESC`.
search.start [Long] Optional	The start instant of the date/time range to search within.
search.startRow [Integer] Optional defaults to `0`	The offset row to return results from. If the search has 200 records in it and this is 50, it starts with row 50.
search.user [String] Optional	The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).

4.2. Response

The response for this API contains the Audit Logs matching the search criteria in paginated format.

Table 8. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you requested doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 9. Response Body
auditLogs [Array]	The list of Audit Logs returned by the search.
auditLogs`[x]`.data [Object]	Additional details of an audit log.
auditLogs`[x]`.data.newValue [String]	The new value of a changed object.
auditLogs`[x]`.data.oldValue [String]	The previous value of a changed object.
auditLogs`[x]`.data.reason [String]	The reason why the audit log was created.
auditLogs`[x]`.id [Long]	The Audit Log unique Id.
auditLogs`[x]`.insertInstant [Long]	The instant when the Audit Log was created.
auditLogs`[x]`.insertUser [String]	The user that created the Audit Log.
auditLogs`[x]`.message [String]	The message of the Audit Log.
total [Integer]	The total number of Audit Logs in the search. This can help with pagination.

Example JSON Response

{
  "auditLogs": [
    {
      "id": 1,
      "insertInstant": 1471786483322,
      "insertUser": "user@fusionauth.io",
      "message": "Audit Log 1"
    },
    {
      "id": 2,
      "insertInstant": 1471786489322,
      "insertUser": "user@fusionauth.io",
      "message": "Audit Log 2"
    },
    {
      "data": {
        "externalId": "_applicationA"
      },
      "newValue:": "{\"name\": \"bar\"}",
      "oldValue": "{\"name\": \"foo\"}",
      "reason": "Because I like to change things.",
      "id": 3,
      "insertInstant": 1471796483322,
      "insertUser": "user@fusionauth.io",
      "message": "Changed Application"
    }
  ],
  "total": 100
}

5. Export Audit Logs

Available Since Version 1.7.0

This API is used to export the Audit Logs, the response will be a compressed zip archive.

5.1. Request

Export the Audit Logs matching the criteria

URI

GET /api/system/audit-log/export?message={message}&start={start}&end={end}&user={user}

When calling the API using a GET request you will send the export criteria on the URL using request parameters. In order to simplify the example URL above, not every possible parameter is shown, however using the provided pattern you may add any of the documented request parameters to the URL.

Table 10. Request Parameters
dateTimeSecondsFormat [String] Optional defaults to [see description]	The format string used to format the date and time columns in the export result. When this parameter is omitted a default format of `M/d/yyyy hh:mm:ss a z` will be used. See the DateTimeFormatter patterns for additional examples.
end [Long] Optional	The end instant of the date/time range to search within.
message [String] Optional	The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).
start [Long] Optional	The start instant of the date/time range to search within.
user [String] Optional	The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).
zoneId [String] Optional defaults to [see description]	The time zone used to adjust the stored UTC time in the export result. For example: `America/Denver` or `US/Mountain` When this parameter is omitted the configured default report time zone will be used. See reportTimezone in the System Configuration API.

Export the Audit Logs matching the criteria

URI

POST /api/system/audit-log/export

When calling the API using a POST request you will send the export criteria in a JSON request body.

Table 11. Request Body
criteria.end [Long] Optional	The end instant of the date/time range to include in the export.
criteria.message [String] Optional	The string to search in the Audit Log message for. This can contain wildcards using the asterisk or percent characters (* or %).
criteria.start [Long] Optional	The start instant of the date/time range to include in the export.
criteria.user [String] Optional	The string to search in the Audit Log user for. This can contain wildcards using the asterisk or percent characters (* or %).
dateTimeSecondsFormat [String] Optional defaults to [see description]	The format string used to format the date and time columns in the export result. When this parameter is omitted a default format of `M/d/yyyy hh:mm:ss a z` will be used. See the DateTimeFormatter patterns for additional examples.
zoneId [String] Optional defaults to [see description]	The time zone used to adjust the stored UTC time in the export result. For example: `America/Denver` or `US/Mountain` When this parameter is omitted the configured default report time zone will be used. See reportTimezone in the System Configuration API.

5.2. Response

The response for this API will contain a compressed zip of the audit logs.

Table 12. Response Codes
Code	Description
200	The request was successful. The response will be a compressed archive byte stream with a `Content-Type` of `application/zip`.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you requested doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.