List Data Audit Events | Skyflow

Lists data audit events that match query parameters.

Authentication

AuthorizationBearer

Access token, prefixed by Bearer .

Query parameters

filterOps.context.changeIDstringOptional

ID for the audit event. Use this to uniquely identify a specific audit record.

filterOps.context.requestIDstringOptional

ID for the request that caused the event. Use to correlate multiple audit events triggered by a single API request.

filterOps.context.sessionIDstringOptional

ID for the session in which the request was sent. Present when a session context is available.

filterOps.context.actorstringOptional

Member who sent the request. Depending on actorType, this may be a user ID or a service account ID. For users this is their email address.

filterOps.context.actorTypeenumOptional

Type of member who sent the request.

Allowed values:

filterOps.context.accessTypeenumOptional

Type of access for the request.

Allowed values:

filterOps.context.ipAddressstringOptional

IP Address of the client that made the request.

filterOps.context.originstringOptional

HTTP Origin request header (including scheme, hostname, and port) of the request. Present only for browser-originated requests. Absent for server-to-server API calls.

filterOps.context.authModeenumOptional

Authentication mode the actor used. OKTA_JWT: Federated identity via Okta SSO. SERVICE_ACCOUNT_JWT: Service account JWT (machine-to-machine). PAT_JWT: Personal Access Token issued as a JWT. API_KEY: Static API key.

Allowed values:

filterOps.context.jwtIDstringOptional

ID of the JWT token (the jti claim). Identifies the specific token used for this request.

filterOps.context.bearerTokenContextIDstringOptional

User context embedded in the bearer token. Present when a bearer token encodes additional user context.

filterOps.parentAccountIDstringOptional

Resources with the specified parent account ID.

filterOps.accountIDstringRequired

filterOps.workspaceIDstringOptional

Resources with the specified workspace ID.

filterOps.vaultIDstringOptional

Resources with the specified vault ID.

filterOps.resourceIDsstringOptional

Resources with a specified ID. If a resource matches at least one ID, the associated event is returned. Format is a comma-separated list of “<resourceType>/<resourceID>”. For example, “VAULT/12345, USER/67890”.

Response

eventlist of objects

Events matching the query.

nextOpsobject

Errors

400

Bad Request Error

401

Unauthorized Error

404

Not Found Error

500

Internal Server Error

1	{
2	"event": [
3	{
4	"context": {
5	"changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d",
6	"requestID": "5a682b12-1a44-922b-a487-ab108f018cc4",
7	"traceID": "9f1707bd-3da0-4946-bf7a-ca99e7e12e5b",
8	"actor": "web31628f5a74bf7994459921c67eef8",
9	"actorType": "USER",
10	"accessType": "API",
11	"ipAddress": "27.116.16.50",
12	"authMode": "PAT_JWT",
13	"jwtID": "o82d1d5bcbf148eb890a937593321ff8",
14	"origin": "https://area51-beta.skyflow.dev",
15	"bearerTokenContextID": "bcf4b254-a415-4b3f-a8b9-0a1f02e52e18",
16	"keyID": "y72c0826fb1146b3bb8a0d48ab4d0653",
17	"sessionID": "cb598f8c-786e-48da-898d-830ec92417b7"
18	},
19	"response": {
20	"code": 200,
21	"message": "success",
22	"timestamp": "2023-06-27 14:01:14.271659365",
23	"data": {}
24	},
25	"accountID": "f244fg04bgh876qemk6c3a32256e2k90",
26	"parentAccountID": "b894gg34fbn866eabd6c2ce1457r4b45",
27	"request": {
28	"actionType": "READ",
29	"apiName": "/v1.QueryService/ExecuteQuery",
30	"data": {
31	"content": "select * from persons where skyflow_id=\"5b6c8110-58b3-4aa0-8b36-d2cfd5c7b259\""
32	},
33	"httpInfo": {
34	"URI": "/v1/vaults/cd1d815aa09b4cbfbb803bd20349f202/query",
35	"method": "POST"
36	},
37	"resourceType": "RECORD",
38	"tags": [
39	"dml"
40	],
41	"timestamp": "2023-06-27 14:01:14.264739714",
42	"vaultID": "cd1d815aa09b4cbfbb803bd20349f202",
43	"workspaceID": "e01054d5ff3411eab9f2360c405de1ab"
44	},
45	"resourceIDs": [
46	"ACCOUNT/f244fg04bgh876qemk6c3a32256e2k90",
47	"TABLE/persons",
48	"VAULT/cd1d815aa09b4cbfbb803bd20349f202"
49	]
50	}
51	],
52	"nextOps": {
53	"timestamp": "2023-06-27 14:01:14.264739714",
54	"changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d"
55	}
56	}

1	curl -G https://{{vault_uri}}.vault.skyflowapis.com/v1/audit/events \
2	-H "Authorization: Bearer <token>" \
3	-d filterOps.accountID=filterOps.accountID