Audit events#

Method

GET https://login.company.com/blitz/api/v3/users/{subjectId}/audit

Retrieving a list of security events registered to the user’s account.

Required permissions: blitz_api_uaud or blitz_api_sys_uaud.

URL parameters

  • rql is a request to filter the output information in the format Resource Query Language (RQL). Filtering by the attribute ts (time of the event) is supported.

    Operations:

    • and - simultaneous execution of search conditions;

    • le – checking the condition “less than or equal to”;

    • ge – checking the condition “greater than or equal to”;

    • limit – a limit on the number of records to be returned.

  • ua – the required type of output of information about the UserAgent (attribute ua). Options:

    • none – not to return the UserAgent;

    • parsed – return the UserAgent in disassembled form (separate browser and operating system with their versions);

    If the ua parameter is omitted, then UserAgent (the ua attribute) will be returned simply as a string.

Returns

JSON containing a list of account audit events for the specified time period.

Examples

Without parsing information about UserAgent
GET /blitz/api/v3/users/d2580c98‑e584‑4aad‑a591‑97a8cf45cd2a/audit?rql=and(ge(ts,1637230238),le(ts,1637250238),limit(2)) HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Cache-Control: no-cache

[
    {
        "sbj": "af583e70-fe39-407d-a87e-06cd0ec1830c",
        "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) …",
        "ts": 1637250238015,
        "cAthM": "Basic",
        "ipCt": "Москва",
        "ipRad": 20,
        "cId": "test_app",
        "ip": 1406987879,
        "obj": "af583e70-fe39-407d-a87e-06cd0ec1830c",
        "ipSt": "Москва",
        "lpId": "test_app",
        "pid": "ddeebaba-2dc3-41bb-b539-7f0e472414a3",
        "ipLat": 55.7483,
        "prms": {
            "used_login": "test@yandex.ru",
            "auth_methods": "password",
            "authnDone": "true",
            "id_store": "389-ds"
        },
        "type": "login",
        "ipCtr": "Россия",
        "proc": "profile",
        "ipLng": 37.6171,
        "sid": "54914ac3-0d39-40d3-9617-92e0e7fe07ab"
    }
]
With parsing information about UserAgent
GET /blitz/api/v3/users/d2580c98‑e584‑4aad‑a591‑97a8cf45cd2a/audit?rql=and(ge(ts,1637230238),le(ts,1637250238),limit(2))&ua=parsed HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Cache-Control: no-cache

[
    {
        "sbj": "af583e70-fe39-407d-a87e-06cd0ec1830c",
        "ua": {
            "broName": "Chrome",
            "broVer": "109",
            "deviceType": "pc",
            "raw": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) …",
            "osName": "macOS",
            "osVer": "10.15.7"
        },
        "ts": 1637250238015,
        "cAthM": "Basic",
        "ipCt": "Москва",
        "ipRad": 20,
        "cId": "test_app",
        "ip": 1406987879,
        "obj": "af583e70-fe39-407d-a87e-06cd0ec1830c",
        "ipSt": "Москва",
        "lpId": "test_app",
        "pid": "ddeebaba-2dc3-41bb-b539-7f0e472414a3",
        "ipLat": 55.7483,
        "prms": {
            "used_login": "test@yandex.ru",
            "auth_methods": "password",
            "authnDone": "true",
            "id_store": "389-ds"
        },
        "type": "login",
        "ipCtr": "Россия",
        "proc": "profile",
        "ipLng": 37.6171,
        "sid": "54914ac3-0d39-40d3-9617-92e0e7fe07ab"
    }
]