Get All Audit Logs
Retrieves a paginated list of all audit logs in the system. Requires CanPurge authorization.
GET /authentication/audit-logs
Query Parameters
Page number for pagination
Number of records per page
Filter by specific action type (e.g., “Login”, “Logout”, “Register”)
Authorization
Bearer token with CanPurge permission
Response
Returns an array of audit log entries.
Unique identifier for the audit log entry
ID of the user associated with the action
Email address of the user
Type of action performed (Login, Logout, Register, etc.)
IP address from which the action originated
User agent string of the client
Additional details about the action
Status of the action (Success, Failed, etc.)
Error message if the action failed
ID of the resource affected by the action
Type of resource affected
Example Request
curl -X GET "https://api.example.com/authentication/audit-logs?pageNumber=1&pageSize=20&action=Login" \
-H "Authorization: Bearer YOUR_TOKEN"
Example Response
[
{
"id": 1,
"userId": "user123",
"userEmail": "[email protected]",
"action": "Login",
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"timestamp": "2024-03-15T10:30:00Z",
"details": "Successful login",
"status": "Success",
"errorMessage": null,
"resourceId": null,
"resourceType": null
},
{
"id": 2,
"userId": "user456",
"userEmail": "[email protected]",
"action": "LoginFailed",
"ipAddress": "192.168.1.101",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
"timestamp": "2024-03-15T10:25:00Z",
"details": "Invalid credentials",
"status": "Failed",
"errorMessage": "Invalid username or password",
"resourceId": null,
"resourceType": null
}
]
Get User Audit Logs
Retrieves audit logs for a specific user. Requires authentication.
GET /authentication/audit-logs/user/{userId}
Path Parameters
The unique identifier of the user
Query Parameters
Page number for pagination
Number of records per page
Authorization
Bearer token with valid authentication
Response
Returns an array of audit log entries for the specified user with the same structure as the Get All Audit Logs endpoint.
Example Request
curl -X GET "https://api.example.com/authentication/audit-logs/user/user123?pageNumber=1&pageSize=10" \
-H "Authorization: Bearer YOUR_TOKEN"
Example Response
[
{
"id": 15,
"userId": "user123",
"userEmail": "[email protected]",
"action": "Login",
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"timestamp": "2024-03-15T10:30:00Z",
"details": "Successful login with 2FA",
"status": "Success",
"errorMessage": null,
"resourceId": null,
"resourceType": null
},
{
"id": 14,
"userId": "user123",
"userEmail": "[email protected]",
"action": "TwoFactorEnabled",
"ipAddress": "192.168.1.100",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"timestamp": "2024-03-15T09:15:00Z",
"details": "Two-factor authentication enabled",
"status": "Success",
"errorMessage": null,
"resourceId": "user123",
"resourceType": "User"
}
]
Common Action Types
The following action types are tracked in audit logs:
- Authentication:
Login, LoginFailed, Logout, Register, PasswordChanged, PasswordReset
- Two-Factor:
TwoFactorEnabled, TwoFactorDisabled, TwoFactorValidated, TwoFactorFailed
- Token Management:
RefreshToken, TokenRevoked
- User Management:
UserCreated, UserUpdated, UserDeleted, UserActivated, UserDeactivated
- Role & Permissions:
RoleCreated, RoleUpdated, RoleDeleted, PermissionAssigned, PermissionRevoked
- Security:
SecurityAlert, Error
Error Responses
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
"title": "Unauthorized",
"status": 401,
"detail": "Authentication required"
}