stuart.vassey

Audit Log Enhancement for API Activity

Recommended Posts

Today, the audit log captures any changes that an API user makes, but doesn't record any activity if you are just making queries. It would be valuable to log all types of API calls to comprehensively monitor API user behavior. This could be done with one of the following:

1) A separate API-only audit log

2) Bundled with the existing audit log

3) The existing audit log could have an easy filter to hide API calls and reduce noise

  • Upvote 1

Share this post


Link to post
Share on other sites

Hi @stuart.vassey - thanks posting. Follow up question: If we offered a way of monitoring API usage (in a granular way that exposed the number requests to resources by method & type) for users in your account, would you still want the GET requests logged in the audit log? 

Share this post


Link to post
Share on other sites

I think that would help, @Sarah Terry. The main issue I'm trying to avoid is this: we recently went through and removed users with no recorded activity. Some of them ended up being API users that were heavily used, but "Last Action" date from the users screen was blank and there was no activity in the audit log.

Share this post


Link to post
Share on other sites

3) The existing audit log could have an easy filter to hide API calls and reduce noise

this would be very helpfull to toggle it api, or non api.

we commonly want to be checking API only or User only Logs.

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.