Reading:
Audit API

Audit API

Matt Fellows
Updated

Following on from our work on SAML and Enterprise authentication, we've been extending the security and observability of our platform. Many of our regulated and enterprise customers need to have access to an immutable event trail for auditing purposes. Today, we are announcing the release of our Audit API.

Getting started

The API is available at /audit and provides a full audit trail of the system and user events for your Pactflow account, including (but not limited to) authentication, API + UI access and contract creation, updates and deletions.

curl -H "Authorization: Bearer <token>" http://<your broker>/audit | jq .
cURL command to get all audit events

Running the above command will respond with something like the following:

{
  "events": [
    {
      "uuid": "16WlpdLpDMzfMYxLTZYXYw",
      "timestamp": "2019-12-10T09:15:24.864+11:00",
      "type": "SaasBroker::Api::Resources::RegenerateApiToken",
      "db_user_id": 2,
      "user_email": "someuser@somecompany.com",
      "payload": {
        "path": "/settings/tokens/_UjhYvyyEjM9L2SgWd0qsw/regenerate",
        "queryString": "",
        "method": "POST",
        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
        "referer": "http://somebroker.pact.dius.com.au/settings/api-tokens",
        "params": {
          "resource_name": "regenerate_token",
          "token_uuid": "_UjhYvyyEjM9L2SgWd0qsw"
        }
      }
    },
    ...
  ],
  "_links": {
    "self": {
      "href": "http://somebroker.pact.dius.com.au/audit?from=zHO0xNcjUseyU6DsisadXw"
    },
    "next": {
      "href": "http://somebroker.pact.dius.com.au/audit?from=IlECUSbMLJLOy8gFbLLuIg"
    }
  }
}

All events are sorted in chronological order, and the API is paged. To fetch all events, you can simply iterate through each page using the next link, which uses the uuid of the next audit event as the page starting point.

Once you get to the end of the stream, the uuid of the last event you captured can be passed to the from parameter of the API to continue where you left off e.g. curl -H "Authorization: Bearer " http://<some broker>/audit?from=lastuuid.

NOTE: Calls to the audit API will also create a new audit record. So be wary of infinite loops!

Use Cases

The classic case we have observed is to collect and forward to a SOC (Security Operations Centre), such as Sumo Logic, Splunk or an ELK stack. From here, you can observe all activity on the platform, trace an issue or monitor usage.

Availability

The auditing feature is available now for all of our Business and Enterprise plans. Events are automatically expired after 90 days.

Introducing PactFlow’s new user experience
14 August 2024

Introducing PactFlow’s new user experience

Meet PactFlow's new UI - beautiful, simple, intuitive, and blazing fast, the new user experience is optimized around our recommended best practices.

2 min read

Level Up Your Workflow: New PactFlow UI (beta)!
26 July 2024

Level Up Your Workflow: New PactFlow UI (beta)!

PactFlow's new application-centric user interface is here.

1 min read

Integrate Deeper with our Developer API 🧿
22 November 2023

Integrate Deeper with our Developer API 🧿

Announcing the launch of PactFlow’s Developer API.

3 min read

arrow-up icon