Forum Discussion

stuart_vassey's avatar
7 years ago

Audit Log Enhancement for API Activity

Today, the audit log captures any changes that an API user makes, but doesn't record any activity if you are just making queries. It would be valuable to log all types of API calls to comprehensively monitor API user behavior. This could be done with one of the following:

1) A separate API-only audit log

2) Bundled with the existing audit log

3) The existing audit log could have an easy filter to hide API calls and reduce noise

  • 3) The existing audit log could have an easy filter to hide API calls and reduce noise

    this would be very helpfull to toggle it api, or non api.

    we commonly want to be checking API only or User only Logs.

  • Sarah_Terry's avatar
    Sarah_Terry
    Icon for Product Manager rankProduct Manager

    Hi @stuart.vassey - thanks posting. Follow up question: If we offered a way of monitoring API usage (in a granular way that exposed the number requests to resources by method & type) for users in your account, would you still want the GET requests logged in the audit log? 

  • I think that would help, @Sarah Terry. The main issue I'm trying to avoid is this: we recently went through and removed users with no recorded activity. Some of them ended up being API users that were heavily used, but "Last Action" date from the users screen was blank and there was no activity in the audit log.