Today, the audit log captures any changes that an API user makes, but doesn't record any activity if you are just making queries. It would be valuable to log all types of API calls to comprehensively monitor API user behavior. This could be done with one of the following:
1) A separate API-only audit log
2) Bundled with the existing audit log
3) The existing audit log could have an easy filter to hide API calls and reduce noise
3) The existing audit log could have an easy filter to hide API calls and reduce noise
this would be very helpfull to toggle it api, or non api.
we commonly want to be checking API only or User only Logs.
Product ManagerHi @stuart.vassey - thanks posting. Follow up question: If we offered a way of monitoring API usage (in a granular way that exposed the number requests to resources by method & type) for users in your account, would you still want the GET requests logged in the audit log?
I think that would help, @Sarah Terry. The main issue I'm trying to avoid is this: we recently went through and removed users with no recorded activity. Some of them ended up being API users that were heavily used, but "Last Action" date from the users screen was blank and there was no activity in the audit log.
Product ManagerThanks for the info @stuart.vassey and @Josh Selinger - we should be able to make some improvements to api records in the audit log to help with this.
