User sessions
Events emitted when user sessions begin or end in a Qlik Cloud tenant. These events enable monitoring of user authentication events for security and audit purposes.
These events are available for consumption via:
Published when a user session is created.
Payload
object- idstringRequired
Identifies the event.
- timestring
Timestamp of when the occurrence happened. Must adhere to RFC 3339.
- typestringRequired
The type of event.
- sourcestringRequired
Identifies the context in which an event happened.
- specversionstringRequired
The version of the CloudEvents specification which the event uses.
- datacontenttypestring
Content type of the data value. Must adhere to RFC 2046 format.
- useridstring
Unique identifier for the user triggering the event.
- authtypestring
The type of principal that triggered the occurrence.
- originipstring
Origin IP address.
- tenantidstringRequired
Unique identifier for the tenant related to the event.
- sessionidstring
Unique identifier for the session related to the event.
- authclaimsstring
A JSON string representing claims of the principal that triggered the event
- dataobjectRequired
Data specific to the user session begin event.
data properties
- idpIdstring
Identifier of the identity provider through which the session was initiated.
nullif user logged in using Qlik Account. - sourcestring
The source of the event.
Can be one of: "com.qlik/edge-auth"
- subjectstring
User's subject in our DB.
- recoveryboolean
Whether the session is part of a recovery login.
- userTypestring
The user's type, only specified for anonymous users.
Can be one of: "anonymous"
-
com.qlik.user-session.begin
Example payload of the "Session begin" event
{ "id": "A234-1234-1234", "time": "2026-01-01T12:00:00Z", "type": "com.qlik.user-session.begin", "source": "com.qlik/my-service", "specversion": "1.0", "datacontenttype": "application/json", "userid": "605a18af2ab08cdbfad09259", "authtype": "service_account", "originip": "0.0.0.0", "tenantid": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69", "sessionid": "WZhiEfgW2bLd7HgR-jjzAh6VnicipweT", "authclaims": "{\\\"iss\\\":\\\"qlik.api.internal/service\\\",\\\"sub\\\":\\\"service\\\",\\\"subType\\\":\\\"service\\\"}", "data": { "idpId": "661d627cef218789bbd67cc9", "source": "com.qlik/edge-auth", "subject": "auth0\\foo", "recovery": false }}Published when a user session ends.
Payload
object- idstringRequired
Identifies the event.
- timestring
Timestamp of when the occurrence happened. Must adhere to RFC 3339.
- typestringRequired
The type of event.
- sourcestringRequired
Identifies the context in which an event happened.
- specversionstringRequired
The version of the CloudEvents specification which the event uses.
- datacontenttypestring
Content type of the data value. Must adhere to RFC 2046 format.
- useridstring
Unique identifier for the user triggering the event.
- authtypestring
The type of principal that triggered the occurrence.
- originipstring
Origin IP address.
- tenantidstringRequired
Unique identifier for the tenant related to the event.
- sessionidstring
Unique identifier for the session related to the event.
- authclaimsstring
A JSON string representing claims of the principal that triggered the event
- dataobjectRequired
Data specific to the user session end event.
data properties
- subjectstring
User's subject in our DB.
-
com.qlik.user-session.end
Example payload of the "Session end" event
{ "id": "A234-1234-1234", "time": "2026-01-01T12:00:00Z", "type": "com.qlik.user-session.end", "source": "com.qlik/my-service", "specversion": "1.0", "datacontenttype": "application/json", "userid": "605a18af2ab08cdbfad09259", "authtype": "service_account", "originip": "0.0.0.0", "tenantid": "TiQ8GPVr8qI714Lp5ChAAFFaU24MJy69", "sessionid": "WZhiEfgW2bLd7HgR-jjzAh6VnicipweT", "authclaims": "{\\\"iss\\\":\\\"qlik.api.internal/service\\\",\\\"sub\\\":\\\"service\\\",\\\"subType\\\":\\\"service\\\"}", "data": { "subject": "auth0\\foo" }}