Audits

Audits provides access to events emitted upon each action taken in your tenant, providing detailed access to what's happening in your tenant.

Download specification

List recent audit events

Retrieves list of events for subscribed services for your tenant. Stores events for 90 days, after which they can be accessed via /v1/audits/archive.

Facts

Rate limit Special (1000 requests per minute)
Categories manage

Header Parameters

  • Authorizationstring
    Required

    The JWT used for authentication. Send the JWT in the AuthRequest header using the Bearer schema.

Query Parameters

  • eventTimestring

    The start/end time interval formatted in ISO 8601 to search by eventTime. For example, "?eventTime=2021-07-14T18:41:15.00Z/2021-07-14T18:41:15.99Z".

    pattern = "YYYY-MM-DDThh:mm:ss.sssZ/YYYY-MM-DDThh:mm:ss.sssZ"

  • eventTypestring

    The case-sensitive string used to search by eventType. Retrieve a list of possible eventTypes with /v1/audits/types.

  • idstring

    The comma separated list of audit unique identifiers.

  • limitinteger

    The maximum number of resources to return for a request.

    minimum = 1, maximum = 100, default = 10, format = int64, default = 10

  • nextstring

    The cursor to the next page of resources. Provide either the next or prev cursor, but not both.

  • prevstring

    The cursor to the previous page of resources. Provide either the next or prev cursor, but not both.

  • sortstring

    The property of a resource to sort on (default sort is -eventTime). The supported properties are source, eventType, and eventTime. A property must be prefixed by + or - to indicate ascending or descending sort order respectively.

    default = "-eventTime"

  • sourcestring

    The case-sensitive string used to search by source. Retrieve a list of possible sources with /v1/audits/sources.

  • userIdstring

    The case-sensitive string used to search by userId.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • dataarray of objects

      List of audit items.

      Show data properties
      • idstring

        The resource item's unique identifier.

      • dataobject

        Additional information about the event's details. The structure depends on the type and version of the event.

      • linksobject
        Show links properties
        • selfobject
          Show self properties
          • hrefstring
      • sourcestring

        The source of the event message, usually the producing service.

      • userIdstring

        The ID of the user who performed the action that triggered the event.

      • eventIdstring

        The event's unique identifier.

      • tenantIdstring

        The ID of the tenant that owns the item. This is populated using the JWT.

      • eventTimestring

        The RFC3339 datetime when the event happened.

        format = "date-time"

      • eventTypestring

        The type of event that describes committed action.

      • extensionsobject

        The availability of the properties depends on the event and the context it was triggered in.

        Show extensions properties
        • actorobject

          Specifies the entity performing the action on behalf of another party listed as triggering the action.

          Show actor properties
          • substring

            Opaque value identifying impersonating entity.

          • subTypestring

            The type of the impersonating entity.
        • ownerIdstring

          Id of the owner of the resource affected by the eventContext.

        • spaceIdstring

          Id of the space related to the action performed on the eventContext.

        • updatesany

          Might be present if the action is of type "updated" and should contain information about the changes made to the resource.

        • topLevelResourceIdstring

          If the event originated from a sub resource the topLevelResourceId contains the id of the top level resource associated with the sub resource.
      • contentTypestring

        The type that content is encoded in, always "application/json".

      • eventTypeVersionstring

        The version of the event type.
    • linksobject
      Show links properties
      • nextobject
        Show next properties
        • hrefstring
      • prevobject
        Show prev properties
        • hrefstring
      • selfobject
        Show self properties
        • hrefstring

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

401

application/json

Not authorized.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring
GET /v1/audits 
curl "https://your-tenant.us.qlikcloud.com/api/v1/audits" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/audits',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik audit ls

Response

{
  "data": [
    {
      "id": "string",
      "data": {},
      "links": {
        "self": {
          "href": "string"
        }
      },
      "source": "string",
      "userId": "string",
      "eventId": "string",
      "tenantId": "string",
      "eventTime": "2018-10-30T07:06:22Z",
      "eventType": "string",
      "extensions": {
        "actor": {
          "sub": "string",
          "subType": "string"
        },
        "ownerId": "string",
        "spaceId": "string",
        "topLevelResourceId": "string"
      },
      "contentType": "string",
      "eventTypeVersion": "string"
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  }
}

Get a specific audit event

Finds and returns a specific audit events for the given event ID.

Facts

Rate limit Special (1000 requests per minute)
Categories manage

Header Parameters

  • Authorizationstring
    Required

    The JWT used for authentication. Send the JWT in the AuthRequest header using the Bearer schema.

Path Parameters

  • idstring
    Required

    The audit item's unique identifier.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • idstring

      The resource item's unique identifier.

    • dataobject

      Additional information about the event's details. The structure depends on the type and version of the event.

    • linksobject
      Show links properties
      • selfobject
        Show self properties
        • hrefstring
    • sourcestring

      The source of the event message, usually the producing service.

    • userIdstring

      The ID of the user who performed the action that triggered the event.

    • eventIdstring

      The event's unique identifier.

    • tenantIdstring

      The ID of the tenant that owns the item. This is populated using the JWT.

    • eventTimestring

      The RFC3339 datetime when the event happened.

      format = "date-time"

    • eventTypestring

      The type of event that describes committed action.

    • extensionsobject

      The availability of the properties depends on the event and the context it was triggered in.

      Show extensions properties
      • actorobject

        Specifies the entity performing the action on behalf of another party listed as triggering the action.

        Show actor properties
        • substring

          Opaque value identifying impersonating entity.

        • subTypestring

          The type of the impersonating entity.
      • ownerIdstring

        Id of the owner of the resource affected by the eventContext.

      • spaceIdstring

        Id of the space related to the action performed on the eventContext.

      • updatesany

        Might be present if the action is of type "updated" and should contain information about the changes made to the resource.

      • topLevelResourceIdstring

        If the event originated from a sub resource the topLevelResourceId contains the id of the top level resource associated with the sub resource.
    • contentTypestring

      The type that content is encoded in, always "application/json".

    • eventTypeVersionstring

      The version of the event type.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

401

application/json

Not authorized.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

404

application/json

Not Found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring
GET /v1/audits/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/audits/{id}" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/audits/{id}',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik audit get <auditId>

Response

{
  "id": "string",
  "data": {},
  "links": {
    "self": {
      "href": "string"
    }
  },
  "source": "string",
  "userId": "string",
  "eventId": "string",
  "tenantId": "string",
  "eventTime": "2018-10-30T07:06:22Z",
  "eventType": "string",
  "extensions": {
    "actor": {
      "sub": "string",
      "subType": "string"
    },
    "ownerId": "string",
    "spaceId": "string",
    "topLevelResourceId": "string"
  },
  "contentType": "string",
  "eventTypeVersion": "string"
}

List archived audit events

Retrieves audit events from long term storage. Finds and returns audit events from the archive, formatted as a JSON array, for the given date and tenant (in JWT). Archived events are not removed.

Facts

Rate limit Special (1000 requests per minute)
Categories manage

Header Parameters

  • Authorizationstring
    Required

    The JWT is used for authentication. Send the JWT in the AuthRequest header using the Bearer schema.

Query Parameters

  • datestring
    Required

    Date to be used as filter and criteria during extraction.

    pattern = "YYYY-MM-DD", format = "date"

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • dataarray of objects

      List of archived events. The structure of the events depend on their type and version.

      Show data properties
      • dataobject

        Additional information about the event's details. The structure depends on the type and version of the event.

      • sourcestring

        The source of the event message, usually the producing service.

      • userIdstring

        The ID of the user who performed the action that triggered the event.

      • eventIdstring

        The event's unique identifier.

      • tenantIdstring

        The ID of the tenant that owns the item. This is populated using the JWT.

      • eventTimestring

        The RFC3339 datetime when the event happened.

        format = "date-time"

      • eventTypestring

        The type of event that describes committed action.

      • extensionsobject

        The availability of the properties depends on the event and the context it was triggered in.

        Show extensions properties
        • actorobject

          Specifies the entity performing the action on behalf of another party listed as triggering the action.

          Show actor properties
          • substring

            Opaque value identifying impersonating entity.

          • subTypestring

            The type of the impersonating entity.
        • ownerIdstring

          Id of the owner of the resource affected by the eventContext.

        • spaceIdstring

          Id of the space related to the action performed on the eventContext.

        • updatesany

          Might be present if the action is of type "updated" and should contain information about the changes made to the resource.

        • topLevelResourceIdstring

          If the event originated from a sub resource the topLevelResourceId contains the id of the top level resource associated with the sub resource.
      • contentTypestring

        The type that content is encoded in, always "application/json".

      • eventTypeVersionstring

        The version of the event type.

400

application/json

Bad Request

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

401

application/json

Not authorized.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

404

application/json

Not Found

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring
GET /v1/audits/archive 
curl "https://your-tenant.us.qlikcloud.com/api/v1/audits/archive" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/audits/archive',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik audit archive

Response

{
  "data": [
    {
      "data": {},
      "source": "string",
      "userId": "string",
      "eventId": "string",
      "tenantId": "string",
      "eventTime": "2018-10-30T07:06:22Z",
      "eventType": "string",
      "extensions": {
        "actor": {
          "sub": "string",
          "subType": "string"
        },
        "ownerId": "string",
        "spaceId": "string",
        "topLevelResourceId": "string"
      },
      "contentType": "string",
      "eventTypeVersion": "string"
    }
  ]
}

Get server configuration options

Returns the server configuration options. It includes options that represent the server configuration state and parameters that were used to run the server with certain functionality.

Facts

Rate limit Special (1000 requests per minute)
Categories manage

Header Parameters

  • Authorizationstring
    Required

    The JWT used for authentication. Send the JWT in the AuthRequest header using the Bearer schema.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • dataobject

      Server configuration options.

      Show data properties
      • EventTTLinteger

        The events TTL in seconds.

      • ArchiveEnabledboolean

        Is Long Term Storage archiving enabled?.

401

application/json

Not authorized.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring
GET /v1/audits/settings 
curl "https://your-tenant.us.qlikcloud.com/api/v1/audits/settings" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/audits/settings',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik audit settings

Response

{
  "data": {
    "EventTTL": 42,
    "ArchiveEnabled": true
  }
}

List possible event sources

Finds and returns the list of possible event sources for this tenant.

Facts

Rate limit Special (1000 requests per minute)
Categories manage

Header Parameters

  • Authorizationstring
    Required

    The JWT used for authentication. Send the JWT in the AuthRequest header using the Bearer schema.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • dataarray of strings

      List of requested resources.

    • linksobject
      Show links properties
      • nextobject
        Show next properties
        • hrefstring
      • prevobject
        Show prev properties
        • hrefstring
      • selfobject
        Show self properties
        • hrefstring

401

application/json

Not authorized.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring
GET /v1/audits/sources 
curl "https://your-tenant.us.qlikcloud.com/api/v1/audits/sources" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/audits/sources',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik audit sources

Response

{
  "data": [
    "string"
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  }
}

List possible event types

Finds and returns the list of possible event types for this tenant.

Facts

Rate limit Special (1000 requests per minute)
Categories manage

Header Parameters

  • Authorizationstring
    Required

    The JWT used for authentication. Send the JWT in the AuthRequest header using the Bearer schema.

Responses

200

application/json

OK Response

  • application/jsonobject
    Show application/json properties
    • dataarray of strings

      List of requested resources.

    • linksobject
      Show links properties
      • nextobject
        Show next properties
        • hrefstring
      • prevobject
        Show prev properties
        • hrefstring
      • selfobject
        Show self properties
        • hrefstring

401

application/json

Not authorized.

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring

500

application/json

Internal Server Error

  • application/jsonobject
    Show application/json properties
    • errorsarray of objects
      Show errors properties
      • codestring
      • titlestring
      • detailstring
    • traceIdstring
GET /v1/audits/types 
curl "https://your-tenant.us.qlikcloud.com/api/v1/audits/types" \
-H "Authorization: Bearer <access_token>"
const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/audits/types',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
qlik audit types

Response

{
  "data": [
    "string"
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  }
}