Audit log
Learn how to keep track of all API calls made to the entity resources.
Monite keeps an audit log of all API calls made to entity resources, as well as the responses returned. Entity administrators and auditors can use the audit trail to understand which business objects were accessed, when, and by whom.
Access the audit trail
To get the audit log, call GET /audit_logs
. The request can be authenticated using either a partner access token or an entity user token. A partner access token provides access to the complete audit trail of that entity's business logic objects, whereas an entity user token provides access only to the events triggered by that entity user.
curl -X 'https://api.sandbox.monite.com/v1/audit_logs' \
-H 'X-Monite-Version: 2024-01-31' \
-H 'X-Monite-Entity-Id: ENTITY_ID' \
-H 'Authorization: Bearer ACCESS_TOKEN'
Parameters
You can filter the returned audit log events by using the following query parameters. If multiple filter parameters are provided, the filters are combined using logical AND
.
All parameters are optional.
Filter (query parameter) | Description |
---|---|
type | Possible values: * request - use to get only log entries with request data,* response - use to get only log entries with response data.If omitted, both request and response entries are returned. |
entity_user_id | Returns events triggered by the specified entity user. Note: This parameter has effect only if the request is authenticated with a partner access token. |
timestamp__gt | Returns events created after the specified date and time. Notes: * If no timestamp filters are provided, the date range defaults to the last 7 days.* The values of all timestamp filters must be in the ISO 8601 format and must include the time value. For example, 2022-05-31T15:00:00Z is valid but 2022-05-31 is not. |
timestamp__gte | Return events created on or after the specified date and time. |
timestamp__lt | Return events created before the specified date and time. |
timestamp__lte | Return events created on or before the specified date and time. |
path__contains | Filter events by the request URL (case-sensitive), without the domain part. For example: * path__contains=/v1/counterparts - Return only the events related to counterparts and their subresources (contacts, bank accounts, and others).* path__contains=/v1/payables/3f6c67f3-0d73-4bfd-b403-27f733dfd218 - Return the events related to the payable with ID 3f6c67f3-0d73-4bfd-b403-27f733dfd218.* path__contains=bank_accounts - Return the events related to entity bank accounts and counterpart bank accounts. |
method | Filter events by the request HTTP method. Possible values: GET, POST, PATCH, PUT, DELETE. |
status_code | Filter events by the response status code. Example: status_code=400 . |
Examples
-
Get events logged since June 1, 2023 UTC:
GET /audit_logs?timestamp__gte=2023-06-01T00:00:00Z
-
Get events logged between June 1 and 5, 2023 UTC, inclusively:
GET /audit_logs?timestamp__gte=2023-06-01T00:00:00Z×tamp__lt=2023-06-06T00:00:00Z
-
Get events related to the manual creation of payables:
GET /audit_log?path__contains=/v1/payables&method=POST
Pagination
The GET /audit_logs
endpoint supports pagination. The default page size is 100 entries but can be changed using the page_size
query parameter (1..100).
To paginate through the audit log:
-
Send the initial GET request with the desired filters and
page_size
. For example:GET /audit_log?type=receivables&page_size=10
-
Examine the response and note down the
next_pagination_token
. This token can be used to access the next page of the audit log. If thenext_pagination_token
value isnull
, it means the last page was reached.{ "data": [ { ... } ], "total_pages": 54, "total_logs": 532, "prev_pagination_token": null, "next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ=" }
-
Process the
data
contained in the response as needed. -
Call
GET /audit_logs
again with thepagination_token
query parameter containing thenext_pagination_token
value from the last response:
GET /audit_logs?pagination_token=bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ=
Note: There is no need to provide thepage_size
and filter parameters in subsequent requests because they are encoded in the pagination token. -
Repeat steps 2-4 until you reach the last page.
Audit log data
The data is returned in the JSON format.
{
"data": [
{
// Sample log entry that corresponds to a request
"id": "1e0870cb-368d-431f-bbae-545d9b1fa0e1",
"timestamp": "2023-05-31T21:33:42.321Z",
"entity_id": "e0c6e681-0080-4ec9-893a-8a4a061ab1dc",
"entity_user_id": "6523a913-a666-463d-a120-177a98f49aaa",
"type": "request",
"parent_log_id": null,
// Request data
"path": "/v1/payment_terms",
"method": "POST",
"params": null,
"content_type": "application/json",
"body": {
"name": "Net 30",
"term_final": {
"number_of_days": 30
}
},
"headers": {
"x-monite-version": "2024-01-31",
...
},
"status_code": 0
},
{ ... more items ... }
],
"total_pages": 54,
"total_logs": 532,
"prev_pagination_token": null,
"next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ="
}
Field | Description |
---|---|
body | JSON data send in the request body or response body. The value is null if the request or response did not have a body or had a non-JSON body. |
content_type | The Content-Type of the request or response. Example: application/json . |
entity_id | Entity ID. |
entity_user_id | The ID of the entity user who made the request, or 00000000-0000-0000-0000-000000000000 if the request was made with a partner-level token. |
headers | An object containing the request headers and their values, or null in case of response entries. Example:{ "host": "api.sandbox.monite.com", "x-monite-version": "2024-01-31", "accept": "*/*", ... } |
id | ID of the audit log entry. |
method | HTTP request method, for example, GET . |
params | Request query string (without the ? character), or null if the request did not use query parameters. Example:type=product&counterpart_id=5e4e1148-d746-42f3-bde0-f8434ec9548f |
parent_log_id | Unused. Always null . |
partner_id | Partner's client ID. |
path | Request URL without the domain part. Example: /v1/payables/3f6c67f3-0d73-4bfd-b403-27f733dfd218 . |
status_code | HTTP status code of the response, or 0 in entries with type = request . |
target_service | Reserved for internal use. |
timestamp | The date and time (in the ISO 8601 format) when this audit log entry was created. |
type | request or response |
Updated about 1 month ago