Audit log — Monite Documentation

Monite keeps an audit log of all API calls made to entity resources, as well as the responses returned. Entity administrators and auditors can use the audit trail to understand which business objects were accessed, when, and by whom.

Access the audit log

To get the audit log, call GET /audit_logs. The request can be authenticated using either a partner access token or an entity user token. A partner access token provides access to the complete audit trail of that entity’s business logic objects, whereas an entity user token provides access only to the events triggered by that entity user.

1 curl -X 'https://api.sandbox.monite.com/v1/audit_logs' \
2      -H 'X-Monite-Version: 2024-01-31' \
3      -H 'X-Monite-Entity-Id: ENTITY_ID' \
4      -H 'Authorization: Bearer ACCESS_TOKEN'

Parameters

You can filter the returned audit log events by using the following query parameters. If multiple filter parameters are provided, the filters are combined using logical AND.

All parameters are optional.

Filter (query parameter)	Description
`type`	Possible values: `request` - use to get only log entries with request data, `response` - use to get only log entries with response data. If omitted, both request and response entries are returned.
`entity_user_id`	Returns events triggered by the specified entity user. Note: This parameter has effect only if the request is authenticated with a partner access token.
`timestamp__gt`	Returns events created after the specified date and time. Notes: If no `timestamp` filters are provided, the date range defaults to the last 7 days. The values of all `timestamp` filters must be in the ISO 8601 format and must include the time value. For example, `2022-05-31T15:00:00Z` is valid but `2022-05-31` is not.
`timestamp__gte`	Return events created on or after the specified date and time.
`timestamp__lt`	Return events created before the specified date and time.
`timestamp__lte`	Return events created on or before the specified date and time.
`path__contains`	Filter events by the request URL (case-sensitive), without the domain part. For example: `path__contains=/v1/counterparts` - Return only the events related to counterparts and their subresources (contacts, bank accounts, and others). `path__contains=/v1/payables/3f6c67f3-0d73-4bfd-b403-27f733dfd218` - Return the events related to the payable with ID 3f6c67f3-0d73-4bfd-b403-27f733dfd218. `path__contains=bank_accounts` - Return the events related to entity bank accounts and counterpart bank accounts.
`method`	Filter events by the request HTTP method. Possible values: GET, POST, PATCH, PUT, DELETE.
`status_code`	Filter events by the response status code. Example: `status_code=400`.

Examples

Get events logged since June 1, 2023 UTC:

GET /audit_logs?timestamp__gte=2023-06-01T00:00:00Z

Get events logged between June 1 and 5, 2023 UTC, inclusively:

GET /audit_logs?timestamp__gte=2023-06-01T00:00:00Z&timestamp__lt=2023-06-06T00:00:00Z

Get events related to the manual creation of payables:

GET /audit_log?path__contains=/v1/payables&method=POST

Pagination

The GET /audit_logs endpoint supports pagination. The default page size is 100 entries but can be changed using the page_size query parameter (1..100).

To paginate through the audit log:

Send the initial GET request with the desired filters and page_size. For example:

GET /audit_log?type=receivables&page_size=10

Examine the response and note down the next_pagination_token. This token can be used to access the next page of the audit log. If the next_pagination_token value is null, it means the last page was reached.

1 {
2   "data": [
3     { ... }
4   ],
5   "total_pages": 54,
6   "total_logs": 532,
7   "prev_pagination_token": null,
8   "next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ="
9 }

Process the data contained in the response as needed.
Call GET /audit_logs again with the pagination_token query parameter containing the next_pagination_token value from the last response:
```
GET /audit_logs?pagination_token=bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ=
```
There is no need to provide the page_size and filter parameters in subsequent requests because they are encoded in the pagination token.
Repeat steps 2-4 until you reach the last page.

Audit log data

The data is returned in the JSON format.

1 {
2   "data": [
3     {
4       // Sample log entry that corresponds to a request
5       "id": "1e0870cb-368d-431f-bbae-545d9b1fa0e1",
6       "timestamp": "2023-05-31T21:33:42.321Z",
7       "entity_id": "e0c6e681-0080-4ec9-893a-8a4a061ab1dc",
8       "entity_user_id": "6523a913-a666-463d-a120-177a98f49aaa",
9       "type": "request",
10       "parent_log_id": null,
11 
12       // Request data
13       "path": "/v1/payment_terms",
14       "method": "POST",
15       "params": null,
16       "content_type": "application/json",
17       "body": {
18         "name": "Net 30",
19         "term_final": {
20           "number_of_days": 30
21         }
22       },
23       "headers": {
24         "x-monite-version": "2024-01-31",
25         ...
26       },
27       "status_code": 0
28     },
29     { ... more items ... }
30   ],
31   "total_pages": 54,
32   "total_logs": 532,
33   "prev_pagination_token": null,
34   "next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ="
35 }

Field Description

body JSON data send in the request body or response body. The value is null if the request or response did not have a body or had a non-JSON body.

content_type The Content-Type of the request or response. Example: application/json.

entity_id Entity ID.

entity_user_id The ID of the entity user who made the request, or 00000000-0000-0000-0000-000000000000 if the request was made with a partner-level token.

headers

An object containing the request headers and their values, or null in case of response entries. Example:

1 {
2   "host": "api.sandbox.monite.com",
3   "x-monite-version": "2024-01-31",
4   "accept": "*/*",
5   ...
6 }

id ID of the audit log entry.

method HTTP request method, for example, GET.

params Request query string (without the ? character), or null if the request did not use query parameters. Example: type=product&counterpart_id=5e4e1148-d746-42f3-bde0-f8434ec9548f

parent_log_id Unused. Always null.

partner_id Partner’s client ID.

path Request URL without the domain part. Example: /v1/payables/3f6c67f3-0d73-4bfd-b403-27f733dfd218

status_code HTTP status code of the response, or 0 in entries with type = request.

target_service Reserved for internal use.

timestamp The date and time (in the ISO 8601 format) when this audit log entry was created.

type request or response

1	curl -X 'https://api.sandbox.monite.com/v1/audit_logs' \
2	-H 'X-Monite-Version: 2024-01-31' \
3	-H 'X-Monite-Entity-Id: ENTITY_ID' \
4	-H 'Authorization: Bearer ACCESS_TOKEN'

1	{
2	"data": [
3	{ ... }
4	],
5	"total_pages": 54,
6	"total_logs": 532,
7	"prev_pagination_token": null,
8	"next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ="
9	}

1	{
2	"data": [
3	{
4	// Sample log entry that corresponds to a request
5	"id": "1e0870cb-368d-431f-bbae-545d9b1fa0e1",
6	"timestamp": "2023-05-31T21:33:42.321Z",
7	"entity_id": "e0c6e681-0080-4ec9-893a-8a4a061ab1dc",
8	"entity_user_id": "6523a913-a666-463d-a120-177a98f49aaa",
9	"type": "request",
10	"parent_log_id": null,
11
12	// Request data
13	"path": "/v1/payment_terms",
14	"method": "POST",
15	"params": null,
16	"content_type": "application/json",
17	"body": {
18	"name": "Net 30",
19	"term_final": {
20	"number_of_days": 30
21	}
22	},
23	"headers": {
24	"x-monite-version": "2024-01-31",
25	...
26	},
27	"status_code": 0
28	},
29	{ ... more items ... }
30	],
31	"total_pages": 54,
32	"total_logs": 532,
33	"prev_pagination_token": null,
34	"next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ="
35	}