Audit log

Learn how to keep track of all API calls made to the entity resources.

Monite keeps an audit log of all API calls made to entity resources, as well as the responses returned. Entity administrators and auditors can use the audit trail to understand which business objects were accessed, when, and by whom.

Access the audit log

To get the audit log, call GET /audit_logs. The request can be authenticated using either a partner access token or an entity user token. A partner access token provides access to the complete audit trail of that entity’s business logic objects, whereas an entity user token provides access only to the events triggered by that entity user.

1curl -X 'https://api.sandbox.monite.com/v1/audit_logs' \
2 -H 'X-Monite-Version: 2024-01-31' \
3 -H 'X-Monite-Entity-Id: ENTITY_ID' \
4 -H 'Authorization: Bearer ACCESS_TOKEN'

Parameters

You can filter the returned audit log events by using the following query parameters. If multiple filter parameters are provided, the filters are combined using logical AND.

All parameters are optional.

Filter (query parameter)Description
type

Possible values:

  • request - use to get only log entries with request data,
  • response - use to get only log entries with response data.

If omitted, both request and response entries are returned.

entity_user_id

Returns events triggered by the specified entity user.

Note: This parameter has effect only if the request is authenticated with a partner access token.

timestamp__gt

Returns events created after the specified date and time.

Notes:

  • If no timestamp filters are provided, the date range defaults to the last 7 days.
  • The values of all timestamp filters must be in the ISO 8601 format and must include the time value. For example, 2022-05-31T15:00:00Z is valid but 2022-05-31 is not.
timestamp__gteReturn events created on or after the specified date and time.
timestamp__ltReturn events created before the specified date and time.
timestamp__lteReturn events created on or before the specified date and time.
path__contains

Filter events by the request URL (case-sensitive), without the domain part. For example:

  • path__contains=/v1/counterparts - Return only the events related to counterparts and their subresources (contacts, bank accounts, and others).
  • path__contains=/v1/payables/3f6c67f3-0d73-4bfd-b403-27f733dfd218 - Return the events related to the payable with ID 3f6c67f3-0d73-4bfd-b403-27f733dfd218.
  • path__contains=bank_accounts - Return the events related to entity bank accounts and counterpart bank accounts.
methodFilter events by the request HTTP method. Possible values: GET, POST, PATCH, PUT, DELETE.
status_codeFilter events by the response status code. Example: status_code=400.

Examples

  • Get events logged since June 1, 2023 UTC:

    GET /audit_logs?timestamp__gte=2023-06-01T00:00:00Z
  • Get events logged between June 1 and 5, 2023 UTC, inclusively:

    GET /audit_logs?timestamp__gte=2023-06-01T00:00:00Z&timestamp__lt=2023-06-06T00:00:00Z
  • Get events related to the manual creation of payables:

    GET /audit_log?path__contains=/v1/payables&method=POST

Pagination

The GET /audit_logs endpoint supports pagination. The default page size is 100 entries but can be changed using the page_size query parameter (1..100).

To paginate through the audit log:

  1. Send the initial GET request with the desired filters and page_size. For example:

    GET /audit_log?type=receivables&page_size=10
  2. Examine the response and note down the next_pagination_token. This token can be used to access the next page of the audit log. If the next_pagination_token value is null, it means the last page was reached.

    1{
    2 "data": [
    3 { ... }
    4 ],
    5 "total_pages": 54,
    6 "total_logs": 532,
    7 "prev_pagination_token": null,
    8 "next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ="
    9}
  3. Process the data contained in the response as needed.

  4. Call GET /audit_logs again with the pagination_token query parameter containing the next_pagination_token value from the last response:

    GET /audit_logs?pagination_token=bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ=

    There is no need to provide the page_size and filter parameters in subsequent requests because they are encoded in the pagination token.

  5. Repeat steps 2-4 until you reach the last page.

Audit log data

The data is returned in the JSON format.

1{
2 "data": [
3 {
4 // Sample log entry that corresponds to a request
5 "id": "1e0870cb-368d-431f-bbae-545d9b1fa0e1",
6 "timestamp": "2023-05-31T21:33:42.321Z",
7 "entity_id": "e0c6e681-0080-4ec9-893a-8a4a061ab1dc",
8 "entity_user_id": "6523a913-a666-463d-a120-177a98f49aaa",
9 "type": "request",
10 "parent_log_id": null,
11
12 // Request data
13 "path": "/v1/payment_terms",
14 "method": "POST",
15 "params": null,
16 "content_type": "application/json",
17 "body": {
18 "name": "Net 30",
19 "term_final": {
20 "number_of_days": 30
21 }
22 },
23 "headers": {
24 "x-monite-version": "2024-01-31",
25 ...
26 },
27 "status_code": 0
28 },
29 { ... more items ... }
30 ],
31 "total_pages": 54,
32 "total_logs": 532,
33 "prev_pagination_token": null,
34 "next_pagination_token": "bGltaXQ9MiZmaXJzdF9vaWQ9MSZuZXh0X3Rva2VuPTQ="
35}
FieldDescription
bodyJSON data send in the request body or response body. The value is null if the request or response did not have a body or had a non-JSON body.
content_typeThe Content-Type of the request or response. Example: application/json.
entity_idEntity ID.
entity_user_idThe ID of the entity user who made the request, or 00000000-0000-0000-0000-000000000000 if the request was made with a partner-level token.
headers

An object containing the request headers and their values, or null in case of response entries. Example:

1{
2 "host": "api.sandbox.monite.com",
3 "x-monite-version": "2024-01-31",
4 "accept": "*/*",
5 ...
6}
idID of the audit log entry.
methodHTTP request method, for example, GET.
paramsRequest query string (without the ? character), or null if the request did not use query parameters. Example: type=product&counterpart_id=5e4e1148-d746-42f3-bde0-f8434ec9548f
parent_log_idUnused. Always null.
partner_idPartner’s client ID.
pathRequest URL without the domain part. Example: /v1/payables/3f6c67f3-0d73-4bfd-b403-27f733dfd218
status_codeHTTP status code of the response, or 0 in entries with type = request.
target_serviceReserved for internal use.
timestampThe date and time (in the ISO 8601 format) when this audit log entry was created.
typerequest or response