Audit trails
This is the endpoint used to manage the audit trails.
Search Trails
Retrieve audit trails given a set of condition.
Note that audit trails can belong to a domain or to a document store. To specify which one we are looking for, we need to specify it through the header.
The document store trails are all generated by events related directly to actions that happen in a document store. Some examples of document store events are create document, search documents or download current version.
The domain trails are all generated by events that do not depend on a document store.
Currently, only authentication events apply to this category.
That is, create token and search trails.
Note however, that all the domain events are propagated to all document stores contained to which the user has access.
So, if a user makes a create token, the event will be registered both as a domain event and as document store event (only for document stores in which the user has access).
Finally, only users with appropriate access rights can search for audit trails. Note document stores and domains can have different access groups. Users that want to search in both document store and domain audit trails must be assigned the respective groups as RW.
|
We must set in the audit configuration the events that we would like to track. |
Parameters
HTTP Headers
HTTP headers allow pass additional information with the request or the response. BigContent headers are used for recurrent details like authentication or document store.
| Name | Example | Description |
|---|---|---|
|
If Domain: |
This operation can be performed either in a domain or in a document store. Only one of these headers can be sent |
|
|
Mandatory header of String type that authorizes you as the user with the right to execute this operation. The string is a Bearer Token returned from the operation create token |
|
|
The Content-Type entity header is used to indicate the media type of the resource.
In this case, it must be |
Body
As indicated by headers, the body of the http request must be a JSON object.
|
|
- Condition List
{
"conditions": [ (1)
{
"field": "objectId",
"operand": "eq",
"value": "qga8r5hsy9rw5weggf93lopa58"
}
],
"orderBy": {
"asc": true,
"fields": [
"date"
]
},
"limit": 5000
]
}| 1 | A least one valid condition is required |
| Field name | Possible values | Detail |
|---|---|---|
field |
|
The field of the audit trail to match. Note that when using id as field it refers to the identifier of the trail. objectId refers to the identifier of the object to which the event was applied (e.g. a document) |
|
Type of comparison that the search will apply.
If not specified, |
|
value |
Anything to search for |
The value we are looking for |
|
Even though |
| Operand | Detail |
|---|---|
|
The value needs to be exactly the same as the searched |
|
The value needs to be grater than the searched |
|
The value needs to be lower than the searched |
| Field name | Possible values | Detail |
|---|---|---|
asc |
Boolean ( |
|
fields |
List of |
The result will be ordered taking into account the values of those fields. If more than one is provided, it will order it by the first one. Then, all the documents with the same value for the first field will be ordered by the value of the second field. This process will continue until all the fields of the list have been taken into account |
| Field name | Possible values | Detail |
|---|---|---|
limit |
Integer (e.g. |
If |
|
|
Responses
Success
Successful responses can be easily identified being always 20x (e.g. 200, 201).
| Field | Example | Description |
|---|---|---|
Status code |
|
|
|
|
The Content-Type entity header is used to indicate the media type of the resource.
In this case, it must be |
Body |
A JSON array containing the audit events |
- JSON response
{
"values": [
{
"id": "i36hdw5g2ibjzh5tz2h5esiii4",
"documentStore": "invoice_store",
"date": "2018-07-09T14:50:07.826Z",
"authorizedUser": "john@company.com",
"accessUser": "john@company.com",
"spanId": "01b46bfb-8888-8888-8888-0b1e3312d7ea",
"event": "TOKEN_CREATE",
"objectId": "npq65fmipabopjknqbaknxaepe"
},
{
"id": "kjng95267tmxmz1kqo0137kdje",
"documentStore": "invoice_store",
"date": "2018-06-08T10:32:40.615Z",
"authorizedUser": "john@company.com",
"accessUser": "john@company.com",
"spanId": "01de9c54-8888-8888-8888-914dc1b9e88d",
"event": "DOCUMENT_CREATE",
"objectId": "5pzpftotinhmbhnlaj65nito64"
},
{
"id": "9m54y9y940143734yt81327468",
"documentStore": "invoice_store",
"date": "2018-06-08T10:35:11.332Z",
"authorizedUser": "john@company.com",
"accessUser": "john@company.com",
"spanId": "01de9c54-8888-8888-8888-914dc1b9e88d",
"event": "DOCUMENT_DELETE",
"objectId": "fotud8totinhmcinkej65nito64",
"ed": {
"deleteType": "metadata_deletion"
}
}
],
"size": 3
}| Name | Value | Detail |
|---|---|---|
values |
JSON array of events |
List of events that apply the conditions of the search |
size |
3 |
Number of elements in the JSON array |
| Name | Value | Detail |
|---|---|---|
id |
|
Event identifier |
documentStore |
|
The document store in which the event took place |
date |
|
The date at which the event took place. The format we follow is yyyy-MM-ddTHH:mm:ss.SSSZ. The "T" is used to separate date and time, and the Z is the zone designator for the zero UTC offset |
authorizedUser |
|
User who performed the operation |
accessUser |
|
User who performed the operation |
spanId |
|
Id to track operations |
event |
|
Name of the event |
objectId |
|
Id of the object in which the operation was performed |
extended |
|
A JSON that holds extra information about the event. See extended details table below. |
Here is the list of events that record additional information in the extended field.
| Event | Extended fields | Extended details |
|---|---|---|
|
|
The deletion type applied. |
|
|
Version being downloaded in the format |
|
|
Version being created in the format |
|
|
Version being updated (overridden) in the format |
|
|
Version being deleted in the format |
|
|
Always |
|
|
Version being retrieved in the format |
|
|
Version being updated as current in the format |
|
|
Original JSON sent with the search conditions. |
|
|
Only when specified in the request.
Version being associated with the generated link in the format |
Error
In case of error, the response body contains a JSON object with additional information:
-
span-id: auto-generated identifier of the request. Please provide this when asking for support in our forum. -
message: descriptive message of the error. This is aimed for developers and is specially important forBad Requesterrors., where contains hints on how to fix the request.Error messages should not be used to validate errors since they may be subject to change.
{
"span-id" : "7eb38962-2618-85f9-brte-4f15f6729590",
"message" : "No match found for the Id"
}| Status code | Message | Description |
|---|---|---|
400 |
|
The field conditions of the body request is mandatory |
400 |
|
The JSON body has a bad structure. Message points where is the problem with line and column numbers as well as what is the problem (e.g. double "{", or a missing ",", …) |
400 |
|
The encoding used to send the object was not |
401 |
|
Has passed more than an hour since the last create token or refresh token operation |
401 |
|
The token sent is not valid |
401 |
|
An empty token has been sent |
401 |
|
The header indicating the document store that you want to access, must be set |
415 |
|
The Content-Type header is not correctly set |
500 |
|
If it happens consistently, please report it on our forum |
Code examples
curl "https://api.everisbigcontent.com/edms/audit/v1/trails/search/" \
-X POST \
-H "Authorization: Bearer ha9r6DG4e5AQ84gferAd8EQ..." \
-H "Document-Store: invoice_store" \
-H 'Content-Type: application/json' \
-d '{"conditions": [{ "field": "name", "value":"DOCUMENT_CREATE"}]}import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
String url = "https://api.everisbigcontent.com/edms/audit/v1/trails/search";
String token = "Bearer ha9r6DG4e5AQ84gferAd8EQ...";
String documentStore = "invoice_store";
HttpPost post = new HttpPost(url);
post.setHeader("Authorization", token);
post.setHeader("Document-Store", documentStore);
StringEntity json = new StringEntity("{\"conditions\": [{ \"field\": \"name\", \"value\":\"DOCUMENT_CREATE\"}]}");
json.setContentType(ContentType.APPLICATION_JSON.toString());
post.setEntity(json);
CloseableHttpClient client = HttpClients.createDefault();
CloseableHttpResponse execute = client.execute(post);
HttpEntity entity = execute.getEntity();
String jsonResponse = EntityUtils.toString(entity, StandardCharsets.UTF_8);var request = require('request');
var token = "Bearer ha9r6DG4e5AQ84gferAd8EQ...";
var documentStore = "invoice_store";
request.post({
headers: {
"Authorization": token,
"Document-Store": documentStore
},
url: "https://api.everisbigcontent.com/edms/audit/v1/trails/search",
json : {"conditions": [{ "field": "name", "value":"DOCUMENT_CREATE"}]}
}, function(error, response, body){
console.log(body);
});Query examples
- By document Id
{
"conditions": [
{
"field": "objectId",
"operand": "eq",
"value": "qga8r5hsy9rw5weggf93lopa58"
}
]
}This returns all the trails that happened to the document specified since its creation.
- By event
{
"conditions": [
{
"field": "name",
"operand": "eq",
"value": "DOCUMENT_CREATE"
}
]
}This returns all the create document trails.
- By trail Id
{
"conditions": [
{
"field": "id",
"operand": "eq",
"value": "i36hdw5g2ibjzh5tz2h5esiii4"
}
]
}This returns the trail with the specified id.
- By date range
Dates
{
"conditions": [
{
"field": "date",
"value":"2018-11-09T11:30:00.000Z",
"operand": "gt"
},
{
"field": "date",
"value":"2018-11-09T11:35:00.000Z",
"operand": "lt"
}
]
}This will return all the trails that happened between 2018-11-09T11:30:00.000Z and 2018-11-09T11:35:00.000Z.