Audit Logs

Full audit-level detail for every API request in a namespace — used for compliance audits, security investigations, and forensic analysis.

curl -X GET "https://<domain>/api/vault/namespace/reports/audit-details?start_date=2024-06-01+00:00:00&end_date=2024-06-01+23:59:59" \
  -H "Authorization: Bearer <ADMIN_USER_AUTH_KEY>"

{
  "data": [
    {
      "requested_method": "/unmask",
      "requested_user": "bob@company.com",
      "requested_time": "2024-06-01 02:14:09",
      "status": "success",
      "input_payload": { "unmask": [{ "value": "<PER>hSw8kAEB10</PER>" }] },
      "response": { "data": [{ "value": "George Williams" }] },
      "error_log": ""
    }
  ],
  "next_page_token": null,
  "success": true,
  "error": { "message": "" }
}

Provides full audit-level detail for every API request made in a namespace. This is the most detailed reporting endpoint and is typically used for compliance audits, security investigations, and forensic analysis.

Endpoint

Method	Endpoint
`GET`	`https://<domain>/api/vault/namespace/reports/audit-details`

Query parameters

query

start_datestring

Required

Start of the audit window. Format: YYYY-MM-DD HH:MM:SS.

query

end_datestring

Required

End of the audit window. Format: YYYY-MM-DD HH:MM:SS.

query

next_page_tokenstring

Pagination token for large result sets.

Response fields

requested_methodstring

Required

API called — /mask, /unmask, etc.

requested_userstring

Required

User ID or email of the caller.

requested_timestring

Required

Timestamp of the request.

statusstring

Required

success or failure.

input_payloadobject

Required

Full request payload submitted by the caller.

responseobject

Required

Full API response returned by Protecto.

error_logstring

Error details if the request failed.

Use cases

Use case	What to look for
Security investigation	`requested_user`, `requested_method`, `status`
Compliance audit	`requested_time`, `input_payload`, `response`
Incident forensics	Full request and response payloads
Unmask access review	`/unmask` calls filtered by user
Error root cause analysis	`status=failure`, `error_log`
Insider threat detection	Frequency of sensitive calls by a single user

Access notes

Role	Access
Namespace Admin	Full reporting and audit access
Regular User	No access
Trial User	No access

Audit logs include full request and response payloads, which may contain sensitive data. Always use pagination for large date ranges and avoid pulling large windows repeatedly.

Was this page helpful?

Last updated 3 weeks ago

Built with Documentation.AI