Retrieve Audit Details

Retrieve all audit details for a specific audit type. This request supports optional parameters to narrow the results to a specified date and time within the past 30 days.

To export a full audit trail with the same formatting as exports you initiate in the UI, set all_dates to true, leave start_date and end_date blank, and set format_result to csv. When the job is complete, you will receive an email containing links to a zipped file for each year. You can export any audit_trail_type. Use the Retrieve Audit Types API to retrieve types available in your Vault. Note that you can only run a full audit export (all_dates = true) on each audit type once per day.

GET/api/{version}/audittrail/{audit_trail_type}

Headers

Name	Description
`Accept`	`application/json` (default)

URI Path Parameters

Name	Description
`{audit_trail_type}`	The name of the specified audit type (`document_audit_trail`, `object_audit_trail`, etc.)

Query Parameters

You can modify the request by using one or more of the following parameters:

Name	Description
`start_date`	Specify a start date to retrieve audit information. This date cannot be more than 30 days ago. Dates must be `YYYY-MM-DDTHH:MM:SSZ` format, for example, 7AM on January 15, 2016 would use `2016-01-15T07:00:00Z`. If omitted, defaults to the start of the previous day.
`end_date`	Specify an end date to retrieve audit information. This date cannot be more than 30 days ago. Dates must be `YYYY-MM-DDTHH:MM:SSZ` format, for example, 7AM on January 15, 2016 would use `2016-01-15T07:00:00Z`. If omitted, defaults to the current date and time.
`all_dates`	Set to `true` to request audit information for all dates. You must leave `start_date` and `end_date` blank when requesting an export of a full audit trail. You can only run a full audit export (`all_dates = true`) on each audit type once every 24 hours.
`format_result`	To request a downloadable CSV file of your audit details, use `csv`. The response contains a `jobId` to retrieve the job status, which contains a link to download the CSV file. If omitted, the API returns a JSON response and does not start a job. If `all_dates` is `true`, this parameter is required.
`limit`	Paginate the results by specifying the maximum number of histories per page in the response. This can be any value between `1` and `1000`. If omitted, defaults to `200`.
`offset`	Paginate the results displayed per page by specifying the amount of offset from the entry returned. For example, if you are viewing the first 50 results (page 1) and want to see the next page, set this to `offset=51`. If omitted, defaults to `0`.

Dates and times are in UTC. If the time is not specified, it will default to midnight (T00:00:00Z) on the specified date.

Request

curl -X GET -H "Authorization: {SESSION_ID}" \
https://myvault.veevavault.com/api/v22.1/audittrail/login_audit_trail

Response

{
    "responseDetails": {
        "offset": 0,
        "limit": 200,
        "size": 7,
        "total": 7,
        "object": {
            "name": "login_audit_trail",
            "label": "Login Audit Trail",
            "url": "/api/v22.1/metadata/audittrail/login_audit_trail"
        }
    },
    "data": [
        {
            "id": "152515375538",
            "timestamp": "2017-09-15T16:07:25Z",
            "user_name": "lgills@veepharm.com",
            "full_name": "Lateef Gills",
            "source_ip": "209.136.227.195",
            "type": "User Login",
            "status": "Success",
            "browser": "Unknown",
            "platform": "Unknown"
        },
        {
            "id": "152515371157",
            "timestamp": "2017-09-14T14:19:05Z",
            "user_name": "c.brandon@veepharm.com",
            "full_name": "Cody Brandon",
            "source_ip": "162.218.77.23",
            "type": "Enterprise Home Authentication",
            "status": "Success",
            "browser": "Chrome 60.0.3112.113",
            "platform": "Intel Mac OS X 10.12.6"
        }
    ],
    "responseStatus": "SUCCESS"
}

Response Details

On SUCCESS, the response lists all rows and fields for the specified audit trail type. For example:

Name	Description
`id`	The unique audit trail ID.
`timestamp`	Date and time that the action was performed.
`user_name`	Login name for the user who performed the action. This sometimes shows "System" to indicate the action was complete by Vault.
`full_name`	The full name of the user who performed the action.
`on_behalf_of`	If the action completed by `user_name` was representing a different user (such as through delegated access), this field is the delegating user’s user name. For example, in the case of “tibanez@veepharm.com on behalf of mmurray@veepharm.com,” the `user_name` is tibanez@veepharm.com who completed the action `on_behalf_of` mmurray@veepharm.com.

Note that Vault returns additional fields based on the specified audit type. Requesting a CSV file generates a job to prepare the file for download. On SUCCESS, the response includes the jobId with a link to the CSV file.

When you export a full audit trail (all_dates = true and format_result = csv,) the response does not include a link to the CSV file. You will instead receive an email when the job is complete. The email contains a download link for each year to Excel files (one file per month for the current year, one file per year for each previous year) of the audit trail.