Search Audit Events

get

/admin/v1/AuditEvents

Request

Query Parameters
attributes
Type: string
A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
count
Type: number
OPTIONAL. An integer that indicates the desired maximum number of query results per page. 1000 is the largest value that you can use. See the Pagination section of the System for Cross-Domain Identity Management Protocol specification for more information. (Section 3.4.2.4).
filter
Type: string
OPTIONAL. The filter string that is used to request a subset of resources. See the Using the Filter Query Parameter section of the Query Parameters page in Get Started. The filter string MUST be a valid filter expression. See the Filtering section of the SCIM specification for more information (Section 3.4.2.2). The string should contain at least one condition that each item must match in order to be returned in the search results. Each condition specifies an attribute, an operator, and a value. Conditions within a filter can be connected by logical operators (such as AND and OR). Sets of conditions can be grouped together using parentheses.
sortBy
Type: string
OPTIONAL. A string that indicates the attribute whose value SHALL be used to order the returned responses. The sortBy attribute MUST be in standard attribute notation form. See the Attribute Notation section of the SCIM specification for more information (Section 3.10). Also, see the Sorting section of the SCIM specification for more information (Section 3.4.2.3).
sortOrder
Type: string
OPTIONAL. A string that indicates the order in which the sortBy parameter is applied. Allowed values are 'ascending' and 'descending'. See the Sorting section of the SCIM specification for more information (Section 3.4.2.3).
startIndex
Type: number
OPTIONAL. An integer that indicates the 1-based index of the first query result. See the Pagination section of the SCIM specification for more information. (Section 3.4.2.4). The number of results pages to return. The first page is 1. Specify 2 to access the second page of results, and so on.
Header Parameters
Authorization
Type: string
Required: true
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
RESOURCE_TYPE_SCHEMA_VERSION
Type: string
An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

Response

Supported Media Types
  • text/html
  • application/json
  • application/scim+json
200 Response
The request was successful.
Body
The SCIM protocol defines a standard set of query parameters that can be used to filter, sort, and paginate to return zero or more resources in a query response. Queries MAY be made against a single resource or a resource type endpoint (e.g., /Users), or the service provider Base URI.
Root Schema : AuditEvent-ListResponse
Type: object
The SCIM protocol defines a standard set of query parameters that can be used to filter, sort, and paginate to return zero or more resources in a query response. Queries MAY be made against a single resource or a resource type endpoint (e.g., /Users), or the service provider Base URI.
Nested Schema : Resources
Type: array
A multi-valued list of complex objects containing the requested resources. This MAY be a subset of the full set of resources if pagination is requested. REQUIRED if "totalResults" is non-zero.
Nested Schema : AuditEvent
Type: object
Audit event resource.
Nested Schema : idcsCreatedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: true
  • returned: default
  • type: complex
The User or App who created the Resource
Nested Schema : idcsLastModifiedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
The User or App who modified the Resource
Nested Schema : meta
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
400 Response
Bad or invalid request
Body
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
401 Response
The supplied credentials, if any, are not sufficient to access the resource.
Body
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
404 Response
The requested resource could not be found.
Body
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
500 Response
We couldn't return the representation due to an internal server error.
Body
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

Examples

The following example shows how to retrieve the existing audit events by submitting a GET request on the REST resource using cURL. For more information about cURL, see Use cURL.

cURL Command

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use.
curl
-X GET
-H "Content-Type:application/scim+json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/AuditEvents
To make date range queries using the AuditEvents endpoint, use the timestamp attribute. The timestamp attribute holds the date and time of an audit event that you can query using a filter, and then sort the results using sortBy and sortOrder. In the filter attribute, the date/time format must be <YYY-MM-DD>T<HH:MM:SS>Z. The Operator in the filter is standard SCIM. See Query Parameters for more information on available attribute operators. For Example:
https://<tenant-base-url>/admin/v1/AuditEvents?sortBy=timestamp&sortOrder=descending&filter=timestamp ge "2016-06-20T00:00:00Z" and timestamp le "2016-06-22T00:00:00Z”

Example of Response Body

The following example shows the contents of the response body in JSON format:

{
  "schemas": [
    "urn:scim:api:messages:2.0:ListResponse"
  ],
  "totalResults": 129,
  "Resources": [
    {
      "eventId": "admin.keystore.create.success",
      "adminResourceType": "KeyStore",
      "actorName": "sm",
      "actorDisplayName": "sm",
      "hostIp": "172.17.0.12",
      "adminResourceId": "364262116dcc45c289fbd88d2bfd4f64",
      "rId": "0:1:6:1",
      "timestamp": "Apr 17, 2016 7:33:26 PM UTC",
      "ecId": "K6u68120000000000",
      "adminResourceName": "OAuth_Client_Cert",
      "serviceName": "admin",
      "ssoAuthnLevel": 0,
      "hostName": "4df4072aace5",
      "clientId": "b8c9bcaf55fe4b1db2d69118918b527d",
      "actorId": "b8c9bcaf55fe4b1db2d69118918b527d",
      "adminValuesAdded": "{\"keyStoreName\":\"OAuth_Client_Cert\",\"map\":\"IDCSInternal\",\"isHsmProtected\":false,\"isPermissionProtected\":false,\"type\":\"KeyStore\",\"schemas\":[\"urn:ietf:params:scim:schemas:oracle:idcs:KeyStore\"],\"id\":\"364262116dcc45c289fbd88d2bfd4f64\"}",
      "id": "5852eec2fb2244cd9130a1930c1d7858",
      "meta": {
        "created": "Apr 17, 2016 7:33:26 PM UTC",
        "lastModified": "Apr 17, 2016 7:33:26 PM UTC",
        "resourceType": "AuditEvent",
        "location": "http://
<IDCS-Service-Instance>
/admin/v1/AuditEvents/5852eec2fb2244cd9130a1930c1d7858"
      },
      "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuditEvent"
      ]
    },
    {
      "eventId": "admin.approle.create.success",
      "adminResourceType": "AppRole",
      "actorName": "sm",
      "actorDisplayName": "sm",
      "adminAppRoleAppName": "IDCSApp",
      "hostIp": "172.17.0.12",
      "adminResourceId": "c13553e191fb43c49cecef7068ccf094",
      "rId": "0:1:6:1",
      "timestamp": "Apr 17, 2016 7:33:27 PM UTC",
      "ecId": "K6u68120000000000",
      "adminResourceName": "Application Administrator",
      "serviceName": "admin",
      "ssoAuthnLevel": 0,
      "hostName": "4df4072aace5",
      "clientId": "b8c9bcaf55fe4b1db2d69118918b527d",
      "actorId": "b8c9bcaf55fe4b1db2d69118918b527d",
      "adminValuesAdded": "{\"displayName\":\"Application Administrator\",\"adminRole\":true,\"availableToUsers\":true,\"availableToGroups\":true,\"availableToClients\":true,\"app\":{\"value\":\"IDCSAppId\",\"display\":\"IDCSApp\"},\"schemas\":[\"urn:ietf:params:scim:schemas:oracle:idcs:AppRole\"],\"idaasPreventedOperations\":[\"replace\",\"update\",\"delete\"],\"id\":\"c13553e191fb43c49cecef7068ccf094\",\"uniqueName\":\"IDCSAppId_Application Administrator\",\"public\":false}",
      "id": "69e05b7138b04442b63f8f8e1393f2a9",
      "meta": {
        "created": "Apr 17, 2016 7:33:27 PM UTC",
        "lastModified": "Apr 17, 2016 7:33:27 PM UTC",
        "resourceType": "AuditEvent",
        "location": "https://<tenant-base-url>/admin/v1/AuditEvents/69e05b7138b04442b63f8f8e1393f2a9"
      },
      "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuditEvent"
      ]
    }
  ],
  "startIndex": 1,
  "itemsPerPage": 50
}