Company requirements dictate that inactive users need to be removed from systems after 60 days. I have been try to look at scripting this, but I am unable to access user audits via the management api...
on this page an api is described to get user audit history:
http://docs.apigee.com/api/audits-0
following that link leads to an access denied page:
http://docs.apigee.com/management/apis/get/audits/organizations/%7Borg_name%7D/users
If I try to use that api on my on-prem (17.01) instance the response is always and only
curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/USERMEAIL?expand=true { "auditRecord" : [ ] }
* I am able to get org audit entries, just not user..
curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME?expand=true
Can anyone help with why this audit API is not working? Or offer another suggestion on how to audit user inactivity (possibly ZK/CS queries?)
please retry ... I validated the page is working now. http://docs.apigee.com/api/audits-0
sorry I think my wording was unclear.
I can access this page: http://docs.apigee.com/api/audits-0
BUT on that page under the 'Lists audit entries for a user in an organization' section is a detail buitton. When I click the detail button it takes me to: http://docs.apigee.com/management/apis/get/audits/organizations/%7Borg_name%7D/users
Where I am getting the access denied (and still getting it)
yes, that link works AND I am able to get audit data back with that endpoint, but it is for developers not Edge users which I am looking for.
ok your curl also has an error - curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/USERMEAIL?expand=true
should be - curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/USEREMAIL?expand=true
also - http://docs.apigee.com/management/apis/get/audits/organizations/%7Borg_name%7D/users is only for those running our Private Cloud version of Apigee. You need sysadmin privileges in order to execute this call.
We are running private cloud and are on version 14.17.01
I am running the call as sysadmin user. The response shows: status 200 OK
but the response is
{
"auditRecord": []
}
does - curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/{user_email}?expand=true also just return 200 ok ?
Yes, it is a 200 OK with an empty audit record
$ curl -u {sysadmin}:{pwd} https://{mgmtapi}/v1/audits/organizations/{org}/users/sam.maniscalco@{domain}.com?expand=true
{
"auditRecord" : [ ]
}
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |