This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Edge User Audit - inactive Users

Posted on 07-26-2017 06:40 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Company requirements dictate that inactive users need to be removed from systems after 60 days. I have been try to look at scripting this, but I am unable to access user audits via the management api...

on this page an api is described to get user audit history:

http://docs.apigee.com/api/audits-0

following that link leads to an access denied page:

http://docs.apigee.com/management/apis/get/audits/organizations/%7Borg_name%7D/users

If I try to use that api on my on-prem (17.01) instance the response is always and only

curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/USERMEAIL?expand=true 
{
    "auditRecord" : [ ]
}

* I am able to get org audit entries, just not user..

curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME?expand=true

Can anyone help with why this audit API is not working? Or offer another suggestion on how to audit user inactivity (possibly ZK/CS queries?)

0 10 552
Topic Labels
0 Likes
10 REPLIES 10

Posted on --/--/---- --:-- AM
cmbrown
Staff
Reply posted on --/--/---- --:-- AM

please retry ... I validated the page is working now. http://docs.apigee.com/api/audits-0

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to cmbrown
Reply posted on --/--/---- --:-- AM

sorry I think my wording was unclear.
I can access this page: http://docs.apigee.com/api/audits-0

BUT on that page under the 'Lists audit entries for a user in an organization' section is a detail buitton. When I click the detail button it takes me to: http://docs.apigee.com/management/apis/get/audits/organizations/%7Borg_name%7D/users

Where I am getting the access denied (and still getting it)

0 Likes

Posted on --/--/---- --:-- AM
cmbrown
Staff
In response to cmbrown
Reply posted on --/--/---- --:-- AM

http://docs.apigee.com/management/apis/get/audits/organizations/%7Borg_name%7D/developers - try this one

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to cmbrown
Reply posted on --/--/---- --:-- AM

yes, that link works AND I am able to get audit data back with that endpoint, but it is for developers not Edge users which I am looking for.

0 Likes

Posted on --/--/---- --:-- AM
cmbrown
Staff
In response to
Reply posted on --/--/---- --:-- AM

ok your curl also has an error - curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/USERMEAIL?expand=true

should be - curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/USEREMAIL?expand=true

0 Likes

Posted on --/--/---- --:-- AM
cmbrown
Staff
In response to cmbrown
Reply posted on --/--/---- --:-- AM

also - http://docs.apigee.com/management/apis/get/audits/organizations/%7Borg_name%7D/users is only for those running our Private Cloud version of Apigee. You need sysadmin privileges in order to execute this call.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to cmbrown
Reply posted on --/--/---- --:-- AM

We are running private cloud and are on version 14.17.01

I am running the call as sysadmin user. The response shows: status 200 OK
but the response is 

{
  "auditRecord": []
}
0 Likes

Posted on --/--/---- --:-- AM
cmbrown
Staff
In response to
Reply posted on --/--/---- --:-- AM

does - curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/{user_email}?expand=true also just return 200 ok ?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to cmbrown
Reply posted on --/--/---- --:-- AM

Yes, it is a 200 OK with an empty audit record

$ curl -u {sysadmin}:{pwd} https://{mgmtapi}/v1/audits/organizations/{org}/users/sam.maniscalco@{domain}.com?expand=true
{
  "auditRecord" : [ ]
}

0 Likes

Posted on --/--/---- --:-- AM
cmbrown
Staff
In response to
Reply posted on --/--/---- --:-- AM

curl -X GET https://MGMT_API:PORT/v1/audits/organizations/ORG_NAME/users/{user_email}?expand=true

0 Likes