Getting business audit data using ACP's audit events
Learn how to get business audit data with ACP's audit events such as, for example, login events, MFA events, token mints, and more.
Audit events in a nutshell
ACP’s audit events provide the workspace administrators with the ability to observe user actions server-wide across the entire instance of ACP tenant and its connected authorizers. You can find all audit data within your workspace in Dashboards > Audit Events.
Audit events provide you with useful data such as who performed certain action and the time it happened. The events do not provide technical information itself, as they are focused on business data. For example, if the request for a token is denied, audit events do not provide information on why it is denied.
Audit events storage
Audit events are stored inside ACP’s database for 7 days with event payload encrypted.
You can observe user actions such as:
Login events contain several actions that take place when users go through their login process. You can see that the user attempted to log in, that their request is accepted, or their login attempt failed.
Consent events provide administrators with insight when consents are created, accepted, rejected, and revoked. Those events are especially useful in Open Banking and Open Data initiatives.
Authorization and client authentication events
When client applications go through the authorization and authentication process, administrators can see that, for example, authorization code is denied/issued, and, later on, that the client application successfully authenticated itself and the token was issued.
Detailed list of audit events
To know what audit events are available and what payload parameters are available for each event, check list audit events API reference and its
Audit events in depth
ACP’s audit events can be filtered by event payload fields and date range. Additionally, by enabling/disabling live events you can get audit data updating live or with a page refresh. Any time an auditable action takes place within ACP, the event is published within the dashboard.
Beside accessing the audit events view in ACP, administrators can also use admin list audit events API to request filtered/unfiltered audit events list in a JSON format for a given workspace.
Audit events for authorizers
gateway_request_authorized and the
gateway_request_unauthorized are the only two audit
events that come outside of ACP. When an authorizer is set up to protect
a certain API and the request to this API is authorized or denied, the authorizer notifies
ACP about the event so that it can be stored and auditable. Note that not all
of the requests are auditable by ACP. When a request, for example, contains a
large payload, ACP may not be notified by the authorizer.
For multitenant authorizers, even though the APIs are visible within all of the workspaces, audit events are only accessible within the System workspace where the authorizer is integrated.