Secure Audit Log API Reference

The Secure Audit Log API is designed for recording a trail of application-based user activity in a scalable, tamper-proof log.

Base URL

audit.<csp>.<region>.pangea.cloud

• Secure Audit Log Documentation
• OpenAPI Specification

post/v1/log

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1/log' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Log an entry

POST

https://audit.aws.us.pangea.cloud/v1/log

Create a log entry in the Secure Audit Log.

required parameters

event

object

A structured record describing that <actor> did <action> on <target> changing it from <old> to <new> and the operation was <status>, and/or a free-form <message>.

message

string

A free form text field describing the event.

• maxLength: 32,766

​

optional parameters

config_id

string

Config ID. Can be found at the top of the Secure Audit Log dashboard.

config_id

config_id

event

object

A structured record describing that <actor> did <action> on <target> changing it from <old> to <new> and the operation was <status>, and/or a free-form <message>.

actor

string

An identifier for who the audit record is about.

• maxLength: 128

​

action

string

What action was performed on a record.

• maxLength: 32

​

new

string

The value of a record after it was changed.

• maxLength: 32,766

new

new

old

string

The value of a record before it was changed.

• maxLength: 32,766

old

old

source

string

The source of a record.

• maxLength: 128

source

source

status

string

The status or result of the event.

• maxLength: 32

​

target

string

An identifier for what the audit record is about.

• maxLength: 128

target

target

tenant_id

string

An optional client-supplied tenant_id.

• maxLength: 128

tenant_id

tenant_id

timestamp

string (date-time)

An optional client-supplied timestamp.

• maxLength: 128

timestamp

timestamp

prev_root

string

This is the unpublished root hash that was returned from the last log API call that was made. If the user does not provide prev_root, the consistency proof from the last known unpublished root will be provided.

prev_root

prev_root

public_key

string

The base64-encoded ed25519 public key used for the signature, if one is provided

• maxLength: 256

public_key

public_key

signature

string

This is the signature of the hash of the canonicalized event that can be verified with the public key provided in the public_key field. Signatures cannot be used with the redaction feature turned on. If redaction is required, the user needs to perform redaction before computing the signature that is to be sent with the message. The SDK facilitates this for users.

• maxLength: 256

signature

signature

verbose

boolean

(default: false)

If true, be verbose in the response; include all the data stored, creation time and proofs for the new event (both for membership and consistency)

verbose

​

verbose

Response Fields

Response Schema

object

Pangea standard response schema

result

object

envelope

object

The sealed envelope containing the event that was logged. Includes event metadata such as optional client-side signature details and server-added timestamps.

hash

string

The hash of the event data.

• minLength: 64

• maxLength: 64

unpublished_root

string

The current unpublished root.

membership_proof

string

A proof for verifying that the buffer_root contains the received event

consistency_proof

array<string>

If prev_buffer_root was present in the request, this proof verifies that the new unpublished root is a continuation of prev_unpublished_root

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/log

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v2/log' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Log multiple entries

POST

https://audit.aws.us.pangea.cloud/v2/log

Create multiple log entries in the Secure Audit Log.

required parameters

events

array<object>

• minItems: 1

• maxItems: 1,000

​

event

object

A structured record describing that <actor> did <action> on <target> changing it from <old> to <new> and the operation was <status>, and/or a free-form <message>.

actor

string

An identifier for who the audit record is about.

• maxLength: 128

​

action

string

What action was performed on a record.

• maxLength: 32

​

message

string

A free form text field describing the event.

• maxLength: 32,766

​

new

string

The value of a record after it was changed.

• maxLength: 32,766

new

new

old

string

The value of a record before it was changed.

• maxLength: 32,766

old

old

source

string

The source of a record.

• maxLength: 128

source

source

status

string

The status or result of the event.

• maxLength: 32

​

target

string

An identifier for what the audit record is about.

• maxLength: 128

target

target

tenant_id

string

An optional client-supplied tenant_id.

• maxLength: 128

tenant_id

tenant_id

timestamp

string (date-time)

An optional client-supplied timestamp.

• maxLength: 128

timestamp

timestamp

public_key

string

The base64-encoded ed25519 public key used for the signature, if one is provided

• maxLength: 256

public_key

public_key

signature

string

This is the signature of the hash of the canonicalized event that can be verified with the public key provided in the public_key field. Signatures cannot be used with the redaction feature turned on. If redaction is required, the user needs to perform redaction before computing the signature that is to be sent with the message. The SDK facilitates this for users.

• maxLength: 256

signature

signature

optional parameters

config_id

string

Config ID. Can be found at the top of the Secure Audit Log dashboard.

config_id

config_id

verbose

boolean

(default: false)

If true, be verbose in the response; include all the data stored, creation time and proofs for the new event (both for membership and consistency)

verbose

​

verbose

Response Fields

Response Schema

object

Pangea standard response schema

result

object

results

array<object>

envelope

object

The sealed envelope containing the event that was logged. Includes event metadata such as optional client-side signature details and server-added timestamps.

hash

string

The hash of the event data.

• minLength: 64

• maxLength: 64

unpublished_root

string

The current unpublished root.

membership_proof

string

A proof for verifying that the buffer_root contains the received event

consistency_proof

array<string>

If prev_buffer_root was present in the request, this proof verifies that the new unpublished root is a continuation of prev_unpublished_root

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/log_async

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v2/log_async' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

202

Code Snippet Language

---

Log multiple entries asynchronously

POST

https://audit.aws.us.pangea.cloud/v2/log_async

Asynchronously create multiple log entries in the Secure Audit Log.

required parameters

events

array<object>

• minItems: 1

• maxItems: 1,000

​

event

object

A structured record describing that <actor> did <action> on <target> changing it from <old> to <new> and the operation was <status>, and/or a free-form <message>.

actor

string

An identifier for who the audit record is about.

• maxLength: 128

​

action

string

What action was performed on a record.

• maxLength: 32

​

message

string

A free form text field describing the event.

• maxLength: 32,766

​

new

string

The value of a record after it was changed.

• maxLength: 32,766

new

new

old

string

The value of a record before it was changed.

• maxLength: 32,766

old

old

source

string

The source of a record.

• maxLength: 128

source

source

status

string

The status or result of the event.

• maxLength: 32

​

target

string

An identifier for what the audit record is about.

• maxLength: 128

target

target

tenant_id

string

An optional client-supplied tenant_id.

• maxLength: 128

tenant_id

tenant_id

timestamp

string (date-time)

An optional client-supplied timestamp.

• maxLength: 128

timestamp

timestamp

public_key

string

The base64-encoded ed25519 public key used for the signature, if one is provided

• maxLength: 256

public_key

public_key

signature

string

This is the signature of the hash of the canonicalized event that can be verified with the public key provided in the public_key field. Signatures cannot be used with the redaction feature turned on. If redaction is required, the user needs to perform redaction before computing the signature that is to be sent with the message. The SDK facilitates this for users.

• maxLength: 256

signature

signature

optional parameters

config_id

string

Config ID. Can be found at the top of the Secure Audit Log dashboard.

config_id

config_id

verbose

boolean

(default: false)

If true, be verbose in the response; include all the data stored, creation time and proofs for the new event (both for membership and consistency)

verbose

​

verbose

Response Fields

Response Schema

object

Pangea standard response schema

result

object

ttl_mins

integer

TTL from now until which results are stored for retrieval.

retry_counter

integer

Number of retry counts performed so far to fetch the results.

location

string

The location to check results of the asynchronous request.

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/search

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1/search' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Search the log

POST

https://audit.aws.us.pangea.cloud/v1/search

Search the Secure Audit Log.

fields

query

string

Natural search string; a space-separated list of case-sensitive values used to search for records, which includes the optional <field>: prefix to limit the search to a specific field. Values with a space can be enclosed in double-quote (") characters:

• "search text": any field contains "search text"
• actor:"Jane Doe": the actor field contains "Jane Doe"
• actor:alice target:bob sent: actor contains "alice", target contains "bob", and any field contains "sent".

The following optional prefixes are supported: action:, actor:, message:, new:, old:, source:, status:, target:.

​

start

The start of the time range to perform the search on. Defaults to 14 days of data.

• maxLength: 128

​

end

The end of the time range to perform the search on. All records up to the latest if left out.

• maxLength: 128

​

config_id

string

Config ID. Can be found at the top of the Secure Audit Log dashboard.

config_id

config_id

max_results

integer

Maximum number of results to return.

• minimum: 1

• maximum: 10,000

max_results

max_results

verbose

boolean

(default: true)

If true, include the root hash of the tree and the membership proof for each record.

verbose

​

verbose

limit

integer

Number of audit records to include from the first page of the results.

limit

limit

order

string

Specify the sort order of the response.

order

​

order

order_by

string

Name of column to sort the results by.

order_by

​

order_by

search_restriction

object

A list of keys to restrict the search results to. Useful for partitioning data available to the query string.

actor

array<string>

A list of actors to restrict the search to.

actor

actor

action

array<string>

A list of actions to restrict the search to.

action

action

source

array<string>

A list of sources to restrict the search to.

source

source

status

array<string>

A list of statuses to restrict the search to.

status

status

target

array<string>

A list of targets to restrict the search to.

target

target

tenant_id

array<string>

A list of tenant_ids to restrict the search to.

tenant_id

tenant_id

return_context

boolean

Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

return_context

​

return_context

Response Fields

Response Schema

object

Pangea standard response schema

result

object

count

integer

The total number of events that were returned by the search.

events

array<object>

A list of matching audit event results.

envelope

object

An audit record returned by a search operation

event

object

A structured record describing that <actor> did <action> on <target> changing it from <old> to <new> and the operation was <status>, and/or a free-form <message>.

actor

string

An identifier for who the audit record is about.

• maxLength: 128

action

string

What action was performed on a record.

• maxLength: 32

message

string

A free form text field describing the event.

• maxLength: 32,766

new

string

The value of a record after it was changed.

• maxLength: 32,766

old

string

The value of a record before it was changed.

• maxLength: 32,766

source

string

The source of a record.

• maxLength: 128

status

string

The status or result of the event.

• maxLength: 32

target

string

An identifier for what the audit record is about.

• maxLength: 128

tenant_id

string

An optional client-supplied tenant_id.

• maxLength: 128

timestamp

string (date-time)

An optional client-supplied timestamp.

• maxLength: 128

err

array<object>

A list of errors (if any) encountered when processing the event. A non-empty array indicates the client had sent a malformed event.

error

string

A description of the detected error/problem with the original event.

field

string

The original JSON field where the error was detected.

value

The original JSON value (may be truncated.)

received_at

string (date-time)

A Pangea provided timestamp of when the event was received.

signature

string

This is the signature of the hash of the canonicalized event that can be verified with the public key provided in the public_key field. Signatures cannot be used with the redaction feature turned on. If redaction is required, the user needs to perform redaction before computing the signature that is to be sent with the message. The SDK facilitates this for users.

• maxLength: 256

public_key

string

The base64-encoded ed25519 public key used for the signature, if one is provided

• maxLength: 256

membership_proof

string

A cryptographic proof that the record has been persisted in the log

hash

string

The record's hash

• minLength: 64

• maxLength: 64

published

boolean

If true, a root has been published after this event. If false, there is no published root for this event

imported

boolean

If true, the even was imported manually and not logged by the standard procedure. Some features such as tamper proofing may not be available

leaf_index

integer

The index of the leaf of the Merkle Tree where this record was inserted or null if published=false

fpe_context

string

The context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

expires_at

string (date-time)

The time when the results will no longer be available to page through via the results API.

id

string

Identifier to supply to search_results API to fetch/paginate through search results.

root

object

A root of a Merkle Tree

size

integer

The size of the tree (the number of records)

• minimum: 1

root_hash

string

The root hash

• minLength: 64

• maxLength: 64

published_at

string (date-time)

The date/time when this root was published

url

string (uri)

The URL where this root has been published

tree_name

string

The name of the Merkle Tree

consistency_proof

string

Consistency proof to verify that this root is a continuation of the previous one

unpublished_root

object

A root of a Merkle Tree that was not published yet

size

integer

The size of the tree (the number of records)

• minimum: 1

root_hash

string

The root hash

• minLength: 64

• maxLength: 64

tree_name

string

The name of the Merkle Tree

consistency_proof

string

Consistency proof to verify that this root is a continuation of the previous one

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/results

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1/results' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Search results

POST

https://audit.aws.us.pangea.cloud/v1/results

Page through results from a previous search.

required parameters

id

string

A search results identifier returned by the search call.

id

id

optional parameters

assert_search_restriction

object

If provided, fail if the original search was performed with anything but the provided search_restriction parameter.

assert_search_restriction

assert_search_restriction

config_id

string

Config ID. Can be found at the top of the Secure Audit Log dashboard.

config_id

config_id

limit

integer

Number of audit records to include in a single set of results.

limit

limit

offset

integer

Offset from the start of the result set to start returning results from.

offset

offset

return_context

boolean

Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

return_context

​

return_context

Response Fields

Response Schema

object

Pangea standard response schema

result

object

count

integer

The total number of results returned by the search.

events

array<object>

A list of matching audit records.

envelope

object

An audit record returned by a search operation

event

object

A structured record describing that <actor> did <action> on <target> changing it from <old> to <new> and the operation was <status>, and/or a free-form <message>.

actor

string

An identifier for who the audit record is about.

• maxLength: 128

action

string

What action was performed on a record.

• maxLength: 32

message

string

A free form text field describing the event.

• maxLength: 32,766

new

string

The value of a record after it was changed.

• maxLength: 32,766

old

string

The value of a record before it was changed.

• maxLength: 32,766

source

string

The source of a record.

• maxLength: 128

status

string

The status or result of the event.

• maxLength: 32

target

string

An identifier for what the audit record is about.

• maxLength: 128

tenant_id

string

An optional client-supplied tenant_id.

• maxLength: 128

timestamp

string (date-time)

An optional client-supplied timestamp.

• maxLength: 128

err

array<object>

A list of errors (if any) encountered when processing the event. A non-empty array indicates the client had sent a malformed event.

error

string

A description of the detected error/problem with the original event.

field

string

The original JSON field where the error was detected.

value

The original JSON value (may be truncated.)

received_at

string (date-time)

A Pangea provided timestamp of when the event was received.

signature

string

This is the signature of the hash of the canonicalized event that can be verified with the public key provided in the public_key field. Signatures cannot be used with the redaction feature turned on. If redaction is required, the user needs to perform redaction before computing the signature that is to be sent with the message. The SDK facilitates this for users.

• maxLength: 256

public_key

string

The base64-encoded ed25519 public key used for the signature, if one is provided

• maxLength: 256

membership_proof

string

A cryptographic proof that the record has been persisted in the log

hash

string

The record's hash

• minLength: 64

• maxLength: 64

published

boolean

If true, a root has been published after this event. If false, there is no published root for this event

imported

boolean

If true, the even was imported manually and not logged by the standard procedure. Some features such as tamper proofing may not be available

leaf_index

integer

The index of the leaf of the Merkle Tree where this record was inserted or null if published=false

fpe_context

string

The context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

root

object

A root of a Merkle Tree

size

integer

The size of the tree (the number of records)

• minimum: 1

root_hash

string

The root hash

• minLength: 64

• maxLength: 64

published_at

string (date-time)

The date/time when this root was published

url

string (uri)

The URL where this root has been published

tree_name

string

The name of the Merkle Tree

consistency_proof

string

Consistency proof to verify that this root is a continuation of the previous one

unpublished_root

object

A root of a Merkle Tree that was not published yet

size

integer

The size of the tree (the number of records)

• minimum: 1

root_hash

string

The root hash

• minLength: 64

• maxLength: 64

tree_name

string

The name of the Merkle Tree

consistency_proof

string

Consistency proof to verify that this root is a continuation of the previous one

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/export

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1/export' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Export from the audit log

POST

https://audit.aws.us.pangea.cloud/v1/export

Bulk export data from the Secure Audit Log, with optional filtering. Use the request parameters to define the log data to export. Providing no filtering will request all of the available logs.

Make sure that your account has enough credits to complete the call before making the request. The API checks the account balance against the cost of the request and will exit before attempting the call if the account balance is too low to fulfill the request.

The export request is asynchronous and could take hours to complete, depending on the number of records. You can make a GET request to https://audit.<csp>.<region>.pangea.cloud/request/<request_id> to poll for the completion.

After the export request completes, use the /v1/download_results endpoint to download the exported logs. Provide the request_id from the export request as the request_id parameter of the download request.

fields

config_id

string

Config ID. Can be found at the top of the Secure Audit Log dashboard.

config_id

config_id

end

The end of the time range to perform the search on. All records up to the latest if left out.

• maxLength: 128

​

verbose

boolean

(default: true)

If true, include the root hash of the tree and the membership proof for each record.

verbose

​

verbose

order

string

Specify the sort order of the response, either ascending (asc) or descending (desc).

order

​

order

order_by

string

Name of column to sort the results by.

order_by

​

order_by

start

The start of the time range to perform the search on.

• maxLength: 128

​

format

string

(default: "csv")

Format for the records.

format

​

format

Response Fields

Response Schema

object

Pangea standard response schema

result

object

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/download_results

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1/download_results' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Download search results

POST

https://audit.aws.us.pangea.cloud/v1/download_results

Retrieve all search or export results as a compressed (gzip) CSV file.

To download search results, use result.id provided in the search API response as the result_id parameter.

To download export results, use request_id from the export API request as the request_id parameter.

The download API returns a presigned GET URL in result.dest_url, where the log data can be downloaded.

required parameters

result_id

string

result.id returned by the search API.

Required if request_id is not provided. Mutually exclusive with the request_id parameter.

​

optional parameters

assert_search_restriction

object

If provided, fail if the original search was performed with anything but the provided search_restriction parameter.

assert_search_restriction

assert_search_restriction

request_id

string

request_id returned by the export API.

Required if result_id is not provided. Mutually exclusive with the result_id parameter.

​

format

string

(default: "csv")

Format for the records.

format

​

format

config_id

string

ID for config associated with the result.

config_id

config_id

return_context

boolean

Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

return_context

​

return_context

Response Fields

Response Schema

object

Pangea standard response schema

result

object

dest_url

string

URL where search results can be downloaded

expires_at

string (date-time)

The time when the results will no longer be available to page through via the results API.

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/log_stream

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1/log_stream' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json'

Response

Raw Output

200

Code Snippet Language

---

Log streaming endpoint

POST

https://audit.aws.us.pangea.cloud/v1/log_stream

This API allows third-party vendors like Auth0 to stream log events to this endpoint. The payload structure may vary across different vendors. Please refer to examples in the SDKs to test this functionality and consult the Log Streaming documentation for details.

Response Fields

Response Schema

object

Pangea standard response schema

result

object

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v1/root

cURL

Code Snippet Language

curl -sSLX POST 'https://audit.aws.us.pangea.cloud/v1/root' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response

Raw Output

200

Code Snippet Language

---

Tamperproof Verification

POST

https://audit.aws.us.pangea.cloud/v1/root

Return current root hash and consistency proof.

fields

config_id

string

Config ID. Can be found at the top of the Secure Audit Log dashboard.

config_id

config_id

tree_size

integer

The size of the tree (the number of records)

• minimum: 1

tree_size

tree_size

Response Fields

Response Schema

object

Pangea standard response schema

result

object

A root of a Merkle Tree

size

integer

The size of the tree (the number of records)

• minimum: 1

root_hash

string

The root hash

• minLength: 64

• maxLength: 64

published_at

string (date-time)

The date/time when this root was published

url

string (uri)

The URL where this root has been published

tree_name

string

The name of the Merkle Tree

consistency_proof

string

Consistency proof to verify that this root is a continuation of the previous one

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Status Codes

Status	Status Code	Description
TreeNotFound	200	A tree has not been built for proofs. This is likely due to a lack of audit messages ingested.
BadOffset	400	The offset provided is invalid or out of range.
ForwardingError	400	Forwarder has experienced an error while forwarding messages
InvalidSchema	400	The configured schema is not valid for this endpoint.
NoForwarderConfigured	400	Testing a forwarder requires a forwarder to be configured
ForbiddenFieldValue	403	A field value was supplied that is not allowed by the token's field restrictions.

Was this article helpful?

Contact us