Audit | Node.js SDK

The audit API is designed for recording a trail of application-based user activity in a scalable, tamper-proof log.

Audit

constructor(token: PangeaToken, config: PangeaConfig, tenantID: string, configID: string): AuditService

Creates a new AuditService with the given Pangea API token and configuration.

tokenPangeaToken

Pangea API token.

configPangeaConfig

Configuration.

tenantID

string

configID

string

AuditService

const config = new PangeaConfig({ domain: "pangea_domain" });
const audit = new AuditService("pangea_token", config);

Download search results

downloadResults(request: DownloadRequest): Promise<PangeaResponse<DownloadResult>>

Get all search results as a compressed (gzip) CSV file.

requestDownloadRequest

Request parameters.

DownloadResult

Promise<PangeaResponse<DownloadResult>>

const response = await audit.downloadResults({
  result_id: "pas_[...]",
  format: Audit.DownloadFormat.CSV,
});

Export from the audit log

export(request: ExportRequest): Promise<PangeaResponse<{}>>

Bulk export of data from the Secure Audit Log, with optional filtering.

requestExportRequest

Request parameters.

{}

Promise<PangeaResponse<{}>>

const exportRes = await audit.export({ verbose: false });

// Export may take several dozens of minutes, so polling for the result
// should be done in a loop. That is omitted here for brevity's sake.
try {
  await audit.pollResult(exportRes.request_id);
} catch (error) {
  if (error instanceof PangeaErrors.AcceptedRequestException) {
    // Retry later.
  }
}

// Download the result when it's ready.
const downloadRes = await audit.downloadResults({ request_id: exportRes.request_id });
downloadRes.result.dest_url;
// => https://pangea-runtime.s3.amazonaws.com/audit/xxxxx/search_results_[...]

Log an entry

log(event: Event, options: LogOptions): Promise<PangeaResponse<LogResponse>>

Create a log entry in the Secure Audit Log.

eventEvent

A structured event describing an auditable activity. Supported fields are:

• actor (string): Record who performed the auditable activity.
• action (string): The auditable action that occurred.
• status (string): Record whether or not the activity was successful.
• source (string): Used to record the location from where an activity occurred.
• target (string): Used to record the specific record that was targeted by the auditable activity.
• message (string|object): A message describing a detailed account of what happened. This can be recorded as free-form text or as a JSON-formatted string.
• new (string|object): The value of a record after it was changed.
• old (string|object): The value of a record before it was changed.
• tenant_id (string): Used to record the tenant associated with this activity.

optionsLogOptions

Log options. The following log options are supported:

• verbose (bool): Return a verbose response, including the canonical event hash and received_at time.

LogResponse

Promise<PangeaResponse<LogResponse>>

const auditData = {
  action: "add_employee",
  actor: user,
  target: data.email,
  status: "error",
  message: `Resume denied - sanctioned country from ${clientIp}`,
  source: "web",
};
const options = { verbose: true };

const response = await audit.log(auditData, options);

Log multiple entries

logBulk(events: Event[], options: LogOptions): Promise<PangeaResponse<LogBulkResponse>>

Create multiple log entries in the Secure Audit Log.

eventsArray<Event>

optionsLogOptions

LogBulkResponse

Promise<PangeaResponse<LogBulkResponse>>

const events = [
 { message: "hello world" },
];
const options = { verbose: true };

const response = await audit.logBulk(events, options);

Log multiple entries asynchronously

logBulkAsync(events: Event[], options: LogOptions): Promise<PangeaResponse<LogBulkResponse>>

Asynchronously create multiple log entries in the Secure Audit Log.

eventsArray<Event>

optionsLogOptions

LogBulkResponse

Promise<PangeaResponse<LogBulkResponse>>

const events = [
 { message: "hello world" },
];
const options = { verbose: true };

const response = await audit.logBulkAsync(events, options);

Log streaming endpoint

logStream(data: object): Promise<PangeaResponse<{}>>

This API allows 3rd party vendors (like Auth0) to stream events to this endpoint where the structure of the payload varies across different vendors.

data

object

Event data. The exact schema of this will vary by vendor.

{}

Promise<PangeaResponse<{}>>

const data = {
  logs: [
    {
      log_id: "some log id",
      data: {
        date: "2024-03-29T17:26:50.193Z",
        type: "some_type",
        description: "Create a log stream",
        client_id: "test client ID",
        ip: "127.0.0.1",
        user_agent: "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0",
        user_id: "test user ID",
      },
    },
  ],
};
const response = await audit.logStream(data);

Results of a search

results(id: string, limit: number, offset: number, options: SearchOptions, queryOptions: ResultOptions): Promise<PangeaResponse<ResultResponse>>

Fetch paginated results of a previously executed search.

id

string

The id of a successful search

limit

number

(default 20) - The number of results returned

offset

number

(default 0) - The starting position of the first returned result

optionsSearchOptions

Search options. The following search options are supported:

• verifyConsistency (boolean): If true verify published roots and membership proof of each event
• skipEventVerification (boolean): If true skip event hash verification

queryOptionsResultOptions

Search options. The following search options are supported:

• assert_search_restriction (Audit.SearchRestriction): A list of keys to restrict the search results to. Useful for partitioning data available to the query string.
• return_context (boolean): Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

ResultResponse

Promise<PangeaResponse<ResultResponse>>

const response = await audit.results(
  "pas_sqilrhruwu54uggihqj3aie24wrctakr",
  50,
  100
);

Tamperproof verification

root(size: number): Promise<PangeaResponse<RootResult>>

Returns current root hash and consistency proof.

size

number

The size of the tree (the number of records)

RootResult

Promise<PangeaResponse<RootResult>>

const response = audit.root(7);

Search the log

search(query: string, queryOptions: SearchParamsOptions, options: SearchOptions): Promise<PangeaResponse<SearchResponse>>

Search for events that match the provided search criteria.

query

string

Natural search string; list of keywords with optional <option>:<value> qualifiers. The following optional qualifiers are supported:

• action:
• actor:
• message:
• new:
• old:
• status:
• target:

queryOptionsSearchParamsOptions

Search options. The following search options are supported:

• limit (number): Maximum number of records to return per page.
• start (string): The start of the time range to perform the search on.
• end (string): The end of the time range to perform the search on. All records up to the latest if left out.
• max_results (number): Maximum number of results to return.
• order (string): Specify the sort order of the response.
• order_by (string): Name of column to sort the results by.
• search_restriction (Audit.SearchRestriction): A list of keys to restrict the search results to. Useful for partitioning data available to the query string.
• verbose (boolean): If true, include the root hash of the tree and the membership proof for each record.
• return_context (boolean): Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

optionsSearchOptions

Search options. The following search options are supported:

• verifyConsistency (boolean): If true verify published roots and membership proof of each event
• skipEventVerification (boolean): If true skip event hash verification

SearchResponse

Promise<PangeaResponse<SearchResponse>>

const response = await audit.search(
  "add_employee:Gumby"
);

Enum DownloadFormat

DownloadFormat

CSV = "csv"

JSON = "json"

Interface AuditRecord

AuditRecord

envelopeEventEnvelope

hash

string

consistency_verification

string

fpe_context

string

leaf_index

string

membership_proof

string

membership_verification

string

published

boolean

signature_verification

string

Interface DownloadRequest

DownloadRequest

formatDownloadFormat

Format for the records.

request_id

string

ID returned by the export API.

result_id

string

ID returned by the search API.

return_context

boolean

Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

Interface DownloadResult

DownloadResult

dest_url

string

URL where search results can be downloaded.

Interface Event

Event

Interface EventEnvelope

EventEnvelope

eventEvent

received_at

string

public_key

string

signature

string

Interface ExportRequest

ExportRequest

end

string

The end of the time range to perform the search on. If omitted, then all records up to the latest will be searched.

formatDownloadFormat

Format for the records.

order

asc | desc

Specify the sort order of the response.

order_by

string

Name of column to sort the results by.

start

string

The start of the time range to perform the search on.

verbose

boolean

Whether or not to include the root hash of the tree and the membership proof for each record.

Interface LogBulkRequest

LogBulkRequest

eventsArray<LogEvent>

verbose

boolean

Interface LogBulkResponse

LogBulkResponse

resultsArray<LogResponse>

Interface LogData

LogData

eventEvent

prev_root

string

public_key

string

signature

string

verbose

boolean

Interface LogEvent

LogEvent

eventEvent

public_key

string

signature

string

Interface LogOptions

LogOptions

publicKeyInfoObject

signerSigner

skipEventVerification

boolean

verbose

boolean

verify

boolean

Interface LogRequestCommon

LogRequestCommon

verbose

boolean

Interface LogResponse

LogResponse

envelopeEventEnvelope

hash

string

consistency_proof

Array<string>

consistency_verification

string

membership_proof

string

membership_verification

string

signature_verification

string

unpublished_root

string

Interface ResultOptions

ResultOptions

assert_search_restrictionSearchRestriction

return_context

boolean

Interface ResultResponse

ResultResponse

count

number

eventsArray<AuditRecord>

rootRoot

Interface Root

Root

consistency_proof

Array<string>

root_hash

string

size

number

tree_name

string

published_at

string

url

string

Interface RootParams

RootParams

tree_size

number

Interface RootRequest

RootRequest

tree_size

number

Interface RootResult

RootResult

consistency_proof

Array<string>

dataRoot

root_hash

string

size

number

tree_name

string

published_at

string

url

string

Interface SearchOptions

SearchOptions

skipEventVerification

boolean

verifyConsistency

boolean

Interface SearchParams

SearchParams

query

string

end

string

limit

number

max_results

number

order

string

order_by

string

return_context

boolean

search_restrictionSearchRestriction

start

string

verbose

boolean

Interface SearchParamsOptions

SearchParamsOptions

end

string

limit

number

max_results

number

order

string

order_by

string

return_context

boolean

search_restrictionSearchRestriction

start

string

verbose

boolean

Interface SearchResponse

SearchResponse

count

number

eventsArray<AuditRecord>

expires_at

string

id

string

rootRoot

unpublished_rootRoot

Interface SearchRestriction

SearchRestriction

action

Array<string>

actor

Array<string>

source

Array<string>

status

Array<string>

target

Array<string>