Audit | Node.js SDK

The audit API is designed for recording a trail of application-based user activity in a scalable, tamper-proof log.

Audit

constructor(token: PangeaToken, config: PangeaConfig, tenantID: string, configID: string): AuditService

Creates a new AuditService with the given Pangea API token and configuration.

required parameters

tokenPangeaToken

Pangea API token.

configPangeaConfig

Configuration.

tenantID

string

configID

string

Response Object

AuditService

const config = new PangeaConfig({ domain: "pangea_domain" });
const audit = new AuditService("pangea_token", config);

Download search results

downloadResults(request: DownloadRequest): Promise<PangeaResponse<DownloadResult>>

Get all search results as a compressed (gzip) CSV file.

required parameters

requestDownloadRequest

Request parameters.

Response Object

DownloadResult

Promise<PangeaResponse<DownloadResult>>

const response = await audit.downloadResults({
  result_id: "pas_[...]",
  format: Audit.DownloadFormat.CSV,
});

Export from the audit log

export(request: ExportRequest): Promise<PangeaResponse<{}>>

Bulk export of data from the Secure Audit Log, with optional filtering.

required parameters

requestExportRequest

Request parameters.

Response Object

{}

Promise<PangeaResponse<{}>>

const exportRes = await audit.export({ verbose: false });

// Export may take several dozens of minutes, so polling for the result
// should be done in a loop. That is omitted here for brevity's sake.
try {
  await audit.pollResult(exportRes.request_id);
} catch (error) {
  if (error instanceof PangeaErrors.AcceptedRequestException) {
    // Retry later.
  }
}

// Download the result when it's ready.
const downloadRes = await audit.downloadResults({ request_id: exportRes.request_id });
downloadRes.result.dest_url;
// => https://pangea-runtime.s3.amazonaws.com/audit/xxxxx/search_results_[...]

Log an entry

log(event: Event, options: LogOptions): Promise<PangeaResponse<LogResponse>>

Create a log entry in the Secure Audit Log.

required parameters

eventEvent

A structured event describing an auditable activity. Supported fields are:

• actor (string): Record who performed the auditable activity.
• action (string): The auditable action that occurred.
• status (string): Record whether or not the activity was successful.
• source (string): Used to record the location from where an activity occurred.
• target (string): Used to record the specific record that was targeted by the auditable activity.
• message (string|object): A message describing a detailed account of what happened. This can be recorded as free-form text or as a JSON-formatted string.
• new (string|object): The value of a record after it was changed.
• old (string|object): The value of a record before it was changed.
• tenant_id (string): Used to record the tenant associated with this activity.

optionsLogOptions

Log options. The following log options are supported:

• verbose (bool): Return a verbose response, including the canonical event hash and received_at time.

Response Object

LogResponse

Promise<PangeaResponse<LogResponse>>

const auditData = {
  action: "add_employee",
  actor: user,
  target: data.email,
  status: "error",
  message: `Resume denied - sanctioned country from ${clientIp}`,
  source: "web",
};
const options = { verbose: true };

const response = await audit.log(auditData, options);

Log multiple entries

logBulk(events: Event[], options: LogOptions): Promise<PangeaResponse<LogBulkResponse>>

Create multiple log entries in the Secure Audit Log.

required parameters

eventsArray<Event>

optionsLogOptions

Response Object

LogBulkResponse

Promise<PangeaResponse<LogBulkResponse>>

const events = [
 { message: "hello world" },
];
const options = { verbose: true };

const response = await audit.logBulk(events, options);

Log multiple entries asynchronously

logBulkAsync(events: Event[], options: LogOptions): Promise<PangeaResponse<LogBulkResponse>>

Asynchronously create multiple log entries in the Secure Audit Log.

required parameters

eventsArray<Event>

optionsLogOptions

Response Object

LogBulkResponse

Promise<PangeaResponse<LogBulkResponse>>

const events = [
 { message: "hello world" },
];
const options = { verbose: true };

const response = await audit.logBulkAsync(events, options);

Log streaming endpoint

logStream(data: object): Promise<PangeaResponse<{}>>

This API allows 3rd party vendors (like Auth0) to stream events to this endpoint where the structure of the payload varies across different vendors.

required parameters

data

object

Event data. The exact schema of this will vary by vendor.

Response Object

{}

Promise<PangeaResponse<{}>>

const data = {
  logs: [
    {
      log_id: "some log id",
      data: {
        date: "2024-03-29T17:26:50.193Z",
        type: "some_type",
        description: "Create a log stream",
        client_id: "test client ID",
        ip: "127.0.0.1",
        user_agent: "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0",
        user_id: "test user ID",
      },
    },
  ],
};
const response = await audit.logStream(data);

Results of a search

results(id: string, limit: number, offset: number, options: SearchOptions, queryOptions: ResultOptions): Promise<PangeaResponse<ResultResponse>>

Fetch paginated results of a previously executed search.

required parameters

id

string

The id of a successful search

limit

number

(default 20) - The number of results returned

offset

number

(default 0) - The starting position of the first returned result

optionsSearchOptions

Search options. The following search options are supported:

• verifyConsistency (boolean): If true verify published roots and membership proof of each event
• skipEventVerification (boolean): If true skip event hash verification

queryOptionsResultOptions

Search options. The following search options are supported:

• assert_search_restriction (Audit.SearchRestriction): A list of keys to restrict the search results to. Useful for partitioning data available to the query string.
• return_context (boolean): Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

Response Object

ResultResponse

Promise<PangeaResponse<ResultResponse>>

const response = await audit.results(
  "pas_sqilrhruwu54uggihqj3aie24wrctakr",
  50,
  100
);

Tamperproof verification

root(size: number): Promise<PangeaResponse<RootResult>>

Returns current root hash and consistency proof.

required parameters

size

number

The size of the tree (the number of records)

Response Object

RootResult

Promise<PangeaResponse<RootResult>>

const response = audit.root(7);

Search the log

search(query: string, queryOptions: SearchParamsOptions, options: SearchOptions): Promise<PangeaResponse<SearchResponse>>

Search for events that match the provided search criteria.

required parameters

query

string

Natural search string; list of keywords with optional <option>:<value> qualifiers. The following optional qualifiers are supported:

• action:
• actor:
• message:
• new:
• old:
• status:
• target:

queryOptionsSearchParamsOptions

Search options. The following search options are supported:

• limit (number): Maximum number of records to return per page.
• start (string): The start of the time range to perform the search on.
• end (string): The end of the time range to perform the search on. All records up to the latest if left out.
• max_results (number): Maximum number of results to return.
• order (string): Specify the sort order of the response.
• order_by (string): Name of column to sort the results by.
• search_restriction (Audit.SearchRestriction): A list of keys to restrict the search results to. Useful for partitioning data available to the query string.
• verbose (boolean): If true, include the root hash of the tree and the membership proof for each record.
• return_context (boolean): Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

optionsSearchOptions

Search options. The following search options are supported:

• verifyConsistency (boolean): If true verify published roots and membership proof of each event
• skipEventVerification (boolean): If true skip event hash verification

Response Object

SearchResponse

Promise<PangeaResponse<SearchResponse>>

const response = await audit.search(
  "add_employee:Gumby"
);

Enum DownloadFormat

DownloadFormat

CSV = "csv"

JSON = "json"

Interface AuditRecord

AuditRecord

required parameters

envelopeEventEnvelope

hash

string

optional parameters

consistency_verification

string

fpe_context

string

leaf_index

string

membership_proof

string

membership_verification

string

published

boolean

signature_verification

string

Interface DownloadRequest

DownloadRequest

optional parameters

formatDownloadFormat

Format for the records.

request_id

string

ID returned by the export API.

result_id

string

ID returned by the search API.

return_context

boolean

Return the context data needed to decrypt secure audit events that have been redacted with format preserving encryption.

Interface DownloadResult

DownloadResult

required parameters

dest_url

string

URL where search results can be downloaded.

Interface Event

Event

Interface EventEnvelope

EventEnvelope

required parameters

eventEvent

received_at

string

optional parameters

public_key

string

signature

string

Interface ExportRequest

ExportRequest

optional parameters

end

string

The end of the time range to perform the search on. If omitted, then all records up to the latest will be searched.

formatDownloadFormat

Format for the records.

order

asc | desc

Specify the sort order of the response.

order_by

string

Name of column to sort the results by.

start

string

The start of the time range to perform the search on.

verbose

boolean

Whether or not to include the root hash of the tree and the membership proof for each record.

Interface LogBulkRequest

LogBulkRequest

required parameters

eventsArray<LogEvent>

optional parameters

verbose

boolean

Interface LogBulkResponse

LogBulkResponse

required parameters

resultsArray<LogResponse>

Interface LogData

LogData

required parameters

eventEvent

optional parameters

prev_root

string

public_key

string

signature

string

verbose

boolean

Interface LogEvent

LogEvent

required parameters

eventEvent

optional parameters

public_key

string

signature

string

Interface LogOptions

LogOptions

optional parameters

publicKeyInfoObject

signerSigner

skipEventVerification

boolean

verbose

boolean

verify

boolean

Interface LogRequestCommon

LogRequestCommon

optional parameters

verbose

boolean

Interface LogResponse

LogResponse

required parameters

envelopeEventEnvelope

hash

string

optional parameters

consistency_proof

Array<string>

consistency_verification

string

membership_proof

string

membership_verification

string

signature_verification

string

unpublished_root

string

Interface ResultOptions

ResultOptions

optional parameters

assert_search_restrictionSearchRestriction

return_context

boolean

Interface ResultResponse

ResultResponse

required parameters

count

number

eventsArray<AuditRecord>

optional parameters

rootRoot

Interface Root

Root

required parameters

consistency_proof

Array<string>

root_hash

string

size

number

tree_name

string

optional parameters

published_at

string

url

string

Interface RootParams

RootParams

optional parameters

tree_size

number

Interface RootRequest

RootRequest

optional parameters

tree_size

number

Interface RootResult

RootResult

required parameters

consistency_proof

Array<string>

dataRoot

root_hash

string

size

number

tree_name

string

optional parameters

published_at

string

url

string

Interface SearchOptions

SearchOptions

optional parameters

skipEventVerification

boolean

verifyConsistency

boolean

Interface SearchParams

SearchParams

required parameters

query

string

optional parameters

end

string

limit

number

max_results

number

order

string

order_by

string

return_context

boolean

search_restrictionSearchRestriction

start

string

verbose

boolean

Interface SearchParamsOptions

SearchParamsOptions

optional parameters

end

string

limit

number

max_results

number

order

string

order_by

string

return_context

boolean

search_restrictionSearchRestriction

start

string

verbose

boolean

Interface SearchResponse

SearchResponse

required parameters

count

number

eventsArray<AuditRecord>

expires_at

string

id

string

optional parameters

rootRoot

unpublished_rootRoot

Interface SearchRestriction

SearchRestriction

optional parameters

action

Array<string>

actor

Array<string>

source

Array<string>

status

Array<string>

target

Array<string>