Contact Us 1-800-596-4880

Audit Logging

The audit logging service provides a queryable history of actions performed within Anypoint Platform. It keeps track of all user interactions with objects in the system and timestamps those actions. Audit logging also provides mechanisms for querying the set of users who performed actions, the set of objects that had actions performed on them, and other endpoints that enable log entry querying.

Audit logs have a default retention period of one year. If your organization was created before July 10, 2023 and you didn’t manually change the retention period, the retention period is six years. Users who have the Organization Administrator and Audit Log Config Manager permissions can customize the retention period. For more information, see Audit Log Retention Period. Download your logs periodically to retain your log files for longer than the current retention period.

You can access the data logs through the audit logging query API or through the audit logging UI.

Access Audit Logging

Users who have Anypoint Platform Organization Administrator permission or the Audit Log Viewer permission have access to both the UI and the Audit Log Query API. The audit log service is business-group aware, which means you see only logs that are relevant to your own business group.

The audit log UI is embedded in Access Management.

  1. Log in to Anypoint Platform.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Audit Logs.

The Audit Logs page displays the logs. You can:

  • Download audit logs.

  • Set a time period for showing audit logs.

  • Filter audit logs by product, type, and actions.

  • Search audit logs by environment, object, and user.

Export Audit Logs

If you have the Anypoint Integration Advanced package or a Titanium subscription to Anypoint Platform, you can use the Telemetry Exporter feature in Anypoint Monitoring to export audit logs to third-party analytics and observability apps.

When exported, audit logs have a unique ID in the mulesoft.audit.id attribute. In usual operations, each log is delivered only once, but under certain circumstances, some logs are delivered more than once. Duplicate log entries always share the unique mulesoft.audit.id attribute, so this attribute can be used to safely block or remove duplicate logs from the target system.

Telemetry Exporter for audit logs currently has these data differences, limitations, and known issues:

  • The audit logs that the Telemetry Exporter sends to third-party apps often have different field names from the audit logs that appear in Access Management or the Audit Query Log API.
    For example, audit logs shown in the UI or retrieved by the Audit Log Query API describe a user action (such as update or delete) as action, whereas the OpenTelemetry attribute refers to it as mulesoft.audit.action.

  • If the audit log entry metadata and payload field exceed 30KB when compressed, the payload is truncated before compression.

Audit Log Contents

Activities in the audit log are actions that occur at a particular time, involve one or more objects, have an action type (such as delete or approve) associated with the objects, and optionally a payload that can store application-specific information such as changed fields, environment information, and so on.

Each log entry has a set of properties that provides information about the activity:

  • Time: Timestamp when the activity occurred

  • Product: Product where the object resides, for example, Access Management

  • Type: Type of object the action is performed, for example, Organization

  • Action: Action associated with the object, for example, Create

  • Object: Name of the object, for example, foo

  • User Name: User who performed the action, for example, johndoe

    Occasionally, there are Anypoint Staff log entries. This log entry is made when the audit action was performed by a user who doesn’t belong to your organization.

    Anypoint Staff entries are created when these events occur:

    • An internal or system process that’s a routine part of Anypoint Platform operations is performed

    • The MuleSoft procurement staff changes entitlements for your organization as a result of license grants

    • An action is performed by a MuleSoft employee on your behalf for other purposes, such as troubleshooting

  • Connected App: Name of the connected app that takes an action on behalf of itself or a user. If a connected app didn’t execute the action, the payload is N/A.

  • Environment: Environment names for events from API Manager, Runtime Manager, CloudHub, Partner Manager, and MQ.

  • Parent: (Optional) Parent of the object (if any) the action is performed on. The mainly applies to APIs.

  • Payload: (Optional) More information about the log properties. For example, if an organization is created, the payload contains information about the organization and the owner, such as IDs.

This a list of actions per product and object type that Anypoint Platform audits:

User Action Object Type Object Parent Action Payload

Set T&C

T&C

T&C

N/A

Create

Subaction: None
Properties: New T&Cs

Modify T&C

T&C

T&C

N/A

Edit

Subaction: None
Properties: New T&Cs

Set org custom theme

Portal theme

Org name

N/A

Create

Subaction: None
Properties: Theme data

Edit org custom theme

Bus. Group

Org Name

N/A

Edit

Subaction: None
Properties: Theme data

Add custom policy

Policy

PolicyID

N/A

Create

Subaction: None
Properties: None

Delete custom policy

Policy

PolicyID

N/A

Delete

Subaction: None
Properties: Policy data

APIs

User Action Object Type Object Parent Action Payload

Create API

API

API ID

N/A

Create

Subaction: None
Properties: None

Delete API

API

API ID

N/A

Delete

Subaction: None
Properties: None

Import API

API

API ID

N/A

Create

Subaction: None
Properties: None

Update label of API

API

API ID

N/A

Edit

Subaction: None
Properties: API object

Update consumer endpoint of API

API

API ID

N/A

Edit - update endpoint

Subaction: None
Properties: API object

Update endpoint URI of API

API

API ID

N/A

Edit - edit endpoint URI

Subaction: None
Properties: API object

API Versions

User Action Object Type Object Parent Action Payload

Create API version

API version

Version ID

API ID

Create

Subaction: None
Properties: None

Delete API version

API version

Version ID

API ID

Delete

Subaction: None
Properties: None

Import API

API version

Version ID

API ID

Create

Subaction: Import API version
Properties: None

Edit name of API version

API version

Version ID

API ID

Edit

Subaction: Edit name
Properties: New name

Edit description of API version

API version

Version ID

API ID

Edit

Subaction: Edit description
Properties: New description

Edit API URL of API version

API version

Version ID

API ID

Edit

Subaction: Edit API URL
Properties: New API URL

Add tag

API Version

Version ID

API ID

Edit

Subaction: Add tag
Properties: New tag

Remove tag

API Version

Version ID

API ID

Edit

Subaction: Remove tag
Properties: Deleted tag

Deprecate API

API version

Version ID

API ID

Edit

Subaction: Deprecate API
Properties: None

Set T&Cs

API Version

Version ID

API ID

Edit

Subaction: Set terms & conditions
Properties: T&Cs

Create RAML

API Version

Version ID

API ID

Edit

Subaction: Create RAML
Properties: None

Modify RAML

API Version

Version ID

API ID

Edit

Subaction: Edit RAML
Properties: Updated RAML files

Create endpoint

API version

Version ID

API ID

Edit

Subaction: Create endpoint
Properties: New endpoint

Update existing endpoint

API version

Version ID

API ID

Edit

Subaction: Update endpoint
Properties: Create endpoint

Deploy proxy

API Version

Version ID

API ID

Deploy

Subaction: None
Properties: Deploy location (app name & server name for hybrid)

Update deployed proxy

API version

Version ID

API ID

Edit

Subaction: Configure endpoint
Properties: New endpoint

Redeploy proxy

API Version

Version ID

API ID

Deploy

Subaction: None
Properties: Deploy location (app name & server name for hybrid)

Create SLA tier

Tier

SLA ID

Version ID

Create

Subaction: None
Properties: SLA settings

Modify SLA tier

Tier

SLA ID

Version ID

Edit

Subaction: None
Properties: SLA settings

Deprecate SLA tier

Tier

SLA ID

Version ID

Edit

Subaction: Deprecate SLA tier
Properties: SLA settings

Delete SLA tier

Tier

SLA ID

Version ID

Delete

Subaction: None
Properties: None

Apply policy

API policy

Policy ID

Version ID

Create

Subaction: None
Properties: Policy settings

Edit policy

API policy

Policy ID

Version ID

Edit

Subaction: None
Properties: Policy settings

Remove policy

API policy

Policy ID

Version ID

Delete

Subaction: None
Properties: None

Application

User Action Object Type Object Parent Action Payload

Create application

Application

App ID

N/A

Create

Subaction: None
Properties: Application

Delete application

Application

App ID

N/A

Delete

Subaction: None
Properties: None

Reset client secret

Application

App ID

N/A

Edit - reset client secret

Subaction: Reset client secret
Properties: None

Request access

Contract

Object 1: App ID
Object 2: API version ID

N/A

Create

Subaction: None
Properties: SLA tier

Request tier change

Contract

Object 1: App ID
Object 2: API version ID

N/A

Edit - request tier change

Subaction: Request tier change
Properties: New tier

Request tier change approval

Contract

Object 1: App ID
Object 2: API version ID

N/A

Edit - request tier change approval

Subaction: Request tier change approval
Properties: New tier

Approve application

Contract

Object 1: App ID
Object 2: API version ID

N/A

Edit - contract approval

Subaction: Contract approval
Properties: SLA tier

Revoke application

Contract

Object 1: App ID
Object 2: API version ID

N/A

Edit - contract revoke

Subaction: Contract revoked
Properties: SLA tier

Restore application

Contract

Object 1: App ID
Object 2: API version ID

N/A

Edit - contract restore

Subaction: Contract restored
Properties: SLA tier

The Create Application and Delete Application actions are logged at the root organization level.

API Governance

User Action Object Type Object Parent Action Payload

Create profile

Profile

Profile name

N/A

Create

Subaction: None
Properties: None

Update profile

Profile

Profile name

N/A

Update

Subaction: None
Properties: None

Delete profile

Profile

Profile name

N/A

Delete

Subaction: None
Properties: None

Activate profile

Profile

Profile name

N/A

Activate

Subaction: None
Properties: None

API Designer APIs

User Action Object Type Object Parent Action Payload

Create project

Project

Project ID

N/A

Create project

Subaction: None
Properties:

  • orgID

  • userID

  • projectName

Delete project

Project

Project ID

N/A

Delete project

Subaction: None
Properties:

  • orgID

  • userID

  • projectName

Delete files

Files

Project ID

N/A

Delete files

Subaction: None
Properties:

  • orgID

  • userID

  • projectName

Rename project

Project

Project ID

N/A

Rename project

Subaction: None
Properties:

  • orgID

  • userID

  • newProjectName

Clean branch

Project

Project ID

N/A

Clean branch

Subaction: None
Properties:

  • orgID

  • userID

  • branchName

Create branch

Project

Project ID

N/A

Create branch

Subaction: None
Properties:

  • orgID

  • userID

  • branchName

Delete branch

Project

Project ID

N/A

Delete branch

Subaction: None
Properties:

  • orgID

  • userID

  • branchName

Save branch

Project

Project ID

N/A

Save branch

Subaction: None
Properties:

  • orgID

  • userID

  • branchName

Delete file

Project

Project ID

N/A

Delete file

Subaction: None
Properties:

  • orgID

  • userID

  • File Path

Move file

Project

Project ID

N/A

Move file

Subaction: None
Properties:

  • orgID

  • userID

  • targetFile

Import project

Project

Project ID

N/A

Import project

Subaction: None
Properties:

  • orgID

  • userID

  • branchName

Publish to Exchange

Project

Project ID

N/A

Publish to Exchange

Subaction: None
Properties:

  • orgID

  • userID

  • projectName

Publish to API Platform

Project

Project ID

N/A

Publish to API Platform

Subaction: None
Properties:

  • orgID

  • userID

  • projectName

Add dependencies

Project

Project ID

N/A

Add dependencies

Subaction: None
Properties:

  • orgID

  • userID

  • dependencies

Remove dependencies

Project

Project ID

N/A

Remove dependencies

Subaction: None
Properties:

  • orgID

  • userID

  • dependencies

Change dependencies

Project

Project ID

N/A

Change dependencies

Subaction: None
Properties:

  • orgID

  • userID

  • addDependencies

  • removeDependencies

Reload dependencies

Project

Project ID

N/A

Reload dependencies

Subaction: None
Properties:

  • orgID

  • userID

  • branchName

Merge Branch

Project

Project ID

N/A

Merge Branch

Subaction: None
Properties:

  • orgID

  • projectID

  • userID

  • branchName

Share project

Project

Project ID

N/A

Share project

Subaction: None
Properties:

  • orgID

  • projectID

  • userID

  • projectID

Sync with Github

Project

Project ID

N/A

Sync with Github

Subaction: None
Properties:

  • orgID

  • projectID

  • userID

  • repositoryName

Unsync with Github

Project

Project ID

N/A

Unsync with Github

Subaction: None
Properties:

  • orgID

  • projectID

  • userID

  • projectID

Modify organization settings

Project

Organization ID

N/A

Modify organization settings

Subaction: None
Properties:

  • orgID

  • projectID

  • userID

  • projectID

Rename branch

Project

Project ID

N/A

Rename branch

Subaction: None
Properties:

  • orgID

  • projectID

  • userID

  • branchName

Modify project settings

Project

Project ID

N/A

Modify project settings

Subaction: None
Properties:

  • orgID

  • projectID

  • userID

  • projectID

Mocking Service

User Action Object Type Object Parent Action Payload

Create link

Link

Link ID

N/A

Create

Subaction: Create Link
Properties: Link metadata

Delete link

Link

Link ID

N/A

Delete

Subaction: Delete Link
Properties: Link metadata

Portals

These actions apply to API Manager v1.x portals:

User Action Object Type Object Parent Action Payload

Create portal

Portal

Object 1: Portal ID
Object 2: API Version ID

N/A

Create

Subaction: None
Properties: None

Modify portal association

Portal

Object 1: Portal ID
Object 2: API version ID

N/A

Edit

Subaction: Change portal association
Properties: None

Delete portal

Portal

Portal ID

N/A

Delete

Subaction: None
Properties: None

Add portal page

Portal

Page ID

Portal ID

Edit

Subaction: Add portal page
Properties: Page content

Make portal page visible

Portal

Page ID

Portal ID

Edit

Subaction: Make page visible
Properties: Page content

Delete portal page

Portal

Page ID

Portal ID

Delete

Subaction: Delete portal page
Properties: Page content

Edit portal page

Portal

Page ID

Portal ID

Edit

Subaction: Edit portal page
Properties: Page content

Hide portal page

Portal

Page ID

Portal ID

Edit

Subaction: Hide portal page
Properties: Page content

Set portal theme

Portal

Portal ID

N/A

Edit

Subaction: Set portal theme
Properties: Theme settings

Modify portal theme

Portal

Portal ID

N/A

Edit

Subaction: Modify portal theme
Properties: Theme settings

Modify portal security

Portal

Portal ID

N/A

Edit

Subaction: Set security
Properties: Public / private state

Access Management

Users

User Action Object Type Object Parent Action Payload

Signup / Organization creation

User

UserID

N/A

Create

Subaction: None
Properties: Organization ID

User creation (w/out creating an org)

User

UserID

N/A

Create

Subaction: None
Properties: UserID

Password reset requested

User

UserID

N/A

Edit

Subaction: Password reset
Properties: None

Password changed

User

UserID

N/A

Edit

Subaction: Password changed
Properties: None

Delete user

User

UserID

N/A

Delete

Subaction: None
Properties: User object

Disable user

User

UserID

N/A

Edit

Subaction: Disable user
Properties: None

Login success

User

UserID

N/A

Login

Subaction: None
Properties: None

Login success reauthenticate

User

UserID

N/A

Login - Reauthenticate

Subaction: Reauthenticate
Properties: None

Login failure

User

UserID

N/A

Login

Subaction: Failure
Properties: Error message

Login failure reauthentication

User

UserID

N/A

Login - Reauthentication Failure

Subaction: Reauthentication Failure
Properties: Error message

Logout

User

UserID

N/A

Logout

Subaction: None
Properties: None

  • Login and Logout actions are logged only at the organization level.

  • Login failure actions are logged only against existing user accounts.

  • Login failure actions aren’t logged if you are using SSO configured with LDAP or OIDC, which includes login failures to Anypoint Platform Private Cloud Edition (Anypoint Platform PCE).

Roles

User Action Object Type Object Parent Action Payload

Create role

Role

Role

N/A

Create

Subaction: None
Properties: None

Edit role - add user

Object 1: Role
Object 2: User

Object 1: Role
Object 2: User

N/A

Edit

Subaction: Add user
Properties: Role, User

Edit role - remove user

Object 1: Role
Object 2: User

Object 1: Role
Object 2: User

N/A

Edit

Subaction: Remove user
Properties: Role, User

Edit role - change external group mapping

Role

Role

N/A

Edit

Subaction: Edit role mapping
Properties: New mapping

Delete role

Role

Role

N/A

Delete

Subaction: None
Properties: Role metadata

Permissions

User Action Object Type Object Parent Action Payload

User permission change

Permission

Object 1: User
Object 2: Resource

Parent 1: N/A
Parent 2: Resource parent if applicable

Permissions change

Subaction: None
Properties: New permission

Role permission change

Permission

Object 1: Role
Object 2: Resource

Parent 1: N/A
Parent 2: Resource parent if applicable

Permissions change

Subaction: None
Properties: New permission

Environment permissions change

Permission

EnvID

N/A

Permissions change

Subaction: None
Properties: New permissions

Identity Management

User Action Object Type Object Parent Action Payload

Create identity provider configuration

Identity management

Provider name

N/A

Create

Subaction: None

Edit identity provider configuration

Identity management

Provider name

N/A

Edit

Subaction: None

Delete identity provider configuration

Identity management

Provider name

N/A

Delete

Subaction: None

Warning

Object 1: Identity management
Object 2: User

Object 1: Provider name
Object 2: UserID

N/A

None

Subaction: None
Properties: Message

Create identity management key

Identity management key

KeyID

N/A

Create

Subaction: None

Set primary identity management key

Identity management key

KeyID

N/A

Edit

Subaction: Set primary key
Properties:

  • old_primary_provider_key_id

  • provider_key_id

Delete identity management key

Identity management key

KeyID

N/A

Delete

Subaction: None

Organization and Business Groups

User Action Object Type Object Parent Action Payload

Edit domain name

Organization

OrgID

N/A

Edit

Subaction: None
Properties: New name

Create business group

Organization

OrgID

Parent organization

Create

Subaction: None
Properties: Org object

Edit business group name

Organization

OrgID

Parent organization

Edit

Subaction: Edit name
Properties: New group name

Edit business group owner

Organization

OrgID

Parent organization

Edit

Subaction: Edit owner
Properties: New owner userID

Edit business group entitlement

Entitlement

EnvID

N/A

Edit

Subaction: Edit entitlement
Properties: Entitlement change

Delete business group

Organization

OrgID

Parent organization

Delete

Subaction: None
Properties: Org object

Environments

User Action Object Type Object Parent Action Payload

Create environment

Environment

EnvID

N/A

Create

Subaction: None
Properties: None

Delete environment

Environment

EnvID

N/A

Delete

Subaction: None
Properties: Environment metadata

Rename environment

Environment

EnvID

N/A

Edit

Subaction: None
Properties: Environment name

Environments that are created automatically when you create an organization or business group do not have audit log entries. As Anypoint Platform has evolved, the default environments created have also changed over time. Currently, Sandbox and Design are created automatically and do not have audit log entries.

Connected Apps

User Action Object Type Object Parent Action Payload

Create Connected Application

Connected Application

clientID

N/A

Create

Subaction: None
Properties:

  • clientName

  • clientID

  • clientIP

  • orgID

  • grantTypes

Edit Connected Application

Connected Application

clientID

N/A

Edit

Subaction: None
Properties:

  • clientName

  • clientID

  • clientIP

  • orgID

  • grantTypes

Delete Connected Application

Connected Application

clientID

N/A

Delete

Subaction: None
Properties:

  • clientName

  • clientID

  • clientIP

  • orgID

  • grantTypes

Update Scope Assignments

Connected Application

clientID

N/A

Permissions Change

Subaction: Add Assignments
Properties: Scopes

Application Authorization Approved

External Authorization

clientID

N/A

Approved

Subaction: None
Properties: None

Application Authorization Denied

External Authorization

clientID

N/A

Denied

Subaction: None
Properties: None

Token Retrieval Success

Connected Application

clientID

N/A

Login - Token

Subaction: Token
Properties:

  • clientName

  • clientID

  • clientIP

  • orgID

  • grantTypes

Token Retrieval Failed

Connected Application

clientID

N/A

Login - Token

Subaction: Token
Properties:

  • clientID

  • clientIP

  • Error Message

Revoke Access/Refresh Tokens

Connected Application

clientID

N/A

Revoke Tokens

Subaction: None
Properties:

  • clientName

  • clientID

  • clientIP

  • orgID

  • grantTypes

Teams

User Action Object Type Object Parent Action Payload

Create Team

Team

Team Name

N/A

Create

Subaction: None
Properties:

  • org_id

  • team_id

  • team_name

  • team_type

  • created_at

  • updated_at

  • ancestor_team_ids

Update Team

Team

Team Name

N/A

Update

Subaction: None
Properties:

  • org_id

  • team_id

  • team_type

  • ancestor_team_ids

Move Team

Team

Team Name

N/A

Move

Subaction: None
Properties:

  • org_id

  • team_id

  • team_type

  • ancestor_team_ids

  • previous_ancestor_team_ids

Add Members

Team

Team Name

N/A

Edit

Subaction: Add Members
Properties:

  • array of:

    • id (Member/Maintainer ID)

    • membership_type

Remove Members

Team

Team Name

N/A

Edit

Subaction: Remove Members
Properties:

  • Removed Member ID

Add Permissions

Team

Team Name

N/A

Permissions change

Subaction: Add permissions
Properties:

  • name (Permission Name)

  • role_id (Permission ID)

  • context_params)

Remove Permissions

Team

Team Name

N/A

Permissions change

Subaction: Remove permissions
Properties:

  • name (Permission Name)

  • role_id (Permission ID)

  • context_params)

Edit External Group Mappings

Team

Team Name

N/A

Edit

Subaction: Edit external group mapping
Properties:

  • data:

    • provider_id

    • membership_type

    • external_group_name

  • total

Delete Team

Team

Team Name

N/A

Delete

Subaction: None
Properties:

  • org_id

  • team_id

  • ancestor_team_ids

User IdP Profiles

User Action Object Type Object Parent Action Payload

Create User IdP Profile

User IdP Profile

N/A

N/A

Create

Subaction: None
Properties:

  • userId

  • idpUserId

  • providerId

  • loginProfileData

Anypoint DataGraph

User Action Object Type Object Parent Action Payload

Add API

User

data-graph-{api-name}-{env-name}

N/A

Add API

N/A

Update API

User

data-graph-{api-name}-{env-name}

N/A

Update API

N/A

Remove API

User

data-graph-{api-name}-{env-name}

N/A

Remove API

N/A

Exchange

Assets

User Action Object Type Object Parent Action Payload

Create an asset

Asset

Asset ID

N/A

Create

Subaction: None
Properties: Asset object

Update an asset

Asset

Asset ID

N/A

Update

Subaction: None
Properties: Asset object

Delete an asset

Asset

Asset ID

N/A

Delete

Subaction: None
Properties: None

Share an asset

Asset

Asset ID

N/A

Granted or revoked permissions

Subaction: None
Properties:

  • Asset object

  • Source

  • Target

  • Role

Publish an asset to public portal

Asset Version Group

Asset ID and version group

N/A

Publish to public portal

Subaction: None
Properties: Asset ID, name and type

Remove an asset from public portal

Asset Version Group

Asset ID and version group

N/A

Remove from public portal

Subaction: None
Properties: Asset ID, name and type

Update an asset icon

Asset icon

Asset ID

Asset

Update

Subaction: None
Properties: Asset object

Delete an asset icon

Asset icon

Asset ID

Asset

Delete

Subaction: None
Properties: Asset object

Create a managed tag (category)

Asset managed tag

Asset ID and tag ID

Asset

Create

Subaction: None
Properties: None

Delete a managed tag (category)

Asset managed tag

Asset ID and tag ID

Asset

Delete

Subaction: None
Properties: None

Delete an organization

Organization

Organization ID

N/A

Delete

Subaction: None
Properties: None

Update tags

Asset tags

Asset ID

Asset

Update

Subaction: None
Properties: Tags

Create a tag configuration

Tag configuration

Tag configuration ID

N/A

Create

Subaction: None
Properties: TagConfiguration

Update a tag configuration

Tag configuration

Tag configuration ID

N/A

Update

Subaction: None
Properties: TagConfiguration

Delete a tag configuration

Tag configuration

Tag configuration ID

N/A

Delete

Subaction: None
Properties: None

Asset Portals

User Action Object Type Object Parent Action Payload

Create a page

Asset portal page

Page ID

Asset portal

Create

Subaction: None
Properties:

  • Asset object

  • Page

Update a page

Asset portal page

Page ID

Asset portal

Update

Subaction: None
Properties:

  • Asset object

  • Page

Delete a page

Asset portal page

Page ID

Asset portal

Delete

Subaction: None
Properties: None

Create a portal

Asset portal

Portal ID

Asset

Create

Subaction: None
Properties: Asset portal

Publish a portal

Asset portal

Portal ID

Asset

Publish

Subaction: None
Properties: Asset portal

API Metadata

User Action Object Type Object Parent Action Payload

Create an API instance

API instance

API instance ID

N/A

Create

Subaction: None
Properties:

  • Name

  • isPublic

Delete an API instance

API instance

API instance ID

N/A

Delete

Subaction: None
Properties:

  • Name

  • isPublic

Update an API instance

API instance

API instance ID

N/A

Update

Subaction: None
Properties:

  • Name

  • isPublic

File Upload

User Action Object Type Object Parent Action Payload

Upload file

Exchange file

File ID

N/A

Create

Subaction: None
Properties: File key

Delete file

Exchange file

File ID

N/A

Delete

Subaction: None
Properties: File key

Update file

Exchange file

File ID

N/A

Update

Subaction: None
Properties: File key

Public Portals

User Action Object Type Object Parent Action Payload

Update a domain

Public portal domain

Organization ID and domain

Public portal

Update

Subaction: None
Properties:

  • Portal ID

  • Domain

Delete a domain

Public portal domain

Organization ID and domain

Public portal

Delete

Subaction: None
Properties:

  • Portal ID

  • Domain

Create a page

Public portal page

Page path

Public portal

Create

Subaction: None
Properties:

  • Portal ID

  • Page ID

Delete a page

Public portal page

Page path

Public portal

Delete

Subaction: None
Properties:

  • Portal ID

  • Page ID

Update a page

Public portal page

Page path

Public portal

Update

Subaction: None
Properties:

  • Portal ID

  • Page ID

Create a portal

Public portal

Organization ID

N/A

Create

Subaction: None
Properties:

  • Project ID

  • Created by ID

Publish a portal

Public portal

Organization ID

N/A

Publish

Subaction: None
Properties:

  • Project ID

  • Created by ID

Delete a portal

Public portal

Organization ID

N/A

Delete

Subaction: None
Properties:

  • Project ID

  • Created by ID

Update a portal

Public portal

Organization ID

N/A

Update

Subaction: None

Properties:

  • Project ID

  • Created by ID

Asset Reviews

User Action Object Type Object Parent Action Payload

Create a Comment

Asset portal review comment

Comment ID

Asset portal review

Create

Subaction: None
Properties: Comment

Delete a comment

Asset portal review comment

Comment ID

Asset portal review

Delete

Subaction: None
Properties: Comment

Update a comment

Asset portal review comment

Comment ID

Asset portal review

Update

Subaction: None
Properties: Comment

Create a review

Asset portal review

Review ID

Asset

Create

Subaction: None
Properties: Review object

Delete a review

Asset portal review

Review ID

Asset

Delete

Subaction: None
Properties: Review object

Update a review

Asset portal review

Review ID

Asset

Update

Subaction: None
Properties: Review object

RPA

The payload is split when it contains more than 32k (32768) characters. Split audit log entries have identical correlation IDs.

Run Configurations

User Action Object Type Object Parent Action Payload

Create run configuration

Run configuration

Run configuration ID

N/A

Create

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

  • Run configuration description

  • Run configuration type

  • Run configuration priority

  • Activity parameters

    • Activity Parameter name

      • Mapping with <global variable/credential name>

  • User task user

  • User task group

  • Execution session type

  • Execution user

  • Execution taskbar option

  • Schedule Name

  • Bots

    • Bot name

    • Bot ID

    • Assigned sessions

Edit run configuration

Run configuration

Run configuration ID

N/A

Edit

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

  • Run configuration description

  • Run configuration priority

  • Activity parameters

    • Activity Parameter name

      • Mapping with <global variable/credential name>

  • User task user

  • User task group

  • Execution session type

  • Execution user

  • Execution taskbar option

  • Schedules

    • Schedule name

  • Bots

    • Bot name

    • Bot ID

    • Assigned sessions

Delete run configuration

Run configuration

Run configuration ID

N/A

Delete

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

Deploy run configuration

Run configuration

Run configuration ID

N/A

Deploy

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

  • Schedules

    • Schedule name

  • Bots

    • Bot name

    • Bot ID

    • Assigned sessions

Publish run configuration

Run configuration

Run configuration ID

N/A

Publish

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

Revoke run configuration

Run configuration

Run configuration ID

N/A

Revoke

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

Pause run configuration

Run configuration

Run configuration ID

N/A

Pause

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

Continue run configuration

Run configuration

Run configuration ID

N/A

Continue

Subaction: None
Properties:

  • Process name

  • Process ID

  • Process phase

  • Run configuration name

Processes

User Action Object Type Object Parent Action Payload

Create process

Process

Process ID

N/A

Create

Subaction: none

Properties:

  • Process name

  • Process phase

  • Applications required

    • Application name

  • Process team

    • Member name

    • Assigned phases

  • Advanced permissions option

Edit process

Process

Process ID

N/A

Edit

Subaction: none

Properties:

  • Process name

  • Process phase

  • Applications required

    • Application name

  • Process team

    • Member name

    • Assigned phases

  • Advanced permissions option

Delete process

Process

Process ID

N/A

Delete

Subaction: none

Properties:

  • Process name

  • Process phase

Bots

User Action Object Type Object Parent Action Payload

Register bot

Bot

Bot ID

N/A

Register

Subaction: none

Properties:

  • Bot name

  • API key name

  • Bot version

  • IP address

  • Hostname

  • Time zone

Register bot

Bot

Bot ID

N/A

Register

Subaction: none

Properties:

  • Bot name

  • API key name

  • Bot version

  • IP address

  • Hostname

  • Time zone

  • Bot status

  • Assigned Applications

    • Application name

  • Assigned service times

    • Service time name

  • Phase affiliation

  • Description

  • Assigned Secure Sessions

Delete bot

Bot

Bot ID

N/A

Delete

Subaction: none

Properties:

  • Bot name

Credential Pool

User Action Object Type Object Parent Action Payload

Create credential

Credential

Credential ID

N/A

Create

Subaction: none

Properties:

  • Credential name

  • Credential description

  • User affiliation

  • User group affiliation

  • Phase affiliation

  • Type

Edit credential

Credential

Credential ID

N/A

Edit

Subaction: none

Properties:

  • Credential name

  • Credential description

  • User affiliation

  • User group affiliation

  • Phase affiliation

Delete credential

Credential

Credential ID

N/A

Delete

Subaction: none

Properties:

  • Credential name

Global Variables

User Action Object Type Object Parent Action Payload

Create global variable

Global variable

Global variable ID

N/A

Create

Subaction: none

Properties:

  • Global variable name

  • Global variable description

  • Phase affiliation

  • Type

Edit global variable

Global variable

Global variable ID

N/A

Edit

Subaction: none

Properties:

  • Global variable name

  • Global variable description

  • Phase affiliation

Delete global variable

Global variable

Global variable ID

N/A

Delete

Subaction: none

Properties:

  • Global variable name

Applications

User Action Object Type Object Parent Action Payload

Create Application

Application

Application ID

N/A

Create

Subaction: none

Properties:

  • Application name

  • Application time zone

  • Downtimes

    • Downtime name

Edit Application

Application

Application ID

N/A

Edit

Subaction: none

Properties:

  • Application name

  • Application time zone

  • Downtimes

    • Downtime name

Delete Application

Application

Application ID

N/A

Delete

Subaction: none

Properties:

  • Application name

Service Times

User Action Object Type Object Parent Action Payload

Create service time

Service time

Service time ID

N/A

Create

Subaction: none

Properties:

  • Service time name

  • Timezone

  • Service time start

  • Service time end

Edit service time

Service time

Service time ID

N/A

Edit

Subaction: none

Properties:

  • Service time name

  • Timezone

  • Service time start

  • Service time end

Delete service time

Service time

Service time ID

N/A

Delete

Subaction: none

Properties:

  • Service time name

Runtime Manager

User Action Object Type Object Parent Action Payload

Create application

Application

AppID

N/A

Create

Subaction: None
Properties: Application metadata

Start application

Application

AppID

N/A

Start

Subaction: None
Properties: Application metadata

Restart application

Application

AppID

N/A

Restart

Subaction: None
Properties: Application metadata

Stop application

Application

AppID

N/A

Stop

Subaction: None
Properties: Application metadata

Delete application

Application

AppID

N/A

Delete

Subaction: None
Properties: Application metadata

Change application zip file

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Promote application from sandbox

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Change application runtime

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Change application worker size

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Change application worker number

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Enable/disable persistent queues

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Enable/disable persistent queue encryption

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Modify application properties

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Enable/disable insight

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Modify log levels

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Create/modify/delete alerts

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Enable/disable alerts

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Create/modify/delete application data

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Create/modify schedules

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Create/modify/delete tenants

Application

AppID

N/A

Subaction: None
Properties: Application metadata

Enable/disable schedules

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Clear queues

Application

AppID

N/A

Clear

Subaction: None
Properties: Application metadata

Enable/Disable static IP

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

Allocate/release static IP

Application

AppID

N/A

Modify

Subaction: None
Properties: Application metadata

LoadBalancer Create/modify/delete

LoadBalancer

LoadBalancerID

N/A

Create/modify/delete

Subaction: None
Properties: LoadBalancer metadata

Create/modify/delete alerts V2

Alert

AlertID

N/A

Create/modify/delete

Subaction: None
Properties: Alert

Create/modify/delete VPC

VPC

vpcID

N/A

Create/modify/delete

Subaction: None
Properties: VPC metadata

Create/modify/delete VPN

VPN

vpnId

N/A

Create/modify/delete

Subaction: None
Properties: VPN metadata

Servers

User Action Object Type Object Parent Action Payload

Add server

Server

ServerID

N/A

Create

Subaction: None
Properties: Server metadata

Delete server

Server

ServerID

N/A

Delete

Subaction: None
Properties: Server metadata

Rename server

Server

ServerID

N/A

Modify

Subaction: Rename
Properties: Server metadata

Create server group

Server group

ServerGroupID

N/A

Create

Subaction: None
Properties: Server group metadata

Delete server group

Server group

ServerGroupID

N/A

Delete

Subaction: None
Properties: Server group metadata

Rename server group

Server group

ServerGroupID

N/A

Modify

Subaction: Rename
Properties: Server group metadata

Add server to server group

Server group

ServerGroupID

N/A

Modify

Subaction: Add server
Properties: Server group metadata

Remove server from server group

Server group

ServerGroupID

N/A

Modify

Subaction: Remove server
Properties: Server group metadata

Create cluster

Cluster

ClusterID

N/A

Create

Subaction: None
Properties: Cluster metadata

Delete Cluster

Cluster

ClusterID

N/A

Delete

Subaction: None
Properties: Cluster metadata

Rename cluster

Cluster

ClusterID

N/A

Modify

Subaction: Rename
Properties: Cluster metadata

Add server to cluster

Cluster

ClusterID

N/A

Modify

Subaction: Add server
Properties: Cluster metadata

Remove server from cluster

Cluster

ClusterID

N/A

Modify

Subaction: Remove server
Properties: Cluster metadata

Deploy application

Application

ApplicationID

N/A

Deploy

Subaction: None
Properties: Application metadata

Delete application

Application

ApplicationID

N/A

Delete

Subaction: None
Properties: Application metadata

Start application

Application

ApplicationID

N/A

Start

Subaction: None
Properties: Application metadata

Stop application

Application

ApplicationID

N/A

Stop

Subaction: None
Properties: Application metadata

Redeploy application with existing file

Application

ApplicationID

N/A

Redeploy

Subaction: None
Properties: Application metadata

Redeploy application with new file

Application

ApplicationID

N/A

Redeploy

Subaction: Update binary
Properties: Application metadata

Private Spaces in CloudHub 2.0

User Action Object Type Object Parent Action Payload

Create/Modify/Delete private space

Private Space

PrivateSpaceID

N/A

Create/Modify/Delete

Subaction: None
Properties: Private space metadata

Create/Modify/Delete connection

Private Space

PrivateSpaceID

N/A

Create/Modify/Delete

Subaction: None
Properties: Connection metadata

Create/Modify/Delete VPN

Private Space

PrivateSpaceID

N/A

Create/Modify/Delete

Subaction: None
Properties: None

Create/Modify/Delete transit gateway

Private Space

PrivateSpaceID

N/A

Create/Modify/Delete

Subaction: None
Properties: Transit gateway metadata

Create/Modify/Delete TLSContext

Private Space

PrivateSpaceID

N/A

Create/Modify/Delete

Subaction: None
Properties: None

Create/Modify/Delete routes

Private Space

PrivateSpaceID

N/A

Create/Modify/Delete

Subaction: None
Properties:

  • Target

  • Route object

Anypoint MQ

User Action Object Type Object Parent Action Payload

Create/modify/delete/purge queue

Queue

queueID

N/A

Create/modify/delete

Subaction: None
Properties: Queue metadata

Create/modify/delete exchange

Exchange

exchangeID

N/A

Create/modify/delete

Subaction: None
Properties: Exchange metadata

Create/delete exchange binding

Binding

bindingID

N/A

Create/delete

Subaction: None
Properties: Exchange metadata

Create/delete/regenerate client

Client

clientID

N/A

Create/delete/regenerate

Subaction: None
Properties: Client metadata

Object Store v2

User Action Object Type Object Parent Action Payload

Create/modify/delete store

Store

storeID

N/A

Create/modify/delete

Subaction: None
Properties: Store metadata

Secrets Manager

User Action Object Type Object Parent Action Payload

Create a secret group

secretGroup

secretGroup name

N/A

Create

Subaction: None
Properties:

  • secretGroup path

  • secrets manager transaction ID

Delete a secret group

secretGroup

secretGroup name

N/A

Delete

Subaction: None
Properties:

  • secretGroup path

  • secrets manager transaction ID

Create a secret

a secret type such as sharedSecret

secret name

N/A

Create

Subaction: None
Properties:

  • secret path

  • secrets manager transaction ID

Update a secret

a secret type such as sharedSecret

secret name

N/A

Update

Subaction: None
Properties:

  • secret path

  • secrets manager transaction ID

Patch a secret

a secret type such as sharedSecret

secret name

N/A

Update

Subaction: None
Properties:

  • secret path

  • secrets manager transaction ID

Audit Log REST API Access

You can access the Audit Log REST API from the Audit Logging Query API and its RAML.

Use a Query Loop to make Requests in Audit Logs

The latest version of the query API uses cursor pagination for efficiency, but you can continue to use the previous version of the query API, which uses offset pagination and returns the total number of records.

The latest version of the API uses pagination with cursors, so you can initiate query loops using cursors. Setting the cursorPagination query parameter to true enables you to use cursor paging. When you use cursor pagination, each response returns a cursor. The cursor corresponds to the last data entry in the response data set. The subsequent request in the query loop should use the cursor value that was returned in the previous response, and so on. When the data set is empty in response, you have reached the end of the query loop, and there is no more data to query for that time window. At that point, stop the query loop. When the data set is empty in the response, no cursor is returned. When you use cursor pagination, total is not returned by default, because the query loop is not dependent on the offset or the number of total rows. If you want to see the total when you use cursor paging, set the doIncludeTotal query parameter to true.

When the cursorPagination query parameter is true and you use offset and cursor in the query body, cursor is prioritized, and offset is ignored.

There is no mapping between offset and cursor values; And so when you run a query loop over a time window, you cannot switch to the new param somewhere in the middle by using the cursorPagination and continue the loop. This is because when using cursorPagination, offset is ignored and so the loop will be start from the beginning.

The cursor-based pagination API is not applicable to the CSV query. The query continues to use offset-based pagination.

This example shows a series of calls in a query loop for cursor based query:

  1. The first call doesn’t have a cursor in the body and doesn’t request the total. The response returns this data:

    POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=true

    Body:

    {
    	"startDate":"2022-09-01T22:14:47.099Z",
    	"endDate":"2022-11-30T23:14:47.099Z",
    }

    Response:

    {
       "data": [log entries],
       "cursor": '123_abcd'
    }

    You can use the cursor from the first call’s response in the next call to get the next set of rows.

  2. The second call has a specific cursor in the request:

    POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=true

    Body:

    {
    	"startDate":"2022-09-01T22:14:47.099Z",
    	"endDate":"2022-11-30T23:14:47.099Z",
    	"cursor": '123_abcd'
    }

    Response:

    {
    	"data": [logs],
    	"cursor": '123_xyz'
    }
  3. The third call is the final call in a loop. Because there are no more logs to return, the response doesn’t have a cursor and contains no data.

    POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=true

    Body:

    {
    	"startDate":"2022-09-01T22:14:47.099Z",
    	"endDate":"2022-11-30T23:14:47.099Z",
    	"cursor": '123_xyz'
    }

    Response:

    {
    	"data": []
    }
  4. This example shows how to use a cursor and request the total:

    POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=true&doIncludeTotal=true

    Body:

    {
    	"startDate":"2022-09-01T22:14:47.099Z",
    	"endDate":"2022-11-30T23:14:47.099Z",
    	"cursor": '123_abcds'
    }

    Response:

    {
    	"data": [logs],
    	"cursor": '123_asdfg'
    	"total": 50000
    }

Access the API using CURL Commands

These are example curl commands for accessing the API (Windows users need to download curl before using these commands).

Get authorization information:

curl 'https://anypoint.mulesoft.com/audit/v2/organizations/<organization_id>/platforms?include_internal=false' -H 'Authorization: bearer <bearer_value>'

Get actions by date range:

curl 'https://anypoint.mulesoft.com/audit/v2/organizations/<organization_id>/query?include_internal=false' -H 'Authorization: bearer <bearer_value>' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"startDate":"2017-03-08T20:16:41.250Z","endDate":"2017-03-08T21:16:41.250Z","platforms":[],"objectTypes":[],"actions":[],"objectIds":[],"userIds":[],"ascending":false,"organizationId":"<organization_id>","offset":0,"limit":25}' --compressed ;

Rate Limit Policy for Audit Log Query Endpoint

The Audit Log Query endpoint applies rate limits per IP in the three control planes: US, EU, and gov.

This table outlines the rate limits for each control plane:

Control Plane Allowed requests per minute per IP

US

700

EU

40

Gov

40

If a client exceeds the rate limit for a given control plane, the Audit Log Query endpoint returns a 503 Service Unavailable status code until the minute expires. During this time, the service is unavailable to the client.

It’s best for Audit Log Query Endpoint users to monitor their request rates and adjust their usage accordingly to avoid exceeding the rate limit. Exceeding the rate limit can make the endpoint temporarily unavailable.