Audit Logging
Changes made by users within Anypoint Platform organizations are logged through an audit logging service. You can access the data logs through the audit logging query API or through the audit logging UI.
The audit logging service provides a queryable history of actions performed within the Anypoint Platform. It keeps track of all users who have interacted with objects in the system, and timestamps those actions. It also provides mechanisms for querying the set of users who have performed actions, the set of objects that had actions performed on them, and other endpoints that enable the querying of log entries.
Audit logs have a default retention period of one year. If your organization was created before July 10, 2023 and you did not manually change the retention period, the retention period is six years. Users who have the Organization Administrator and Audit Log Config Manager permission can customize the retention period. For more information, see Audit Log Retention Period. Download your logs periodically to maintain your log files for longer than the current retention period.
Access Audit Logging
Users who have the Organization Administrator permission or the Audit Log Viewer permission on Anypoint Platform have access to both the UI and the Query API. The audit log service is business-group aware, which means you see only logs that are relevant to your own business group.
The audit log UI is embedded in Access Management.
-
Log in to Anypoint Platform.
-
In the navigation bar or the main Anypoint Platform page, click Access Management.
-
In the Access Management navigation menu, click Audit Logs.
The Audit Logs page displays the logs. You can:
-
Download audit logs.
-
Set a time period for audit logs to display.
-
Filter audit logs by product, type, and actions.
-
Search audit logs by environment, object, and user.
Export Audit Logs
You can use the Telemetry Exporter feature in Anypoint Monitoring to export audit logs to third-party analytics and observability apps.
When exported, audit logs have a unique ID in the mulesoft.audit.id attribute. In usual operations, each log is delivered only once, but under certain circumstances, some logs are delivered more than once. Duplicate log entries always share the unique mulesoft.audit.id attribute, so this attribute can be used to safely block or remove duplicate logs from the target system.
Telemetry Exporter for audit logs currently has the following data differences, limitations, and known issues:
-
The audit logs that the Telemetry Exporter sends to third-party apps often have different field names from the audit logs that appear in Access Management or the Audit Query Log API.
For example, audit logs shown in the UI or retrieved by the Audit Log Query API describe a user action (such asupdateordelete) asaction, whereas the OpenTelemetry attribute refers to it asmulesoft.audit.action. -
If the audit log entry metadata and payload field exceed 30KB when compressed, the payload is truncated before compression.
Audit Log Contents
Activities represented in the log are actions that occur at a particular time, involve one or more objects, have an action type (such as delete or approve) associated with the objects, and optionally a payload which can store application-specific information such as changed fields, environment information, etc.
Each log entry has a set of properties that provides information about the activity:
-
Time: The timestamp when the activity occurred.
-
Product: The product where the object resides, for example,
Access Management -
Type: The type of the object on which the action is performed, for example,
Organization -
Action: The action associated with the object, for example,
Create -
Object: The name of the object, for example,
foo -
User Name: The user who performed the action, for example,
johndoeOccasionally, there are
Anypoint Stafflog entries. This log entry is made when the audit action was performed by a user who does not belong to your organization.
Anypoint Staffentries are created for when these events occur:-
An internal or system process that is a routine part of Anypoint Platform operations is performed
-
The MuleSoft procurement staff changes entitlements for your organization as a result of license grants
-
An action is performed by a MuleSoft employee on your behalf for other purposes, such as troubleshooting
-
-
Connected App: Name of the connected app that takes an action on behalf of a user or itself. If a connected app did not execute the action, the payload is
N/A. -
Environment: Environment names for events from API Manager, Runtime Manager, CloudHub, Partner Manager, and MQ.
-
Parent: (Optional) The parent of the object (if any) on which the action is performed. Mainly relevant to APIs.
-
Payload: (Optional) More information about the log properties. For example, if an Organization was created, then the payload would contain information about the organization and the owner, such as IDs.
The following is a list of actions per product and object type that Anypoint Platform audits:
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Set T&C |
T&C |
T&C |
N/A |
Create |
Subaction: None |
Modify T&C |
T&C |
T&C |
N/A |
Edit |
Subaction: None |
Set org custom theme |
Portal theme |
Org name |
N/A |
Create |
Subaction: None |
Edit org custom theme |
Bus. Group |
Org Name |
N/A |
Edit |
Subaction: None |
Add custom policy |
Policy |
PolicyID |
N/A |
Create |
Subaction: None |
Delete custom policy |
Policy |
PolicyID |
N/A |
Delete |
Subaction: None |
APIs
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create API |
API |
API ID |
N/A |
Create |
Subaction: None |
Delete API |
API |
API ID |
N/A |
Delete |
Subaction: None |
Import API |
API |
API ID |
N/A |
Create |
Subaction: None |
Update label of API |
API |
API ID |
N/A |
Edit |
Subaction: None |
Update consumer endpoint of API |
API |
API ID |
N/A |
Edit - update endpoint |
Subaction: None |
Update endpoint URI of API |
API |
API ID |
N/A |
Edit - edit endpoint URI |
Subaction: None |
API Versions
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create API version |
API version |
Version ID |
API ID |
Create |
Subaction: None |
Delete API version |
API version |
Version ID |
API ID |
Delete |
Subaction: None |
Import API |
API version |
Version ID |
API ID |
Create |
Subaction: Import API version |
Edit name of API version |
API version |
Version ID |
API ID |
Edit |
Subaction: Edit name |
Edit description of API version |
API version |
Version ID |
API ID |
Edit |
Subaction: Edit description |
Edit API URL of API version |
API version |
Version ID |
API ID |
Edit |
Subaction: Edit API URL |
Add tag |
API Version |
Version ID |
API ID |
Edit |
Subaction: Add tag |
Remove tag |
API Version |
Version ID |
API ID |
Edit |
Subaction: Remove tag |
Deprecate API |
API version |
Version ID |
API ID |
Edit |
Subaction: Deprecate API |
Set T&Cs |
API Version |
Version ID |
API ID |
Edit |
Subaction: Set terms & conditions |
Create RAML |
API Version |
Version ID |
API ID |
Edit |
Subaction: Create RAML |
Modify RAML |
API Version |
Version ID |
API ID |
Edit |
Subaction: Edit RAML |
Create endpoint |
API version |
Version ID |
API ID |
Edit |
Subaction: Create endpoint |
Update existing endpoint |
API version |
Version ID |
API ID |
Edit |
Subaction: Update endpoint |
Deploy proxy |
API Version |
Version ID |
API ID |
Deploy |
Subaction: None |
Update deployed proxy |
API version |
Version ID |
API ID |
Edit |
Subaction: Configure endpoint |
Redeploy proxy |
API Version |
Version ID |
API ID |
Deploy |
Subaction: None |
Create SLA tier |
Tier |
SLA ID |
Version ID |
Create |
Subaction: None |
Modify SLA tier |
Tier |
SLA ID |
Version ID |
Edit |
Subaction: None |
Deprecate SLA tier |
Tier |
SLA ID |
Version ID |
Edit |
Subaction: Deprecate SLA tier |
Delete SLA tier |
Tier |
SLA ID |
Version ID |
Delete |
Subaction: None |
Apply policy |
API policy |
Policy ID |
Version ID |
Create |
Subaction: None |
Edit policy |
API policy |
Policy ID |
Version ID |
Edit |
Subaction: None |
Remove policy |
API policy |
Policy ID |
Version ID |
Delete |
Subaction: None |
Application
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create application |
Application |
App ID |
N/A |
Create |
Subaction: None |
Delete application |
Application |
App ID |
N/A |
Delete |
Subaction: None |
Reset client secret |
Application |
App ID |
N/A |
Edit - reset client secret |
Subaction: Reset client secret |
Request access |
Contract |
Object 1: App ID |
N/A |
Create |
Subaction: None |
Request tier change |
Contract |
Object 1: App ID |
N/A |
Edit - request tier change |
Subaction: Request tier change |
Request tier change approval |
Contract |
Object 1: App ID |
N/A |
Edit - request tier change approval |
Subaction: Request tier change approval |
Approve application |
Contract |
Object 1: App ID |
N/A |
Edit - contract approval |
Subaction: Contract approval |
Revoke application |
Contract |
Object 1: App ID |
N/A |
Edit - contract revoke |
Subaction: Contract revoked |
Restore application |
Contract |
Object 1: App ID |
N/A |
Edit - contract restore |
Subaction: Contract restored |
The Create Application and Delete Application actions are logged at the root organization level.
API Designer APIs
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create project |
Project |
Project ID |
N/A |
Create project |
Subaction:
None
|
Delete project |
Project |
Project ID |
N/A |
Delete project |
Subaction:
None
|
Delete files |
Files |
Project ID |
N/A |
Delete files |
Subaction:
None
|
Rename project |
Project |
Project ID |
N/A |
Rename project |
Subaction:
None
|
Clean branch |
Project |
Project ID |
N/A |
Clean branch |
Subaction:
None
|
Create branch |
Project |
Project ID |
N/A |
Create branch |
Subaction:
None
|
Delete branch |
Project |
Project ID |
N/A |
Delete branch |
Subaction:
None
|
Save branch |
Project |
Project ID |
N/A |
Save branch |
Subaction:
None
|
Delete file |
Project |
Project ID |
N/A |
Delete file |
Subaction:
None
|
Move file |
Project |
Project ID |
N/A |
Move file |
Subaction:
None
|
Import project |
Project |
Project ID |
N/A |
Import project |
Subaction:
None
|
Publish to Exchange |
Project |
Project ID |
N/A |
Publish to Exchange |
Subaction:
None
|
Publish to API Platform |
Project |
Project ID |
N/A |
Publish to API Platform |
Subaction:
None
|
Add dependencies |
Project |
Project ID |
N/A |
Add dependencies |
Subaction:
None
|
Remove dependencies |
Project |
Project ID |
N/A |
Remove dependencies |
Subaction:
None
|
Change dependencies |
Project |
Project ID |
N/A |
Change dependencies |
Subaction:
None
|
Reload dependencies |
Project |
Project ID |
N/A |
Reload dependencies |
Subaction:
None
|
Merge Branch |
Project |
Project ID |
N/A |
Merge Branch |
Subaction:
None
|
Share project |
Project |
Project ID |
N/A |
Share project |
Subaction:
None
|
Sync with Github |
Project |
Project ID |
N/A |
Sync with Github |
Subaction:
None
|
Unsync with Github |
Project |
Project ID |
N/A |
Unsync with Github |
Subaction:
None
|
Modify organization settings |
Project |
Organization ID |
N/A |
Modify organization settings |
Subaction:
None
|
Rename branch |
Project |
Project ID |
N/A |
Rename branch |
Subaction:
None
|
Modify project settings |
Project |
Project ID |
N/A |
Modify project settings |
Subaction:
None
|
Mocking Service
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create link |
Link |
Link ID |
N/A |
Create |
Subaction:
Create Link |
Delete link |
Link |
Link ID |
N/A |
Delete |
Subaction:
Delete Link |
Portals
The following actions apply to API Manager v1.x portals.
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create portal |
Portal |
Object 1: Portal ID |
N/A |
Create |
Subaction: None |
Modify portal association |
Portal |
Object 1: Portal ID |
N/A |
Edit |
Subaction: Change portal association |
Delete portal |
Portal |
Portal ID |
N/A |
Delete |
Subaction: None |
Add portal page |
Portal |
Page ID |
Portal ID |
Edit |
Subaction: Add portal page |
Make portal page visible |
Portal |
Page ID |
Portal ID |
Edit |
Subaction: Make page visible |
Delete portal page |
Portal |
Page ID |
Portal ID |
Delete |
Subaction: Delete portal page |
Edit portal page |
Portal |
Page ID |
Portal ID |
Edit |
Subaction: Edit portal page |
Hide portal page |
Portal |
Page ID |
Portal ID |
Edit |
Subaction: Hide portal page |
Set portal theme |
Portal |
Portal ID |
N/A |
Edit |
Subaction: Set portal theme |
Modify portal theme |
Portal |
Portal ID |
N/A |
Edit |
Subaction: Modify portal theme |
Modify portal security |
Portal |
Portal ID |
N/A |
Edit |
Subaction: Set security |
Access Management
Users
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Signup / Organization creation |
User |
UserID |
N/A |
Create |
Subaction: None |
User creation (w/out creating an org) |
User |
UserID |
N/A |
Create |
Subaction: None |
Password reset requested |
User |
UserID |
N/A |
Edit |
Subaction: Password reset |
Password changed |
User |
UserID |
N/A |
Edit |
Subaction: Password changed |
Delete user |
User |
UserID |
N/A |
Delete |
Subaction: None |
Disable user |
User |
UserID |
N/A |
Edit |
Subaction: Disable user |
Login success |
User |
UserID |
N/A |
Login |
Subaction: None |
Login success reauthenticate |
User |
UserID |
N/A |
Login - Reauthenticate |
Subaction: Reauthenticate |
Login failure |
User |
UserID |
N/A |
Login |
Subaction: Failure |
Login failure reauthentication |
User |
UserID |
N/A |
Login - Reauthentication Failure |
Subaction: Reauthentication Failure |
Logout |
User |
UserID |
N/A |
Logout |
Subaction: None |
|
Roles
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create role |
Role |
Role |
N/A |
Create |
Subaction: None |
Edit role - add user |
Object 1: Role |
Object 1: Role |
N/A |
Edit |
Subaction: Add user |
Edit role - remove user |
Object 1: Role |
Object 1: Role |
N/A |
Edit |
Subaction: Remove user |
Edit role - change external group mapping |
Role |
Role |
N/A |
Edit |
Subaction: Edit role mapping |
Delete role |
Role |
Role |
N/A |
Delete |
Subaction: None |
Permissions
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
User permission change |
Permission |
Object 1: User |
Parent 1: N/A |
Permissions change |
Subaction: None |
Role permission change |
Permission |
Object 1: Role |
Parent 1: N/A |
Permissions change |
Subaction: None |
Environment permissions change |
Permission |
EnvID |
N/A |
Permissions change |
Subaction: None |
Identity Management
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create identity provider configuration |
Identity management |
Provider name |
N/A |
Create |
Subaction: None |
Edit identity provider configuration |
Identity management |
Provider name |
N/A |
Edit |
Subaction: None |
Delete identity provider configuration |
Identity management |
Provider name |
N/A |
Delete |
Subaction: None |
Warning |
Object 1: Identity management |
Object 1: Provider name |
N/A |
None |
Subaction: None |
Create identity management key |
Identity management key |
KeyID |
N/A |
Create |
Subaction: None |
Set primary identity management key |
Identity management key |
KeyID |
N/A |
Edit |
Subaction: Set primary key
|
Delete identity management key |
Identity management key |
KeyID |
N/A |
Delete |
Subaction: None |
Organization and Business Groups
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Edit domain name |
Organization |
OrgID |
N/A |
Edit |
Subaction: None |
Create business group |
Organization |
OrgID |
Parent organization |
Create |
Subaction: None |
Edit business group name |
Organization |
OrgID |
Parent organization |
Edit |
Subaction: Edit name |
Edit business group owner |
Organization |
OrgID |
Parent organization |
Edit |
Subaction: Edit owner |
Edit business group entitlement |
Entitlement |
EnvID |
N/A |
Edit |
Subaction: Edit entitlement |
Delete business group |
Organization |
OrgID |
Parent organization |
Delete |
Subaction: None |
Environments
| User Action | Object Type | Object | Parent | Action | Payload | ||
|---|---|---|---|---|---|---|---|
Create environment |
Environment |
EnvID |
N/A |
Create |
Subaction: None |
||
Delete environment |
Environment |
EnvID |
N/A |
Delete |
Subaction: None |
||
Rename environment |
Environment |
EnvID |
N/A |
Edit |
Subaction: None
|
Connected Apps
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create Connected Application |
Connected Application |
clientID |
N/A |
Create |
Subaction:
None
|
Edit Connected Application |
Connected Application |
clientID |
N/A |
Edit |
Subaction:
None
|
Delete Connected Application |
Connected Application |
clientID |
N/A |
Delete |
Subaction:
None
|
Update Scope Assignments |
Connected Application |
clientID |
N/A |
Permissions Change |
Subaction: Add Assignments |
Application Authorization Approved |
External Authorization |
clientID |
N/A |
Approved |
Subaction: None |
Application Authorization Denied |
External Authorization |
clientID |
N/A |
Denied |
Subaction: None |
Token Retrieval Success |
Connected Application |
clientID |
N/A |
Login - Token |
Subaction: Token
|
Token Retrieval Failed |
Connected Application |
clientID |
N/A |
Login - Token |
Subaction: Token
|
Revoke Access/Refresh Tokens |
Connected Application |
clientID |
N/A |
Revoke Tokens |
Subaction:
None
|
Teams
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create Team |
Team |
Team Name |
N/A |
Create |
Subaction:
None
|
Update Team |
Team |
Team Name |
N/A |
Update |
Subaction:
None
|
Move Team |
Team |
Team Name |
N/A |
Move |
Subaction:
None
|
Add Members |
Team |
Team Name |
N/A |
Edit |
Subaction:
Add Members
|
Remove Members |
Team |
Team Name |
N/A |
Edit |
Subaction:
Remove Members
|
Add Permissions |
Team |
Team Name |
N/A |
Permissions change |
Subaction:
Add permissions
|
Remove Permissions |
Team |
Team Name |
N/A |
Permissions change |
Subaction:
Remove permissions
|
Edit External Group Mappings |
Team |
Team Name |
N/A |
Edit |
Subaction:
Edit external group mapping
|
Delete Team |
Team |
Team Name |
N/A |
Delete |
Subaction: None
|
Anypoint DataGraph
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Add API |
User |
data-graph-{api-name}-{env-name} |
N/A |
Add API |
N/A |
Update API |
User |
data-graph-{api-name}-{env-name} |
N/A |
Update API |
N/A |
Remove API |
User |
data-graph-{api-name}-{env-name} |
N/A |
Remove API |
N/A |
Exchange
Assets
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create an asset |
Asset |
Asset ID |
N/A |
Create |
Subaction: None |
Update an asset |
Asset |
Asset ID |
N/A |
Update |
Subaction: None |
Delete an asset |
Asset |
Asset ID |
N/A |
Delete |
Subaction: None |
Share an asset |
Asset |
Asset ID |
N/A |
Granted or revoked permissions |
Subaction: None
|
Publish an asset to public portal |
Asset Version Group |
Asset ID and version group |
N/A |
Publish to public portal |
Subaction: None |
Remove an asset from public portal |
Asset Version Group |
Asset ID and version group |
N/A |
Remove from public portal |
Subaction: None |
Update an asset icon |
Asset icon |
Asset ID |
Asset |
Update |
Subaction: None |
Delete an asset icon |
Asset icon |
Asset ID |
Asset |
Delete |
Subaction: None |
Create a managed tag (category) |
Asset managed tag |
Asset ID and tag ID |
Asset |
Create |
Subaction: None |
Delete a managed tag (category) |
Asset managed tag |
Asset ID and tag ID |
Asset |
Delete |
Subaction: None |
Delete an organization |
Organization |
Organization ID |
N/A |
Delete |
Subaction: None |
Update tags |
Asset tags |
Asset ID |
Asset |
Update |
Subaction: None |
Create a tag configuration |
Tag configuration |
Tag configuration ID |
N/A |
Create |
Subaction: None |
Update a tag configuration |
Tag configuration |
Tag configuration ID |
N/A |
Update |
Subaction: None |
Delete a tag configuration |
Tag configuration |
Tag configuration ID |
N/A |
Delete |
Subaction: None |
Asset Portals
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create a page |
Asset portal page |
Page ID |
Asset portal |
Create |
Subaction: None
|
Update a page |
Asset portal page |
Page ID |
Asset portal |
Update |
Subaction: None
|
Delete a page |
Asset portal page |
Page ID |
Asset portal |
Delete |
Subaction: None |
Create a portal |
Asset portal |
Portal ID |
Asset |
Create |
Subaction: None |
Publish a portal |
Asset portal |
Portal ID |
Asset |
Publish |
Subaction: None |
API Metadata
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create an API instance |
API instance |
API instance ID |
N/A |
Create |
Subaction: None
|
Delete an API instance |
API instance |
API instance ID |
N/A |
Delete |
Subaction: None
|
Update an API instance |
API instance |
API instance ID |
N/A |
Update |
Subaction: None
|
File Upload
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Upload file |
Exchange file |
File ID |
N/A |
Create |
Subaction: None |
Delete file |
Exchange file |
File ID |
N/A |
Delete |
Subaction: None |
Update file |
Exchange file |
File ID |
N/A |
Update |
Subaction: None |
Public Portals
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Update a domain |
Public portal domain |
Organization ID and domain |
Public portal |
Update |
Subaction: None
|
Delete a domain |
Public portal domain |
Organization ID and domain |
Public portal |
Delete |
Subaction: None
|
Create a page |
Public portal page |
Page path |
Public portal |
Create |
Subaction: None
|
Delete a page |
Public portal page |
Page path |
Public portal |
Delete |
Subaction: None
|
Update a page |
Public portal page |
Page path |
Public portal |
Update |
Subaction: None
|
Create a portal |
Public portal |
Organization ID |
N/A |
Create |
Subaction: None
|
Publish a portal |
Public portal |
Organization ID |
N/A |
Publish |
Subaction: None
|
Delete a portal |
Public portal |
Organization ID |
N/A |
Delete |
Subaction: None
|
Update a portal |
Public portal |
Organization ID |
N/A |
Update |
Subaction: None Properties:
|
Asset Reviews
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create a Comment |
Asset portal review comment |
Comment ID |
Asset portal review |
Create |
Subaction: None |
Delete a comment |
Asset portal review comment |
Comment ID |
Asset portal review |
Delete |
Subaction: None |
Update a comment |
Asset portal review comment |
Comment ID |
Asset portal review |
Update |
Subaction: None |
Create a review |
Asset portal review |
Review ID |
Asset |
Create |
Subaction: None |
Delete a review |
Asset portal review |
Review ID |
Asset |
Delete |
Subaction: None |
Update a review |
Asset portal review |
Review ID |
Asset |
Update |
Subaction: None |
RPA
|
The payload is split when it contains more than 32k (32768) characters. Split audit log entries have identical correlation IDs. |
Run Configurations
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create run configuration |
Run configuration |
Run configuration ID |
N/A |
Create |
Subaction: None
|
Edit run configuration |
Run configuration |
Run configuration ID |
N/A |
Edit |
Subaction: None
|
Delete run configuration |
Run configuration |
Run configuration ID |
N/A |
Delete |
Subaction: None
|
Deploy run configuration |
Run configuration |
Run configuration ID |
N/A |
Deploy |
Subaction: None
|
Publish run configuration |
Run configuration |
Run configuration ID |
N/A |
Publish |
Subaction: None
|
Revoke run configuration |
Run configuration |
Run configuration ID |
N/A |
Revoke |
Subaction: None
|
Pause run configuration |
Run configuration |
Run configuration ID |
N/A |
Pause |
Subaction: None
|
Continue run configuration |
Run configuration |
Run configuration ID |
N/A |
Continue |
Subaction: None
|
Processes
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create process |
Process |
Process ID |
N/A |
Create |
Subaction: none Properties:
|
Edit process |
Process |
Process ID |
N/A |
Edit |
Subaction: none Properties:
|
Delete process |
Process |
Process ID |
N/A |
Delete |
Subaction: none Properties:
|
Bots
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Register bot |
Bot |
Bot ID |
N/A |
Register |
Subaction: none Properties:
|
Register bot |
Bot |
Bot ID |
N/A |
Register |
Subaction: none Properties:
|
Delete bot |
Bot |
Bot ID |
N/A |
Delete |
Subaction: none Properties:
|
Credential Pool
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create credential |
Credential |
Credential ID |
N/A |
Create |
Subaction: none Properties:
|
Edit credential |
Credential |
Credential ID |
N/A |
Edit |
Subaction: none Properties:
|
Delete credential |
Credential |
Credential ID |
N/A |
Delete |
Subaction: none Properties:
|
Global Variables
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create global variable |
Global variable |
Global variable ID |
N/A |
Create |
Subaction: none Properties:
|
Edit global variable |
Global variable |
Global variable ID |
N/A |
Edit |
Subaction: none Properties:
|
Delete global variable |
Global variable |
Global variable ID |
N/A |
Delete |
Subaction: none Properties:
|
Applications
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create Application |
Application |
Application ID |
N/A |
Create |
Subaction: none Properties:
|
Edit Application |
Application |
Application ID |
N/A |
Edit |
Subaction: none Properties:
|
Delete Application |
Application |
Application ID |
N/A |
Delete |
Subaction: none Properties:
|
Service Times
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create service time |
Service time |
Service time ID |
N/A |
Create |
Subaction: none Properties:
|
Edit service time |
Service time |
Service time ID |
N/A |
Edit |
Subaction: none Properties:
|
Delete service time |
Service time |
Service time ID |
N/A |
Delete |
Subaction: none Properties:
|
Runtime Manager
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create application |
Application |
AppID |
N/A |
Create |
Subaction: None |
Start application |
Application |
AppID |
N/A |
Start |
Subaction: None |
Restart application |
Application |
AppID |
N/A |
Restart |
Subaction: None |
Stop application |
Application |
AppID |
N/A |
Stop |
Subaction: None |
Delete application |
Application |
AppID |
N/A |
Delete |
Subaction: None |
Change application zip file |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Promote application from sandbox |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Change application runtime |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Change application worker size |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Change application worker number |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Enable/disable persistent queues |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Enable/disable persistent queue encryption |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Modify application properties |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Enable/disable insight |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Modify log levels |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Create/modify/delete alerts |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Enable/disable alerts |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Create/modify/delete application data |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Create/modify schedules |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Create/modify/delete tenants |
Application |
AppID |
N/A |
Subaction: None |
|
Enable/disable schedules |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Clear queues |
Application |
AppID |
N/A |
Clear |
Subaction: None |
Enable/Disable static IP |
Application |
AppID |
N/A |
Modify |
Subaction: None |
Allocate/release static IP |
Application |
AppID |
N/A |
Modify |
Subaction: None |
LoadBalancer Create/modify/delete |
LoadBalancer |
LoadBalancerID |
N/A |
Create/modify/delete |
Subaction: None |
Create/modify/delete alerts V2 |
Alert |
AlertID |
N/A |
Create/modify/delete |
Subaction: None |
Create/modify/delete VPC |
VPC |
vpcID |
N/A |
Create/modify/delete |
Subaction: None |
Create/modify/delete VPN |
VPN |
vpnId |
N/A |
Create/modify/delete |
Subaction: None |
Servers
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Add server |
Server |
ServerID |
N/A |
Create |
Subaction: None |
Delete server |
Server |
ServerID |
N/A |
Delete |
Subaction: None |
Rename server |
Server |
ServerID |
N/A |
Modify |
Subaction: Rename |
Create server group |
Server group |
ServerGroupID |
N/A |
Create |
Subaction: None |
Delete server group |
Server group |
ServerGroupID |
N/A |
Delete |
Subaction: None |
Rename server group |
Server group |
ServerGroupID |
N/A |
Modify |
Subaction: Rename |
Add server to server group |
Server group |
ServerGroupID |
N/A |
Modify |
Subaction: Add server |
Remove server from server group |
Server group |
ServerGroupID |
N/A |
Modify |
Subaction: Remove server |
Create cluster |
Cluster |
ClusterID |
N/A |
Create |
Subaction: None |
Delete Cluster |
Cluster |
ClusterID |
N/A |
Delete |
Subaction: None |
Rename cluster |
Cluster |
ClusterID |
N/A |
Modify |
Subaction: Rename |
Add server to cluster |
Cluster |
ClusterID |
N/A |
Modify |
Subaction: Add server |
Remove server from cluster |
Cluster |
ClusterID |
N/A |
Modify |
Subaction: Remove server |
Deploy application |
Application |
ApplicationID |
N/A |
Deploy |
Subaction: None |
Delete application |
Application |
ApplicationID |
N/A |
Delete |
Subaction: None |
Start application |
Application |
ApplicationID |
N/A |
Start |
Subaction: None |
Stop application |
Application |
ApplicationID |
N/A |
Stop |
Subaction: None |
Redeploy application with existing file |
Application |
ApplicationID |
N/A |
Redeploy |
Subaction: None |
Redeploy application with new file |
Application |
ApplicationID |
N/A |
Redeploy |
Subaction: Update binary |
Private Spaces in CloudHub 2.0
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create/Modify/Delete private space |
Private Space |
PrivateSpaceID |
N/A |
Create/Modify/Delete |
Subaction: None |
Create/Modify/Delete connection |
Private Space |
PrivateSpaceID |
N/A |
Create/Modify/Delete |
Subaction: None |
Create/Modify/Delete VPN |
Private Space |
PrivateSpaceID |
N/A |
Create/Modify/Delete |
Subaction: None |
Create/Modify/Delete transit gateway |
Private Space |
PrivateSpaceID |
N/A |
Create/Modify/Delete |
Subaction: None |
Create/Modify/Delete TLSContext |
Private Space |
PrivateSpaceID |
N/A |
Create/Modify/Delete |
Subaction: None |
Create/Modify/Delete routes |
Private Space |
PrivateSpaceID |
N/A |
Create/Modify/Delete |
Subaction: None
|
Anypoint MQ
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create/modify/delete/purge queue |
Queue |
queueID |
N/A |
Create/modify/delete |
Subaction: None |
Create/modify/delete exchange |
Exchange |
exchangeID |
N/A |
Create/modify/delete |
Subaction: None |
Create/delete exchange binding |
Binding |
bindingID |
N/A |
Create/delete |
Subaction: None |
Create/delete/regenerate client |
Client |
clientID |
N/A |
Create/delete/regenerate |
Subaction: None |
Object Store v2
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create/modify/delete store |
Store |
storeID |
N/A |
Create/modify/delete |
Subaction: None |
Secrets Manager
| User Action | Object Type | Object | Parent | Action | Payload |
|---|---|---|---|---|---|
Create a secret group |
secretGroup |
secretGroup name |
N/A |
Create |
Subaction:
None
|
Delete a secret group |
secretGroup |
secretGroup name |
N/A |
Delete |
Subaction:
None
|
Create a secret |
a secret type such as sharedSecret |
secret name |
N/A |
Create |
Subaction:
None
|
Update a secret |
a secret type such as sharedSecret |
secret name |
N/A |
Update |
Subaction:
None
|
Patch a secret |
a secret type such as sharedSecret |
secret name |
N/A |
Update |
Subaction:
None
|
About Audit Log REST API Access
You can access the Audit Log REST API from the Audit Logging Query API and its RAML.
Use a Query Loop to make Requests in Audit Logs
The latest version of the query API uses cursor pagination for efficiency, but you can continue to use the previous version of the query API, which uses offset pagination and returns the total number of records.
The latest version of the API uses pagination with cursors, so you can initiate query loops using cursors. Setting the cursorPagination query parameter to true enables you to use cursor paging.
When you use cursor pagination, each response returns a cursor. The cursor corresponds to the last data entry in the response data set. The subsequent request in the query loop should use the cursor value that was returned in the previous response, and so on.
When the data set is empty in response, you have reached the end of the query loop, and there is no more data to query for that time window. At that point, stop the query loop. When the data set is empty in the response, no cursor is returned.
When you use cursor pagination, total is not returned by default, because the query loop is not dependent on the offset or the number of total rows.
If you want to see the total when you use cursor paging, set the doIncludeTotal query parameter to true.
When the cursorPagination query parameter is true and you use offset and cursor in the query body, cursor is prioritized, and offset is ignored.
There is no mapping between offset and cursor values; And so when you run a query loop over a time window, you cannot switch to the new param somewhere in the middle by using the cursorPagination and continue the loop. This is because when using cursorPagination, offset is ignored and so the loop will be start from the beginning.
The cursor-based pagination API is not applicable to the CSV query. The query continues to use offset-based pagination.
The following example shows a series of calls in a query loop for cursor based query.
-
The first call does not have a cursor in the body and does not request the
total. The response returns the following data:POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=trueBody:
{ "startDate":"2022-09-01T22:14:47.099Z", "endDate":"2022-11-30T23:14:47.099Z", }Response:
{ "data": [log entries], "cursor": '123_abcd' }You can use the cursor from the first call’s response in the next call to get the next set of rows.
-
The second call has a specific cursor in the request:
POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=trueBody:
{ "startDate":"2022-09-01T22:14:47.099Z", "endDate":"2022-11-30T23:14:47.099Z", "cursor": '123_abcd' }Response:
{ "data": [logs], "cursor": '123_xyz' } -
The third call is the final call in a loop. Because there are no more logs to be returned, the response does not have a cursor and contains no data.
POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=trueBody:
{ "startDate":"2022-09-01T22:14:47.099Z", "endDate":"2022-11-30T23:14:47.099Z", "cursor": '123_xyz' }Response:
{ "data": [] } -
The following example shows how to use a cursor and request the total:
POST https://base/audit/v2/organizations/<orgId>/query?cursorPagination=true&doIncludeTotal=trueBody:
{ "startDate":"2022-09-01T22:14:47.099Z", "endDate":"2022-11-30T23:14:47.099Z", "cursor": '123_abcds' }Response:
{ "data": [logs], "cursor": '123_asdfg' "total": 50000 }
Access the API using CURL Commands
The following are example curl commands for accessing the API (Windows users need to download curl before using these commands).
Get authorization information:
curl 'https://anypoint.mulesoft.com/audit/v2/organizations/<organization_id>/platforms?include_internal=false' -H 'Authorization: bearer <bearer_value>'Get actions by date range:
curl 'https://anypoint.mulesoft.com/audit/v2/organizations/<organization_id>/query?include_internal=false' -H 'Authorization: bearer <bearer_value>' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' --data-binary '{"startDate":"2017-03-08T20:16:41.250Z","endDate":"2017-03-08T21:16:41.250Z","platforms":[],"objectTypes":[],"actions":[],"objectIds":[],"userIds":[],"ascending":false,"organizationId":"<organization_id>","offset":0,"limit":25}' --compressed ;Rate Limit Policy for Audit Log Query Endpoint
The Audit Log Query endpoint applies rate limits per IP in the three control planes: US, EU, and gov. The following table outlines the rate limits for each control plane:
| Control Plane | Allowed requests per minute per IP |
|---|---|
US |
700 |
EU |
40 |
Gov |
40 |
If a client exceeds the rate limit for a given control plane, the Audit Log Query endpoint returns a 503 Service Unavailable status code until the minute expires. During this time, the service is unavailable to the client.
We recommend that users of the Audit Log Query Endpoint monitor their request rates and adjust their usage accordingly to avoid exceeding the rate limit. Note that exceeding the rate limit may result in the endpoint being temporarily unavailable.