Audit endpoints in the REST API

The following section provides a list of supported endpoints for auditing and details about running these endpoints. For information about auditing concepts, see Viewing-audit-records-in-BMC-Helix-Dashboards

Before you begin

Before you run an endpoint, you must authenticate yourself. For more information, see Access-and-authentication-for-the-REST-API.

GET /audit/api/v1/audit_records/{id}
Get details of an audit record

You need read permissions to be able to run this API endpoint.

Request URL
https://<BMC Helix Portal URL>/audit/api/v1/audit_records/{id}
Request header
Content-Type: application/json
Authorization: Bearer <JWT_token>
Parameters
Successful response
{
 "audit_id": "a84d4960-ce68-407e-9d64-dc6b57a0e98b",
 "audit_category": "CONFIg",
 "app_id": "IMS",
 "object_id": "10909023123213",
 "object_name": "role1",
 "object_type": "ROLE",
 "object_category": "RBAC",
 "object_details": "ROLE_ADD_USER",
 "operation_type": "POST",
 "operation_sub_type": "ADD",
 "operation_status": "SUCCESS",
 "description": "Adding a role to user",
 "activity_time": "2021-01-03T10:42:51.624",
 "transaction_id": "1123213123123",
 "change_values": {
   "previous_value": {
     "val": "No Role"
   },
   "new_value": {
     "val": "New Role Added"
   }
 },
 "login_id": "vegauser",
 "user_id": "237247339985698"
}
Unsuccessful response
{
 "timestamp": "2022-01-04T11:28:13.700100Z",
 "code": 403,
 "message": "FORBIDDEN:Operation is not allowed."
}
patch /audit/api/v1/audit_policies
Update retention period of an audit record
Request URL
https://<BMC Helix Portal URL>/audit/api/v1/audit_policies
Request header
Content-Type: application/json
Authorization: Bearer <JWT_token>
Request body
{
  "retention_time": "string"
}
Example request body
{
  "retention_time": "10"
}
Parameter

Name

Located in

Description

Mandatory

Schema

retention_time

body

Number of days for retaining the audit record.

yes

integer

Successful response
{
    "message": "SUCCESS"
}
Unsuccessful response

Scenario 1: Trying to set negative value "-7" for retention time

{
    "timestamp": "2022-01-24T12:38:59.932900Z",
    "code": 2300,
    "message": "BAD_REQUEST",
    "error": "Invalid value of update policies entered."
}

Scenario 2: Trying to set string value "Seven" for retention time

{
    "timestamp": "2022-01-24T12:38:59.932900Z",
    "code": 2300,
    "message": "BAD_REQUEST",
    "error": "Invalid value of update policies entered."
}
POST /audit/api/v1/audit_records/search
Search an audit record
Request URL
https://<BMC Helix Portal URL>/audit/api/v1/audit_records/search
Request header
Content-Type: application/json
Authorization: Bearer <JWT_token>
Request body
{
  "select_string": "string",
  "search_string": "string",
  "activity_from_date_time": "string",
  "activity_to_date_time": "string",
  "page_index": 0,
  "page_size": 0
}
Example request body
{
  "select_string": "appId",
  "search_string": "appId='IMS'",
  "activity_from_date_time": "2010-08-16 10:42:51",
  "activity_to_date_time": "2022-02-21 10:42:51",
  "page_index": 0,
  "page_size": 100
}
Parameters

Name

Located in

Description

Mandatory

Schema

select_string

body

Specific column of an audit record.

no

string

search_string

body

Search value in audit record.

no

string

activity_from_date_time

body

Display of all suitable audit records starting from this time.


yes

timestamp

activity_to_date_time

body

Display of all suitable audit records up to this time.

yes

timestamp

page_index

body

Page index

no

integer

page_size

body

Page size

no

integer

Columns supported for search

auditId

auditCategory
appId
objectName
objectType
objectCategory
objectDetails
operationType
operationSubType
operationStatus='SUCCESS'
activityTime
source
loginId

Successful response
{
    "metadata": {
        "page_index": 0,
        "page_size": 100,
        "total_records": 1
    },
    "data": [
        {
"auditId": "277ee0e7-4c37-415d-bc8d-20d831fd5ece",            
"appId": "IMS"
        }
    ]
}
Unsuccessful response

Scenario 1: Searching audit record in incorrect format

{
    "timestamp": "2022-02-21T14:13:21.154141Z",
    "code": 2300,
    "message": "BAD_REQUEST",
    "error": "Invalid token in search_string: appId=IMS"
}

Scenario 2: Searching audit record with missing activity time and date value

{
    "timestamp": "2022-02-21T14:15:04.007938Z",
    "code": 400,
    "message": "BAD_REQUEST",
    "error": "activity_to_date_time can not be empty/null, please enter date in yyyy-MM-dd HH:mm:ss format"
}

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*