Log export endpoint
You can use the export endpoint to export logs to a CSV file. The maximum number of records that can be exported in a single export is limited to 10000 records by default. If you want to customize this limit on your instance, submit a request on our Support portal
You can export logs using the Management Console as well. For more information about logs, see the Logs page.
Log event latency
Events are registered and processed asynchronously. Because of this, a delay of several minutes can happen between the interaction and its appearance in the exported log.
HTTP request
GET https://{instance}.mauth.nevis.cloud/api/v1/logs/export
Query parameters
| Parameter | Type | Required/Optional | Description |
|---|---|---|---|
filter | string | optional | Free text filter that searches the log content for matching string. The minimum number of characters in the string is two. |
fromDate | ISO_8601 Timestamp | optional | Filters the events by date. This parameter cannot be used together with timespan. |
toDate | ISO_8601 Timestamp | optional | Filters the events by date. This parameter cannot be used together with timespan. |
timespan | ISO_8601 Durations | optional | Filters the events by duration relative to the current time. The default P30D (last 30 days) value is applied when timespan, fromDate, and toDate is not specified. The timespan parameter cannot be used together with fromDate or toDate. |
status | enum | optional | Filters the events by status. The available values are succeeded and failed. |
category | enum | optional | Filters the events by category. The available values are registration, authentication, management, and none. |
channel | enum | optional | Filters the events by channel. The available values are app, push, fido2, sms, recovery, and unknown. |
actorType | enum | optional | Filters the events by actor type. The available values are api, admin, user, app, and unknown. The types have the following definitions: api: the action was initiated through REST API request. The ID of the access key is known and will be saved in actor.id in the export. admin: the action, under the management category, was initiated through the Management Console. The ID and email of the admin user will be saved in actor.id in the export. user: the action was initiated by an end-user. The userId is known and will be saved in actor.id in the export. app: the action was initiated by the mobile app and the actor who initiated the action cannot be identified. The actor.id in the export will be null. |
Example HTTP request
cURL code sample of log export request with filters
curl "https://$instance.mauth.nevis.cloud/api/v1/logs/export?timespan=P7D&category=authentication&status=failed&channel=push" \
-H "Authorization: Bearer $access_key" \
-H 'Accept: text/csv;charset=utf-8'
HTTP response
If the request is successful, the endpoint returns a 200 OK response and a CSV attachment. The CSV file contains a header line and the fields listed in the below table.
The fields are properly escaped in order to avoid attackers possibly injecting harmful code into it. This means that every field except the ones that contain date and pure numeric number values are prepended with a single quote, then the whole value is surrounded with double quotes. See the example below.
note
Some fields can have the values unknown and null. The value is unknown if the specific data is not available, and null when the data is not relevant to the given event.
| Field | Type | Description |
|---|---|---|
eventId | string | Unique identifier of the event. |
name | string | Name of the event. |
description | string | User-friendly name of the event. |
timestamp | timestamp | Time stamp of the event generation in the YYYY-MM-DD HH24:MI:SS.ZZZ format. |
status | enum | Status of the event. The value can be SUCCEEDED or FAILED. |
actor.type | enum | Type of the actor. The value can be API, ADMIN, USER, APP, or UNKNOWN. |
actor.id | string | Unique identifier of the actor. |
actor.userAgent | string | User agent header field from the client. |
user.userId | string | Unique identifier of the target user. The value of this field can be unknown. |
user.username | string | Username of the target user. |
device.authenticatorId | string | Unique identifier of the authenticator belonging to the user. |
device.deviceRef | string | Unique identifier of the phisycal device belonging to the user. |
device.name | string | Name of the device. |
device.details | string | Model and make of the device. |
device.operatingSystem | string | The operating system running on the device. |
device.sdkVersion | string | Version of the Nevis Mobile Authentication SDK used on the device. Only applicable for events within FIDO UAF flows. |
device.accessApp | string | Bundle ID and Access App version. |
channel | enum | Channel related to the event. The value of this field can be APP, PUSH, FIDO2, SMS, RECOVERY, or UNKNOWN. |
category | enum | Category of the event. The value of this field can be registration, authentication, management, or none. |
transactionId | string | Unique identifier that can be used to link events to a transaction. Only applicable for events within FIDO UAF flows. |
details | string | Additional information or error message in case of a failed event. When the status of the event is SUCCEEDED, the value of the field is null. |
correlationId | string | Unique identifier that links events together within the same operation. Only applicable for mobile app operation with multiple events, such as registration and authentication. For more information, see Operations with multiple events. |
Example HTTP response
200 OK
eventId,name,description,timestamp,status,actor.type,actor.id,actor.userAgent,user.userId,user.username,device.authenticatorId,device.deviceRef,device.name,device.details,device.operatingSystem,device.sdkVersion,device.accessApp,category,channel,transactionId,details,correlationId
"'3e554404-abe8-11ee-9934-000d3a4ae2c3","'uaf.authentication.verified","'Authentication verified","2024-01-05 16:33.476","'SUCCEEDED","'APP","'7eaf8db5-f98f-433f-8883-680145abd872","'NMASDK/3.5.0.1479 (samsung SM-S911B; Android 14) ch.nevis.accessapp.muvonda/2.8.0.1965","'7eaf8db5-f98f-433f-8883-680145abd872","'u_12345","'unknown","'unknown","'unknown","'samsung SM-S911B","'Android 14,3.5.0.1479","'ch.nevis.accessapp.muvonda/2.8.0.1965","'AUTHENTICATION","'PUSH","'4781dae0-aea1-477e-9171-67b264accfe7",null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"
"'3b7df355-abe8-11ee-a1e2-000d3a4a8fe4","'uaf.facet_id.viewed","'FacetIDs viewed","2024-01-05 16:33.847","'SUCCEEDED","'APP",null,"'NMASDK/3.5.0.1479 (samsung SM-S911B; Android 14) ch.nevis.accessapp.muvonda/2.8.0.1965","'unknown",null,"'unknown","'unknown","'unknown","'samsung SM-S911B","'Android 14,3.5.0.1479","'ch.nevis.accessapp.muvonda/2.8.0.1965","'NONE","'APP",null,null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"
"'3b7df353-abe8-11ee-a1e2-000d3a4a8fe4","'uaf.authentication.redeemed","'Authentication redeemed","2024-01-05 16:33.722","'SUCCEEDED","'APP",null,"'NMASDK/3.5.0.1479 (samsung SM-S911B; Android 14) ch.nevis.accessapp.muvonda/2.8.0.1965","'unknown",null,"'unknown","'unknown","'unknown","'samsung SM-S911B","'Android 14,3.5.0.1479","'ch.nevis.accessapp.muvonda/2.8.0.1965","'AUTHENTICATION","'PUSH","'4781dae0-aea1-477e-9171-67b264accfe7",null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"
"'3b7df350-abe8-11ee-a1e2-000d3a4a8fe4","'uaf.authentication.created","'Authentication created","2024-01-05 16:33.677","'SUCCEEDED","'API","'1afd0c4b-3dee-472f-b56a-87c351af33d1","'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","'7eaf8db5-f98f-433f-8883-680145abd872","'u_12345","'d3f3d9ed-35c6-4df5-9fcd-f2e3c2e6bd6e","'e07bbf85-7182-472f-982c-da824d18d750","'samsung SM-S911B 05 Jan 2024 09:45:31","'unknown","'Android 14","'unknown","'unknown","'AUTHENTICATION","'PUSH","'4781dae0-aea1-477e-9171-67b264accfe7",null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"