Skip to main content

Log export endpoint

You can use the export endpoint to export logs to a CSV file. The maximum number of records that can be exported in a single export is limited to 10000 records by default. If you want to customize this limit on your instance, submit a request on our Support portal

The exported log data is sorted by timestamp, in a descending order. The timestamp in log exports is in the UTC timezone.

You can export logs using the Management Console as well. For more information about logs, see the Logs page.

Log event latency

Events are registered and processed asynchronously. Because of this, a delay of several minutes can happen between the interaction and its appearance in the exported log.

HTTP request

GET https://{instance}.mauth.nevis.cloud/api/v1/logs/export

Query parameters

 ParameterTypeRequired/OptionalDescription
filterstringoptionalFree text filter that searches the log content for matching string. The minimum number of characters in the string is two.
fromDateISO_8601 TimestampoptionalFilters the events by date in the UTC timezone. This parameter cannot be used together with timespan.
toDateISO_8601 TimestampoptionalFilters the events by date in the UTC timezone. This parameter cannot be used together with timespan.
timespanISO_8601 DurationsoptionalFilters the events by duration relative to the current time. The default P30D (last 30 days) value is applied when timespan, fromDate, and toDate is not specified. The timespan parameter cannot be used together with fromDate or toDate.
statusenumoptionalFilters the events by status. The available values are succeeded and failed.
categoryenumoptionalFilters the events by category. The available values are registration, authentication, management, and none.
channelenumoptionalFilters the events by channel. The available values are app, push, fido2, sms, recovery, and unknown.
actorTypeenumoptionalFilters the events by actor type. The available values are api, admin, user, app, and unknown. The types have the following definitions:
api: the action was initiated through REST API request. The ID of the access key is known and will be saved in actor.id in the export.
admin: the action, under the management category, was initiated through the Management Console. The ID and email of the admin user will be saved in actor.id in the export.
user: the action was initiated by an end-user. The userId is known and will be saved in actor.id in the export.
app: the action was initiated by the mobile app and the actor who initiated the action cannot be identified. The actor.id in the export will be null.

Example HTTP request

cURL code sample of log export request with filters
curl "https://$instance.mauth.nevis.cloud/api/v1/logs/export?timespan=P7D&category=authentication&status=failed&channel=push" \
  -H "Authorization: Bearer $access_key" \
  -H 'Accept: text/csv;charset=utf-8'

HTTP response

If the request is successful, the endpoint returns a 200 OK response and a CSV attachment. The CSV file contains a header line and the fields listed in the below table. The fields are properly escaped in order to avoid attackers possibly injecting harmful code into it. This means that every field except the ones that contain date and pure numeric number values are prepended with a single quote, then the whole value is surrounded with double quotes. See the example below.

note

Some fields can have the values unknown and null. The value is unknown if the specific data is not available, and null when the data is not relevant to the given event.

FieldTypeDescription
eventIdstringUnique identifier of the event.
namestringName of the event.
descriptionstringUser-friendly name of the event.
timestamptimestampTime stamp of the event generation in the UTC timezone, in the YYYY-MM-DD HH24:MI:SS.ZZZ format.
statusenumStatus of the event. The value can be SUCCEEDED or FAILED.
actor.typeenumType of the actor. The value can be API, ADMIN, USER, APP, or UNKNOWN.
actor.idstringUnique identifier of the actor. If the actor.type is USER, it refers to the ID of the user that initiated the event.
actor.userAgentstringUser agent header field from the client.
user.userIdstringUnique identifier of the target user, that is the user affected by the event. The value of this field can be unknown.
user.usernamestringUsername of the target user, that is the user affected by the event. The value of this field can be null.
device.authenticatorIdstringUnique identifier of the authenticator belonging to the user.
device.deviceRefstringUnique identifier of the phisycal device belonging to the user.
device.namestringName of the device.
device.detailsstringModel and make of the device.
device.operatingSystemstringThe operating system running on the device.
device.sdkVersionstringVersion of the Nevis Mobile Authentication SDK used on the device. Only applicable for events within FIDO UAF flows.
device.accessAppstringBundle ID and Access App version.
channelenumChannel related to the event. The value of this field can be APP, PUSH, FIDO2, SMS, RECOVERY, or UNKNOWN.
categoryenumCategory of the event. The value of this field can be registration, authentication, management, or none.
transactionIdstringUnique identifier that can be used to link events to a transaction. Only applicable for events within FIDO UAF flows.
detailsstringAdditional information or error message in case of a failed event. When the status of the event is SUCCEEDED, the value of the field is null.
correlationIdstringUnique identifier that links events together within the same operation. Only applicable for mobile app operation with multiple events, such as registration and authentication. For more information, see Operations with multiple events.

Example HTTP response

200 OK

eventId,name,description,timestamp,status,actor.type,actor.id,actor.userAgent,user.userId,user.username,device.authenticatorId,device.deviceRef,device.name,device.details,device.operatingSystem,device.sdkVersion,device.accessApp,category,channel,transactionId,details,correlationId
"'3e554404-abe8-11ee-9934-000d3a4ae2c3","'uaf.authentication.verified","'Authentication verified","2024-01-05 16:33.476","'SUCCEEDED","'APP","'7eaf8db5-f98f-433f-8883-680145abd872","'NMASDK/3.5.0.1479 (samsung SM-S911B; Android 14) ch.nevis.accessapp.muvonda/2.8.0.1965","'7eaf8db5-f98f-433f-8883-680145abd872","'u_12345","'unknown","'unknown","'unknown","'samsung SM-S911B","'Android 14,3.5.0.1479","'ch.nevis.accessapp.muvonda/2.8.0.1965","'AUTHENTICATION","'PUSH","'4781dae0-aea1-477e-9171-67b264accfe7",null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"
"'3b7df355-abe8-11ee-a1e2-000d3a4a8fe4","'uaf.facet_id.viewed","'FacetIDs viewed","2024-01-05 16:33.847","'SUCCEEDED","'APP",null,"'NMASDK/3.5.0.1479 (samsung SM-S911B; Android 14) ch.nevis.accessapp.muvonda/2.8.0.1965","'unknown",null,"'unknown","'unknown","'unknown","'samsung SM-S911B","'Android 14,3.5.0.1479","'ch.nevis.accessapp.muvonda/2.8.0.1965","'NONE","'APP",null,null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"
"'3b7df353-abe8-11ee-a1e2-000d3a4a8fe4","'uaf.authentication.redeemed","'Authentication redeemed","2024-01-05 16:33.722","'SUCCEEDED","'APP",null,"'NMASDK/3.5.0.1479 (samsung SM-S911B; Android 14) ch.nevis.accessapp.muvonda/2.8.0.1965","'unknown",null,"'unknown","'unknown","'unknown","'samsung SM-S911B","'Android 14,3.5.0.1479","'ch.nevis.accessapp.muvonda/2.8.0.1965","'AUTHENTICATION","'PUSH","'4781dae0-aea1-477e-9171-67b264accfe7",null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"
"'3b7df350-abe8-11ee-a1e2-000d3a4a8fe4","'uaf.authentication.created","'Authentication created","2024-01-05 16:33.677","'SUCCEEDED","'API","'1afd0c4b-3dee-472f-b56a-87c351af33d1","'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36","'7eaf8db5-f98f-433f-8883-680145abd872","'u_12345","'d3f3d9ed-35c6-4df5-9fcd-f2e3c2e6bd6e","'e07bbf85-7182-472f-982c-da824d18d750","'samsung SM-S911B 05 Jan 2024 09:45:31","'unknown","'Android 14","'unknown","'unknown","'AUTHENTICATION","'PUSH","'4781dae0-aea1-477e-9171-67b264accfe7",null,"'ea36f8b5-57ba-479b-98b6-ba0410104a75"