Software AG Products 10.7 | Administering API Portal | Managing Data in API Portal | Configuring Audit Logs
 
Configuring Audit Logs
API Portal provides a level of auditing that allows an API Portal Administrator to see the state of the API Portal and get information about events that occur.
Various events that can be audited are:
*Login attempts
*User Deletion
*API lifecycle
*Access token lifecycle
*API Provider lifecycle
*Purge logs
In addition to monitoring events through various audit logs the API Portal administrator can configure the following as required on a tenant basis:
*Type of auditing events
*Purging of different types of logs
Different event types and their respective list properties that have to be configured to enable or disable the auditing of these logs is listed in the following table.
Event Type
List Property Value
Approvals
com.aris.umc.apiportal.useronboarding.approval.purge
Request Access Token
com.aris.apiportal.eventType.requestaccesstoken.log.enabled
Renew Access Token
com.aris.apiportal.eventType.renewaccesstoken.log.enabled
Revoke Access Token
com.aris.apiportal.eventType.revokeaccesstoken.log.enabled
Publish API
com.aris.apiportal.eventType.publish.log.enabled
Republish API
com.aris.apiportal.eventType.republish.log.enabled
Unpublish API
com.aris.apiportal.eventType.unpublish.log.enabled
Purge Log
com.aris.apiportal.eventType.purge.log.enabled
You can configure the Audit logs to enable or disable the required types of auditing events such as login events, API lifecycle events, access token lifecycle, user deletion, and purge logs. These are enabled by default.
You can configure audit logs by invoking the REST service.
Endpoint: http://<hostname>:<port>/abs/apirepository/configurations/<PropertyName>/
Supported HTTP methods:
*GET - Display the current audit setting (enabled/disabled) for the given property.
*POST - Modify the audit setting for the given property. Message body to be set to false (to disable logging).
For example, to disable the audit logging for the publish property type:
Endpoint: http://<hostname>:<port>/abs//apirepository/configurations/ com.aris.apiportal.eventType.publish.log.enabled/
HTTP Method: POST
Message body: false
For example, to enable the audit logging for the publish property type:
Endpoint: http://<hostname>:<port>/abs//apirepository/configurations/ com.aris.apiportal.eventType.publish.log.enabled/
HTTP Method: POST
Message body: true
For example, to get the status of the properties:
Endpoint URL: http://<hostname>:<port>/abs/apirepository/configurations/com.aris.apiportal.eventType.publish.log.enabled/
HTTP Method: GET
Response:
{
propName: "com.aris.apiportal.eventType.publish.log.enabled"
propValue: "true"
}