Help Center

Event log

Cloudless Pyrus

The event log contains information about users’ actions in Pyrus, which can help admins deduce events that threaten process and data security.

More about the event log

GET /eventhistory method

Getting a CSV file with details of an event

The method enables admins to receive a set of events with certain characteristics and returns a CSV file with the following fields:

  • event ID;
  • event type ID;
  • time of event in yyyyMMddTHHmmssZ format;
  • the ID of the user who initiated the event;
  • the email of the user who initiated the event;
  • the IP address of the computer the event was initiated from;
  • additional data about the event in JSON format;
  • userAgent - the heading of the UserAgent query the event was part of. The format of this record is: <Readable presentation>|<Initial value of UserAgent>

Possible event types IDs:

  • 7 – the approval routing for a form task has been changed;
  • 12 – a user has logged in to Pyrus;
  • 13 – a user unsuccessfully tried to log in to Pyrus;
  • 30 – a user has been added to a role;
  • 31 – a user has been deleted from a role;
  • 35 – a Pyrus has logged out of Pyrus;
  • 36 – a user has been logged out of Pyrus automatically due to session timeout;
  • 40 – a user from another organization has been added to a role;
  • 41 – a user from another organization has been deleted from a role;
  • 42 – a user from another organization has been added to a form or task list;
  • 43 – a user from another organization has been deleted from a form or task list;
  • 44 – a user from another organizatin has been added to a task;
  • 49 – a user’s access rights have been changed;
  • 45 – a user from another organization has been deleted from a task;
  • 46 – settings in a user’s profile have been changed;
  • 58 – a user has been sent a single-use access code;
  • 63 – two-factor authorization settings have been changed for all employees of an organization;
  • 64 – session interruption settings on a mobile phone for all employees of an organization have been changed;
  • 65 – web session interruption settings for all employees of an organization have been changed;
  • 66 – two-factor authorization settings for one user have been changed;
  • 67 – session interruption settings on a mobile phone for one user have been changed;
  • 68 – web session interruption settings for one user have been changed;
  • 69 – a user has been logged out of Pyrus automatically due to prolonged inactivity;
  • 70 – inactive web session interruption settings for all employees of an organization have been changed;
  • 71 – inactive mobile phone session interruption settings for all users of an organization have been changed;
  • 72 – inactive web session interruption settings for one user have been changed;
  • 73 – inactive mobile phone session interruption settings for one user have been changed.
GET https://api.pyrus.com/v4/eventhistory?<params>

Response headers

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=EventHistory_After1000_Count1.csv

Response body

evntid,evnttype,utcdate,personid,personemail,ip,eventdata,useragent
1001,49,20221014T114016Z,123456,test@example.com,127.0.0.1,"{""ProjectId"":19961,""LevelBefore"":0,""LevelAfter"":4,""PersonId"":123456}",Windows, Chrome|js version:1.87.33407.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

curl

curl -X GET \
'https://api.pyrus.com/v4/eventhistory?after=1000&count=1000' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole integer. Events whose IDs are greater than the value of this parameter are in the reply.

count – number of events in a reply. 100,000 max.

Was this article helpful?