Event log
Cloudless Pyrus
The event log contains information about users’ actions in Pyrus, which can help admins deduce events that threaten process and data security.
GET /eventhistory method
Getting a CSV file with details of an event
The method enables admins to receive a set of events with certain characteristics and returns a CSV file with the following fields:
- event ID;
- event type ID;
- time of event in yyyyMMddTHHmmssZ format;
- the ID of the user who initiated the event;
- the email of the user who initiated the event;
- the IP address of the computer the event was initiated from;
- additional data about the event in JSON format;
- userAgent - the heading of the UserAgent query the event was part of. The format of this record is: <Readable presentation>|<Initial value of UserAgent>
Possible event types IDs
- 7 — the approval routing for a form task has been changed;
- 12 — a user has logged in to Pyrus;
- 13 — a user unsuccessfully tried to log in to Pyrus;
- 20 — bot error;
- 30 — a user has been added to a role;
- 31 — a user has been deleted from a role;
- 35 — a Pyrus has logged out of Pyrus;
- 36 — a user has been logged out of Pyrus automatically due to session timeout;
- 40 — a user from another organization has been added to a role;
- 41 — a user from another organization has been deleted from a role;
- 42 — a user from another organization has been added to a form or task list;
- 43 — a user from another organization has been deleted from a form or task list;
- 44 — a user from another organizatin has been added to a task;
- 49 — a user’s access rights have been changed;
- 45 — a user from another organization has been deleted from a task;
- 46 — settings in a user’s profile have been changed;
- 58 — a user has been sent a single-use access code;
- 63 — two-factor authorization settings have been changed for all employees of an organization;
- 64 — session interruption settings on a mobile phone for all employees of an organization have been changed;
- 65 — web session interruption settings for all employees of an organization have been changed;
- 66 — two-factor authorization settings for one user have been changed;
- 67 — session interruption settings on a mobile phone for one user have been changed;
- 68 — web session interruption settings for one user have been changed;
- 69 — a user has been logged out of Pyrus automatically due to prolonged inactivity;
- 70 — inactive web session interruption settings for all employees of an organization have been changed;
- 71 — inactive mobile phone session interruption settings for all users of an organization have been changed;
- 72 — inactive web session interruption settings for one user have been changed;
- 73 — inactive mobile phone session interruption settings for one user have been changed.
- 75 — automatic interruption of user session;
- 76 — max. number of mobile user sessions changed;
- 77 — max. number of web user sessions changed;
- 78 — max. number of mobile organization sessions changed;
- 79 — max. Number of web organization sessions changed;
- 82 — form name changed;
- 83 — user secret key changed;
- 84 — task deleted;
- 85 — role changed;
- 87 — user deactevated;
- 88 — form action history exported;
- 89 — user unblocked;
- 90 — user blocked;
- 91 — bot changed;
- 92 — user added to “share user” link;
- 93 — business partner deleted;
- 94 — manageable organization created;
- 95 — print templates changed in form;
- 96 — user restored;
- 102 — export of organization members;
- 103 — access rights to closed forms changed.
GET https://api.pyrus.com/v4/eventhistory?<params>
Response headers
Content-Type: application/octet-stream Content-Disposition: attachment;filename=EventHistory_After1000_Count1.csv
Response body
evntid,evnttype,utcdate,personid,personemail,ip,eventdata,useragent
1001,49,20221014T114016Z,123456,test@example.com,127.0.0.1,"{""ProjectId"":19961,""LevelBefore"":0,""LevelAfter"":4,""PersonId"":123456}",Windows, Chrome|js version:1.87.33407.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
curl
curl -X GET \ 'https://api.pyrus.com/v4/eventhistory?after=1000&count=1000' \ -H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
Parameters
after — a whole integer. Events whose IDs are greater than or equal Fthe value of this parameter are in the reply.
count — number of events in a reply. 100,000 max.
GET /fileaccesshistory
Getting a CSV file with an action history with files
This method enables you to get an action history with files and returns the following fields:
- event ID;
- event type (U — upload to Pyrus, D — download from Pyrus);
- ID of the attached file (link see https://pyrus.com/ru/help/api/models#task-with-comments the attachments field)
- event start time in "yyyyMMddTHHmmssZ" format;
- file name;
- file size;
- IP address of the user who performed the action with the file;
- user’s user ID;
- user’s email;
- task ID;
- user’s name;
- name of user’s organization;
- UserAgent.
GET https://api.pyrus.com/v4/fileaccesshistory?<params>
Response headers
Content-Type: application/octet-stream Content-Disposition: attachment;filename=FileAccessHistory_After1000_Count1.csv
Response body
evntid,action,attachmentId,utcdate,filename,filesize,fileversion,ip,personid,personemail,taskid,publicfileId,useragent,formid,personname,organization 4178974366,U,258228576,20230712T145932Z,имя_файла,1296,1,127.0.0.1,626316,email@gmail.com,172407340,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",,Имя Фамилия,Название организации
curl
curl -X GET \ 'https://api.pyrus.com/v4/fileaccesshistory?after=1000&count=1' \ -H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
Parameters
after — a whole number. Events whose IDs are greater than the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.
GET /taskaccesshistory
Getting a CSV file with a history of task accesses
This method enables you to get a history of task accesses and returns the following fields:
- event ID;
- event start time in "yyyyMMddTHHmmssZ" format;
- IP address of the user who accessed the task;
- user’s user ID;
- user’s email;
- ID of the accessed task;
- user’s name;
- name of user’s organization.
GET https://api.pyrus.com/v4/taskaccesshistory?<params>
Response headers
Content-Type: application/octet-stream Content-Disposition: attachment;filename=TaskAccessHistory_After1000_Count1.csv
Response body
evntid,utcdate,personid,personname,personemail,taskid,isclosed,formtemplateid,ip,useragent,organization 32,20230810T220822Z,7804,имя фамилия,test@gmail.com,29995,False,43529,127.0.0.1,"Other, Other|testing environment, ver 104",Название организации (10550)
curl
curl -X GET \ 'https://api.pyrus.com/v4/taskaccesshistory?after=1000&count=1' \ -H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
Parameters
after — a whole number. Events whose IDs are greater than or equal the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.
GET /taskexporthistory
Getting a CSV file with a history of task export
This method enables you to get a history of task export and returns the following fields:
- event ID;
- event type ID;
- event start time in "yyyyMMddTHHmmssZ" format;
- user’s user ID;
- user’s email;
- user’s name;
- List ID (if tasks were exported from a list)
- export source, one of the following:
- search query;
- inbox;
- list;
- number of exported tasks;
- IP address of the user who exported the tasks;
- name of user’s organization and its ID;
- an array with IDs of exported tasks;
- userAgent.
GET https://api.pyrus.com/v4/taskexporthistory?<params>
Response headers
Content-Type: application/octet-stream Content-Disposition: attachment;filename=TaskAccessHistory_After1000_Count1.csv
Response body
evntid,evnttype,utcdate,personid,personemail,personname,listid,issearch,isinbox,count,ip,organization,taskids,useragent 1000,101,20240606T142144Z,7878,test@gmail.com,full name,15,False,False,2,127.0.0.1,Organization name (10550),"[1111,1112]","Other, Other|testing environment, ver 104"
curl
curl -X GET \ 'https://api.pyrus.com/v4/taskexporthistory?after=1000&count=1' \ -H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
Parameters
- after — a whole number. Events whose IDs are greater or equal than the value of this parameter are in the reply.
- count — number of events in the reply. Maximum value — 100,000.
GET /registrydownloadhistory
Getting a CSV file with a history of registry download
This method enables you to get a history of registry download and returns the following fields:
- event ID;
- event type ID;
- event start time in "yyyyMMddTHHmmssZ" format;
- user’s user ID;
- user’s email;
- user’s name;
- form’s ID;
- registry download restriction:
- 0 — no restriction;
- 4 — download is restricted;
- an array with IDs of exported tasks;
- number of exported tasks;
- whether the form contains a table
- IP address of the user who exported the tasks;
- UserAgent;
- name of user’s organization and its ID.;
GET https://api.pyrus.com/v4/registrydownloadhistory?<params>
Response headers
Content-Type: application/octet-stream Content-Disposition: attachment;filename=Register_After1000_Count1.csv
Response body
evntid,evnttype,utcdate,personid,personemail,personname,formid,storagelocation,taskids,count,containstable,ip,useragent,organization 1000,14,20240723T103656Z,7878,test@gmail.com,имя фамилия,10,0,[150],1,False,127.0.0.1,"Other, Other|testing environment, ver 104",Название организации (10550)
curl
curl -X GET \ 'https://api.pyrus.com/v4/registrydownloadhistory?after=1000&count=1' \ -H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
Parameters
after — a whole number. Events whose IDs are greater than or equal to the value of this parameter are in the reply.
count — number of events in the reply. Maximum value — 100,000.