Event log
Cloudless Pyrus
The event log contains information about users’ actions in Pyrus, which can help admins deduce events that threaten process and data security.
GET /eventhistory method
Getting a CSV file with details of an event
The method enables admins to receive a set of events with certain characteristics and returns a CSV file with the following fields:
- event ID;
- event type ID;
- time of event in yyyyMMddTHHmmssZ format;
- the ID of the user who initiated the event;
- the email of the user who initiated the event;
- the IP address of the computer the event was initiated from;
- additional data about the event in JSON format;
- userAgent - the heading of the UserAgent query the event was part of. The format of this record is: <Readable presentation>|<Initial value of UserAgent>
Possible event types IDs:
- 7 – the approval routing for a form task has been changed;
- 12 – a user has logged in to Pyrus;
- 13 – a user unsuccessfully tried to log in to Pyrus;
- 30 – a user has been added to a role;
- 31 – a user has been deleted from a role;
- 35 – a Pyrus has logged out of Pyrus;
- 36 – a user has been logged out of Pyrus automatically due to session timeout;
- 40 – a user from another organization has been added to a role;
- 41 – a user from another organization has been deleted from a role;
- 42 – a user from another organization has been added to a form or task list;
- 43 – a user from another organization has been deleted from a form or task list;
- 44 – a user from another organizatin has been added to a task;
- 49 – a user’s access rights have been changed;
- 45 – a user from another organization has been deleted from a task;
- 46 – settings in a user’s profile have been changed;
- 58 – a user has been sent a single-use access code;
- 63 – two-factor authorization settings have been changed for all employees of an organization;
- 64 – session interruption settings on a mobile phone for all employees of an organization have been changed;
- 65 – web session interruption settings for all employees of an organization have been changed;
- 66 – two-factor authorization settings for one user have been changed;
- 67 – session interruption settings on a mobile phone for one user have been changed;
- 68 – web session interruption settings for one user have been changed;
- 69 – a user has been logged out of Pyrus automatically due to prolonged inactivity;
- 70 – inactive web session interruption settings for all employees of an organization have been changed;
- 71 – inactive mobile phone session interruption settings for all users of an organization have been changed;
- 72 – inactive web session interruption settings for one user have been changed;
- 73 – inactive mobile phone session interruption settings for one user have been changed.
GET https://api.pyrus.com/v4/eventhistory?<params>
Response headers
Content-Type: application/octet-stream Content-Disposition: attachment;filename=EventHistory_After1000_Count1.csv
Response body
evntid,evnttype,utcdate,personid,personemail,ip,eventdata,useragent 1001,49,20221014T114016Z,123456,test@example.com,127.0.0.1,"{""ProjectId"":19961,""LevelBefore"":0,""LevelAfter"":4,""PersonId"":123456}",Windows, Chrome|js version:1.87.33407.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
curl
curl -X GET \ 'https://api.pyrus.com/v4/eventhistory?after=1000&count=1000' \ -H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
Parameters
after — a whole integer. Events whose IDs are greater than the value of this parameter are in the reply.
count – number of events in a reply. 100,000 max.