Help Center

Event log

Cloudless Pyrus

The event log contains information about users’ actions in Pyrus, which can help admins deduce events that threaten process and data security.

More about the event log

GET /eventhistory method

Getting a CSV file with details of an event

The method enables admins to receive a set of events with certain characteristics and returns a CSV file with the following fields:

  • event ID;
  • event type ID;
  • time of event in yyyyMMddTHHmmssZ format;
  • the ID of the user who initiated the event;
  • the email of the user who initiated the event;
  • the IP address of the computer the event was initiated from;
  • additional data about the event in JSON format;
  • userAgent - the heading of the UserAgent query the event was part of. The format of this record is: <Readable presentation>|<Initial value of UserAgent>

Possible event types IDs

  • 7 — the approval routing for a form task has been changed;
  • 12 — a user has logged in to Pyrus;
  • 13 — a user unsuccessfully tried to log in to Pyrus;
  • 20 — bot error;
  • 30 — a user has been added to a role;
  • 31 — a user has been deleted from a role;
  • 35 — a Pyrus has logged out of Pyrus;
  • 36 — a user has been logged out of Pyrus automatically due to session timeout;
  • 40 — a user from another organization has been added to a role;
  • 41 — a user from another organization has been deleted from a role;
  • 42 — a user from another organization has been added to a form or task list;
  • 43 — a user from another organization has been deleted from a form or task list;
  • 44 — a user from another organizatin has been added to a task;
  • 49 — a user’s access rights have been changed;
  • 45 — a user from another organization has been deleted from a task;
  • 46 — settings in a user’s profile have been changed;
  • 58 — a user has been sent a single-use access code;
  • 63 — two-factor authorization settings have been changed for all employees of an organization;
  • 64 — session interruption settings on a mobile phone for all employees of an organization have been changed;
  • 65 — web session interruption settings for all employees of an organization have been changed;
  • 66 — two-factor authorization settings for one user have been changed;
  • 67 — session interruption settings on a mobile phone for one user have been changed;
  • 68 — web session interruption settings for one user have been changed;
  • 69 — a user has been logged out of Pyrus automatically due to prolonged inactivity;
  • 70 — inactive web session interruption settings for all employees of an organization have been changed;
  • 71 — inactive mobile phone session interruption settings for all users of an organization have been changed;
  • 72 — inactive web session interruption settings for one user have been changed;
  • 73 — inactive mobile phone session interruption settings for one user have been changed.
  • 75 — automatic interruption of user session;
  • 76 — max. number of mobile user sessions changed;
  • 77 — max. number of web user sessions changed;
  • 78 — max. number of mobile organization sessions changed;
  • 79 — max. Number of web organization sessions changed;
  • 82 — form name changed;
  • 83 — user secret key changed;
  • 84 — task deleted;
  • 85 — role changed;
  • 87 — user deactevated;
  • 88 — form action history exported;
  • 89 — user unblocked;
  • 90 — user blocked;
  • 91 — bot changed;
  • 92 — user added to “share user” link;
  • 93 — business partner deleted;
  • 94 — manageable organization created;
  • 95 — print templates changed in form;
  • 96 — user restored;
  • 102 — export of organization members;
  • 103 — access rights to closed forms changed;
  • 105 — role administrator added;
  • 106 — role administrator removed;
  • 107 — bot administrator added;
  • 108 — bot administrator removed;
  • 110 — "API access rights" setting changed;
  • 111 — new form default settings setting changed;
  • 112 — workflow editing form setting changed;
  • 113 — business owners of the process changed.
GET https://api.pyrus.com/v4/eventhistory?<params>

Response headers

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=EventHistory_After1000_Count1.csv

Response body

evntid,evnttype,utcdate,personid,personemail,ip,eventdata,useragent
1001,49,20221014T114016Z,123456,test@example.com,127.0.0.1,"{""ProjectId"":19961,""LevelBefore"":0,""LevelAfter"":4,""PersonId"":123456}",Windows, Chrome|js version:1.87.33407.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

curl

curl -X GET \
'https://api.pyrus.com/v4/eventhistory?after=1000&count=1000' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole integer. Events whose IDs are greater than or equal Fthe value of this parameter are in the reply.

count — number of events in a reply. 100,000 max.

GET /fileaccesshistory

Getting a CSV file with an action history with files

This method enables you to get an action history with files and returns the following fields:

  • event ID;
  • event type (U — upload to Pyrus, D — download from Pyrus);
  • ID of the attached file (link see https://pyrus.com/ru/help/api/models#task-with-comments the attachments field)
  • event start time in "yyyyMMddTHHmmssZ" format;
  • file name;
  • file size;
  • IP address of the user who performed the action with the file;
  • user’s user ID;
  • user’s email;
  • task ID;
  • user’s name;
  • name of user’s organization;
  • UserAgent.
GET https://api.pyrus.com/v4/fileaccesshistory?<params>

Response headers

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=FileAccessHistory_After1000_Count1.csv

Response body

evntid,action,attachmentId,utcdate,filename,filesize,fileversion,ip,personid,personemail,taskid,publicfileId,useragent,formid,personname,organization
4178974366,U,258228576,20230712T145932Z,имя_файла,1296,1,127.0.0.1,626316,email@gmail.com,172407340,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",,Имя Фамилия,Название организации

curl

curl -X GET \
'https://api.pyrus.com/v4/fileaccesshistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.

GET /taskaccesshistory

Getting a CSV file with a history of task accesses

This method enables you to get a history of task accesses and returns the following fields:

  • event ID;
  • event start time in "yyyyMMddTHHmmssZ" format;
  • IP address of the user who accessed the task;
  • user’s user ID;
  • user’s email;
  • ID of the accessed task;
  • user’s name;
  • name of user’s organization.
GET https://api.pyrus.com/v4/taskaccesshistory?<params>

Response headers

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=TaskAccessHistory_After1000_Count1.csv

Response body

evntid,utcdate,personid,personname,personemail,taskid,isclosed,formtemplateid,ip,useragent,organization
32,20230810T220822Z,7804,имя фамилия,test@gmail.com,29995,False,43529,127.0.0.1,"Other, Other|testing environment, ver 104",Название организации (10550)

curl

curl -X GET \
'https://api.pyrus.com/v4/taskaccesshistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than or equal the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.

GET /taskexporthistory

Getting a CSV file with a history of task export

This method enables you to get a history of task export and returns the following fields:

  • event ID;
  • event type ID;
  • event start time in "yyyyMMddTHHmmssZ" format;
  • user’s user ID;
  • user’s email;
  • user’s name;
  • List ID (if tasks were exported from a list)
  • export source, one of the following:
    • search query;
    • inbox;
    • list;
  • number of exported tasks;
  • IP address of the user who exported the tasks;
  • name of user’s organization and its ID;
  • an array with IDs of exported tasks;
  • userAgent.
GET https://api.pyrus.com/v4/taskexporthistory?<params>

Response headers

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=TaskAccessHistory_After1000_Count1.csv

Response body

evntid,evnttype,utcdate,personid,personemail,personname,listid,issearch,isinbox,count,ip,organization,taskids,useragent
1000,101,20240606T142144Z,7878,test@gmail.com,full name,15,False,False,2,127.0.0.1,Organization name (10550),"[1111,1112]","Other, Other|testing environment, ver 104"

curl

curl -X GET \
'https://api.pyrus.com/v4/taskexporthistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

  • after — a whole number. Events whose IDs are greater or equal than the value of this parameter are in the reply.
  • count — number of events in the reply. Maximum value — 100,000.

GET /registrydownloadhistory

Getting a CSV file with a history of registry download

This method enables you to get a history of registry download and returns the following fields:

  • event ID;
  • event type ID;
  • event start time in "yyyyMMddTHHmmssZ" format;
  • user’s user ID;
  • user’s email;
  • user’s name;
  • form’s ID;
  • registry download restriction:
    • 0 — no restriction;
    • 4 — download is restricted;
  • an array with IDs of exported tasks;
  • number of exported tasks;
  • whether the form contains a table
  • IP address of the user who exported the tasks;
  • UserAgent;
  • name of user’s organization and its ID.;
GET https://api.pyrus.com/v4/registrydownloadhistory?<params>

Response headers

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=Register_After1000_Count1.csv

Response body

evntid,evnttype,utcdate,personid,personemail,personname,formid,storagelocation,taskids,count,containstable,ip,useragent,organization
1000,14,20240723T103656Z,7878,test@gmail.com,имя фамилия,10,0,[150],1,False,127.0.0.1,"Other, Other|testing environment, ver 104",Название организации (10550)

curl

curl -X GET \
'https://api.pyrus.com/v4/registrydownloadhistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than or equal to the value of this parameter are in the reply.

count — number of events in the reply. Maximum value — 100,000.

Was this article helpful?