Event log

The event log contains information about users’ actions in Pyrus, which can help admins deduce events that threaten process and data security.

More about the event log

GET /eventhistory method

Getting a CSV file with details of an event

The method enables admins to receive a set of events with certain characteristics and returns a CSV file with the following fields:

• event ID;
• event type ID;
• time of event in yyyyMMddTHHmmssZ format;
• the ID of the user who initiated the event;
• the email of the user who initiated the event;
• the IP address of the computer the event was initiated from;
• additional data about the event in JSON format;
• userAgent - the heading of the UserAgent query the event was part of. The format of this record is: <Readable presentation>|<Initial value of UserAgent>

Possible event types IDs:

• 7 – the approval routing for a form task has been changed;
• 12 – a user has logged in to Pyrus;
• 13 – a user unsuccessfully tried to log in to Pyrus;
• 30 – a user has been added to a role;
• 31 – a user has been deleted from a role;
• 35 – a Pyrus has logged out of Pyrus;
• 36 – a user has been logged out of Pyrus automatically due to session timeout;
• 40 – a user from another organization has been added to a role;
• 41 – a user from another organization has been deleted from a role;
• 42 – a user from another organization has been added to a form or task list;
• 43 – a user from another organization has been deleted from a form or task list;
• 44 – a user from another organizatin has been added to a task;
• 49 – a user’s access rights have been changed;
• 45 – a user from another organization has been deleted from a task;
• 46 – settings in a user’s profile have been changed;
• 58 – a user has been sent a single-use access code;
• 63 – two-factor authorization settings have been changed for all employees of an organization;
• 64 – session interruption settings on a mobile phone for all employees of an organization have been changed;
• 65 – web session interruption settings for all employees of an organization have been changed;
• 66 – two-factor authorization settings for one user have been changed;
• 67 – session interruption settings on a mobile phone for one user have been changed;
• 68 – web session interruption settings for one user have been changed;
• 69 – a user has been logged out of Pyrus automatically due to prolonged inactivity;
• 70 – inactive web session interruption settings for all employees of an organization have been changed;
• 71 – inactive mobile phone session interruption settings for all users of an organization have been changed;
• 72 – inactive web session interruption settings for one user have been changed;
• 73 – inactive mobile phone session interruption settings for one user have been changed.

GET https://api.pyrus.com/v4/eventhistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=EventHistory_After1000_Count1.csv

evntid,evnttype,utcdate,personid,personemail,ip,eventdata,useragent
1001,49,20221014T114016Z,123456,test@example.com,127.0.0.1,"{""ProjectId"":19961,""LevelBefore"":0,""LevelAfter"":4,""PersonId"":123456}",Windows, Chrome|js version:1.87.33407.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

curl -X GET \
'https://api.pyrus.com/v4/eventhistory?after=1000&count=1000' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole integer. Events whose IDs are greater than the value of this parameter are in the reply.

count – number of events in a reply. 100,000 max.

GET /fileaccesshistory

Getting a CSV file with an action history with files

This method enables you to get an action history with files and returns the following fields:

• event ID;
• event type (U — upload to Pyrus, D — download from Pyrus);
• ID of the attached file (link see https://pyrus.com/ru/help/api/models#task-with-comments the attachments field)
• event start time in "yyyyMMddTHHmmssZ" format;
• file name;
• file size;
• IP address of the user who performed the action with the file;
• user’s user ID;
• user’s email;
• task ID;
• user’s name;
• name of user’s organization.

GET https://api.pyrus.com/v4/fileaccesshistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=FileAccessHistory_After1000_Count1.csv

evntid,action,attachmentId,utcdate,filename,filesize,fileversion,ip,personid,personemail,taskid,publicfileId,useragent,formid,personname,organization
4178974366,U,258228576,20230712T145932Z,имя_файла,1296,1,127.0.0.1,626316,email@gmail.com,172407340,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",,Имя Фамилия,Название организации

curl -X GET \
'https://api.pyrus.com/v4/fileaccesshistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.

GET /taskaccesshistory

Getting a CSV file with a history of task accesses

This method enables you to get a history of task accesses and returns the following fields:

• event ID;
• event start time in "yyyyMMddTHHmmssZ" format;
• IP address of the user who accessed the task;
• user’s user ID;
• user’s email;
• ID of the accessed task;
• user’s name;
• name of user’s organization.

GET https://api.pyrus.com/v4/taskaccesshistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=TaskAccessHistory_After1000_Count1.csv

evntid,utcdate,personid,personname,personemail,taskid,isclosed,formtemplateid,ip,useragent,organization
32,20230810T220822Z,7804,имя фамилия,test@gmail.com,29995,False,43529,127.0.0.1,"Other, Other|testing environment, ver 104",Название организации (10550)

curl -X GET \
'https://api.pyrus.com/v4/taskaccesshistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.