Event log

The event log contains information about users’ actions in Pyrus, which can help admins deduce events that threaten process and data security.

More about the event log

GET /eventhistory method

Getting a CSV file with details of an event

The method enables admins to receive a set of events with certain characteristics and returns a CSV file with the following fields:

• event ID;
• event type ID;
• time of event in yyyyMMddTHHmmssZ format;
• the ID of the user who initiated the event;
• the email of the user who initiated the event;
• the IP address of the computer the event was initiated from;
• additional data about the event in JSON format;
• userAgent - the heading of the UserAgent query the event was part of. The format of this record is: <Readable presentation>|<Initial value of UserAgent>

Possible event types IDs:

• 7 — the approval routing for a form task has been changed;
• 12 — a user has logged in to Pyrus;
• 13 — a user unsuccessfully tried to log in to Pyrus;
• 30 — a user has been added to a role;
• 31 — a user has been deleted from a role;
• 35 — a Pyrus has logged out of Pyrus;
• 36 — a user has been logged out of Pyrus automatically due to session timeout;
• 40 — a user from another organization has been added to a role;
• 41 — a user from another organization has been deleted from a role;
• 42 — a user from another organization has been added to a form or task list;
• 43 — a user from another organization has been deleted from a form or task list;
• 44 — a user from another organizatin has been added to a task;
• 49 — a user’s access rights have been changed;
• 45 — a user from another organization has been deleted from a task;
• 46 — settings in a user’s profile have been changed;
• 58 — a user has been sent a single-use access code;
• 63 — two-factor authorization settings have been changed for all employees of an organization;
• 64 — session interruption settings on a mobile phone for all employees of an organization have been changed;
• 65 — web session interruption settings for all employees of an organization have been changed;
• 66 — two-factor authorization settings for one user have been changed;
• 67 — session interruption settings on a mobile phone for one user have been changed;
• 68 — web session interruption settings for one user have been changed;
• 69 — a user has been logged out of Pyrus automatically due to prolonged inactivity;
• 70 — inactive web session interruption settings for all employees of an organization have been changed;
• 71 — inactive mobile phone session interruption settings for all users of an organization have been changed;
• 72 — inactive web session interruption settings for one user have been changed;
• 73 — inactive mobile phone session interruption settings for one user have been changed.
• 75 — automatic interruption of user session;
• 76 — max. number of mobile user sessions changed;
• 77 — max. number of web user sessions changed;
• 78 — max. number of mobile organization sessions changed;
• 79 — max. Number of web organization sessions changed;
• 82 — form name changed;
• 83 — user secret key changed;
• 84 — task deleted;
• 85 — role changed;
• 87 — user deactevated;
• 88 — form action history exported;
• 89 — user reinstated;
• 90 — user blocked;
• 91 — bot changed;
• 92 — user added to “share user” link;
• 93 — business partner deleted;
• 94 — manageable organization created;
• 95 — print templates changed in form.

GET https://api.pyrus.com/v4/eventhistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=EventHistory_After1000_Count1.csv

evntid,evnttype,utcdate,personid,personemail,ip,eventdata,useragent
1001,49,20221014T114016Z,123456,test@example.com,127.0.0.1,"{""ProjectId"":19961,""LevelBefore"":0,""LevelAfter"":4,""PersonId"":123456}",Windows, Chrome|js version:1.87.33407.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

curl -X GET \
'https://api.pyrus.com/v4/eventhistory?after=1000&count=1000' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole integer. Events whose IDs are greater than the value of this parameter are in the reply.

count — number of events in a reply. 100,000 max.

GET /fileaccesshistory

Getting a CSV file with an action history with files

This method enables you to get an action history with files and returns the following fields:

• event ID;
• event type (U — upload to Pyrus, D — download from Pyrus);
• ID of the attached file (link see https://pyrus.com/ru/help/api/models#task-with-comments the attachments field)
• event start time in "yyyyMMddTHHmmssZ" format;
• file name;
• file size;
• IP address of the user who performed the action with the file;
• user’s user ID;
• user’s email;
• task ID;
• user’s name;
• name of user’s organization;
• UserAgent.

GET https://api.pyrus.com/v4/fileaccesshistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=FileAccessHistory_After1000_Count1.csv

evntid,action,attachmentId,utcdate,filename,filesize,fileversion,ip,personid,personemail,taskid,publicfileId,useragent,formid,personname,organization
4178974366,U,258228576,20230712T145932Z,имя_файла,1296,1,127.0.0.1,626316,email@gmail.com,172407340,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",,Имя Фамилия,Название организации

curl -X GET \
'https://api.pyrus.com/v4/fileaccesshistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.

GET /taskaccesshistory

Getting a CSV file with a history of task accesses

This method enables you to get a history of task accesses and returns the following fields:

• event ID;
• event start time in "yyyyMMddTHHmmssZ" format;
• IP address of the user who accessed the task;
• user’s user ID;
• user’s email;
• ID of the accessed task;
• user’s name;
• name of user’s organization.

GET https://api.pyrus.com/v4/taskaccesshistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=TaskAccessHistory_After1000_Count1.csv

evntid,utcdate,personid,personname,personemail,taskid,isclosed,formtemplateid,ip,useragent,organization
32,20230810T220822Z,7804,имя фамилия,test@gmail.com,29995,False,43529,127.0.0.1,"Other, Other|testing environment, ver 104",Название организации (10550)

curl -X GET \
'https://api.pyrus.com/v4/taskaccesshistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than the value of this parameter are in the reply. count — number of events in the reply. Maximum value — 100,000.

GET /taskexporthistory

Getting a CSV file with a history of task export

This method enables you to get a history of task export and returns the following fields:

• event ID;
• event type ID;
• event start time in "yyyyMMddTHHmmssZ" format;
• user’s user ID;
• user’s email;
• user’s name;
• List ID (if tasks were exported from a list)
• export source, one of the following:
  • search query;
  • inbox;
  • list;
• number of exported tasks;
• IP address of the user who exported the tasks;
• name of user’s organization and its ID;
• an array with IDs of exported tasks;
• userAgent.

GET https://api.pyrus.com/v4/taskexporthistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=TaskAccessHistory_After1000_Count1.csv

evntid,evnttype,utcdate,personid,personemail,personname,listid,issearch,isinbox,count,ip,organization,taskids,useragent
1000,101,20240606T142144Z,7878,test@gmail.com,full name,15,False,False,2,127.0.0.1,Organization name (10550),"[1111,1112]","Other, Other|testing environment, ver 104"

curl -X GET \
'https://api.pyrus.com/v4/taskexporthistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

• after — a whole number. Events whose IDs are greater or equal than the value of this parameter are in the reply.
• count — number of events in the reply. Maximum value — 100,000.

GET /registrydownloadhistory

Getting a CSV file with a history of registry download

This method enables you to get a history of registry download and returns the following fields:

• event ID;
• event type ID;
• event start time in "yyyyMMddTHHmmssZ" format;
• user’s user ID;
• user’s email;
• user’s name;
• form’s ID;
• registry download restriction:
  • 0 — no restriction;
  • 4 — download is restricted;
• an array with IDs of exported tasks;
• number of exported tasks;
• whether the form contains a table
• IP address of the user who exported the tasks;
• UserAgent;
• name of user’s organization and its ID.;

GET 
https://api.pyrus.com/v4/registrydownloadhistory?<params>

Content-Type: application/octet-stream
Content-Disposition: attachment;filename=Register_After1000_Count1.csv

evntid,evnttype,utcdate,personid,personemail,personname,formid,storagelocation,taskids,count,containstable,ip,useragent,organization
1000,14,20240723T103656Z,7878,test@gmail.com,имя фамилия,10,0,[150],1,False,127.0.0.1,"Other, Other|testing environment, ver 104",Название организации (10550)

curl -X GET \
'https://api.pyrus.com/v4/registrydownloadhistory?after=1000&count=1' \
-H 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \

Parameters

after — a whole number. Events whose IDs are greater than or equal to the value of this parameter are in the reply.

count — number of events in the reply. Maximum value — 100,000.