User Events API Requests and Responses

Introduction

User events are captured when user accounts are created or revised or when users authenticate. You can view user events in the ZEDEDA Cloud Reports. If you need all the details, you can use the API docs from the link in the Help Center. This is a brief overview of how user events are generally captured.

Prerequisites

See How to use ZEDEDA API

Create an account

When you create an account, that generates an event. When you run an event report for a user, the report calls the following API endpoint with the ID of the user:

GET /api/v1/users/id/AAF1ABCPiqU-8-JAoJtd_jA-J8h9 

Response example 

{
   "id": "AAF1ABCPiqU-8-JAoJtd_jA-J8h9",
   "username": "user@acme.com",
   "SfdcId": "",
   "HubspotId": "",
   "revision": {
       "prev": "",
       "curr": "1",
       "createdAt": "2024-10-10T05:12:05.863478Z",
       "createdBy": "SysAdmin@acme.com",
       "updatedAt": "2024-10-11T15:56:22.491223Z",
       "updatedBy": "SysAdmin@acme.com"
   },
   "state": "USER_STATE_ACTIVE",
   "firstName": "UserFirst",
   "locale": "",
   "fullName": "UserFirst UserLast",
   "timeZone": "",
   "roleId": "AAGFABCFc6p2XtZBGISdXrrSPmMm",
   "type": "AUTH_TYPE_LOCAL",
   "email": "user@acme.com",
   "phone": "",
   "notifyPref": "",
   "LastLoginTime": "2024-10-11T15:56:22.491222Z",
   "LastLogoutTime": "0001-01-01T00:00:00Z",
   "emailState": "ID_STATE_VERIFIED",
   "phoneState": "ID_STATE_UNSPECIFIED",
   "customUserInput": {},
   "allowedEnterprises": [
       {
           "id": "AAFlABBtJ0mP_lhJjIyVzjzgMXiR",
           "name": "acme",
           "roleId": "AAGFABCFc6p2XtZBGISdXrrSPmMm"
       }
   ],
   "enterpriseId": "AAFlABBtJ0mP_lhJjIyVzjzgMXiR",
   "totpEnabled": false
}

The following parameters can return the following values: 

state: General well being of the user
  • USER_STATE_UNSPECIFIED (default)
  • USER_STATE_CREATED 
  • USER_STATE_ACTIVE 
  • USER_STATE_INACTIVE 
  • USER_STATE_SIGNEDUP 
  • USER_STATE_SUSPENDED 
type: Authentication type
  • AUTH_TYPE_UNSPECIFIED (default) 
  • AUTH_TYPE_LOCAL 
  • AUTH_TYPE_OAUTH 
  • AUTH_TYPE_SAML
emailState: state of the ID
  • ID_STATE_UNSPECIFIED (default) 
  • ID_STATE_NOT_VERIFIED 
  • ID_STATE_VERIFIED 
phoneState: state of the ID
  • ID_STATE_UNSPECIFIED (default)
  • ID_STATE_NOT_VERIFIED 
  • ID_STATE_VERIFIED

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA IAM Service from the dropdown menu and expand the item for: 

GET /v1/users/id/{id} 

 

Deactivate an account

After you create an account, you can deactivate the account, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:

GET /api/v1/events?startTime.seconds=1730279711&endTime.seconds=1730322911&objtype=user&objname=SysAdmin@acme.com&next.pageSize=20&next.pageNum=1 

Response example 

{
   "list": [
       {
           "user": "SysAdmin@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "User user@acme.com is Updated ",
           "timestamp": "2024-10-30T21:15:01.450572775Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "user@acme.com",
           "jsonData": null,
           "clusterInstance": ""
       },
   ],
   "next": {
       "pageToken": "2024-10-30T17:02:39.51375351Z",
       "orderBy": [],
       "pageNum": 1,
       "pageSize": 20,
       "totalPages": 1
   },
   "summary": {
       "description": "",
       "total": 19,
       "values": {}
   }
}

The following parameters can return the following values: 

severity: Severity of events
  • Info
  • Notice
  • Warning
  • Critical
source: Source of events
  • EVENT_SOURCE_UNSPECIFIED: Default
  • EVENT_SOURCE_SYSTEM: Event is generated as a result of status change reported by edge node or application
  • EVENT_SOURCE_USER: Event is generated as a result of a user's configuration action

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for: 

GET /v1/events

 

Activate an account

After you deactivate an account, you can activate it, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:

GET /api/v1/events?startTime.seconds=1730280114&endTime.seconds=1730323314&objtype=user&objname=SysAdmin@acme.com&next.pageSize=20&next.pageNum=1

Response example 

{
   "list": [
       {
           "user": "SysAdmin@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "User user@acme.com is Updated ",
           "timestamp": "2024-10-30T21:21:48.950818656Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "user@acme.com",
           "jsonData": null,
           "clusterInstance": ""
       },
   ],
   "next": {
       "pageToken": "2024-10-30T17:02:39.51375351Z",
       "orderBy": [],
       "pageNum": 1,
       "pageSize": 20,
       "totalPages": 1
   },
   "summary": {
       "description": "",
       "total": 20,
       "values": {}
   }
}

The following parameters can return the following values: 

severity: Severity of events
  • Info
  • Notice
  • Warning
  • Critical
source: Source of events
  • EVENT_SOURCE_UNSPECIFIED: Default
  • EVENT_SOURCE_SYSTEM: Event is generated as a result of status change reported by edge node or application
  • EVENT_SOURCE_USER: Event is generated as a result of a user's configuration action

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for: 

GET /v1/events

Delete an account

After you create an account, you can delete it, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:

GET /api/v1/events?startTime.seconds=1730280653&endTime.seconds=1730323853&objtype=user&objname=SysAdmin@acme.com&next.pageSize=20&next.pageNum=1

Response example 

{
   "list": [
       {
           "user": "SysAdmin@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "User user@acme.com is Deleted ",
           "timestamp": "2024-10-30T21:30:39.814541880Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "user@acme.com",
           "jsonData": null,
           "clusterInstance": ""
       },
   ],
   "next": {
       "pageToken": "2024-10-30T18:49:26.407264565Z",
       "orderBy": [],
       "pageNum": 1,
       "pageSize": 20,
       "totalPages": 2
   },
   "summary": {
       "description": "",
       "total": 21,
       "values": {}
   }
}

The following parameters can return the following values: 

severity: Severity of events
  • Info
  • Notice
  • Warning
  • Critical
source: Source of events
  • EVENT_SOURCE_UNSPECIFIED: Default
  • EVENT_SOURCE_SYSTEM: Event is generated as a result of status change reported by edge node or application
  • EVENT_SOURCE_USER: Event is generated as a result of a user's configuration action

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for: 

GET /v1/events

Authenticate 

When a user authenticates, that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination:

GET /api/v1/events?startTime.seconds=1728576746&endTime.seconds=1728663146&objtype=user&objname=user@acme.com&next.pageSize=20&next.pageNum=1

Response Example

{
   "list": [
       {
           "user": "user@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "User 'user@acme.com' Logged in after successful password verification",
           "timestamp": "2024-10-11T15:56:22.493958164Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "user@acme.com",
           "jsonData": null,
           "clusterInstance": ""
       },
    ],
    "next": {
        "pageToken": "2024-10-10T20:04:48.557269742Z",
        "orderBy": [],
        "pageNum": 1,
        "pageSize": 20,
        "totalPages": 1
    },
    "summary": {
        "description": "",
        "total": 2,
        "values": {}
    }
}

The following parameters can return the following values: 

severity: Severity of events
  • Info
  • Notice
  • Warning
  • Critical
source: Source of events
  • EVENT_SOURCE_UNSPECIFIED: Default
  • EVENT_SOURCE_SYSTEM: Event is generated as a result of status change reported by edge node or application
  • EVENT_SOURCE_USER: Event is generated as a result of a user's configuration action

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for: 

GET /v1/events

 

Edit credentials

When you create an account, you can assign a password. You can change the password at any time & that creates an event. When you run an event report for a user, the report calls the following API endpoint with the ID of the user:

GET /api/v1/users/id/AAF1ABCPiqU-8-JAoJtd_jA-J8h9 

Response example 

{
   "list": [
       {
           "user": "SysAdmin@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "SysAdmin@acme.com reset  user user@acme.com password",
           "timestamp": "2024-10-16T18:43:08.567156468Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "",
           "jsonData": null,
           "clusterInstance": ""
       },
       {
           "user": "SysAdmin@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "Password reset failed: new password cannot be one of the recently used passwords",
           "timestamp": "2024-10-16T18:42:52.906844485Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "",
           "jsonData": null,
           "clusterInstance": ""
        }

The following parameters can return the following values: 

severity: The severity of the event
  • Info
  • Notice
  • Warning
  • Critical
source: The source of the event
  • EVENT_SOURCE_UNSPECIFIED: Default
  • EVENT_SOURCE_SYSTEM: Event is generated as a result of status change reported by edge node or application
  • EVENT_SOURCE_USER: Event is generated as a result of a user's configuration action

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA IAM Service from the dropdown menu and expand the item for: 

GET /v1/users/id/{id} 

 

Assign roles

When you create an account, you can assign a role. You can change the role at any time & that creates an event. When you run an event report for a user, the report calls the following API endpoint with the ID of the user:

GET /api/v1/users/id/AAF1ABCPiqU-8-JAoJtd_jA-J8h9 

Response example 

{
   "list": [
       {
           "user": "SysAdmin@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "User user@acme.com is Updated ",
           "timestamp": "2024-10-16T17:33:46.596038387Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "user@acme.com",
           "jsonData": null,
           "clusterInstance": ""
       },
    ]

The following parameters can return the following values: 

severity: The severity of the event
  • Info
  • Notice
  • Warning
  • Critical
source: The source of the event
  • Unspecified
  • System
  • User

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA IAM Service from the dropdown menu and expand the item for: 

GET /v1/users/id/{id} 

Enable two factor authentication

After your account has been added, you can edit your own user details to enable two factor authentication (2FA). You can enable 2FA at any time. When you register with the time-based one-time password (TOTP), it generates an event. When you run an event report for yourself, the report calls the following API endpoint with the date and time range you specify and the pagination: 

GET /api/v1/events?startTime.seconds=1730271552&endTime.seconds=1730314752&next.pageSize=20&next.pageNum=1

Response example 

{
   "list": [
       {
           "user": "",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "Tenant User 'user@acme.com' Totp Registration succeeded  ",
           "timestamp": "2024-10-30T18:55:00.919123380Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "user@acme.com",
           "jsonData": null,
           "clusterInstance": ""
       },
   ],
   "next": {
       "pageToken": "2024-10-30T17:02:39.51375351Z",
       "orderBy": [],
       "pageNum": 1,
       "pageSize": 20,
       "totalPages": 1
   },
   "summary": {
       "description": "",
       "total": 7,
       "values": {}
   }
}

The following parameters can return the following values: 

severity: The severity of the event
  • Info
  • Notice
  • Warning
  • Critical
source: The source of the event
  • Unspecified
  • System
  • User

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for: 

GET /v1/events

 

Disable two factor authentication

After you enable 2FA, you can disable 2FA. You can disable it at any time, and that generates an event. When you run an event report for a user, the report calls the following API endpoint with the date and time range you specify, the name of the user, and the pagination: 

GET /api/v1/events?startTime.seconds=1730271552&endTime.seconds=1730314752&objtype=user&objname=user@acme.com&next.pageSize=20&next.pageNum=1

Response example 

{
   "list": [
       {
           "user": "user@acme.com",
           "project": "",
           "device": "",
           "instance": "",
           "severity": "INFO",
           "description": "User loria@zededa.com is Updated ",
           "timestamp": "2024-10-30T19:15:27.726863159Z",
           "source": "EVENT_SOURCE_USER",
           "resource": "User",
           "eventType": "",
           "tags": [],
           "resourceName": "user@acme.com",
           "jsonData": null,
           "clusterInstance": ""
       },
],
   "next": {
       "pageToken": "2024-10-16T17:17:36.167510742Z",
       "orderBy": [],
       "pageNum": 1,
       "pageSize": 20,
       "totalPages": 1
   },
   "summary": {
       "description": "",
       "total": 4,
       "values": {}
   }
}

The following parameters can return the following values: 

severity: The severity of the event
  • Info
  • Notice
  • Warning
  • Critical
source: The source of the event
  • Unspecified
  • System
  • User

The API docs contain the model that describes all the available parameters, some of which are not returned in the user event report. To test it yourself, you can go to the API docs, select ZEDEDA Diagnostics Service from the dropdown menu and expand the item for: 

GET /v1/events




Was this article helpful?
0 out of 0 found this helpful