# Audit Trail API (classic)

{% hint style="warning" %}
Follow the *Audit Trail API* procedure on this page only if you still need to track Experience events (Engine, Finder).

For the rest of the new integrations in Experience, you should use the NQL API export or the Data exporter for Azure Data Lake. Refer to the [Exporting audit logs](/platform/security/exporting-audit-logs.md) documentation.
{% endhint %}

## Authentication <a href="#audittrailapi-classic-authentication" id="audittrailapi-classic-authentication"></a>

Calling the Audit Trail API requires a local user with administrator rights.

Refer to the [Roles](/platform/user-guide/administration/account-management/roles.md) documentation for a detailed description of the permission options.

### User account <a href="#audittrailapi-classic-useraccount" id="audittrailapi-classic-useraccount"></a>

To authenticate the client, the Audit Trail API supports Basic Authentication. Nexthink recommends creating a dedicated local account for that.

### OAuth <a href="#audittrailapi-classic-oauth" id="audittrailapi-classic-oauth"></a>

You can configure the Nexthink instance to grant access to the Audit Trail API using the open standard for access delegation, OAuth. Contact [Nexthink Support](https://support.nexthink.com/) for more information.

## Calling the Audit Trail API <a href="#audittrailapi-classic-callingtheaudittrailapi" id="audittrailapi-classic-callingtheaudittrailapi"></a>

### User account <a href="#audittrailapi-classic-useraccount.1" id="audittrailapi-classic-useraccount.1"></a>

To retrieve the audit log files of the Nexthink instance, send a GET request using one of the following URLs:

Retrieve the audit log of the Nexthink web interface:

`https://<instance_FQDN>/audit-trail/api/v1/portal/type/auditlog`

Retrieve the audit log of a particular Engine (classic):

`https://<instance_FQDN>/audit-trail/api/v1/engine/<Engine_Hostname>/type/auditlog`

Retrieve the audit log of all Engines (classic):

`https://<instance_FQDN>/audit-trail/api/v1/engines/type/auditlog`

### OAuth <a href="#audittrailapi-classic-oauth.1" id="audittrailapi-classic-oauth.1"></a>

To retrieve the audit log files of the Nexthink instance, send a GET request using one of the following URLs:\
Retrieve the audit log of the Nexthink web interface:

`https://agora.<region>.nexthink.cloud/audit-trail/api/v1/portal/type/auditlog`

Retrieve the audit log of a particular Engine (classic):

`https://agora.<region>.nexthink.cloud/audit-trail/api/v1/engine/<Engine_Hostname>/type/auditlog`

Retrieve the audit log of all Engines (classic):

`https://agora.<region>.nexthink.cloud/audit-trail/api/v1/engines/type/auditlog`

Where `<region>` must match the region of your Nexthink instance, assigned to your organization during the onboarding.

When generating a token, use the following scope: `service:audit-trail`.

When generating a token, use the following scope: `service:audit-trail`.

Refer to the [Other integrations (classic)](/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/integrating-nexthink-with-third-party-tools/api-and-integrations-classic/other-integrations-classic.md) documentation for more information.

## Optional parameters <a href="#audittrailapi-classic-optionalparameters" id="audittrailapi-classic-optionalparameters"></a>

To retrieve a timeframe, use the following optional parameters:

* **before\_date:** returns all the events before the provided date or datetime. Format: `yyyy-mm-ddThh:mm:ss` (e.g., `2024-12-24` or `2024-12-24T14:00:00`).
* **elapsed\_hours:** returns all the events for the provided duration from now or **before\_date** (when specified).

You can use both parameters independently.

## Response of the Audit Trail API <a href="#audittrailapi-classic-responseoftheaudittrailapi" id="audittrailapi-classic-responseoftheaudittrailapi"></a>

The Audit Trail API returns the content of the audit log file in the target instance. In case of a call to retrieve the audit log of all Engines (classic), the response is the result of concatenating the audit log files of each connected Engine (classic).

### Error conditions <a href="#audittrailapi-classic-errorconditions" id="audittrailapi-classic-errorconditions"></a>

When unsuccessful, a call to the Audit Trail API returns an error response in the form of a JSON array, along with an HTTP error code:

| Error type             | HTTP code                 | Cause                                                            |
| ---------------------- | ------------------------- | ---------------------------------------------------------------- |
| Engine error (classic) | Internal server error 500 | <ul><li>Unknown Engine name</li><li>Unreachable Engine</li></ul> |

***

RELATED REFERENCE

* [Audit trail](/platform/security/exporting-audit-logs.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/integrating-nexthink-with-third-party-tools/api-and-integrations-classic/audit-trail-api-classic.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.