Audit Trail API

Overview

To enable the inspection of product use, each Nexthink instance stores the relevant activity of Nexthink users in the form of a log file. Conveniently retrieve the audit log files via the Audit Trail API.

Authentication

Calling the Audit Trail API requires a local user with administrator rights.

Refer to the Profiles documentation for a detailed description of the permission options.

User account

To authenticate the client, the Audit Trail API supports Basic Authentication. Nexthink recommends creating a dedicated local account for that.

OAuth

You can configure the Nexthink instance to grant access to the Audit Trail API using the open standard for access delegation, OAuth. Contact Nexthink Support for more information.

Calling the Audit Trail API

User account

To retrieve the audit log files of the Nexthink instance, send a GET request using one of the following URLs:

Retrieve the audit log of the Nexthink web interface:

https://<instance_FQDN>/audit-trail/api/v1/portal/type/auditlog

Retrieve the audit log of a particular Engine (classic):

https://<instance_FQDN>/audit-trail/api/v1/engine/<Engine_Hostname>/type/auditlog

Retrieve the audit log of all Engines (classic):

https://<instance_FQDN>/audit-trail/api/v1/engines/type/auditlog

OAuth

To retrieve the audit log files of the Nexthink instance, send a GET request using one of the following URLs:

Retrieve the audit log of the Nexthink web interface:

https://agora.<region>.nexthink.cloud/audit-trail/api/v1/portal/type/auditlog

Retrieve the audit log of a particular Engine (classic):

https://agora.<region>.nexthink.cloud/audit-trail/api/v1/engine/<Engine_Hostname>/type/auditlog

Retrieve the audit log of all Engines (classic):

https://agora.<region>.nexthink.cloud/audit-trail/api/v1/engines/type/auditlog

Where <region> must match the region of your Nexthink instance, assigned to your organization during the onboarding.

When generating a token, use the following scope: service:audit-trail.

Refer to the Other integrations (classic) documentation for more information.

Optional parameters

To retrieve a timeframe, use the following optional parameters:

• before_date: returns all the events before the provided date or datetime. Format: yyyy-mm-ddThh:mm:ss (e.g., 2024-12-24 or 2024-12-24T14:00:00).

• elapsed_hours: returns all the events for the provided duration from now or before_date (when specified).

You can use both parameters independently.

Response of the Audit Trail API

The Audit Trail API returns the content of the audit log file in the target instance. In case of a call to retrieve the audit log of all Engines (classic), the response is the result of concatenating the audit log files of each connected Engine (classic).

Error conditions

When unsuccessful, a call to the Audit Trail API returns an error response in the form of a JSON array, along with an HTTP error code:

RELATED REFERENCE

• Audit trail