Activity Logs API

NordPass Enterprise now offers an Activity Logs API integration to help you manage member access and monitor activities in your organization. Below you will find instructions on how Owners and Admins can view Activity Logs via the API.
Before proceeding further, make sure that account authorizations are set up by following the NordPass Token Management guide.

 

API set-up

The Activity Logs API URLs are data center-specific - your organization must use the corresponding URL for the data center where your account is located.

The details returned by the API are not decrypted. Owners can search for specific details for members' actions in the Activity Logs tab. For more information on how to use the Activity Log, please visit our guide.

 

Request header

When making a POST request to the Activity Logs API, make sure to include both of the headers below:

  • Authorization – The POST request to an activity logs API must be authorized using the token generated on the Business Admin Panel.
  • Content-Type – When initiating a POST request, it is crucial to include a Content-Type header to explicitly indicate the media type of the data being transmitted in the request body.
    For the Activity Logs API, you must set the content type to application/json since the request is transmitted in JSON format.

 

Example:

Authorization: GENERATED_ACTIVE_TOKEN
Content-Type: application/json

 

Filtering & Pagination

  • This API allows filtering by timestamp_from and timestamp_to. If the optional filter is not provided, the information is returned for the last 7 full days. The period specified for filtering must not exceed a maximum of 90 days.
  • The user_uuids is an optional filter that, if not provided, will return information for all users based on other filter criteria. This filter accepts an array of string values, allowing up to 500 user UUID values to be included in a single filter request.

        1. Log in to the Admin Panel as an Owner or Admin.

        2. Open Developer Mode.

        3. Navigate to the member section on the left side menu.

        4. In Developer Mode, open the Networks tab and search for v1/ecp/users.

        5. The header should show a GET request.

        6. Collect all active users' UUIDs from the Response tab.

        Note: The same steps should be taken to get the UUIDs of suspended and deleted users.

  • You may also use the search by item_id function. This allows you to find specific activity logs faster, as all you need is the 36-character UUID of the item.
  • Also, you can manage the number of records returned by utilizing the per_page filtering option, which allows for a range of 1 to 100 records per request. If the per_page option is not specified, the default will be 30 records per page.
  • The page filtering option can request specific page results. The page number must be at least 1 and cannot exceed the total number of available pages. If the page option is not specified, the API will default to returning the first page.

 

Example:

{
  "timestamp_from": TIMESTAMP_FILTER_FROM,
  "timestamp_to": TIMESTAMP_FILTER_TO,
  "user_uuids": ["USER_UUID"],
  "item_id": "ITEM_UUID",
  "per_page": 30,
  "page": 1
}

 

Rate limits

The API is limited to 2000 requests per 5 minutes per IP address.

 

Responses

You can find a list of actions performed by your organization members in the action types section of the activity log guide.

 

{
    "data": [
        {
            "type": string,
            "action": string,
            "timestamp": integer,
            "organization_uuid": string($uuid),
            "user": {
                "uuid": string($uuid),
                "email": string($email)
            },
            "metadata": []
        }
    ],
    "metadata": {
        "total": integer, 
        "per_page": integer, 
        "current_page": integer, 
        "total_pages": integer,
    }
}

 

Limitation

The API can return up to the 10,000 most recent activity log records (e.g., requesting logs 9980-10050 will not return results). If the filtering results exceed this limit, it will only return the most recent 10,000 results.

 

Error codes

 

Error code

 

Error message

 

 

Possible reason

400

Invalid request payload

  • The period between timestamp_from and timestamp_to is more than 90 days
  • timestamp_from and/or timestamp_to in wrong format
  • timestamp_from is later than timestamp_to
  • timestamp_to is in the future
  • user_uuids value(s) is in the wrong format
  • user_uuids array contains an empty value
  • user_uuids array contains non existing user_uuid value
  • user_uuids filter contains more than 500 values
  • per_page value is in the wrong format
  • per_page value is not between 1 to 100
  • page value is in the wrong format
  • page value is not 1 or higher integer
  • A request for logs exceeds the most recent 10,000 logs. 
  • The item_uuid does not exist.
  • The item_uuid is in the incorrect format.
  • The item_uuid field is empty.

401

Unauthorized

Missing token or Authorization header

403

[authorization error] invalid token

Invalid Authorization token

403

[authorization error] token introspection failed

Expired/Revoked Authorization token

403

[bad request] organization UUID exchange failed

Organization is no longer active in NordPass



Was this article helpful?