Auditlog and Security Event APIs

This update provides two related APIs, which can be used to audit activity on a Vend retailer account.

Security Events API

The Security Events API, /api/2.0/security_events, has been added to the 2.0 documentation.

This endpoint returns information in the system about the following events for the current user:

  • terms_accepted
  • signin
  • signout
  • change_email
  • change_password
  • reset_password_confirm
  • user_switching_sucess
  • user_switching_denied
  • new_personal_token
  • update_personal_token
  • delete_personal_token
  • issue_oauth_token

Note: This is a subset of the auditlog entries with type set to security and user_id set to the current user.

Audit Log API (Beta)

The Audit Log Events API, /api/2.0/auditlog_events, has been added to the 2.0-beta documentation.

This endpoint is mainly concerned with capturing more critical changes in the system relating to products, customers, registers and outlets, as well as the security events documented above.

It is by no means an extensive logging of all changes in the system, though many of the events not logged here are logged in other parts of the system.

Object Action Notes
customer form create/update/delete
customer api create/update/delete
customer csv import
register form create/update/delete
outlet form create/update/delete
csv import init Tracks CSV import requests and includes data about the import type (customer, product) and the CSV file line count.
product* create/update/delete All actions on products.
security terms_accepted, signin, signout, change_email, change_password, reset_password_confirm, user_switching_success, user_switching_denied, new_personal_token, update_personal_token, delete_personal_token, issue_oauth_token

Note: Being beta this is subject to change.