Audit Trail Log API

Additional audit logging feature available in Frends Platform API.

The Frends Audit Trail Log is a comprehensive logging system that tracks configuration changes, user actions, and system events within your Frends tenant. It provides visibility into who performed what actions, when they occurred, and what resources were affected, enabling compliance, security monitoring, and troubleshooting.

The Audit Log is accessible through the Frends Platform API and provides read-only access to audit events stored in your tenant's database.

Requirements

Before you can use the Audit Trail Log API, you must have the Frends Platform API enabled for your Tenant. The Platform API requires an Azure AD application registration for authentication. If you haven't already set up the Platform API, refer to the Frends Platform API documentation for complete setup instructions, including how to create the necessary Azure AD application registration.

Enabling the Audit Trail Log API

The Audit Log API endpoint is not enabled by default and must be explicitly activated for each tenant, even if you already have the Frends Platform API enabled. To enable this feature, contact Frends Support and request activation of the Audit Log API endpoint for your tenant.

The Frends technical team will set the required environment variable Flags:EnableFrendsApiAuditLogRoute = true and restart the Control Panel to apply the changes. This process requires administrator-level access and cannot be performed by tenant users directly.

Once enabled, you can verify that the endpoint is active by navigating to your tenant's Swagger UI at https://<YOUR_TENANT>.frendsapp.com/swagger/index.html and looking for the "AuditLog" section in the API documentation.

What Information is Tracked

The Audit Trail Log captures a comprehensive range of events across your Frends Tenant, providing detailed visibility into system changes and user activities.

Configuration Changes

The audit log tracks all significant configuration changes within your Tenant. This includes Process deployments, modifications, and deletions, as well as Process activation and deactivation events. Environment Variable changes and configuration element modifications are also recorded, ensuring you have a complete history of your system's configuration state.

User and access management actions are captured in detail, including role changes and user management operations. Additionally, all POST or other modifying requests made through the UI are logged, along with Task imports, providing comprehensive coverage of configuration activities.

User Actions and Metadata

For each tracked event, the audit log records the user identity (username) who performed the action, the specific action that was taken, and a precise timestamp in UTC format. The log also captures information about affected resources and Agent Group details, giving you complete context for each event.

The audit log stores HTTP request parameter data in human-readable JSON format, making it easy to understand exactly what changes were made. Process instance acknowledgements and other metadata are also captured to provide a complete audit trail.

API Endpoint Reference

The Audit Log API is accessed through the following endpoint:

GET /api/v1/audit-log

This endpoint requires authentication using the Azure AD application registration configured for your Frends Platform API access. The same authentication mechanism used for other Platform API endpoints applies to the Audit Log API.

To confirm available data fields and parameters for your Tenant, check the OpenAPI specification from your Tenant at https://<YOUR_TENANT>.frendsapp.com/swagger/index.html and look for the "AuditLog" section in the API documentation.

Query Parameters

The API accepts several query parameters that allow you to filter and paginate the audit log results effectively.

PageNumber (integer)

The PageNumber parameter specifies the current page number for pagination, with a default value of 1.

PageSize (integer)

The PageSize parameter determines how many results are returned per page, with a default of 30 and a maximum of 200.

StartDateTimeUtc, EndDateTimeUtc (DateTime string)

For date-based filtering, you can use startDateTimeUtc and endDateTimeUtc (both string values in ISO 8601 format) to specify the time range for your query. These parameters are optional but highly useful for narrowing down results to specific time periods.

ActionName (string)

The actionName parameter allows you to filter by specific actions using the format {Controller}.{Action}.

UserName (string)

The userName parameter lets you filter results by the username of the person who performed the action.

Example Request

Here's an example of how to query the audit log for a specific user within a date range:

GET /api/v1/audit-log?PageNumber=1&PageSize=50&startDateTimeUtc=2026-01-01T00:00:00Z&endDateTimeUtc=2026-02-13T23:59:59Z&[email protected]

Response Format

The API returns audit log entries in JSON format. Each response includes action details describing the type of action performed, timestamps indicating when the action occurred (in UTC), and user information identifying who performed the action. The parameters field contains HTTP request parameter data in human-readable JSON format, and resource information details what was affected by the action.

A typical response structure looks like this:

{
  "items": [
    {
      "actionName": "Process.Deploy",
      "userName": "[email protected]",
      "timestamp": "2026-02-13T10:30:00Z",
      "parameters": {
        "processId": "12345",
        "processName": "CustomerDataSync",
        "agentGroup": "Production"
      }
    }
  ],
  "pageNumber": 1,
  "pageSize": 50,
  "totalCount": 150
}

Data Retention

The default retention period for most audit logs is 60 days, after which older entries are automatically removed. However, configuration changes follow a different retention policy and are stored until the process or configuration element is explicitly deleted or the history is manually removed.

Agent events are retained based on a rolling window of 1,000 events per agent, rather than a time-based retention period. Process execution logs have configurable retention periods that can be set per process or agent group, with a default maximum of 60 days.

Backup and Recovery

Audit logs are stored in an Azure SQL log database with robust backup capabilities. Point-in-Time Restore (PITR) is available for up to 35 days, allowing you to recover audit data from any point within that window. Additionally, differential backups are performed every 24 hours, and these backups are retained for one month, providing an additional layer of data protection.

Access and Security

Users have read-only access to the audit logs, meaning they cannot purge or modify audit entries through the API. This ensures the immutability of the audit trail, which is essential for compliance and security investigations. Authentication is handled through Azure AD, providing enterprise-grade security for accessing sensitive audit information.

PreviousModels NextAgent application settings

Last updated 2 hours ago

Was this helpful?

Good afternoon

hashtagRequirements

hashtagEnabling the Audit Trail Log API

hashtagWhat Information is Tracked

hashtagConfiguration Changes

hashtagUser Actions and Metadata

hashtagAPI Endpoint Reference

hashtagQuery Parameters

hashtagPageNumber (integer)

hashtagPageSize (integer)

hashtagStartDateTimeUtc, EndDateTimeUtc (DateTime string)

hashtagActionName (string)

hashtagUserName (string)

hashtagExample Request

hashtagResponse Format

hashtagData Retention

hashtagBackup and Recovery

hashtagAccess and Security