HomeUse CasesConceptsConfig GuidesDeveloper GuidesAPI Reference
API Reference

Run a report.

post
https://{tenanturl}/v1.0/reports/

This endpoint is used to run most of the reports. Provide the report name and request payload in the body section.

Entitlements required: readReports or manageReports.

POST /reporting/v1.0/reports/{report_name} - API is used to get the first batch of events.
POST /reporting/v1.0/reports/{report_name}_search_after - API to get the remaining events.

For example, to get the authentication event attributes that are included in the table for authentication activity, you can use the following payloads:

Report NameExample Payload Request
auth_audit_trail{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SORT_BY":"time",
"SORT_ORDER":"asc"
}
auth_audit_trail_search_after{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SORT_BY":"time",
"SORT_ORDER":"asc",
"SEARCH_AFTER":"1554479231870, \"30f5a726-0e11-4066-a49f-e1e1d03a62b4\""
}
The SEARCH_AFTER value is a comma-separated timestamp and escaped-quoted ID from the last response entry of the auth_audit_trail report.
auth_audit_trail with SUBTYPE filter{
"FROM":"now-24h",
"TO":"now",
"SIZE":"10",
"SUBTYPE":"\"mfa\",\"federation\"",
"SORT_BY":"time",
"SORT_ORDER":"asc"
}

Note: Filter values must be in a comma separated list that is surrounded by quotation marks and the quotation marks must be escaped.

Language
URL