Audit Log Webhook Payload Schema Reference

Send Apono access request data to your internal systems with event-triggered HTTP messages

This reference describes each of the properties of the webhook payload schema.

The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the Handlebars templating language to format expressions for certain data fields.

{
    "event_type": "string",
    "event_time": "{seconds}.{nanos}",
    "data": {
        "timestamp": "{seconds}.{nanos}",
        "action": "string",
        "actor_id": "string",
        "actor_name": "string",
        "actor_type": "string",
        "source": "string",
        "target_id": "string",
        "target_type": "string",
        "target_name": "string",
        "metadata": "object",
        "current_target_object": "object",
        "previous_target_object": "object"
    }
}

Property

Description

event_type string

Type of audit log event

event_time string

Date the event occurred

data object

Field containing an embedded object with contextual information about the triggering event See:

data object

Property

Description

timestamp string

Date and time the event occurred

action string

Event performed, such as creating, editing, or deleting an item

actor_id string

Email address of the user who performed the action

actor_name string

Full name of the user who performed the action

actor_type string

Type of user who performed the action

source string

Location where the action originated

Possible Values:

API
integration
Terraform
web application

target_id string

Unique identifier of the object affected by the action

target_type string

Type of object affected by the action

Possible Values:

access flow
bundle
integration

target_name string

Friendly name of the object affected by the action

current_target_object object

Updated details of the object affected by the action

IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only.

Target Objects:

previous_target_object object

Previous details of the object affected by the action

Target Objects:

Target Objects

Access Flows

{
    "id": "flow123",
    "name": "example_access_flow",
    "active": true,
    "revoke_after_in_sec": 3600,
    "trigger": {
        "type": "time_based",
        "timeframe": {
            "days_in_week": ["Monday", "Tuesday"],
            "time_zone": "UTC"
        }
    },
    "grantees": {
        "logical_operator": "AND",
        "attribute_filters": [
            {
                "operator": "EQUALS",
                "attribute_type": "role",
                "attribute_value": "admin",
                "integration_id": "integration123"
            }
        ]
    },
    "access_targets": [
        {
            "integration": {
                "resource_integration_id": "integration123",
                "resource_type": "database",
                "resource_tag_restrictors": [
                    {
                        "name": "env",
                        "value": "production"
                    }
                ],
                "resource_tag_restrictors": [],
                "permissions": ["read", "write"]
            }
        }
    ],
    "approver_policy": {
        "groups_operator": "OR",
        "condition_groups": [
            {
                "logical_operator": "AND",
                "conditions": [
                    {
                        "attribute_condition": {
                            "operator": "EQUALS",
                            "attribute_type": "department",
                            "attribute_value": "IT",
                            "integration_id": "integration123"
                        }
                    }
                ]
            }
        ]
    },
    "settings": {
        "require_approver_justification": true,
        "require_justification": false,
        "approver_cannot_approve_himself": true,
        "require_mfa": true
    },
    "labels": [
        {
            "key": "priority",
            "value": "high"
        }
    ],
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}

Property

Description

id string

Unique identifier of the access flow

name string

Friendly name of the access flow

active boolean

Status of the access flow Possible Values:

true
false

revoke_after_in_sec integer

Access duration (in seconds) granted for the resources within the access flow

trigger string | object

Event associated with the access flow

grantees object

Identities for whom access is requested See:

access_targets object

Integrations, bundles, or access scopes to which access will be given See:

approver_policy object

Identities authorized to approve the access flow request

settings object

applied to the access flow

labels object

Identifies access flows for streamlined organization and use See:

created_date string

Creation date of the access flow

updated_date string

Most recent modified date of the access flow

grantees object

Property

Description

logical_operator string

Logical operator applied to the attribute_filters objects

attribute_filters object

List of grantees See:

grantees.attribute_filters object

Property

Description

operator string

Comparative operator relating the attribute_type_id and attribute_value

attribute_type_id string

Type of grantee

Possible Values:

group
user

attribute_value [string]

Unique identifier of the grantee

access_targets object

Property

Description

integration object

Integration definition See:

bundle object

Unique identifier of the , contained within the bundle_id property

The bundle_id is the sole property of this object.

saved_query object

Unique identifier of the , contained within the saved_query_id property The saved_query_id is the sole property of this object.

access_targets.integration object

Property

Description

resource_integration_id string

Unique identifier of the resource

resource_type string

Type of resource

resource_tag_restrictors object

Resources excluded from the integration

permissions object

Permissions granted to the resource

approver_policy object

Property

Description

groups_operator string

Logical operator applied to the condition_groups objects

condition_groups object

Grouped list of approvers See:

approver_policy.condition_groups object

Property

Description

logical_operator string

Logical operator applied to the conditions objects

conditions object

List of individual approver criteria See:

approver_policy.condition_groups.conditions object

Property

Description

attribute_condition object

Attributes of a specific approver See:

request_context_based_attribution_filter object

Attributes of a specific approver based on context See:

approver_policy.condition_groups.conditions.attribute_condition object

Property

Description

operator string

Comparative operator relating the attribute_type_id and attribute_value

attribute_type_id string

Type of approver

attribute_value [string]

Unique identifier of the approver

approver_policy.condition_groups.conditions.request_context_based_attribution_filter object

Property

Description

attribute_type_id string

Type of approver

integration_id string

Identifying value of the associated integration

settings object

Property

Description

require_approver_justification boolean

Indicates if approvers are required to enter a justification for approving or rejecting a request See:

require_justification boolean

Indicates if grantees are required to enter a justification for their requests See:

approver_cannot_approve_himself boolean

Indicates if users can approve their own access See:

require_mfa boolean

Indicates if users will be required to pass when requesting access

Account Settings

{
    "account_id": "account123",
    "account_name": "example_account",
    "enable_flow_failure_notifications": true,
    "credentials_rotation_period_in_days": 90,
    "inactive_user_retention_in_days": 180,
    "integrations_updates_notifications": true,
    "require_duration_for_access_request": false
}

Property

Description

account_id string

Unique identifier of the account

account_name string

Friendly name of the account

enable_flow_failure_notifications boolean

Notifications sent to admins about access flow failures

credential_rotation_period_in_days integer

Number of days after which the credentials must be rotated

See:

inactive_user_retention_in_days integer

Number of days after which to delete a user Apono created if no grant is active See:

integrations_updates_notifications boolean

Email notifications sent to admins about integration status updates

require_duration_for_access_request boolean

Requires the requester to specify duration of access

Activity Reports

{
    "id": "report123",
    "name": "example_activity_report",
    "active": true,
    "filters": {
        "filter_key1": "filter_value1",
        "filter_key2": "filter_value2"
    },
    "start_date": "2023-10-01T12:34:56Z",
    "end_date": "2023-10-02T12:34:56Z",
    "period": {
        "unit": "day",
        "value": 1,
        "rounded": true
    },
    "time_zone": "UTC",
    "fields": ["field1", "field2"],
    "schedule": {
        "cron": "0 0 * * *",
        "format": "json",
        "recipients": ["user@example.com"]
    },
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}

Property

Description

id string

Unique identifier of the activity report

name string

Friendly name of the activity report

active boolean

Status of the activity report

filters object

Selected report filters

start_date string

Absolute start date of the report window

end_date string

Absolute end date of the report window

period object

Relative time of the report window

time_zone string

Time zone of the report

fields [string]

Data fields included in the report

schedule object

Generation frequency, format, and recipients of the report

created_date string

Creation date of the report

updated_date string

Most recent modified date of the report

Bundles

{
    "id": "12345",
    "name": "example_access_bundle",
    "created_date": "2023-10-01T12:34:56Z",
    "access_targets": [
        {
            "id": "target1",
            "name": "target_1",
            "type": "example_type"
        },
        {
            "id": "target2",
            "name": "target_2",
            "type": "example_type"
        }
    ]
}

Property

Description

id string

Unique identifier of the bundle

name string

Friendly name of the bundle

create_date string

Creation date of the bundle

access_targets object

Resources within the bundle See:

(bundles) access_targets object

Property

Description

id string

Unique identifier of the resource

name string

Friendly name of the resource

type string

Type of resource

Integrations

{
    "id": "integration123",
    "name": "example_integration",
    "type": "example_type",
    "status": "active",
    "connector_id": "connector123",
    "parent_integration_id": "parent_integration123",
    "connected_resource_types": ["resource_type1", "resource_type2"],
    "params": {
        "param_key1": "param_value1",
        "param_key2": "param_value2"
    },
    "custom_instructions_access_message": "please follow the instructions.",
    "last_sync_date": "2023-10-01T12:34:56Z",
    "secret_config": {
        "secret_key1": "secret_value1",
        "secret_key2": "secret_value2"
    }
}

Property

Description

id string

Unique identifier of the integration

name string

Friendly name of the integration

type string

Type of integration

status string

Status of the integration

connector_id string

Unique identifier of the connector used for the integration

parent_integration_id string

Unique identifier of the parent integration associated with this integration

connected_resource_types [string]

List of resources associated with the integration

params object

Parameters associated with the integration

custom_instructions_access_message string

Instructions explaining how to access this integration's resources

last_sync_date string (date-time)

Most recent date that Apono synced the integration

secret_config object

for the integration

Users

{
    "id": "user123",
    "email": "user@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "active": true,
    "roles": ["admin", "user"]
}

Property

Description

id string

Unique identifier of the user

email string

Email address of the user

first_name string

First name of the user

last_name string

Last name of the user

active boolean

Status of the user

roles [string]

Role-based access assigned to the user

Webhooks

{
    "id": "webhook123",
    "name": "example_webhook",
    "active": true,
    "triggers": ["trigger1", "trigger2"],
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}

Property

Description

id string

Unique identifier of the webhook

name string

Friendly name of the webhook

active boolean

Status of the webhook

triggers [string]

Associated webhook triggers

Possible Values:

AuditEventTriggered
Manual
RequestCreated
RequestApproved
RequestRejected
RequestGranted
RequestExpired
RequestFailed

created_date string (date-time)

Creation date of the webhook Example: 2023-10-01T12:34:56Z

updated_date string (date-time)

Most recent modified date of the webhook Example: 2023-10-03T1:32:57Z

PreviousWebhook Payload Schema Reference NextAudit Log Webhook

Last updated 3 days ago