# Audit Log Webhook Payload Schema Reference This reference describes each of the properties of the webhook payload schema. The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the [Handlebars](https://handlebarsjs.com/guide/) templating language to format expressions for certain data fields. ```json { "event_type": "string", "event_time": "{seconds}.{nanos}", "data": { "timestamp": "{seconds}.{nanos}", "action": "string", "actor_id": "string", "actor_name": "string", "actor_type": "string", "source": "string", "target_id": "string", "target_type": "string", "target_name": "string", "metadata": "object", "current_target_object": "object", "previous_target_object": "object" } } ```

Property	Description
event_type string	Type of audit log event
event_time string	Date the event occurred
data object	Field containing an embedded object with contextual information about the triggering event See: data object

#### data object

Property	Description
timestamp string	Date and time the event occurred
action string	Event performed, such as creating, editing, or deleting an item
actor_id string	Email address of the user who performed the action
actor_name string	Full name of the user who performed the action
actor_type string	Type of user who performed the action
source string	Location where the action originated Possible Values: API integration Terraform web application
target_id string	Unique identifier of the object affected by the action
target_type string	Type of object affected by the action Possible Values: access flow bundle integration
target_name string	Friendly name of the object affected by the action
current_target_object object	Updated details of the object affected by the action IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only. Target Objects: Access Flows Account Settings Activity Reports Bundles Integrations Users Webhooks
previous_target_object object	Previous details of the object affected by the action IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only. Target Objects: Access Flows Account Settings Activity Reports Bundles Integrations Users Webhooks

*** ### Target Objects #### Access Flows ```json { "id": "flow123", "name": "example_access_flow", "active": true, "revoke_after_in_sec": 3600, "trigger": { "type": "time_based", "timeframe": { "days_in_week": ["Monday", "Tuesday"], "time_zone": "UTC" } }, "grantees": { "logical_operator": "AND", "attribute_filters": [ { "operator": "EQUALS", "attribute_type": "role", "attribute_value": "admin", "integration_id": "integration123" } ] }, "access_targets": [ { "integration": { "resource_integration_id": "integration123", "resource_type": "database", "resource_tag_restrictors": [ { "name": "env", "value": "production" } ], "resource_tag_restrictors": [], "permissions": ["read", "write"] } } ], "approver_policy": { "groups_operator": "OR", "condition_groups": [ { "logical_operator": "AND", "conditions": [ { "attribute_condition": { "operator": "EQUALS", "attribute_type": "department", "attribute_value": "IT", "integration_id": "integration123" } } ] } ] }, "settings": { "require_approver_justification": true, "require_justification": false, "approver_cannot_approve_himself": true, "require_mfa": true }, "labels": [ { "key": "priority", "value": "high" } ], "created_date": "2023-10-01T12:34:56Z", "updated_date": "2023-10-02T12:34:56Z" } ```

Property	Description
id string	Unique identifier of the access flow
name string	Friendly name of the access flow
active boolean	Status of the access flow Possible Values: true false
revoke_after_in_sec integer	Access duration (in seconds) granted for the resources within the access flow
trigger string \| object	Event associated with the access flow
grantees object	Identities for whom access is requested See: grantees object
access_targets object	Integrations, bundles, or access scopes to which access will be given See: access_targets object
approver_policy object	Identities authorized to approve the access flow request
settings object	Access flow settings (self serve, automatic) applied to the access flow
labels object	Identifies access flows for streamlined organization and use See: Self Serve Access Flows or Automatic Access Flows
created_date string	Creation date of the access flow
updated_date string	Most recent modified date of the access flow

#### grantees object

Property	Description
logical_operator string	Logical operator applied to the `attribute_filters` objects
attribute_filters object	List of grantees See: grantees.attribute_filters object

#### grantees.attribute\_filters object

Property Description

operator string Comparative operator relating the attribute_type_id and attribute_value

attribute_type_id string

Type of grantee

Possible Values:

group
user

attribute_value [string] Unique identifier of the grantee

#### access\_targets object

Property Description

integration object Integration definition

See: access_targets.integration object

Property	Description
integration object	Integration definition See: access_targets.integration object
bundle object	Unique identifier of the bundle, contained within the `bundle_id` property The `bundle_id` is the sole property of this object.
saved_query object	Unique identifier of the access scope, contained within the `saved_query_id` property The `saved_query_id` is the sole property of this object.

bundle object

Unique identifier of the bundle, contained within the bundle_id property

The bundle_id is the sole property of this object.

saved_query object Unique identifier of the access scope, contained within the saved_query_id property

The saved_query_id is the sole property of this object.

#### access\_targets.integration object

Property	Description
resource_integration_id string	Unique identifier of the resource
resource_type string	Type of resource
resource_tag_restrictors object	Resources excluded from the integration
permissions object	Permissions granted to the resource

#### approver\_policy object

Property	Description
groups_operator string	Logical operator applied to the `condition_groups` objects
condition_groups object	Grouped list of approvers See: approver_policy.condition_groups object

#### approver\_policy.condition\_groups object

Property	Description
logical_operator string	Logical operator applied to the `conditions` objects
conditions object	List of individual approver criteria See: approver_policy.condition_groups.conditions object

#### approver\_policy.condition\_groups.conditions object

Property	Description
attribute_condition object	Attributes of a specific approver See: approver_policy.condition_groups.conditions.attribute_condition object
request_context_based_attribution_filter object	Attributes of a specific approver based on context See: approver_policy.condition_groups.conditions.request_context_based_attribution_filter object

#### approver\_policy.condition\_groups.conditions.attribute\_condition object

Property	Description
operator string	Comparative operator relating the `attribute_type_id` and `attribute_value`
attribute_type_id string	Type of approver
attribute_value [string]	Unique identifier of the approver

#### approver\_policy.condition\_groups.conditions.request\_context\_based\_attribution\_filter object

Property	Description
attribute_type_id string	Type of approver
integration_id string	Identifying value of the associated integration

#### settings object

Property	Description
require_approver_justification boolean	Indicates if approvers are required to enter a justification for approving or rejecting a request See: Self Serve Access Flows
require_justification boolean	Indicates if grantees are required to enter a justification for their requests See: Self Serve Access Flows
approver_cannot_approve_himself boolean	Indicates if users can approve their own access See: Self Serve Access Flows
require_mfa boolean	Indicates if users will be required to pass multi-factor authentication when requesting access

#### Account Settings ```json { "account_id": "account123", "account_name": "example_account", "enable_flow_failure_notifications": true, "credentials_rotation_period_in_days": 90, "inactive_user_retention_in_days": 180, "integrations_updates_notifications": true, "require_duration_for_access_request": false } ```

Property	Description
account_id string	Unique identifier of the account
account_name string	Friendly name of the account
enable_flow_failure_notifications boolean	Notifications sent to admins about access flow failures
credential_rotation_period_in_days integer	Number of days after which the credentials must be rotated See: Credentials Rotation Policy
inactive_user_retention_in_days integer	Number of days after which to delete a user Apono created if no grant is active See: Periodic User Cleanup & Deletion
integrations_updates_notifications boolean	Email notifications sent to admins about integration status updates
require_duration_for_access_request boolean	Requires the requester to specify duration of access

#### Activity Reports ```json { "id": "report123", "name": "example_activity_report", "active": true, "filters": { "filter_key1": "filter_value1", "filter_key2": "filter_value2" }, "start_date": "2023-10-01T12:34:56Z", "end_date": "2023-10-02T12:34:56Z", "period": { "unit": "day", "value": 1, "rounded": true }, "time_zone": "UTC", "fields": ["field1", "field2"], "schedule": { "cron": "0 0 * * *", "format": "json", "recipients": ["user@example.com"] }, "created_date": "2023-10-01T12:34:56Z", "updated_date": "2023-10-02T12:34:56Z" } ```

Property	Description
id string	Unique identifier of the activity report
name string	Friendly name of the activity report
active boolean	Status of the activity report
filters object	Selected report filters
start_date string	Absolute start date of the report window
end_date string	Absolute end date of the report window
period object	Relative time of the report window
time_zone string	Time zone of the report
fields [string]	Data fields included in the report
schedule object	Generation frequency, format, and recipients of the report
created_date string	Creation date of the report
updated_date string	Most recent modified date of the report

#### Bundles

{
    "id": "12345",
    "name": "example_access_bundle",
    "created_date": "2023-10-01T12:34:56Z",
    "access_targets": [
        {
            "id": "target1",
            "name": "target_1",
            "type": "example_type"
        },
        {
            "id": "target2",
            "name": "target_2",
            "type": "example_type"
        }
    ]
}

Property	Description
id string	Unique identifier of the bundle
name string	Friendly name of the bundle
create_date string	Creation date of the bundle
access_targets object	Resources within the bundle See: (bundles) access_targets

#### (bundles) access\_targets object

Property	Description
id string	Unique identifier of the resource
name string	Friendly name of the resource
type string	Type of resource

#### Integrations ```json { "id": "integration123", "name": "example_integration", "type": "example_type", "status": "active", "connector_id": "connector123", "parent_integration_id": "parent_integration123", "connected_resource_types": ["resource_type1", "resource_type2"], "params": { "param_key1": "param_value1", "param_key2": "param_value2" }, "custom_instructions_access_message": "please follow the instructions.", "last_sync_date": "2023-10-01T12:34:56Z", "secret_config": { "secret_key1": "secret_value1", "secret_key2": "secret_value2" } } ```

Property	Description
id string	Unique identifier of the integration
name string	Friendly name of the integration
type string	Type of integration
status string	Status of the integration
connector_id string	Unique identifier of the connector used for the integration
parent_integration_id string	Unique identifier of the parent integration associated with this integration
connected_resource_types [string]	List of resources associated with the integration
params object	Parameters associated with the integration
custom_instructions_access_message string	Instructions explaining how to access this integration's resources
last_sync_date string (date-time)	Most recent date that Apono synced the integration
secret_config object	Secret for the integration

#### Users ```json { "id": "user123", "email": "user@example.com", "first_name": "John", "last_name": "Doe", "active": true, "roles": ["admin", "user"] } ```

Property	Description
id string	Unique identifier of the user
email string	Email address of the user
first_name string	First name of the user
last_name string	Last name of the user
active boolean	Status of the user
roles [string]	Role-based access assigned to the user

#### Webhooks ```json { "id": "webhook123", "name": "example_webhook", "active": true, "triggers": ["trigger1", "trigger2"], "created_date": "2023-10-01T12:34:56Z", "updated_date": "2023-10-02T12:34:56Z" } ```

Property	Description
id string	Unique identifier of the webhook
name string	Friendly name of the webhook
active boolean	Status of the webhook
triggers [string]	Associated webhook triggers Possible Values: AuditEventTriggered Manual RequestCreated RequestApproved RequestRejected RequestGranted RequestExpired RequestFailed
created_date string (date-time)	Creation date of the webhook Example: 2023-10-01T12:34:56Z
updated_date string (date-time)	Most recent modified date of the webhook Example: 2023-10-03T1:32:57Z