Audit Log Webhook Payload Schema Reference

Send Apono access request data to your internal systems with event-triggered HTTP messages

This reference describes each of the properties of the webhook payload schema.

The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the Handlebars templating language to format expressions for certain data fields.

{
    "event_type": "string",
    "event_time": "{seconds}.{nanos}",
    "data": {
        "timestamp": "{seconds}.{nanos}",
        "action": "string",
        "actor_id": "string",
        "actor_name": "string",
        "actor_type": "string",
        "source": "string",
        "target_id": "string",
        "target_type": "string",
        "target_name": "string",
        "metadata": "object",
        "current_target_object": "object",
        "previous_target_object": "object"
    }
}

Property

Description

event_type string

Type of audit log event

event_time string

Date the event occurred

data object

Field containing an embedded object with contextual information about the triggering event See: data object

data object

Property

Description

timestamp string

Date and time the event occurred

action string

Event performed, such as creating, editing, or deleting an item

actor_id string

Email address of the user who performed the action

actor_name string

Full name of the user who performed the action

actor_type string

Type of user who performed the action

source string

Location where the action originated

Possible Values:

API
integration
Terraform
web application

target_id string

Unique identifier of the object affected by the action

target_type string

Type of object affected by the action

Possible Values:

access flow
bundle
integration

target_name string

Friendly name of the object affected by the action

current_target_object object

Updated details of the object affected by the action

IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only.

Target Objects:

previous_target_object object

Previous details of the object affected by the action

Target Objects:

Target Objects

Access Flows

{
    "id": "flow123",
    "name": "example_access_flow",
    "active": true,
    "revoke_after_in_sec": 3600,
    "trigger": {
        "type": "time_based",
        "timeframe": {
            "days_in_week": ["Monday", "Tuesday"],
            "time_zone": "UTC"
        }
    },
    "grantees": {
        "logical_operator": "AND",
        "attribute_filters": [
            {
                "operator": "EQUALS",
                "attribute_type": "role",
                "attribute_value": "admin",
                "integration_id": "integration123"
            }
        ]
    },
    "access_targets": [
        {
            "integration": {
                "resource_integration_id": "integration123",
                "resource_type": "database",
                "resource_tag_restrictors": [
                    {
                        "name": "env",
                        "value": "production"
                    }
                ],
                "resource_tag_restrictors": [],
                "permissions": ["read", "write"]
            }
        }
    ],
    "approver_policy": {
        "groups_operator": "OR",
        "condition_groups": [
            {
                "logical_operator": "AND",
                "conditions": [
                    {
                        "attribute_condition": {
                            "operator": "EQUALS",
                            "attribute_type": "department",
                            "attribute_value": "IT",
                            "integration_id": "integration123"
                        }
                    }
                ]
            }
        ]
    },
    "settings": {
        "require_approver_justification": true,
        "require_justification": false,
        "approver_cannot_approve_himself": true,
        "require_mfa": true
    },
    "labels": [
        {
            "key": "priority",
            "value": "high"
        }
    ],
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}

Property

Description

id string

Unique identifier of the access flow

name string

Friendly name of the access flow

active boolean

Status of the access flow Possible Values:

true
false

revoke_after_in_sec integer

Access duration (in seconds) granted for the resources within the access flow

trigger string | object

Event associated with the access flow

grantees object

Identities for whom access is requested See: grantees object

access_targets object

Integrations, bundles, or access scopes to which access will be given See: access_targets object

approver_policy object

Identities authorized to approve the access flow request

settings object

Access flow settings (self serve, automatic) applied to the access flow

labels object

Identifies access flows for streamlined organization and use See: Self Serve Access Flows or Automatic Access Flows

created_date string

Creation date of the access flow

updated_date string

Most recent modified date of the access flow

grantees object

Property

Description

logical_operator string

Logical operator applied to the attribute_filters objects

attribute_filters object

List of grantees See: grantees.attribute_filters object

grantees.attribute_filters object

Property

Description

operator string

Comparative operator relating the attribute_type_id and attribute_value

attribute_type_id string

Type of grantee

Possible Values:

group
user

attribute_value [string]

Unique identifier of the grantee

access_targets object

Property

Description

integration object

Integration definition See: access_targets.integration object

bundle object

Unique identifier of the bundle, contained within the bundle_id property

The bundle_id is the sole property of this object.

saved_query object

Unique identifier of the access scope, contained within the saved_query_id property The saved_query_id is the sole property of this object.

access_targets.integration object

Property

Description

resource_integration_id string

Unique identifier of the resource

resource_type string

Type of resource

resource_tag_restrictors object

Resources excluded from the integration

permissions object

Permissions granted to the resource

approver_policy object

Property

Description

groups_operator string

Logical operator applied to the condition_groups objects

condition_groups object

Grouped list of approvers See: approver_policy.condition_groups object

approver_policy.condition_groups object

Property

Description

logical_operator string

Logical operator applied to the conditions objects

conditions object

List of individual approver criteria See: approver_policy.condition_groups.conditions object

approver_policy.condition_groups.conditions object

Property

Description

attribute_condition object

Attributes of a specific approver See: approver_policy.condition_groups.conditions.attribute_condition object

request_context_based_attribution_filter object

Attributes of a specific approver based on context See: approver_policy.condition_groups.conditions.request_context_based_attribution_filter object

approver_policy.condition_groups.conditions.attribute_condition object

Property

Description

operator string

Comparative operator relating the attribute_type_id and attribute_value

attribute_type_id string

Type of approver

attribute_value [string]

Unique identifier of the approver

approver_policy.condition_groups.conditions.request_context_based_attribution_filter object

Property

Description

attribute_type_id string

Type of approver

integration_id string

Identifying value of the associated integration

settings object

Property

Description

require_approver_justification boolean

Indicates if approvers are required to enter a justification for approving or rejecting a request See: Self Serve Access Flows

require_justification boolean

Indicates if grantees are required to enter a justification for their requests See: Self Serve Access Flows

approver_cannot_approve_himself boolean

Indicates if users can approve their own access See: Self Serve Access Flows

require_mfa boolean

Indicates if users will be required to pass multi-factor authentication when requesting access

Account Settings

{
    "account_id": "account123",
    "account_name": "example_account",
    "enable_flow_failure_notifications": true,
    "credentials_rotation_period_in_days": 90,
    "inactive_user_retention_in_days": 180,
    "integrations_updates_notifications": true,
    "require_duration_for_access_request": false
}

Property

Description

account_id string

Unique identifier of the account

account_name string

Friendly name of the account

enable_flow_failure_notifications boolean

Notifications sent to admins about access flow failures

credential_rotation_period_in_days integer

Number of days after which the credentials must be rotated

See: Credentials Rotation Policy

inactive_user_retention_in_days integer

Number of days after which to delete a user Apono created if no grant is active See: Periodic User Cleanup & Deletion

integrations_updates_notifications boolean

Email notifications sent to admins about integration status updates

require_duration_for_access_request boolean

Requires the requester to specify duration of access

Activity Reports

{
    "id": "report123",
    "name": "example_activity_report",
    "active": true,
    "filters": {
        "filter_key1": "filter_value1",
        "filter_key2": "filter_value2"
    },
    "start_date": "2023-10-01T12:34:56Z",
    "end_date": "2023-10-02T12:34:56Z",
    "period": {
        "unit": "day",
        "value": 1,
        "rounded": true
    },
    "time_zone": "UTC",
    "fields": ["field1", "field2"],
    "schedule": {
        "cron": "0 0 * * *",
        "format": "json",
        "recipients": ["[email protected]"]
    },
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}

Property

Description

id string

Unique identifier of the activity report

name string

Friendly name of the activity report

active boolean

Status of the activity report

filters object

Selected report filters

start_date string

Absolute start date of the report window

end_date string

Absolute end date of the report window

period object

Relative time of the report window

time_zone string

Time zone of the report

fields [string]

Data fields included in the report

schedule object

Generation frequency, format, and recipients of the report

created_date string

Creation date of the report

updated_date string

Most recent modified date of the report

Bundles

{
    "id": "12345",
    "name": "example_access_bundle",
    "created_date": "2023-10-01T12:34:56Z",
    "access_targets": [
        {
            "id": "target1",
            "name": "target_1",
            "type": "example_type"
        },
        {
            "id": "target2",
            "name": "target_2",
            "type": "example_type"
        }
    ]
}

Property

Description

id string

Unique identifier of the bundle

name string

Friendly name of the bundle

create_date string

Creation date of the bundle

access_targets object

Resources within the bundle See: (bundles) access_targets

(bundles) access_targets object

Property

Description

id string

Unique identifier of the resource

name string

Friendly name of the resource

type string

Type of resource

Integrations

{
    "id": "integration123",
    "name": "example_integration",
    "type": "example_type",
    "status": "active",
    "connector_id": "connector123",
    "parent_integration_id": "parent_integration123",
    "connected_resource_types": ["resource_type1", "resource_type2"],
    "params": {
        "param_key1": "param_value1",
        "param_key2": "param_value2"
    },
    "custom_instructions_access_message": "please follow the instructions.",
    "last_sync_date": "2023-10-01T12:34:56Z",
    "secret_config": {
        "secret_key1": "secret_value1",
        "secret_key2": "secret_value2"
    }
}

Property

Description

id string

Unique identifier of the integration

name string

Friendly name of the integration

type string

Type of integration

status string

Status of the integration

connector_id string

Unique identifier of the connector used for the integration

parent_integration_id string

Unique identifier of the parent integration associated with this integration

connected_resource_types [string]

List of resources associated with the integration

params object

Parameters associated with the integration

custom_instructions_access_message string

Instructions explaining how to access this integration's resources

last_sync_date string (date-time)

Most recent date that Apono synced the integration

secret_config object

Secret for the integration

Users

{
    "id": "user123",
    "email": "[email protected]",
    "first_name": "John",
    "last_name": "Doe",
    "active": true,
    "roles": ["admin", "user"]
}

Property

Description

id string

Unique identifier of the user

email string

Email address of the user

first_name string

First name of the user

last_name string

Last name of the user

active boolean

Status of the user

roles [string]

Role-based access assigned to the user

Webhooks

{
    "id": "webhook123",
    "name": "example_webhook",
    "active": true,
    "triggers": ["trigger1", "trigger2"],
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}

Property

Description

id string

Unique identifier of the webhook

name string

Friendly name of the webhook

active boolean

Status of the webhook

triggers [string]

Associated webhook triggers

Possible Values:

AuditEventTriggered
Manual
RequestCreated
RequestApproved
RequestRejected
RequestGranted
RequestExpired
RequestFailed

created_date string (date-time)

Creation date of the webhook Example: 2023-10-01T12:34:56Z

updated_date string (date-time)

Most recent modified date of the webhook Example: 2023-10-03T1:32:57Z

PreviousWebhook Payload References NextWebhook Payload Schema Reference

Last updated 5 months ago

Was this helpful?

hashtagdata object

hashtagTarget Objects

hashtagAccess Flows

hashtaggrantees object

hashtaggrantees.attribute_filters object

hashtagaccess_targets object

hashtagaccess_targets.integration object

hashtagapprover_policy object

hashtagapprover_policy.condition_groups object

hashtagapprover_policy.condition_groups.conditions object

hashtagapprover_policy.condition_groups.conditions.attribute_condition object

hashtagapprover_policy.condition_groups.conditions.request_context_based_attribution_filter object

hashtagsettings object

hashtagAccount Settings

hashtagActivity Reports

hashtagBundles

hashtag(bundles) access_targets object

hashtagIntegrations

hashtagUsers

hashtagWebhooks

data object

Target Objects

Access Flows

grantees object

grantees.attribute_filters object

access_targets object

access_targets.integration object

approver_policy object

approver_policy.condition_groups object

approver_policy.condition_groups.conditions object

approver_policy.condition_groups.conditions.attribute_condition object

approver_policy.condition_groups.conditions.request_context_based_attribution_filter object

settings object

Account Settings

Activity Reports

Bundles

(bundles) access_targets object

Integrations

Users

Webhooks