LogoLogo
Documentation and Guides
Documentation and Guides
  • ABOUT APONO
    • Why Choose Apono
    • Security and Architecture
    • Glossary
  • GETTING STARTED
    • How Apono Works
    • Getting started
    • Access Discovery
    • Integrating with Apono
  • CONNECTORS AND SECRETS
    • Apono Integration Secret
    • High Availability for Connectors
    • Installing a connector with Docker
    • Manage integrations
    • Manage connectors
  • AWS ENVIRONMENT
    • AWS Overview
    • Apono Connector for AWS
      • Installing a connector on EKS Using Terraform
      • Updating a connector in AWS
      • Installing a connector on AWS ECS using Terraform
    • AWS Integrations
      • Integrate an AWS account or organization
        • Auto Discover AWS RDS Instances
        • AWS Best Practices
      • Amazon Redshift
      • RDS PostgreSQL
      • AWS RDS MySQL
      • Integrate with EKS
      • AWS Lambda Custom Integration
      • EC2 via Systems Manager Agent (SSM)
  • AZURE ENVIRONMENT
    • Apono Connector for Azure
      • Install an Azure connector on ACI using Azure CLI
      • Install an Azure connector on ACI using PowerShell
      • Install an Azure connector on ACI using Terraform
      • Updating a connector in Azure
    • Azure Integrations
      • Integrate with Azure Management Group or Subscription
        • Auto Discover Azure SQL Databases
      • Azure MySQL
      • Azure PostgreSQL
      • Integrate with AKS
  • GCP ENVIRONMENT
    • Apono Connector for GCP
      • Installing a GCP connector on Cloud Run using CLI
      • Installing a GCP connector on GKE using CLI (Helm)
      • Installing a GCP connector on GKE using Terraform
      • Updating a connector in Google Cloud
    • GCP Integrations
      • Integrate a GCP organization or project
      • CloudSQL - MySQL
      • CloudSQL - PostgreSQL
      • Google Cloud Functions
      • Integrate with GKE
      • AlloyDB
  • KUBERNETES ENVIRONMENT
    • Apono Connector for Kubernetes
      • Installing a connector on Kubernetes with AWS permissions
      • Updating a Kubernetes connector
    • Kubernetes Integrations
      • Integrate with Self-Managed Kubernetes
  • ADDITIONAL INTEGRATIONS
    • Databases and Data Repositories
      • Microsoft SQL Server
      • MongoDB
      • MongoDB Atlas
      • MongoDB Atlas Portal
      • MySQL
      • Oracle Database
      • PostgreSQL
      • Redis Cloud (Redislabs)
      • Snowflake
      • Vertica
      • MariaDB
    • Network Management
      • SSH Servers
      • RDP Servers
      • Windows Domain Controller
      • AWS EC2 SSH Servers
      • Azure VM SSH Servers
      • Installing the Apono HTTP Proxy
    • Development Tools
      • GitHub
      • Rancher
    • Identity Providers
      • Okta SCIM
      • Okta Groups
      • Okta SSO for Apono logins
      • Google Workspace (Gsuite)
      • Google Workspace (GSuite) Groups
      • Azure Active Directory (Microsoft Entra ID)
      • Azure Active Directory (Entra ID) Groups
      • Jumpcloud
      • JumpCloud Groups
      • OneLogin
      • OneLogin Group
      • LDAP Groups
      • The Manager Attribute in Access Flows
      • HiBob
      • Ping Identity SSO
    • Incident Response Integrations
      • Opsgenie
      • PagerDuty
      • VictorOps (Splunk On-Call)
      • Zenduty
    • ChatOps Integrations
      • Slack integration
      • Teams integration
      • Backstage Integration
  • WEBHOOK INTEGRATIONS
    • Webhooks Overview
    • Anomaly Webhook
    • Audit Log Webhook
    • Request Webhook
      • Custom Webhooks
      • Communications and Notifications
        • Slack Outbound Webhooks
        • Teams
        • Outlook and Gmail (Using Azure Logic App)
      • ITSM
        • Freshdesk
        • Jira
        • ServiceNow
        • Zendesk
        • Freshservice
        • ServiceDesk Plus
      • Logs and SIEMs
        • Coralogix
        • Datadog
        • Logz.io
        • Grafana
        • New Relic
        • SolarWinds
        • Sumo Logic
        • Cortex
        • Logpoint
        • Splunk
        • Microsoft Sentinel
      • Orchestration and workflow builders
        • Okta Workflows
        • Torq
    • Integration Webhook
    • Webhook Payload References
      • Audit Log Webhook Payload Schema Reference
      • Webhook Payload Schema Reference
    • Manage webhooks
    • Troubleshoot a webhook
    • Manual Webhook
      • ITSM
        • PagerDuty
  • ACCESS FLOWS
    • Access Flows
      • What are Access Flows?
    • Create Access Flows
      • Self Serve Access Flows
      • Automatic Access Flows
      • Access Duration
    • Manage Access Flows
      • Right Sizing
    • Revoke Access
    • Dynamic Access Management
      • Resource and Integration Owners
    • Common Use Cases
      • Ensuring SLA
      • Protecting PII and Customer Data
      • Production Stability and Management
      • Break Glass Protocol
    • Create Bundles
    • Manage Bundles
  • ACCESS REQUESTS AND APPROVALS
    • Slack
      • Requesting Access with Slack
      • Approving Access with Slack
    • Teams
      • Requesting Access with Teams
      • Approving Access with Teams
    • CLI
      • Install and manage the Apono CLI
      • Requesting Access with CLI
    • Web Portal
      • Requesting Access with the Web Portal
      • Approving Access with the Web Portal
      • Reviewing historical requests with the Web Portal
    • Freshservice
    • Favorites
  • Inventory
    • Inventory Overview
    • Inventory
    • Access Scopes
    • Risk Scores
    • Apono Query Language
  • AUDITS AND REPORTS
    • Activity Overview
      • Activity
      • Create Reports
      • Manage Reports
    • Compliance: Audit and Reporting
    • Auditing Access in Apono
    • Admin Audit Log (Syslog)
  • HELP AND DEBUGGING
    • Integration Status Page
    • Troubleshooting Errors
  • ARCHITECTURE AND SECURITY
    • Anomaly Detection
    • Multi-factor Authentication
    • Credentials Rotation Policy
    • Periodic User Cleanup & Deletion
    • End-user Authentication
    • Personal API Tokens
  • User Administration
    • Role-Based Access Control (RBAC) Reference
    • Create Identities
    • Manage Identities
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. WEBHOOK INTEGRATIONS
  2. Webhook Payload References

Audit Log Webhook Payload Schema Reference

Send Apono access request data to your internal systems with event-triggered HTTP messages

PreviousWebhook Payload ReferencesNextWebhook Payload Schema Reference

Last updated 18 days ago

Was this helpful?

This reference describes each of the properties of the webhook payload schema.

The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the templating language to format expressions for certain data fields.

{
    "event_type": "string",
    "event_time": "{seconds}.{nanos}",
    "data": {
        "timestamp": "{seconds}.{nanos}",
        "action": "string",
        "actor_id": "string",
        "actor_name": "string",
        "actor_type": "string",
        "source": "string",
        "target_id": "string",
        "target_type": "string",
        "target_name": "string",
        "metadata": "object",
        "current_target_object": "object",
        "previous_target_object": "object"
    }
}
Property
Description

event_type string

Type of audit log event

event_time string

Date the event occurred

data object

data object

Property
Description

timestamp string

Date and time the event occurred

action string

Event performed, such as creating, editing, or deleting an item

actor_id string

Email address of the user who performed the action

actor_name string

Full name of the user who performed the action

actor_type string

Type of user who performed the action

source string

Location where the action originated

Possible Values:

  • API

  • integration

  • Terraform

  • web application

target_id string

Unique identifier of the object affected by the action

target_type string

Type of object affected by the action

Possible Values:

  • access flow

  • bundle

  • integration

target_name string

Friendly name of the object affected by the action

current_target_object object

Updated details of the object affected by the action

IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only.

Target Objects:

previous_target_object object

Previous details of the object affected by the action

IMPORTANT: The webhook will return all data within this object. Specific values within a target object cannot be targeted. The following details of each target are provided for information purposes only.

Target Objects:


Target Objects

Access Flows

{
    "id": "flow123",
    "name": "example_access_flow",
    "active": true,
    "revoke_after_in_sec": 3600,
    "trigger": {
        "type": "time_based",
        "timeframe": {
            "days_in_week": ["Monday", "Tuesday"],
            "time_zone": "UTC"
        }
    },
    "grantees": {
        "logical_operator": "AND",
        "attribute_filters": [
            {
                "operator": "EQUALS",
                "attribute_type": "role",
                "attribute_value": "admin",
                "integration_id": "integration123"
            }
        ]
    },
    "access_targets": [
        {
            "integration": {
                "resource_integration_id": "integration123",
                "resource_type": "database",
                "resource_tag_restrictors": [
                    {
                        "name": "env",
                        "value": "production"
                    }
                ],
                "resource_tag_restrictors": [],
                "permissions": ["read", "write"]
            }
        }
    ],
    "approver_policy": {
        "groups_operator": "OR",
        "condition_groups": [
            {
                "logical_operator": "AND",
                "conditions": [
                    {
                        "attribute_condition": {
                            "operator": "EQUALS",
                            "attribute_type": "department",
                            "attribute_value": "IT",
                            "integration_id": "integration123"
                        }
                    }
                ]
            }
        ]
    },
    "settings": {
        "require_approver_justification": true,
        "require_justification": false,
        "approver_cannot_approve_himself": true,
        "require_mfa": true
    },
    "labels": [
        {
            "key": "priority",
            "value": "high"
        }
    ],
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}
Property
Description

id string

Unique identifier of the access flow

name string

Friendly name of the access flow

active boolean

Status of the access flow Possible Values:

  • true

  • false

revoke_after_in_sec integer

Access duration (in seconds) granted for the resources within the access flow

trigger string | object

Event associated with the access flow

grantees object

access_targets object

approver_policy object

Identities authorized to approve the access flow request

settings object

labels object

created_date string

Creation date of the access flow

updated_date string

Most recent modified date of the access flow

grantees object

Property
Description

logical_operator string

Logical operator applied to the attribute_filters objects

attribute_filters object

grantees.attribute_filters object

Property
Description

operator string

Comparative operator relating the attribute_type_id and attribute_value

attribute_type_id string

Type of grantee

Possible Values:

  • group

  • user

attribute_value [string]

Unique identifier of the grantee

access_targets object

Property
Description

integration object

bundle object

The bundle_id is the sole property of this object.

saved_query object

access_targets.integration object

Property
Description

resource_integration_id string

Unique identifier of the resource

resource_type string

Type of resource

resource_tag_restrictors object

Resources excluded from the integration

permissions object

Permissions granted to the resource

approver_policy object

Property
Description

groups_operator string

Logical operator applied to the condition_groups objects

condition_groups object

approver_policy.condition_groups object

Property
Description

logical_operator string

Logical operator applied to the conditions objects

conditions object

approver_policy.condition_groups.conditions object

Property
Description

attribute_condition object

request_context_based_attribution_filter object

approver_policy.condition_groups.conditions.attribute_condition object

Property
Description

operator string

Comparative operator relating the attribute_type_id and attribute_value

attribute_type_id string

Type of approver

attribute_value [string]

Unique identifier of the approver

approver_policy.condition_groups.conditions.request_context_based_attribution_filter object

Property
Description

attribute_type_id string

Type of approver

integration_id string

Identifying value of the associated integration

settings object

Property
Description

require_approver_justification boolean

require_justification boolean

approver_cannot_approve_himself boolean

require_mfa boolean

Account Settings

{
    "account_id": "account123",
    "account_name": "example_account",
    "enable_flow_failure_notifications": true,
    "credentials_rotation_period_in_days": 90,
    "inactive_user_retention_in_days": 180,
    "integrations_updates_notifications": true,
    "require_duration_for_access_request": false
}
Property
Description

account_id string

Unique identifier of the account

account_name string

Friendly name of the account

enable_flow_failure_notifications boolean

Notifications sent to admins about access flow failures

credential_rotation_period_in_days integer

Number of days after which the credentials must be rotated

inactive_user_retention_in_days integer

integrations_updates_notifications boolean

Email notifications sent to admins about integration status updates

require_duration_for_access_request boolean

Requires the requester to specify duration of access

Activity Reports

{
    "id": "report123",
    "name": "example_activity_report",
    "active": true,
    "filters": {
        "filter_key1": "filter_value1",
        "filter_key2": "filter_value2"
    },
    "start_date": "2023-10-01T12:34:56Z",
    "end_date": "2023-10-02T12:34:56Z",
    "period": {
        "unit": "day",
        "value": 1,
        "rounded": true
    },
    "time_zone": "UTC",
    "fields": ["field1", "field2"],
    "schedule": {
        "cron": "0 0 * * *",
        "format": "json",
        "recipients": ["user@example.com"]
    },
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}
Property
Description

id string

Unique identifier of the activity report

name string

Friendly name of the activity report

active boolean

Status of the activity report

filters object

Selected report filters

start_date string

Absolute start date of the report window

end_date string

Absolute end date of the report window

period object

Relative time of the report window

time_zone string

Time zone of the report

fields [string]

Data fields included in the report

schedule object

Generation frequency, format, and recipients of the report

created_date string

Creation date of the report

updated_date string

Most recent modified date of the report

Bundles

{
    "id": "12345",
    "name": "example_access_bundle",
    "created_date": "2023-10-01T12:34:56Z",
    "access_targets": [
        {
            "id": "target1",
            "name": "target_1",
            "type": "example_type"
        },
        {
            "id": "target2",
            "name": "target_2",
            "type": "example_type"
        }
    ]
}
Property
Description

id string

Unique identifier of the bundle

name string

Friendly name of the bundle

create_date string

Creation date of the bundle

access_targets object

(bundles) access_targets object

Property
Description

id string

Unique identifier of the resource

name string

Friendly name of the resource

type string

Type of resource

Integrations

{
    "id": "integration123",
    "name": "example_integration",
    "type": "example_type",
    "status": "active",
    "connector_id": "connector123",
    "parent_integration_id": "parent_integration123",
    "connected_resource_types": ["resource_type1", "resource_type2"],
    "params": {
        "param_key1": "param_value1",
        "param_key2": "param_value2"
    },
    "custom_instructions_access_message": "please follow the instructions.",
    "last_sync_date": "2023-10-01T12:34:56Z",
    "secret_config": {
        "secret_key1": "secret_value1",
        "secret_key2": "secret_value2"
    }
}
Property
Description

id string

Unique identifier of the integration

name string

Friendly name of the integration

type string

Type of integration

status string

Status of the integration

connector_id string

Unique identifier of the connector used for the integration

parent_integration_id string

Unique identifier of the parent integration associated with this integration

connected_resource_types [string]

List of resources associated with the integration

params object

Parameters associated with the integration

custom_instructions_access_message string

Instructions explaining how to access this integration's resources

last_sync_date string (date-time)

Most recent date that Apono synced the integration

secret_config object

Users

{
    "id": "user123",
    "email": "user@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "active": true,
    "roles": ["admin", "user"]
}
Property
Description

id string

Unique identifier of the user

email string

Email address of the user

first_name string

First name of the user

last_name string

Last name of the user

active boolean

Status of the user

roles [string]

Role-based access assigned to the user

Webhooks

{
    "id": "webhook123",
    "name": "example_webhook",
    "active": true,
    "triggers": ["trigger1", "trigger2"],
    "created_date": "2023-10-01T12:34:56Z",
    "updated_date": "2023-10-02T12:34:56Z"
}
Property
Description

id string

Unique identifier of the webhook

name string

Friendly name of the webhook

active boolean

Status of the webhook

triggers [string]

Associated webhook triggers

Possible Values:

  • AuditEventTriggered

  • Manual

  • RequestCreated

  • RequestApproved

  • RequestRejected

  • RequestGranted

  • RequestExpired

  • RequestFailed

created_date string (date-time)

Creation date of the webhook Example: 2023-10-01T12:34:56Z

updated_date string (date-time)

Most recent modified date of the webhook Example: 2023-10-03T1:32:57Z

Field containing an embedded object with contextual information about the triggering event See:

Identities for whom access is requested See:

Integrations, bundles, or access scopes to which access will be given See:

Access flow settings (, ) applied to the access flow

Identifies access flows for streamlined organization and use See: or

List of grantees See:

Integration definition See:

Unique identifier of the , contained within the bundle_id property

Unique identifier of the , contained within the saved_query_id property The saved_query_id is the sole property of this object.

Grouped list of approvers See:

List of individual approver criteria See:

Attributes of a specific approver See:

Attributes of a specific approver based on context See:

Indicates if approvers are required to enter a justification for approving or rejecting a request See:

Indicates if grantees are required to enter a justification for their requests See:

Indicates if users can approve their own access See:

Indicates if users will be required to pass when requesting access

See:

Number of days after which to delete a user Apono created if no grant is active See:

Resources within the bundle See:

for the integration

Handlebars
bundle
access scope
Credentials Rotation Policy
Periodic User Cleanup & Deletion
Secret
data object
Access Flows
Account Settings
Activity Reports
Bundles
Integrations
Users
Webhooks
Access Flows
Account Settings
Activity Reports
Bundles
Integrations
Users
Webhooks
grantees object
access_targets object
grantees.attribute_filters object
access_targets.integration object
approver_policy.condition_groups object
approver_policy.condition_groups.conditions object
approver_policy.condition_groups.conditions.attribute_condition object
approver_policy.condition_groups.conditions.request_context_based_attribution_filter object
(bundles) access_targets
Self Serve Access Flows
Self Serve Access Flows
Self Serve Access Flows
multi-factor authentication
self serve
Self Serve Access Flows
automatic
Automatic Access Flows