Programmatic access to "API Access Audit" data via GraphQL

moyer · March 15, 2023, 7:07pm

I’m implementing some security monitoring for our Buildkite organization. The data in the API Access Audit page is very valuable, but I cannot retrieve similar information via the GraphQL (or REST) API in a way that lets me build automated alerts.

I can work around aspects of this by searching for USER_API_ACCESS_TOKEN_ORGANIZATION_ACCESS_ADDED events in the audit log, but this is still missing some data. In particular the last used timestamp and IP address information for each token would be very valuable.

jameshill · March 17, 2023, 10:38am

Hey Matt,

The USER_API_ACCESS_TOKEN_ORGANIZATION_ACCESS_ADDED event is generated at the time the token is added, The audit events are immutable so we won’t be able to use it to retrieve the last used timestamp and IP address.

However, we’ve taken onboard the feedback around accessing the API Access Audit page via the GraphQL API.

Topic		Replies	Views
Audit old and unused API tokens with API Access Audit Announcements	0	407	October 7, 2019
GitHub Event payload forwarding? General	4	1063	June 29, 2020
Open Api Schema / Graphql General	5	836	January 6, 2022
Inspect and revoke API Access Tokens via the REST API Announcements	0	400	July 5, 2019
How to create an access token for another user? General	3	110	February 15, 2024

Programmatic access to "API Access Audit" data via GraphQL

Related Topics