Audit User Transactions

Enable User Audit Transaction Services

You can track PUT, POST, DELETE, and authentication logon transactions by enabling each API project. Go to Create, API Properties, Settings tab. Select the Audit User Transaction check box.

For more information about this setting, see API Properties.

MongoDB Setup

All transactions are first written to MongoDB. Create a custom MongoDB resource named _USER_TX_AUDIT_ that points to the MongoDB server, database, and collection that hold the audit transaction summaries.

Tip! You can filter out Read requests. Add a filter to the Filter field on the Create, Resources, Details tab and set it to:

{actionType: { $ne: 'R'}}

How User Audit Transaction Services Work

All REST requests for a specific project that enables the audit feature records the old and new value for change at nest level '0' (the starting point). All additional transactions are stored in a summary that touch other tables (cascaded updates or inserts).

The following occurs:

  1. The batch insert is posted and a transaction is recorded for the insert.
  2. API Server starts which triggers the start of a background thread. API Server uses this thread to write to the MongoDB table every few seconds.
  3. API Server looks for the custom MongoDB custom resource named _USER_TX_AUDIT_. If the server does not respond, it will not try to write to MongoDB again. If you create a new resource, you must restart API Server to take effect of the new MongoDB resource.


The following image shows the REST Lab: