Skip to main content

decision_logs/query

The query API returns the last N decisions recorded for a particular policy. In contrast to decision log storage object retrieval, the query API returns data that is typically no more than a minute old.

URL

POST .../api/v1/decision_logs/query

Input payload

{
  "page": {
    "size": "[page size]",
    "token": "[token of page to retrieve, must be empty on the first call]"
  },
  "policy_id": "[policy id or empty for all policies]",
  "top_n": "[last N decisions to retrieve]"
}

Example

Given a request that uses the default page size (10):

{
  "top_n": 12,
  "policy_id": "18d6580f-7fb0-11ec-bdd9-01c9e2c2068b"
}

The response will resemble this:

{
  "page":  {
    "next_token":  "e2a62bd2-2704-48a4-b5e7-86f7885012f9",
    "result_size":  10,
    "total_size":  12
  },
  "results":  [
    {
      "log":  "{\"decision_id\":\"1834b93a-3a15-4f98-b6e2-3b1221ca984c\",\"decision_time\":\"2022-01-31T23:52:03Z\",\"tenant_id\":\"0116e83a-7e21-11ec-ab5b-00c9e2c2068b\",\"user\":{\"id\":\"2bfaa552-d9a5-41e9-a6c3-5be62b4433c8\",\"email\":\"aprils@acmecorp.com\"},\"path\":\"peoplefinder.POST.api.users.__id\",\"decisions\":{\"allowed\":true},\"policy\":{\"id\":\"18d6580f-7fb0-11ec-bdd9-01c9e2c2068b\",\"service\":\"registry.beta.aserto.com\",\"image\":\"peoplefinder/peoplefinder-abac\",\"tag\":\"latest\",\"digest\":\"sha256:dd0c6506d8d20539d46acbebffa03976274d022818dec0337a250df72d205b3a\"},\"resource\":{\"id\":\"dfdadc39-7335-404d-af66-c77cf13a15f8\"}}"
    },
    ...
    {
      "log":  "{\"decision_id\":\"89ffa41e-8083-49f6-8714-832973ff2040\",\"decision_time\":\"2022-02-03T00:28:00Z\",\"tenant_id\":\"0116e83a-7e21-11ec-ab5b-00c9e2c2068b\",\"user\":{\"id\":\"dfdadc39-7335-404d-af66-c77cf13a15f8\",\"email\":\"euang@acmecorp.com\"},\"path\":\"peoplefinder.PUT.api.users.__id\",\"decisions\":{\"allowed\":true},\"policy\":{\"id\":\"18d6580f-7fb0-11ec-bdd9-01c9e2c2068b\",\"service\":\"registry.beta.aserto.com\",\"image\":\"peoplefinder/peoplefinder-abac\",\"tag\":\"latest\",\"digest\":\"sha256:dd0c6506d8d20539d46acbebffa03976274d022818dec0337a250df72d205b3a\"},\"resource\":{\"id\":\"dfdadc39-7335-404d-af66-c77cf13a15f8\"}}"
    }
  ]
}

next_token indicates the remaining results can be retrieved issuing another request with the following payload:

{
  "page": {
      "token": "e2a62bd2-2704-48a4-b5e7-86f7885012f9"
  }
  "top_n": 12,
  "policy_id": "18d6580f-7fb0-11ec-bdd9-01c9e2c2068b"
}

See schemas for details of the contents of the logs returned by query.