Skip to main content

Audit Log API

Customers can use the existing audit logging mechanism to include their own application's events. There is a single API method that will consume events in the representation below and make them available for searching, filtering and exporting.


Events can be posted to the following endpoint. Note that host, port and realm must be replaced with your values. This endpoint accepts and returns JSON content.

POST https://<host>:<port>/auth/realms/<realm>/events


Only authenticated users may send events at this time. The current user login access token should be used for browser requests in the Authorization HTTP header as below. Backend requests can be made using a service account or other admin access token.

Authorization: Bearer <accessToken>

Field definitions


The Event object describes the full action that took place in the system.

uidstringprovidedAn ID unique to this event
timenumberoptional 1UNIX timestamp of the event
realmIdstringprovidedThe realm ID where the action took place
typestringrequiredA description of the action that took place
operationTypestringoptionalWhat operation was executed on a resource (CREATE, DELETE, UPDATE, ACTION)
resourcePathstringoptionalIf the action changed a resource, this is meant to be the / delimited resource path
resourceTypestringoptionalIf the action changed a resource, this is the resource's type
detailsobjectoptionalAn optional hash of values pertaining to the action that took place
errorstringoptionalAn optional error string for tracing purposes if the action resulted in a failure


The AuthDetails object provides information on the logged in user executing the action. When posting an event, AuthDetails should be omitted, as it will automatically be provided by the server.

realmIdstringprovidedThe realm ID of the logged in user
clientIdstringprovidedThe client ID the user was logged into
userIdstringprovidedThe user ID of the logged in user
ipAddressstringprovidedThe IP address of the logged in user
usernamestringprovidedThe username of the logged in user
sessionIdstringprovidedA unique ID of the current login session


HTTP status codes are used to indicate types of successful or failure states. A short JSON object will also be returned, with content indicating more informatin about an error state.

Status codeDescription
202Event received
400Malformed event
403API rate limit exceeded
409Reserved event type
5xxServer error


curl \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "Authorization: Bearer <accessToken>" \
--data "{ \"type\": \"\" }"

  1. If time is not passed by the caller, it will be provided by the server