September 29, 2016

New API Endpoint: Get an audit log out of ThisData

Until now our API has been all about tracking the events of your users, and querying our risk engine to verify whether activity is legitimate or not. Today we've opened up a new endpoint - GET /events. All of the events you've been pumping in to ThisData, you can now super easily get back out again.

This has been one of our biggest feature requests. You've wanted to show your users where they last logged in from. You wanted to empower your users to check recent actions on their accounts. You wanted to have your own copy of user activity for compliance reasons. We listened, and here it is!

Example time: user audit log

A quick win is to show your users what has been happening on their account. This gives your users confidence that their accounts are being kept safe, can help with compliance, and more. Big players like Facebook and Google have been doing this for a long time, and it has proven security benefits.

If you're not already using ThisData, go and get a free account now. Send events in, and then display them to the user on their Account page. You'll achieve super simple auditing, no storage costs, and all in a matter of hours - probably much quicker.

Adding an Audit Log to a User's account

Here's what ours looks like within the ThisData app (Account Settings > Security):

To achieve that in your own app, fire a request at https://api.thisdata.com/v1/events.json, with query parameters including your API key, and your user's ID. Use whatever framework or language you want.

Here's an example in Ruby, using the popular HTTParty gem. (We'll be adding native support to our libraries over the coming weeks!)

response = HTTParty.get(  
  "https://api.thisdata.com/events.json",
  query: {
    api_key: "YOUR-API-KEY",
    user_id: current_user.id,
  }
)

@events = JSON.parse(response.body)["results"] if response.success?

Easy peasy! Each event contains structured data that could be rendered in a table. Here's how we do it in our Rails app:

  <table>
    <thead>
      <tr>
        <th>ACTION</th>
        <th>DEVICE</th>
        <th>LOCATION</th>
        <th>OCCURRED</th>
      </tr>
    </thead>
    <tbody>
      <% @events.each do |event| %>
        <tr>
          <td>
            <%= event["verb"] %>
          </td>
          <td>
            <abbr title="<%= event["device"]["user_agent"] %>">
              <%= "#{event["device"]["browser"]} on #{event["device"]["os"]}" %>
            </abbr>
          </td>
          <td>
            <abbr title="<%= event["location"]["ip"] %>">
              <%= "#{event["location"]["address"]["city_name"]}, " +
                  "#{event["location"]["address"]["country_name"]}" rescue event["location"]["ip"] %>
            </abbr>
          </td>
          <td>
            <%= DateTime.parse(event["published"]).strftime("%e %b %Y - %T") %>
          </td>
        </tr>
      <% end %>
    </tbody>
  </table>

Resources

YOU MAY ALSO BE INTERESTED IN

Introducing custom security rules

For the past few years we’ve been working hard to create a plug and play adaptive risk engine. We designed our core service using a mix of b ...

Cloudbleed - ThisData's Response

Late last week Cloudflare announced that a pretty serious bug had been found in the way they handled their traffic. The bug allowed private ...