If you're a risk-conscious organization that has third-party requirements for security, observability, and transparency, our platform auditing is for you.
With Redox auditing, you can troubleshoot or monitor any potential risks within your Redox organization. You can do this all programmatically with the Redox Platform API. Auditing helps you implement automated, proactive risk mitigation within your Redox organization.
Auditing is an advanced feature for any Redox product:
- Redox Nexus™
- Redox Access™
- Redox Chroma™ EMPI powered by Verato
- Redox Nova™
Once you've upgraded your plan to include this advanced feature, auditing is available to any Redox organization owners or admins.
With our Platform API endpoints, you can audit these kinds of events in your Redox dashboard organization:
- user activity, like:
- who views log payloads;
- when a user creates, updates, or deletes an API key (either OAuth or legacy); or
- when a user creates, updates, or deletes a source or destination in your system.
- user access, like:
- when a user sends an invitation for a new user to join the organization;
- when a new user accepts an invitation to join the organization; and
- when a user modifies another user's permissions, whether granting or revoking access.
In more technical-speak, these are the available audit events:
Audit event | Description |
|---|---|
log-payoad-viewed | Describes who viewed which logs and when. |
organization-loaded | Describes any time a user opens (i.e., loads) an organization in the dashboard. This could be when a user automatically logs in to an organization or when a user switches to a different organization in the dashboard. In a nutshell, this is when a dashboard organization's details are loaded for any reason. |
user-removed | Shows when a user is removed from an organization. |
user-invited | Shows when a user is invited to join an organization. |
user-joined | Shows when a new user accepts an invitation to join an organization. |
user-permissions-updated | Shows when an admin updates their own or others' user permissions to perform functions in the dashboard. This could be adding or removing permissions. |
oauth2-api-key-operation | Indicates when a user creates, updates, or deletes an OAuth API key. |
legacy-api-key-operation | Indicates when a user creates, updates, or deletes a legacy API key. |
endpoint-operation | Indicates when a user creates, updates, or deletes a destination configured to receive data within the organization. |
When you view these audit events, they'll have an associated status, which could be:
Audit event status | Description |
|---|---|
attempted | A user tried to perform a given action in the dashboard organization, but we're not sure how it turned out yet. This is an interim state, and it could change to any of the other statuses to indicate the terminal state. |
unauthorized | A user was logged in to the dashboard organization but didn't have permission to complete the action. |
unauthenticated | A user wasn't logged in to the dashboard organization when trying to complete the action. |
failed | A user tried to complete an action but wasn't successful for some reason. |
successful | A user tried to complete an action and was successful. |