Download reports with VaultAccountActivity

The VaultAccountActivity query returns full information for all Vault account activity events that match given search parameters. You can use any of the following sets of parameters to generate reports:

  • start_date and duration
  • start_time and duration
  • end_date and duration
  • end_time and duration

The reporting API is an authenticated API. For instructions on using authenticated APIs using OAuth, see Authenticate to the Remote Support API. The API account must have the permission Allow Access to Vault Account Activity Reports.

Parameters for VaultAccountActivity

start_date=[YYYY-MM-DD]

Specifies that the report returns all events that happened on or after this date and that are within the duration specified below.
start_time=[timestamp] Specifies that the report returns all sessions, those still in progress, that began at or after this time as well as that are within the duration specified below. The time must be a UNIX timestamp (UTC).
end_date=[YYYY-MM-DD] Specifies that the report returns only closed sessions that ended on or after this date and that are within the duration specified below.
end_time=[timestamp] Specifies that the report returns only closed sessions that ended at or after this time and that are within the duration specified below. The time must be a UNIX timestamp (UTC).
duration=[integer] Length of time from the specified date or time for which you wish to pull reports, or 0 to pull from the specified date to present. If start_date or end_date is specified, duration represents days; if start_time or end_time is specified, duration represents seconds.

Optional parameter for VaultAccountActivity

limit=[string]

The category by which to filter results. Can be one of the following:

all Returns all results.
rep:[id] Returns sessions owned by a representative, specified by user ID. To get a representative's ID, see API command: get_logged_in_reps.
account: [id] Returns all events involving a specific account.

XML response for VaultAccountActivity query

<vault_account_activity_list>

 Contains a <vault_account_activity> element for each event that matches the given criteria. If no events are returned, this element contains no <vault_account_activity> elements. If an error occurs during the search, it contains an <error> element describing the problem.

Element names and attributes

timestamp (attribute) The system time at which the event occurred.
Account The ID of the Vault account.
event_type (attribute)

The type of event which occurred. Event types include the following:

Account Created

Account Deleted

Credentials Checked Out

Credentials Checked In

Password Changed

Password Rotation Failed

Credentials Used

Credentials Force Checked In
<performed_by> The entity that performed the action. Indicates the entity’s ID and also its type, indicating whether this action was performed by the system, a representative, or an API account.
<data>

The value of this attribute depends on the event_type. For a Password Changed event, it contains values like Manually Edited, Manually Rotated, or Rotate after check in. For a Password Rotation Failed event, it contains an error string explaining the reason for its failure. For a Credential Checked Out event, if the credentials were used in a session, then it contains the LSID of the session.