# User Activity Log
# About
The Trusted Twin platform allows you to log data about the activity of a given user as well as activity related to User Tokens generated by a given user. The data is stored in the form of a user-defined Timeseries table. Then User Activity Log is enabled for a given user.
In order to use the User Activity Log for a given user you need to:
- Create a Timeseries table* where the User Activity Log data is to be stored (see Timeseries configuration section);
- Configure the given user to be added to the User Activity Log represented by the previously defined Timeseries table (see User configuration section.
You can create multiple Timeseries tables for a single user where their activity is to be logged. Each of the tables needs to be added to the user's configuration. For more details, please see the Enabling User Activity Log for a given user section.
*
Please note that Timeseries is a Trusted Twin advance database service, and it needs to be enabled for an account. Please get in touch with hello@trustedtwin.com to enable the advanced database services for your account.
# Timeseries configuration
The User Activity Log is stored in a user-defined Timeseries table. You can create a Timeseries table via the create_timeseries_table endpoint.
Please refer to User Activity Log template variables for template variables available for the User Activity Log templates.
# Example configuration
Below you can find an example of a request body used to create a Timeseries table used to store the User Activity Log:
In order to access the Timeseries database, please follow the steps in the Database services access article.
# Example User Activity Log table
| _timestamp | request_uuid | request_ts | user | operation | auth_type | auth_fingerprint | auth_validity | account | role | status | duration | resources | params | dict |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 8 Sept 2023, 10:50:41 | d40c5448-8ac5-419a-9c13-d12fff64bdfa | 1694163041.622 | b306186c-c090-4b64-af7d-cefed08d1882 | create_twin | secret | xds8 | 2f7e0026-dcbb-4eba-842d-44ed22f85503 | 088adec3-7145-43f2-84ea-12d034552589 | 201 | 0.1098921299 | {} | {} | {} | |
| 8 Sept 2023, 10:50:42 | 1ec45e19-ccee-49b2-a1f2-5e1fa0f76870 | 1694163042.796 | b306186c-c090-4b64-af7d-cefed08d1882 | create_user_token | secret | xds8 | 2f7e0026-dcbb-4eba-842d-44ed22f85503 | 088adec3-7145-43f2-84ea-12d034552589 | 201 | 0.1098921299 | {} | {} | {} | |
| 8 Sept 2023, 10:52:27 | 1427a77e-fc3f-4d4a-84d4-1ac8da70c01e | 1694163147.23 | b306186c-c090-4b64-af7d-cefed08d1882 | get_twin | token | xds8 | 2f7e0026-dcbb-4eba-842d-44ed22f85503 | 088adec3-7145-43f2-84ea-12d034552589 | 201 | 0.1098921299 | {"twin": "cb4e38ad-649b-46e1-9879-a6c7f9d8fa8b"} | {"show_terminated": "false"} | {"company": "company1"} |
| Column name | Description |
|---|---|
| _timestamp | Timestamp of the request. |
| request_uuid | Request UUID. |
| request_ts | Timestamp of the request. Measured in seconds (to three decimal places) that have elapsed since the Unix epoch(opens new window). |
| user | UUID of the calling user based on their User Secret. |
| operation * | Name of the operation. |
| auth_type | Denotes the authentication used. It can be either secret for authentication performed with a user secret or token for authentication performed with a user token. |
| auth_fingerprint | 4 last characters of the User Secret of the calling user or the User Secret that was used to generate the User Token of the calling user. |
| auth_validity | Validity of the User Secret or the User Token of the calling user. Measured in seconds (to three decimal places) that have elapsed since the Unix epoch(opens new window). |
| account | Account UUID. |
| role | Role UUID of the calling user. |
| status | Status of the request. |
| duration | Duration of the request. Counted in milliseconds. |
| resources | Resource passed in the request. |
| params | Query string parameters passed in the request. |
| dict | Mapping passed in the dict parameter of the request. |
*
The User Activity Log lists requests based on the User Secret or the User Token of the calling user. Requests that are passed without authentication (the following operations can be performed without authentication: create_user_secret, webhook_confirm_subscription, webhook_refresh_subscription, webhook_unsubscribe) will not be listed in the User Activity Log.
# Template variables
In the below sections you can find variables available for the Resource Access Log divided into categories with examples. The examples are based on the Timeseries configuration provided in the Example configuration section above.
# Request variables
| Variable | Column name | Description |
|---|---|---|
| request_uuid | request_uuid | Request UUID. |
| request_ts | request_ts | Timestamp of the request. Measured in seconds (to three decimal places) that have elapsed since the Unix epoch(opens new window). |
| operation | operation | Name of the operation. |
| status_code | status_code | Status of the request. |
| RESOURCES | resources | Resource passed in the request. |
| PARAMS | params | Query string parameters passed in the request. |
# Example
| request_uuid | request_ts | operation | status_code | resources | params |
|---|---|---|---|---|---|
| 74239fad-816e-4e75-b6fd-d4a4c50df0d2 | 1704184875.00 | get_twin | 200 | {"twin": "78772552-f372-4cce-ac36-247af4bcb95c"} | {"show_terminated": "false"} |
# Requestor variables
| Variable | Column name | Description |
|---|---|---|
| account | account | Account UUID of the requestor. |
| role | role | Role UUID of the requestor. |
| user | user | User UUID of the requestor. |
# Example
| account | role | user |
|---|---|---|
| 20db3819-4cc2-44b5-bba5-fb270f105c07 | 27295dc1-bfbf-43bd-870c-bce2a1ff942e | ed32777c-efe6-4fac-b1fd-0c17b6a6c9ce |
# Authentication variables
| Variable | Column name | Description |
|---|---|---|
| auth_type | auth_type | Denotes the authentication used. It can be either secret for authentication performed with a user secret or token for authentication performed with a user token. |
| auth_fingerprint | auth_fingerprint | 4 last characters of the User Secret of the calling user or the User Secret that was used to generate the User Token of the calling user. |
| auth_validity_ts | auth_validity_ts | Validity of the User Secret or the User Token of the calling user. Measured in seconds (to three decimal places) that have elapsed since the Unix epoch(opens new window). |
# Example
| auth_type | auth_fingerprint | auth_validity_ts |
|---|---|---|
| secret | xds8 | 1735821675.00 |
| token | xds8 | 1735821675.00 |
# User configuration
# Enabling User Activity Log for a given user
The User Activity Log is enabled at the user-level through adding the "activity" property when creating a new user (create_user) or when updating an existing user (update_user).
Below you can find an example of a request body for a request to the create_user endpoint with the "activity" property. The user's activity will be stored in Timeseries tables with the names "user_activity_log" and "user_activity_log_2". In case of the "user_acitivity_log" table the defaults for the dimensions "request_uuid" and "status_code" are defined in the "dimensions" section - they are set using the entry_value template and the status_code template.
# Disabling the User Activity Log for a given User
The User Activity Log can be disabled for a given user through setting the value of the "activity" property to "null" through the update_user endpoint.
Was this article helpful?