Skip to main content
Version: 3.10.x

Audit Logging

As the frequency of API calls and system operations increases, the lack of effective monitoring and recording mechanisms can lead to security risks and operational hazards. Many industries face compliance management requirements, necessitating detailed recording and auditing of critical operations.

API7 Gateway provides the audit logging feature to monitor and record user activities within API7 Gateway, including all operations during user logins to the dashboard and API/ADC calls. API7 Gateway uses tokens as credentials to authenticate users or applications while the audit logs capture all token-related authentication and authorization actions.

How Audit Logging Works

All user actions within API7 Gateway will be recorded. Any additional alteration to audit logs is forbidden, which can ensure data authenticity.

All API calls generate corresponding audit logs. Each audit log includes the operation time, operator, event type, resource ID and name, operator's IP address, and source of the operation.

Users with permission to view and download audit logs, such as auditors, can access detailed information and export the logs in JSON or CSV format for further analysis.

Furthermore, API7 Gateway has implemented strict data masking mechanisms to protect sensitive information within the logs. Additionally, these audit logs are retained for 180 days by default to meet compliance requirements.

Through the audit logging feature, users can promptly identify and address potential security threats, and effectively enhance the platform's security and compliance.

Key Features

  • Monitor and log all activities and user actions that are immutable, ensuring data integrity.
  • Implement fine-grained audit log access control, ensuring only authorized administrators can view logs.
  • Audit logs are retained for 180 days for archival and backup purposes, ensuring compliance with auditing and regulatory requirements.

Use Cases

Real-Time Detection and Recording

Consider a scenario where a user mistakenly configures a new API service, leading to service disruption. In this case, the audit logging feature in API7 Gateway captures the action in real-time, documenting every modification made to the API gateway configuration.

When auditors log into the system and review the audit logs, they can quickly identify any anomalies or misconfigurations that contributed to the disruption. The audit logging feature enables them to pinpoint issues promptly and take corrective action before any significant damage occurs. The real-time detection and recording of such events provide a proactive approach to managing security and operational risks.

Post-Event Audit Logs Analysis

The detailed recording and auditing of critical operations provide a basis for subsequent compliance audits. These logs offer insights into user actions, system changes, and potential security incidents, making them invaluable for assessing adherence to security policies and regulatory requirements.

Through post-event analysis, administrators can easily and efficiently conduct targeted security audits on information systems. Moreover, the insights gained from post-event audits not only help in immediate issue resolution but also inform future policy adjustments and improvements. This makes audit logs a cornerstone for continuous security monitoring, risk management, and regulatory compliance.

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation