Can originator of API call's data be included in the audit trail? | Community
Skip to main content

Can originator of API call's data be included in the audit trail?

  • April 7, 2023
  • 4 replies
  • 0 views
Eric12

When doing a POST to `/api/v2/tickets`, the resulting ticket includes an audit object similar to this:

"audit": {
        "id": 124312341234,
        "ticket_id": 99,
        "created_at": "2023-04-07T16:38:35Z",
        "author_id": 234523452345,
        "metadata": {
            "system": {
                "client": "insomnia/2023.1.0",
                "ip_address": "1.2.3.4",
                "location": "Somewhere, IA, United States",
                "latitude": 45.1234,
                "longitude": -90.1234
            },
            "custom": {}
        },

Is there a way that the IP address and user-agent of the person who caused the API request can also be passed along? I'm thinking something similar to storing X-Forwarded-For would be great to audit any API abuse.

    4 replies

    Dane13
    • Dane13
    • April 26, 2023
    Hi Eric,

    Unfortunately, the properties you have mentioned is not included in the JSON payload when making the call.
    Eric12
    • Eric12
    • Author
    • April 27, 2023

    @dane13 Could this be considered a feature request? Especially for API integrations, I would see the information being forwarded that represents the request originator as being more beneficial than the IP of the API's server.

    Dane13
    • Dane13
    • April 27, 2023
    Of course. We continuously improve our services based on these feedbacks/requests as well.  Would you mind posting your use case to our Feedback on Support topic? We have a template you can copy and use in your post. This is to help get more visibility and votes on the idea. Then, others can share their use cases to further drive demand for that feature. Thanks!
    Eric12
    • Eric12
    • Author
    • April 28, 2023

    Great advice, @dane13. I created https://support.zendesk.com/hc/en-us/community/posts/5641389641114-Support-passing-ticket-creator-s-IP-and-user-agent-to-the-API

    What's the best practice for marking this post as closed & pointing the the feature requested that resulted?

    Terms & ConditionsCookie settingsAccessibility statement