Search

    On this page

    Log Streaming API

    Early Access

    The Okta Log Streaming API provides operations to manage Log Stream configurations for an org. You can configure up to two Log Stream integrations per org.

    Note: The Log Streaming Early Access feature must be enabled. See Feature Lifecycle Management (opens new window) and Manage Early Access and Beta features (opens new window) for more information on Feature Manager.

    Get started

    Explore the Log Streaming API:Run in Postman (opens new window)

    Log Streaming operations

    The Log Streaming API has the following CRUD operations:

    Add a Log Stream

    Early Access

    POST /api/v1/logStreams

    Adds a new Log Stream to your org

    Request parameters
    Parameter Description Param Type DataType Required
    logStream Log Stream configuration Body Log Stream TRUE
    Response parameters

    The created Log Stream object

    Request example 
    curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
  "type": "aws_eventbridge",
  "name": "Example AWS EventBridge",
  "settings": {
    "eventSourceName": "your-event-source-name",
    "accountId": "123456789012",
    "region": "us-east-2"
  }
}
' "https://${yourOktaDomain}/api/v1/logStreams"
    Response example 
    {
  "id": "0oa1orqUGCIoCGNxf0g4",
  "type": "aws_eventbridge",
  "name": "Example AWS EventBridge",
  "lastUpdated": "2021-10-21T16:55:30.000Z",
  "created": "2021-10-21T16:55:29.000Z",
  "status": "ACTIVE",
  "settings": {
    "accountId": "123456789012",
    "eventSourceName": "your-event-source-name",
    "region": "us-east-2"
  },
  "_links": {
    "self": {
      "href": "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4",
      "method": "GET"
    },
    "deactivate": {
      "href": "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate",
      "method": "POST"
    }
  }
}

    Get a Log Stream

    Early Access

    GET /api/v1/logStreams/${logStreamId}

    Fetches a Log Stream by id

    Request parameters
    Parameter Description Param Type DataType Required
    logStreamId The Log Stream unique id provided by Okta URL String TRUE
    Response parameters

    The requested Log Stream object

    Request example 
    curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4"
    Response example 
    {
  "id": "0oa1orzg0CHSgPcjZ0g4",
  "type": "aws_eventbridge",
  "name": "Example EventBridge",
  "lastUpdated": "2021-10-21T16:59:59.000Z",
  "created": "2021-10-21T16:59:59.000Z",
  "status": "ACTIVE",
  "settings": {
    "accountId": "123456789012",
    "eventSourceName": "your-event-source-name",
    "region": "us-east-2"
  },
  "_links": {
    "self": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
      "method": "GET"
    },
    "deactivate": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
      "method": "POST"
    }
  }
}

    List Log Streams

    Early Access

    GET /api/v1/logStreams

    List Log Streams in your org. You can request a paginated list or a subset of Log Streams that match a supported filter expression.

    Request parameters
    Parameter Description Param Type DataType Required Default
    after Specifies the pagination cursor for the next page of Log Streams Query String FALSE
    filter Filters Log Streams by status or type Query String FALSE
    limit Specifies the number of Log Streams to return per page (maximum 200) Query Number FALSE 20

    The results are paginated according to the limit parameter. If there are multiple pages of results, the Link header contains a next link that should be treated as an opaque value (follow it, don't parse it).

    Filters

    The following filters are supported with the filter query parameter:

    Filter Description
    type eq "${typeId}" Filter Log Streams of type ${typeId}, such as aws_eventbridge or splunk_cloud_logstreaming
    status eq "ACTIVE" Filter Log Streams with an ACTIVE status
    status eq "INACTIVE" Filter Log Streams with an INACTIVE status

    Note: The Log Stream list filter only support the eq operator and allows one filter expression per request. Use URL encoding for special characters, such as replacing a space with a plus (+) sign. See Filter design principles for details.

    Response parameters

    Array of Log Stream objects

    List Log Streams with defaults

    Returns a list of all Log Streams added to your org without filter or pagination options

    Request example 
    curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams"
    Response example 
    [
  {
    "id": "0oa1orzg0CHSgPcjZ0g4",
    "type": "aws_eventbridge",
    "name": "Example AWS EventBridge",
    "lastUpdated": "2021-10-21T16:59:59.000Z",
    "created": "2021-10-21T16:59:59.000Z",
    "status": "ACTIVE",
    "settings": {
      "accountId": "123456789012",
      "eventSourceName": "your-event-source-name",
      "region": "us-east-2"
    },
    "_links": {
      "self": {
        "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
        "method": "GET"
      },
      "deactivate": {
        "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
        "method": "POST"
      }
    }
  },
  {
    "id": "0oa129gzYyV6oWs1D0g4",
    "type": "splunk_cloud_logstreaming",
    "name": "Example Splunk Cloud",
    "lastUpdated": "2021-11-30T15:16:09.000Z",
    "created": "2021-11-30T15:16:09.000Z",
    "status": "ACTIVE",
    "settings": {
      "host": "acme.splunkcloud.com",
      "token": "1e652bb8-3ef8-427b-9f00-222e1bbe3832"
    },
    "_links": {
      "self": {
        "href": "http://{yourOktaDomain}/api/v1/logStreams/0oa129gzYyV6oWs1D0g4",
        "method": "GET"
      },
      "deactivate": {
        "href": "http://{yourOktaDomain}/api/v1/logStreams/0oa129gzYyV6oWs1D0g4/lifecycle/deactivate",
        "method": "POST"
      }
    }
  }
]

    Find Log Streams by type

    Finds all Log Streams with a specific type

    Request example 
    curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams?filter=type+eq+%22aws_eventbridge%22"
    Response example 
    [
  {
    "id": "0oa1orzg0CHSgPcjZ0g4",
    "type": "aws_eventbridge",
    "name": "Example AWS EventBridge",
    "lastUpdated": "2021-10-21T16:59:59.000Z",
    "created": "2021-10-21T16:59:59.000Z",
    "status": "ACTIVE",
    "settings": {
      "accountId": "123456789012",
      "eventSourceName": "your-event-source-name",
      "region": "us-east-2"
    },
    "_links": {
      "self": {
        "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
        "method": "GET"
      },
      "deactivate": {
        "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
        "method": "POST"
      }
    }
  }
]

    Find Log Streams by status

    Finds all Log Streams with a specified status

    Request example 
    curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams?filter=status+eq+%22ACTIVE%22"
    Response example 
    [
  {
    "id": "0oa1orzg0CHSgPcjZ0g4",
    "type": "aws_eventbridge",
    "name": "Example AWS EventBridge",
    "lastUpdated": "2021-10-21T16:59:59.000Z",
    "created": "2021-10-21T16:59:59.000Z",
    "status": "ACTIVE",
    "settings": {
      "accountId": "123456789012",
      "eventSourceName": "your-event-source-name",
      "region": "us-east-2"
    },
    "_links": {
      "self": {
        "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
        "method": "GET"
      },
      "deactivate": {
        "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
        "method": "POST"
      }
    }
  }
]

    Update a Log Stream

    Early Access

    PUT /api/v1/logStreams/${logStreamId}

    Updates the configuration for a Log Stream

    Request parameters
    Parameter Description Param Type DataType Required
    logStreamId id of the Log Stream to update URL String TRUE
    logStream Updated configuration for the Log Stream Body Log Stream TRUE

    Depending on the type of Log Stream, certain properties can't be updated once the Log Stream is created. Use the Log Stream Schema API to determine which Log Stream type can't be updated. Log Stream types with the "writeOnce" : true property can't be updated after creation.

    Response parameters

    Updated Log Stream

    Request example 
    curl -v -X PUT \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
    "id": "0oa1orzg0CHSgPcjZ0g4",
    "type": "aws_eventbridge",
    "name": "Updated example AWS EventBridge"
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4"
    Response example 
    {
  "id": "0oa1orzg0CHSgPcjZ0g4",
  "type": "aws_eventbridge",
  "name": "Example AWS EventBridge",
  "lastUpdated": "2021-10-21T16:59:59.000Z",
  "created": "2021-10-21T16:59:59.000Z",
  "status": "ACTIVE",
  "settings": {
    "accountId": "123456789012",
    "eventSourceName": "your-event-source-name",
    "region": "us-east-2"
  },
  "_links": {
    "self": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
      "method": "GET"
    },
    "deactivate": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
      "method": "POST"
    }
  }
}

    Delete a Log Stream

    Early Access

    DELETE /api/v1/logStreams/${logStreamId}

    Removes a Log Stream from your org

    Request parameters
    Parameter Description Param Type Data Type Required
    logStreamId id of the Log Stream to delete URL String TRUE
    Response parameters

    There are no response parameters.

    Request example 
    curl -v -X DELETE \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4"
    Response example 
    HTTP/1.1 204 No Content

    Log Streaming lifecycle operations

    The Log Streaming API has the following lifecycle operations:

    Activate a Log Stream

    Early Access

    POST /api/v1/logStreams/${logStreamId}/lifecycle/activate

    Reactivates an inactive Log Stream

    Request parameters
    Parameter Description Param Type DataType Required
    logStreamId id of the Log Stream to activate URL String TRUE
    Response parameters

    Activated Log Stream

    Request example 
    curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/activate"
    Response example 
    {
  "id": "0oa1orzg0CHSgPcjZ0g4",
  "type": "aws_eventbridge",
  "name": "Example AWS EventBridge",
  "lastUpdated": "2021-10-21T16:59:59.000Z",
  "created": "2021-10-21T16:59:59.000Z",
  "status": "ACTIVE",
  "settings": {
    "accountId": "123456789012",
    "eventSourceName": "your-event-source-name",
    "region": "us-east-2"
  },
  "_links": {
    "self": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
      "method": "GET"
    },
    "deactivate": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
      "method": "POST"
    }
  }
}

    Deactivate a Log Stream

    Early Access

    POST /api/v1/logStreams/${logStreamId}/lifecycle/deactivate

    Deactivates an active Log Stream

    Request parameters
    Parameter Description Param Type DataType Required
    logStreamId id of the Log Stream to deactivate URL String TRUE
    Response parameters

    Deactivated Log Stream

    Request example 
    curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate"
    Response example 
    {
  "id": "0oa1orzg0CHSgPcjZ0g4",
  "type": "aws_eventbridge",
  "name": "Example AWS EventBridge",
  "lastUpdated": "2021-10-21T16:59:59.000Z",
  "created": "2021-10-21T16:59:59.000Z",
  "status": "INACTIVE",
  "settings": {
    "accountId": "123456789012",
    "eventSourceName": "your-event-source-name",
    "region": "us-east-2"
  },
  "_links": {
    "self": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
      "method": "GET"
    },
    "activate": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/activate",
      "method": "POST"
    }
  }
}

    Log Stream object

    Log Stream object example 

    {
  "id": "0oa1orzg0CHSgPcjZ0g4",
  "type": "aws_eventbridge",
  "name": "Example AWS EventBridge",
  "lastUpdated": "2021-10-21T16:59:59.000Z",
  "created": "2021-10-21T16:59:59.000Z",
  "status": "ACTIVE",
  "settings": {
    "accountId": "123456789012",
    "eventSourceName": "your-event-source-name",
    "region": "us-east-2"
  },
  "_links": {
    "self": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
      "method": "GET"
    },
    "deactivate": {
      "href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
      "method": "POST"
    }
  }
}

    Log Stream properties

    All Log Streams have the following properties:

    Property Description DataType Nullable Unique Readonly MinLength MaxLength
    id Unique key for the Log Stream String FALSE TRUE TRUE
    created Timestamp when the Log Stream was created Date FALSE FALSE TRUE
    lastUpdated Timestamp when the Log Stream was last updated Date FALSE FALSE TRUE
    _links Log Stream relational and lifecycle operation links JSON HAL (opens new window) for Log Stream Links TRUE FALSE TRUE
    name Unique name for the Log Stream String FALSE TRUE FALSE 1 100
    status Status of the Log Stream ACTIVE or INACTIVE FALSE FALSE TRUE
    type Type of Log Stream Log Stream type FALSE FALSE FALSE
    settings Log Stream type settings AWS EventBridge Settings or Splunk Cloud Settings FALSE FALSE TRUE

    Property details

    • The id, status, created, lastUpdated, and _links properties are available after a Log Stream is created.

    This object provides read-only link relationships to the Log Stream. The relational links include lifecycle operations. See Web Linking (opens new window) using the JSON Hypertext Application Language (opens new window) specification.

    Link Relation Type Description
    self The primary URL for the Log Stream
    activate A URL to activate an inactive Log Stream
    deactivate A URL to deactivate an active Log Stream

    Log Stream type

    The Log Stream type specifies the streaming provider used. Okta supports the following providers:

    Type Description
    aws_eventbridge AWS EventBridge (opens new window) Log Stream type
    splunk_cloud_logstreaming Splunk Cloud (opens new window) Log Stream type

    AWS EventBridge Settings object

    The AWS EventBridge Settings object specifies the configuration for the aws_eventbridge Log Stream type. You can't modify the AWS EventBridge Settings properties after the object is created.

    AWS EventBridge Settings example 

    {
    "accountId": "123456789012",
    "eventSourceName": "your-event-source-name",
    "region": "us-east-2"
}

    AWS EventBridge Settings properties

    Property Description DataType Nullable Unique Readonly MinLength MaxLength
    accountId Your AWS account ID String FALSE FALSE FALSE 12 12
    eventSourceName An alphanumeric name (no spaces) to identify this event source in AWS EventBridge String (permitted characters: letters, digits, ., -, _ ) FALSE TRUE FALSE 1 75
    region The destination AWS region where your event source is going to be located String FALSE FALSE FALSE

    Property details

    • The accountId, eventSourceName, and region properties are assigned during creation and can't be modified afterwards.
    • The region property can be set to one of the following supported AWS region codes. The region list can also be retrieved with the Log Stream Schema endpoint.
    Region Description
    us-east-2 US East (Ohio)
    us-east-1 US East (N. Virginia)
    us-west-1 US West (N. California)
    us-west-2 US West (Oregon)
    ca-central-1 Canada (Central)
    eu-central-1 Europe (Frankfurt)
    eu-west-1 Europe (Ireland)
    eu-west-2 Europe (London)
    eu-west-3 Europe (Paris)
    eu-south-1 Europe (Milan)
    eu-north-1 Europe (Stockholm)

    Splunk Cloud Settings object

    The Splunk Cloud Settings object specifies the configuration for the splunk_cloud_logstreaming Log Stream type.

    Splunk Cloud Settings example 

    {
  "host": "acme.splunkcloud.com"
  "token": "11111111-1111-2222-2222-222222222222"
}

    Splunk Cloud Settings properties

    Property Description DataType Nullable Unique Readonly MinLength MaxLength
    host The domain name for your Splunk Cloud instance. Don't include http or https in the string. For example: acme.splunkcloud.com String FALSE FALSE FALSE 17 116
    token The HEC token for your Splunk Cloud HTTP Event Collector String (GUID format) FALSE FALSE FALSE 36 36
    Edit This Page On GitHub