As we profile different APIs for inclusion in the Streamdata.io API Gallery, we always spend time looking at how different API providers are defining their event-driven architecture, and how these definitions could impact the wider API sector. After learning about how you can stream logs for the user authentication and authorization layer of our operations using the Okta Log API, we thought the types of API events they had defined were of particular interest, and relevance to the wider API sector. Everyone maintains a user authentication and authorization layer for their platforms, making the event types they track pretty universal across all API providers.
These event types help categorize event instances by actions that are recorded as part of an Okta LogEvent’s eventType attribute, allowing for anyone to navigate, and then stream the logs using the expression filters defined for each event type. Here are the major event types that Okta has aggregated so far across authentication and authorization systems:
Application Event
– application.lifecycle.activate – An application was activated.
– application.lifecycle.create – An application was created.
– application.lifecycle.deactivate – An application was deactivated.
– application.lifecycle.delete – An application was deleted.
– application.lifecycle.update – An application was updated.
– application.user_membership.add – A user was assigned to an application.
– application.user_membership.change_username – The name of a user assigned to an application was changed.
– application.user_membership.remove – A user was removed from an application.
Group Event
– group.user_membership.add – A user was added to a group.
– group.user_membership.remove – A user was removed from a group.
Policy Events
– policy.lifecycle.activate – A rule in a policy was activated.
– policy.lifecycle.create – A rule in a policy was created.
– policy.lifecycle.deactivate – A rule in a policy was deactivated.
– policy.lifecycle.delete – A rule in a policy was deleted.
– policy.lifecycle.update – A rule in a policy was updated.
– policy.rule.activate – A rule in a policy was activated.
– policy.rule.add – A rule was added to a policy.
– policy.rule.deactivate – A rule in a policy was deactivated.
– policy.rule.delete – A rule was deleted from a policy.
– policy.rule.update – A rule in a policy was updated.
User Events
– user.authentication.sso – A user attempted to SSO to an application managed in Okta
– user.lifecycle.activate – A user account was activated.
– user.lifecycle.create – A user account was created.
– user.lifecycle.deactivate – A user account was deactivated.
– user.lifecycle.suspend – A user account was suspended.
– user.lifecycle.unsuspend – A user account was moved from suspended status.
– user.session.start Okta issued a session to a user who is authenticating
This list of API events outlines the most important activity that occurs across our user management systems. When you look at this in context of API management, it becomes the event-driven architecture needed for quantifying and understand how our API resources are being used. Making for arguably one of the most important lists of events that occur via ANY API-driven platform, and the events we should probably be streaming to dashboards for building awareness, into our machine learning models to keep in tune with good and bad patterns at this layer, and anywhere else that might need to respond to real time authentication and authorization events.