All changes made within Tarsal's application, either via the browser or via API, are captured. The data captured includes the old and new values of the entire record. These objects are then stored as stringified JSON.

📘
Prior to committing to the database, any secrets or passwords that these records may contain will be obfuscated via asterisks and are not retrievable.

Example Record

{
  "id": "019276b3-0add-7fc1-8366-5639a3fbc053",
  "createTime": "2024-10-10T13:51:38.205849Z",
  "resource": {
    "type": "USER",
    "id": "9cba4c24-db9d-43f5-868d-2c8d240c38ab",
    "changes": [
      {
        "name": "entity",
        "description": "User user@acme.co update_password from 123.22.78.213",
        "oldValue": "JSON stringified object. null for CREATE operations",
        "newValue": "JSON stringified object. null for DELETE operations"
      }
    ]
  },
  "operation": {
    "type": "UPDATE",
    "id": "UPDATE-USER",
    "time": "2024-10-10T13:51:38.162Z",
    "status": "SUCCEEDED"
  },
  "actor": {
    "type": "USER",
    "id": "9cba4c24-db9d-43f5-868d-2c8d240c38ab",
    "metadata": {
      "company": "acmeco",
      "email": "user@acme.co",
      "name": "Acme User"
    }
  }
}

Audit Log Operations and Resources

In General, the Operation ID operation.id is a combination of the Operation Type operation.type (CREATE, UPDATE, DELETE) and the Resource Type resource.type (USER, SOURCE, DESTINATION, etc) and is mostly self explanatory as they are based on REST CRUD principles.

📘
Example: UPDATE-SOURCE
The Operation ID UPDATE-SOURCE means that a Source configuration was Updated.

There are more complicated use cases around non standard objects which don't follow a strict CRUD pattern. Resources in this category include Login, Authentication, and User operations. These operations are described below:

Operation ID	Description
LOGIN-AUTHENTICATION	Login events via Username and Password
LOGIN-SSO-AUTHENTICATION	Login events via Single Sign On
LOGOUT-AUTHENTICATION	Logout events
SESSION-RENEWAL-AUTHENTICATION	Session Re-Authenticated, e.g. a token renewal exchange with an IDP
UPDATE-AUTHENTICATION	Session operations, includes refresh token exchange; grants revoked
UPDATE-USER	User related updates, such as verify email, update password, configure OTP