Integration audit log subscriptions

Audit log integration subscriptions allow you to send audit log events hooks to one of dozens of external tools. For example, you can send flag change event webhooks to external third party software. To learn more, read Building your own integrations.

You can use the integration subscriptions API to create, delete, and manage your integration audit log subscriptions.

Each of these operations requires an integrationKey that refers to the type of integration. The required config fields to create a subscription vary depending on the integrationKey. You can find a full list of the fields for each integration below.

Several of these operations require a subscription ID. The subscription ID is returned as part of the Create audit log subscription and Get audit log subscriptions by integration responses. It is the _id field, or the _id field of each element in the items array.

Configuration bodies by integrationKey

datadog

apiKey is a sensitive value.

hostURL must evaluate to either "https://api.datadoghq.com" or "https://api.datadoghq.eu" and will default to the former if not explicitly defined.

"config": {
    "apiKey": <string, optional>, # sensitive value
    "hostURL": <string, optional>
}

dynatrace

apiToken is a sensitive value.

entity must evaluate to one of the following fields and will default to "APPLICATION" if not explicitly defined:

Click to expand list of fields
"APPLICATION"
"APPLICATION_METHOD"
"APPLICATION_METHOD_GROUP"
"AUTO_SCALING_GROUP"
"AUXILIARY_SYNTHETIC_TEST"
"AWS_APPLICATION_LOAD_BALANCER"
"AWS_AVAILABILITY_ZONE"
"AWS_CREDENTIALS"
"AWS_LAMBDA_FUNCTION"
"AWS_NETWORK_LOAD_BALANCER"
"AZURE_API_MANAGEMENT_SERVICE"
"AZURE_APPLICATION_GATEWAY"
"AZURE_COSMOS_DB"
"AZURE_CREDENTIALS"
"AZURE_EVENT_HUB"
"AZURE_EVENT_HUB_NAMESPACE"
"AZURE_FUNCTION_APP"
"AZURE_IOT_HUB"
"AZURE_LOAD_BALANCER"
"AZURE_MGMT_GROUP"
"AZURE_REDIS_CACHE"
"AZURE_REGION"
"AZURE_SERVICE_BUS_NAMESPACE"
"AZURE_SERVICE_BUS_QUEUE"
"AZURE_SERVICE_BUS_TOPIC"
"AZURE_SQL_DATABASE"
"AZURE_SQL_ELASTIC_POOL"
"AZURE_SQL_SERVER"
"AZURE_STORAGE_ACCOUNT"
"AZURE_SUBSCRIPTION"
"AZURE_TENANT"
"AZURE_VM"
"AZURE_VM_SCALE_SET"
"AZURE_WEB_APP"
"CF_APPLICATION"
"CF_FOUNDATION"
"CINDER_VOLUME"
"CLOUD_APPLICATION"
"CLOUD_APPLICATION_INSTANCE"
"CLOUD_APPLICATION_NAMESPACE"
"CONTAINER_GROUP"
"CONTAINER_GROUP_INSTANCE"
"CUSTOM_APPLICATION"
"CUSTOM_DEVICE"
"CUSTOM_DEVICE_GROUP"
"DCRUM_APPLICATION"
"DCRUM_SERVICE"
"DCRUM_SERVICE_INSTANCE"
"DEVICE_APPLICATION_METHOD"
"DISK"
"DOCKER_CONTAINER_GROUP_INSTANCE"
"DYNAMO_DB_TABLE"
"EBS_VOLUME"
"EC2_INSTANCE"
"ELASTIC_LOAD_BALANCER"
"ENVIRONMENT"
"EXTERNAL_SYNTHETIC_TEST_STEP"
"GCP_ZONE"
"GEOLOCATION"
"GEOLOC_SITE"
"GOOGLE_COMPUTE_ENGINE"
"HOST"
"HOST_GROUP"
"HTTP_CHECK"
"HTTP_CHECK_STEP"
"HYPERVISOR"
"KUBERNETES_CLUSTER"
"KUBERNETES_NODE"
"MOBILE_APPLICATION"
"NETWORK_INTERFACE"
"NEUTRON_SUBNET"
"OPENSTACK_PROJECT"
"OPENSTACK_REGION"
"OPENSTACK_VM"
"OS"
"PROCESS_GROUP"
"PROCESS_GROUP_INSTANCE"
"RELATIONAL_DATABASE_SERVICE"
"SERVICE"
"SERVICE_INSTANCE"
"SERVICE_METHOD"
"SERVICE_METHOD_GROUP"
"SWIFT_CONTAINER"
"SYNTHETIC_LOCATION"
"SYNTHETIC_TEST"
"SYNTHETIC_TEST_STEP"
"VIRTUALMACHINE"
"VMWARE_DATACENTER" 
"config": {
    "apiToken": <string, required>,
    "url": <string, required>,
    "entity": <string, optional>
}

elastic

token is a sensitive field.

"config": {
    "url": <string, required>,
    "token": <string, required>,
    "index": <string, required>
}

honeycomb

apiKey is a sensitive field.

"config": {
    "datasetName": <string, required>,
    "apiKey": <string, required>
}

logdna

ingestionKey is a sensitive field.

"config": {
    "ingestionKey": <string, required>,
    "level": <string, optional>
}

msteams

"config": {
    "url": <string, required>
}

new-relic-apm

apiKey is a sensitive field.

domain must evaluate to either "api.newrelic.com" or "api.eu.newrelic.com" and will default to the former if not explicitly defined.

"config": {
    "apiKey": <string, required>,
    "applicationId": <string, required>,
    "domain": <string, optional>
}

signalfx

accessToken is a sensitive field.

"config": {
    "accessToken": <string, required>,
    "realm": <string, required>
}

splunk

token is a sensitive field.

"config": {
    "base-url": <string, required>,
    "token": <string, required>,
    "skip-ca-verificiation": <boolean, required>
}

Get audit log subscriptions by integration

Get all audit log subscriptions associated with a given integration.

Request
path Parameters
integrationKey
required
string <string>

The integration key

Responses
200

Integrations collection response

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

get/api/v2/integrations/{integrationKey}
Request samples 
Response samples 
application/json
{
  • "_links": {
    },
  • "items": [
    ],
  • "key": "string"
}
Create audit log subscription
Create an audit log subscription.

For each subscription, you must specify the set of resources you wish to subscribe to audit log notifications for. You can describe these resources using a custom role policy. To learn more, read Custom role concepts.


Request 
path Parameters
integrationKey
required
string <string> 
The integration key


 
Request Body schema: application/json
required
name
required
string
A human-friendly name for your audit log subscription.


 
Array of objects (StatementPostList) 
 
on
boolean
Whether or not you want your subscription to actively send events.


 
tags
Array of strings
An array of tags for this subscription.


 
required
object
The unique set of fields required to configure an audit log subscription integration of this type. Refer to the formVariables field in the corresponding manifest.json at https://github.com/launchdarkly/integration-framework/tree/main/integrations for a full list of fields for the integration you wish to configure.


 
url
string
Slack webhook receiver URL. Only necessary for legacy Slack webhook integrations.


 
apiKey
string
Datadog API key. Only necessary for legacy Datadog webhook integrations.


 
Responses 
201
Integration response


400
Invalid request


401
Invalid access token


403
Forbidden


404
Invalid resource identifier


429
Rate limited


post/api/v2/integrations/{integrationKey}
Request samples 
application/json
{
  • "config": {
    },
  • "name": "Example audit log subscription.",
  • "on": false,
  • "statements": [
    ],
  • "tags": [
    ]
}
Response samples 
application/json
{
  • "_links": {
    },
  • "_id": "1234a56b7c89d012345e678f",
  • "kind": "datadog",
  • "name": "Example Datadog integration",
  • "config": {
    },
  • "statements": [
    ],
  • "on": true,
  • "tags": [
    ],
  • "_access": {
    },
  • "_status": {
    },
  • "url": "string",
  • "apiKey": "string"
}
Get audit log subscription by ID
Get an audit log subscription by ID.


Request 
path Parameters
integrationKey
required
string <string> 
The integration key


 
id
required
string <string> 
The subscription ID


 
Responses 
200
Integration response


401
Invalid access token


403
Forbidden


404
Invalid resource identifier


429
Rate limited


get/api/v2/integrations/{integrationKey}/{id}
Request samples 
Response samples 
application/json
{
  • "_links": {
    },
  • "_id": "1234a56b7c89d012345e678f",
  • "kind": "datadog",
  • "name": "Example Datadog integration",
  • "config": {
    },
  • "statements": [
    ],
  • "on": true,
  • "tags": [
    ],
  • "_access": {
    },
  • "_status": {
    },
  • "url": "string",
  • "apiKey": "string"
}
Update audit log subscription
Update an audit log subscription configuration. Updating an audit log subscription uses a JSON patch representation of the desired changes. To learn more, read Updates.


Request 
path Parameters
integrationKey
required
string <string> 
The integration key


 
id
required
string <string> 
The ID of the audit log subscription


 
Request Body schema: application/json
required
 Array 
op
required
string
The type of operation to perform


 
path
required
string
A JSON Pointer string specifying the part of the document to operate on


 
value
required
any
A JSON value used in "add", "replace", and "test" operations


 
Responses 
200
Integration response


400
Invalid request


403
Forbidden


404
Invalid resource identifier


409
Status conflict


429
Rate limited


patch/api/v2/integrations/{integrationKey}/{id}
Request samples 
application/json
[
  • {
    }
]
Response samples 
application/json
{
  • "_links": {
    },
  • "_id": "1234a56b7c89d012345e678f",
  • "kind": "datadog",
  • "name": "Example Datadog integration",
  • "config": {
    },
  • "statements": [
    ],
  • "on": true,
  • "tags": [
    ],
  • "_access": {
    },
  • "_status": {
    },
  • "url": "string",
  • "apiKey": "string"
}
Delete audit log subscription
Delete an audit log subscription.


Request 
path Parameters
integrationKey
required
string <string> 
The integration key


 
id
required
string <string> 
The subscription ID


 
Responses 
204
Action succeeded


401
Invalid access token


403
Forbidden


404
Invalid resource identifier


429
Rate limited


delete/api/v2/integrations/{integrationKey}/{id}
Request samples 
Response samples 
application/json
{
  • "code": "unauthorized",
  • "message": "Invalid access token"
}
➔ Next to Integration delivery configurations (beta)