Integration audit log subscriptions

Audit log integration subscriptions allow you to send audit log events hooks to one of dozens of external tools. For example, you can send flag change event webhooks to external third party software. To learn more, read Building your own integrations.

You can use the integration subscriptions API to create, delete, and manage your integration audit log subscriptions.

Each of these operations requires an integrationKey that refers to the type of integration. The required config fields to create a subscription vary depending on the integrationKey. You can find a full list of the fields for each integration below.

Several of these operations require a subscription ID. The subscription ID is returned as part of the Create audit log subscription and Get audit log subscriptions by integration responses. It is the _id field, or the _id field of each element in the items array.

Configuration bodies by integrationKey

datadog

apiKey is a sensitive value.

hostURL must evaluate to either "https://api.datadoghq.com" or "https://api.datadoghq.eu" and will default to the former if not explicitly defined.

"config": {
    "apiKey": <string, optional>, # sensitive value
    "hostURL": <string, optional>
}

dynatrace

apiToken is a sensitive value.

entity must evaluate to one of the following fields and will default to "APPLICATION" if not explicitly defined:

Click to expand list of fields
"APPLICATION"
"APPLICATION_METHOD"
"APPLICATION_METHOD_GROUP"
"AUTO_SCALING_GROUP"
"AUXILIARY_SYNTHETIC_TEST"
"AWS_APPLICATION_LOAD_BALANCER"
"AWS_AVAILABILITY_ZONE"
"AWS_CREDENTIALS"
"AWS_LAMBDA_FUNCTION"
"AWS_NETWORK_LOAD_BALANCER"
"AZURE_API_MANAGEMENT_SERVICE"
"AZURE_APPLICATION_GATEWAY"
"AZURE_COSMOS_DB"
"AZURE_CREDENTIALS"
"AZURE_EVENT_HUB"
"AZURE_EVENT_HUB_NAMESPACE"
"AZURE_FUNCTION_APP"
"AZURE_IOT_HUB"
"AZURE_LOAD_BALANCER"
"AZURE_MGMT_GROUP"
"AZURE_REDIS_CACHE"
"AZURE_REGION"
"AZURE_SERVICE_BUS_NAMESPACE"
"AZURE_SERVICE_BUS_QUEUE"
"AZURE_SERVICE_BUS_TOPIC"
"AZURE_SQL_DATABASE"
"AZURE_SQL_ELASTIC_POOL"
"AZURE_SQL_SERVER"
"AZURE_STORAGE_ACCOUNT"
"AZURE_SUBSCRIPTION"
"AZURE_TENANT"
"AZURE_VM"
"AZURE_VM_SCALE_SET"
"AZURE_WEB_APP"
"CF_APPLICATION"
"CF_FOUNDATION"
"CINDER_VOLUME"
"CLOUD_APPLICATION"
"CLOUD_APPLICATION_INSTANCE"
"CLOUD_APPLICATION_NAMESPACE"
"CONTAINER_GROUP"
"CONTAINER_GROUP_INSTANCE"
"CUSTOM_APPLICATION"
"CUSTOM_DEVICE"
"CUSTOM_DEVICE_GROUP"
"DCRUM_APPLICATION"
"DCRUM_SERVICE"
"DCRUM_SERVICE_INSTANCE"
"DEVICE_APPLICATION_METHOD"
"DISK"
"DOCKER_CONTAINER_GROUP_INSTANCE"
"DYNAMO_DB_TABLE"
"EBS_VOLUME"
"EC2_INSTANCE"
"ELASTIC_LOAD_BALANCER"
"ENVIRONMENT"
"EXTERNAL_SYNTHETIC_TEST_STEP"
"GCP_ZONE"
"GEOLOCATION"
"GEOLOC_SITE"
"GOOGLE_COMPUTE_ENGINE"
"HOST"
"HOST_GROUP"
"HTTP_CHECK"
"HTTP_CHECK_STEP"
"HYPERVISOR"
"KUBERNETES_CLUSTER"
"KUBERNETES_NODE"
"MOBILE_APPLICATION"
"NETWORK_INTERFACE"
"NEUTRON_SUBNET"
"OPENSTACK_PROJECT"
"OPENSTACK_REGION"
"OPENSTACK_VM"
"OS"
"PROCESS_GROUP"
"PROCESS_GROUP_INSTANCE"
"RELATIONAL_DATABASE_SERVICE"
"SERVICE"
"SERVICE_INSTANCE"
"SERVICE_METHOD"
"SERVICE_METHOD_GROUP"
"SWIFT_CONTAINER"
"SYNTHETIC_LOCATION"
"SYNTHETIC_TEST"
"SYNTHETIC_TEST_STEP"
"VIRTUALMACHINE"
"VMWARE_DATACENTER"
"config": {
    "apiToken": <string, required>,
    "url": <string, required>,
    "entity": <string, optional>
}

elastic

token is a sensitive field.

"config": {
    "url": <string, required>,
    "token": <string, required>,
    "index": <string, required>
}

honeycomb

apiKey is a sensitive field.

"config": {
    "datasetName": <string, required>,
    "apiKey": <string, required>
}

logdna

ingestionKey is a sensitive field.

"config": {
    "ingestionKey": <string, required>,
    "level": <string, optional>
}

msteams

"config": {
    "url": <string, required>
}

new-relic-apm

apiKey is a sensitive field.

domain must evaluate to either "api.newrelic.com" or "api.eu.newrelic.com" and will default to the former if not explicitly defined.

"config": {
    "apiKey": <string, required>,
    "applicationId": <string, required>,
    "domain": <string, optional>
}

signalfx

accessToken is a sensitive field.

"config": {
    "accessToken": <string, required>,
    "realm": <string, required>
}

splunk

token is a sensitive field.

"config": {
    "base-url": <string, required>,
    "token": <string, required>,
    "skip-ca-verificiation": <boolean, required>
}

Get audit log subscriptions by integration

Get all audit log subscriptions associated with a given integration.

Request
path Parameters
integrationKey
required
string <string>

The integration key

Responses
200

Integrations collection response

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

get/api/v2/integrations/{integrationKey}
Request samples
Response samples
application/json
{
  • "_links": {
    },
  • "items": [
    ],
  • "key": "string"
}

Create audit log subscription

Create an audit log subscription.

For each subscription, you must specify the set of resources you wish to subscribe to audit log notifications for. You can describe these resources using a custom role policy. To learn more, read Custom role concepts.

Request
path Parameters
integrationKey
required
string <string>

The integration key

Request Body schema: application/json
required
name
required
string

A human-friendly name for your audit log subscription.

Array of objects (StatementPostList)
on
boolean

Whether or not you want your subscription to actively send events.

tags
Array of strings

An array of tags for this subscription.

required
object

The unique set of fields required to configure an audit log subscription integration of this type. Refer to the formVariables field in the corresponding manifest.json at https://github.com/launchdarkly/integration-framework/tree/main/integrations for a full list of fields for the integration you wish to configure.

url
string

Slack webhook receiver URL. Only necessary for legacy Slack webhook integrations.

apiKey
string

Datadog API key. Only necessary for legacy Datadog webhook integrations.

Responses
201

Integration response

400

Invalid request

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

post/api/v2/integrations/{integrationKey}
Request samples
application/json
{
  • "config": {
    },
  • "name": "Example audit log subscription.",
  • "on": false,
  • "statements": [
    ],
  • "tags": [
    ]
}
Response samples
application/json
{
  • "_links": {
    },
  • "_id": "1234a56b7c89d012345e678f",
  • "kind": "datadog",
  • "name": "Example Datadog integration",
  • "config": {
    },
  • "statements": [
    ],
  • "on": true,
  • "tags": [
    ],
  • "_access": {
    },
  • "_status": {
    },
  • "url": "string",
  • "apiKey": "string"
}

Get audit log subscription by ID

Get an audit log subscription by ID.

Request
path Parameters
integrationKey
required
string <string>

The integration key

id
required
string <string>

The subscription ID

Responses
200

Integration response

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

get/api/v2/integrations/{integrationKey}/{id}
Request samples
Response samples
application/json
{
  • "_links": {
    },
  • "_id": "1234a56b7c89d012345e678f",
  • "kind": "datadog",
  • "name": "Example Datadog integration",
  • "config": {
    },
  • "statements": [
    ],
  • "on": true,
  • "tags": [
    ],
  • "_access": {
    },
  • "_status": {
    },
  • "url": "string",
  • "apiKey": "string"
}

Update audit log subscription

Update an audit log subscription configuration. Updating an audit log subscription uses a JSON patch representation of the desired changes. To learn more, read Updates.

Request
path Parameters
integrationKey
required
string <string>

The integration key

id
required
string <string>

The ID of the audit log subscription

Request Body schema: application/json
required
Array
op
required
string

The type of operation to perform

path
required
string

A JSON Pointer string specifying the part of the document to operate on

value
any

A JSON value used in "add", "replace", and "test" operations

Responses
200

Integration response

400

Invalid request

403

Forbidden

404

Invalid resource identifier

409

Status conflict

429

Rate limited

patch/api/v2/integrations/{integrationKey}/{id}
Request samples
application/json
[
  • {
    }
]
Response samples
application/json
{
  • "_links": {
    },
  • "_id": "1234a56b7c89d012345e678f",
  • "kind": "datadog",
  • "name": "Example Datadog integration",
  • "config": {
    },
  • "statements": [
    ],
  • "on": true,
  • "tags": [
    ],
  • "_access": {
    },
  • "_status": {
    },
  • "url": "string",
  • "apiKey": "string"
}

Delete audit log subscription

Delete an audit log subscription.

Request
path Parameters
integrationKey
required
string <string>

The integration key

id
required
string <string>

The subscription ID

Responses
204

Action succeeded

401

Invalid access token

403

Forbidden

404

Invalid resource identifier

429

Rate limited

delete/api/v2/integrations/{integrationKey}/{id}
Request samples
Response samples
application/json
{
  • "code": "unauthorized",
  • "message": "Invalid access token"
}