Audit Retention

Overview

Every YaaS service potentially deals with personal data. Therefore, the Audit Ingestion service enables YasS services to create the appropriate audit logs. With the Audit Retention Service, you can modify your audit logs' Retention Policy. This policy states how long your audit logs are stored before they are permanently deleted. By default, audit logs are stored for two months upon ingestion via the Audit Ingestion service.

The Audit Retention service, like the Audit Ingestion Service, supports three types of audit logs:

  • security event logs - logged security events, such as attempts to change address information without sufficient permissions
  • personal data change logs - logged events of any personal data amendments, such as an email address change
  • configuration change logs - logged events of configuration changes, such as assigning a new user to a project

Note that as a data owner, you are responsible for providing logs for events related to personal data to the data subject or data controller, for auditing purposes. The Audit Retention service allows you, as a YaaS user, to define retention policies for your audit logs.

API Reference

/policy/{auditType}/{sourceType}/{source}

/policy/{auditType}/{sourceType}/{source}

post

Creates or updates the retention policy for the given auditType, sourceType, and source.

get

Gets the retention policy stored for the provided audit-type, source-type, and source The caller of the query must fulfill the same yaas authorization requirements as the original query.

Creates or updates the retention policy for the given auditType, sourceType, and source.

URI Parameters

  • auditType: required (one of personal-data-changes, configuration-changes, security-events)

    The audit type of the requested policy.

  • sourceType: required (one of tenant, organization, account)

    The sourceType for the requested policy

  • source: required (string)

    The source for the requested policy

Headers

  • Authorization: required (string)

    Used to send a valid OAuth2 access token.

    Example:

    Bearer access_token

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "Retention policy",
    "description": "Schema for describing a retention policy change.",
    "type": "object",
    "properties": {
        "retention-period": {
            "type": "string",
            "description": "ISO 8601 duration period for the audit logs."
        }
    },
    "required": [
        "retention-period"
    ]
}

Example:

{
    "retention-period": "P2M"
}

HTTP status code 201

The system created the query. The Location header contains the address for a query resource that the system must use to get information about the query.

Headers

  • Location: required (string)

    The address to get the query status.

    Example:

    /query/35162fdasfgda65dsafgdsa6ads7da321dsa

HTTP status code 400

Invalid JSON request.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 400,
    "type": "validation_violation",
    "message": "Constraint violations while validating 'retention-period'",
    "moreInfo": "https://pattern.yaas.io/errortypes.html",
    "details": [
        {
            "field": "retention-period",
            "type": "missing_field",
            "message": "A field expected but found null",
            "moreInfo": "https://devportal.yaas.io/services/audit-retention/latest/index.html#Retention-Policy"
        }
    ]
}

HTTP status code 401

Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 401,
    "message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
    "type": "insufficient_credentials",
    "moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}

HTTP status code 403

Evaluated request scopes in access token are not sufficient and do not match required scopes.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 403,
    "message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
    "type": "insufficient_permissions"
}

HTTP status code 405

Method not allowed for the selected endpoint.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 405,
    "type": "unsupported_method",
    "message": "Unsupported method",
    "moreInfo": "https://pattern.yaas.io/errortypes.html"
}

HTTP status code 500

An internal error has occurred while processing the query.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 500,
    "type": "internal_service_error",
    "message": "Something went wrong while processing the request. Please contact the administrator.",
    "moreInfo": "https://pattern.yaas.io/errortypes.html"
}

Gets the retention policy stored for the provided audit-type, source-type, and source The caller of the query must fulfill the same yaas authorization requirements as the original query.

URI Parameters

  • auditType: required (one of personal-data-changes, configuration-changes, security-events)

    The audit type of the requested policy.

  • sourceType: required (one of tenant, organization, account)

    The sourceType for the requested policy

  • source: required (string)

    The source for the requested policy

Headers

  • Authorization: required (string)

    Used to send a valid OAuth2 access token.

    Example:

    Bearer access_token

HTTP status code 200

The policy is set for the specified audit-type, source-type, and source. The body contains the current value.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "Retention policy",
    "description": "Schema for describing a retention policy change.",
    "type": "object",
    "properties": {
        "retention-period": {
            "type": "string",
            "description": "ISO 8601 duration period for the audit logs."
        }
    },
    "required": [
        "retention-period"
    ]
}

Example:

{
    "retention-period": "P2M"
}

HTTP status code 401

Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 401,
    "message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
    "type": "insufficient_credentials",
    "moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}

HTTP status code 403

Evaluated request scopes in access token are not sufficient and do not match required scopes.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 403,
    "message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
    "type": "insufficient_permissions"
}

HTTP status code 404

The query provided an invalid value for the audit-type or source-type.

HTTP status code 405

Method not allowed for the selected endpoint.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 405,
    "type": "unsupported_method",
    "message": "Unsupported method",
    "moreInfo": "https://pattern.yaas.io/errortypes.html"
}

HTTP status code 500

An internal error has occurred while processing the query.

Body

Type: application/json

Schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "error",
    "description": "Schema for API specified errors.",
    "type": "object",
    "properties": {
        "status": {
            "type": "integer",
            "description": "original HTTP error code, should be consistent with the response HTTP code",
            "minimum": 100,
            "maximum": 599
        },
        "type": {
            "type": "string",
            "description": "classification of the error type, lower case with underscore eg validation_failure",
            "pattern": "[a-z]+[a-z_]*[a-z]+"
        },
        "message": {
            "type": "string",
            "description": "descriptive error message for debugging"
        },
        "moreInfo": {
            "type": "string",
            "format": "uri",
            "description": "link to documentation to investigate further and finding support"
        },
        "details": {
            "type": "array",
            "description": "list of problems causing this error",
            "items": {
                "$schema": "http://json-schema.org/draft-04/schema#",
                "title": "errorDetail",
                "description": "schema for specific error cause",
                "type": "object",
                "properties": {
                    "field": {
                        "type": "string",
                        "description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
                    },
                    "type": {
                        "type": "string",
                        "description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
                        "pattern": "[a-z]+[a-z_]*[a-z]+"
                    },
                    "message": {
                        "type": "string",
                        "description": "descriptive error detail message for debugging"
                    },
                    "moreInfo": {
                        "type": "string",
                        "format": "uri",
                        "description": "link to documentation to investigate further and finding support for error detail"
                    }
                },
                "required": [
                    "type"
                ]
            }
        }
    },
    "required": [
        "status",
        "type"
    ]
}

Example:

{
    "status": 500,
    "type": "internal_service_error",
    "message": "Something went wrong while processing the request. Please contact the administrator.",
    "moreInfo": "https://pattern.yaas.io/errortypes.html"
}

Security Considerations

Changes applied to a retention policy affect the permanent deletion of audit logs. Deleted logs are no longer accessible and cannot be restored. For this reason, restrict access to this service to only the people allowed to change retention policies, who are generally those people allowed to decide when to delete audit logs.

Scopes

To access the Audit Retention service, use one of the following scopes.

  • hybris.audit_retention_view gives you read access to your audit data retention policy. With this scope, you can query the audit retention policies that you defined for your audit data.
  • hybris.audit_retention_modify gives you write access to your audit data retention policy. With this scope, you can modify the audit retention policies for your audit data.

Limitations to Changing Retention Policy Periods

The Audit Retention service assigns all audit logs a default retention policy with a retention period of two months. If you want to change your audit logs' default retention policy, you may do so provided you specify a retention period that satisfies the following three requirements:

  1. The retention period must at least span two months.
  2. The retention period may not span more than tree years.
  3. The retention period uses only up to day precision, you may not specify retention periods mentioning hour or minute durations.

Examples of correct retention policy periods:

  • P1Y3M22D: a retention period of one year, three months, and 22 days.
  • P1M2D: a retention period of one month and two days.

Examples of wrong retention policy periods and causes:

  • P5Y: The maximum retention period cannot be more than three years.
  • P2D: The minimum retention period cannot be less than two months.
  • P2M2DT3H: The retention period cannot be specified to a precision of hours, only days.

Use the service

The Audit Retention endpoints allow you to change the retention policy for your audit logs.

Get a retention policy for audit logs

There are three types of audit logs. Always retrieve retention policies by type through these endpoints:

  • /policy/personal-data-changes/{sourceType}/{source} for personal data change events.
  • /policy/configuration-changes/{sourceType}/{source} for configuration change event.
  • /policy/security-event-changes/{sourceType}/{source} for security-related events.

You can retrieve retention policies for audit logs through the following source types:

  • Use tenant for all the audit logs owned by a certain tenant. In this case use tenant for the sourceType and hybris-tenant for the source. To get the policy for a specified tenant, provide a token in which hybris-tenant has the same value as the source field, and a scope of hybris.audit_retention_view.
  • Use organization for all audit logs owned by a specific organization. In this case, use organization for the sourceType and hybris-org for the source. To get the policy for a specified organization, provide a token in which hybris-org has the same value as the source field, and the scope hybris.audit_retention_view.
  • Use account for all the audit logs owned by a certain yaas account. In this case use account for the sourceType and the hybris-user-id for the source. To get the policy a specified user, provide a token in which hybris-user-id have the same value as source field, and the scope hybris.audit_retention_view.

When you provide all values as expected, the service responds with a 200 OK response code that contains the retention policy as JSON in the message body. For example:

GET /policy/personal-data-changes/tenant/tollans
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA

HTTP/1.1 200 OK
Content-Type: application/json

{
  "retention-period": "P2M"
}

The retention-period field is an ISO8601 duration. In the example, P2M means two months.

Change a retention policy for audit logs

To change the retention policy for your audit logs, you can send a POST query to the same endpoint that you use to retrieve the policy. In this case, provide the scope hybris.audit_retention_modify. Provide a JSON body that includes the new retention policy. For example:

POST /{log-type}/{sourceType}/{source}
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
Content-Type: application/json

{
  "retention-period": "P2M"
}

When your request is successful, the service returns a 201 Created response code.

The service requires a minimum retention period of one month and a maximum retention period of three years. Moreover, in between the minimum and maximum allowed retention periods, your provided ISO8601 period can be precise only up to days. See the Limitations section for details. If your retention policy change query does not fulfill this limitation, the service returns a 400 Bad Request error.

  • Send feedback

    If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.

  • Get Help

    Use our private help channel. Receive updates over email and contact our specialists directly.

  • hybris Experts

    If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.