Request Samples
List Activities
Find the activities.
GET /activities
Request
curl -i GET 'https://{YourCloudlockAPIServer}/api/v2/activities' \
-H 'Authorization: Bearer <access_token>' \
-H 'Content-Type: application/json'
Response
Click to view the sample response
{
"items": [
{
"event_id": "-4132259428371024344#0",
"client_ip": "10.182.132.44",
"event_type": "login",
"created_at": "2021-06-23T15:16:24.000Z",
"operation_successful": true,
"client_location": {
"lat": 38,
"lng": -97,
"country": {
"code": "US",
"name": "United States"
},
"region": {
"code": "",
"name": ""
},
"city": ""
},
"event_category": "auth",
"origin_id": "-4132259428371024344",
"user": {
"vendor_id": "113792970216799399389",
"user_email": "test@cloudlockdemo.com"
},
"user_agent": "",
"vendor": {
"name": "google",
"service": "auth"
},
"extra": {
"auth": {
"auth_type": "",
"is_suspicious": null
}
},
"raw": {
"kind": "admin#reports#activity",
"actor": {
"profileId": "113792970216799399389",
"email": "test@cloudlockdemo.com"
},
"id": {
"uniqueQualifier": "-4132259428371024344",
"applicationName": "login",
"customerId": "C015wxbys",
"time": "2021-06-23T15:16:24.000Z"
},
"etag": "\"RU_ANZvud_qrxRGJHqK2w1PCmE4/euy8WO2wN-_3p2HpvxzOx47mxd4\"",
"ipAddress": "73.182.132.44",
"events": [
{
"type": "login",
"name": "login_success",
"parameters": [
{
"name": "login_type",
"value": "google_password"
}
]
}
]
}
}
]
}
List Apps
List the installed application information for the organization. To get the uninstalled applications, set the install_state query parameter.
GET /apps
Request
curl -i GET 'https://{YourCloudlockAPIServer}/api/v2/apps' \
-H 'Authorization: Bearer %YourAccessToken%' \
-H 'Content-Type: application/json'
Response
Sample response (200, OK):
"items": [
{
"id": "RkJx2JxK2O",
"app": {
"id": "RkJx2JxK2O",
"name": "Cloudlock",
"vendor": {
"name": "google"
},
"trust_rating": null,
"category": null,
"origin_id": "144711811583-2ra0eotmtsb3p7f48eie68d4rfeghl7q.apps.googleusercontent.com",
"install_type": "user",
"is_revokable": true
},
"scope_categories": [
"BINFO"
],
"classification": {
"reason": "",
"updated_at": null,
"method": "",
"type": "unclassified"
},
"detected_at": "2021-02-19T08:22:40.382224+00:00",
"users_count": 3,
"admins_count": 0
}
]
List Incidents
List the incidents. The Cloudlock policy engine triggers an incident when a policy matches an document, field, folder, post, or file.
GET /incidents
Request
curl -i GET 'https://{YourCloudlockAPIServer}/api/v2/incidents' \
-H 'Authorization: Bearer %YourAccessToken%' \
-H 'Content-Type: application/json'
Response
Click to view the sample response
{
"items": [
{
"id": "320831601",
"customer_key": "",
"incident_status": "IN PROGRESS",
"severity": "WARNING",
"created_at": "2021-08-08T05:09:53.218594+00:00",
"updated_at": "2021-08-08T05:09:52.930752+00:00",
"match_count": 1,
"entity": {
"id": "GM46KpY7xO",
"name": "Test",
"mime_type": "",
"owner_email": "demo1@cloudlock.com",
"owner_name": "Demo",
"origin_id": "00Qi00000088wrBEAQ",
"origin_type": "document",
"direct_url": "https://na15.salesforce.com/00Qi00000088wrBEAQ",
"vendor": {
"name": "salesforce"
},
"extra": {
"origin_type_label": "Lead",
"origin_type_label_plural": "Leads"
}
},
"policy": {
"id": "eyaznBzYKv",
"name": "PCI"
},
"matches": [
{
"created_at": "2021-08-08T05:09:53.218594+00:00",
"text": "XXXXXXXXXXXX6966",
"ctx_after": ") -- can we use this on the up",
"ctx_before": "ard number on an old invoice (",
"field_name": "Description"
}
]
}
Resource Object Field Definitions
The Cloudlock Enterprise API resources include fields of various types of object.
App
An object that describes an application.
| Field | Type | Description |
|---|---|---|
| category | string | The app category. |
| id | string | The internal Cloudlock ID for the application. |
| install_type | string | The installation type across the domain, or by a user, for example: domain_wide, user. |
| is_revokable | boolean | A boolean value. Set if the app can be revoked. |
| name | string | The name of the application, for example: Google Drive. |
| origin_id | string | The ID of the identity. The application installed from this identity. |
| trust_rating | string | The community trust rating score. |
| vendor | Vendor (object) | The Vendor object. |
Classification
An object that describes an application's classification.
| Field | Type | Description |
|---|---|---|
| method | string | The method by which the classification was changed, for example: manual, policy. |
| reason | string | The reason for the classification. |
| type | string | The application's classification type, for example: unclassified, trusted, restricted, banned. |
| updated_at | string | The classification's last update time, in UTC. |
Entity
An object that describes the information about an entity related to an incident.
| Field | Type | Description |
|---|---|---|
| direct_url | string | A URL to the object. |
| extra | object | The additional information related to the incident. |
| id | string | The Cloudlock internal ID for an entity. |
| mime_type | string | The mime type of the object or document (if any). |
| name | string | The name of the underlying object represented by this entity. |
| origin_id | string | The identifier of the object in the vendor system. |
| origin_type | string | The object type (document, post, app, event). |
| owner_email | string | The object owner's email address (for example: 'user@cloudlock.com'). |
| owner_name | string | The object owner's name. |
| vendor | Vendor (object) | The Vendor object. |
Match
An object that represents an occurrence of a content pattern in an object. The content pattern is defined in a policy.
| Field | Type | Description |
|---|---|---|
| created_at | string | The time when this match was detected, in UTC. |
| ctx_after | string | The characters after the match. |
| ctx_before | string | The characters before the match. |
| field_name | string | A field name that represents the field or object for this match. |
| text | string | A string which identifies an object. Use this field for content detection criteria='Custom regex criteria' only. |
| policy_criteria | Policy object | The Policy object. |
Policy
An object that represents a policy. The policy matches an incident.
| Field | Type | Description |
|---|---|---|
| id | string | The Cloudlock internal ID for a policy. |
| name | string | The name of the policy, for example: SSN, PCI, or any policy name. |
Scope Category
An object that represents the scope category information for the different types of access scope.
| Field | Type | Description |
|---|---|---|
| title | string | The category title, for example: Basic Information. |
| category_id | string | The category id. For more information, see Scope Category ID. |
Scope Category ID
| Scope Category ID | Description |
|---|---|
| FDATA | Full data access. |
| BINFO | Basic information. |
| LACES | Limited access to data and files. |
| PINFO | Payment information. |
| INBOX | Access inbox or contact information. |
Vendor
| Field | Type | Description |
|---|---|---|
| name | string | The name of the vendor, for example: salesforce. |