HTTP API - Using Audit Trails for Settings

This feature requires an API Key to work. All endpoints can be called with a standard key except for /privacy and /privacy/history. The /privacy endpoints require an Admin API Key to work.

FullStory's new Audit Trails API provides users with a way to retrieve current settings and historical data related to blocked User Agents and IP Rules, domain recording settings, geographical block rules, element privacy rules, recording status, console recording, and AJAX recording configuration. 

It's important to note that the base URL for this api is: https://api.fullstory.com. All requests are scoped to the FullStory org associated with the API Key used when making the request.

Table of Contents:

 

Block Rules

GET /settings/recording/v1/blocking

This endpoint returns a list of all current blocked User Agent strings, IP Addresses and blocked AppId (uid) values. It does not have any parameters and accepts a GET request. The endpoint requires an Authorization header.

Response Keys:

Name Type Description
blockedIps array A list of IP Addresses that have been blocked.
blockedUas array A list of User Agent strings that have been blocked.
blockedAppIds array A list of User AppIds (uids) that have been blocked.
metadata object Date updated and updater. Date created and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/blocking \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "blockedIps": [
      "55.55.55.55",
      "99.99.99.*",
  ],
  "blockedUas": [
      "YandexBot",
      "facebot",
  ],
  "blockedAppIds": [],
  "metadata": {
      "lastUpdated": "2020-10-23T15:05:50.778Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-10-01T23:53:06.141Z",
      "createdBy": "bob@example.com"
  }
}

 

Block Rules History

GET /settings/recording/v1/blocking/history

This endpoint returns a list of versions, each with a list of blocked User Agent strings and IP addresses. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. If not provided, default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example Request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/blocking/history?limit=1 \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example Response:

{
  "versions": [
      {
        "blockedIps": [
            "55.55.55.55",
            "99.99.99.*",
        ],
        "blockedUas": [
            "YandexBot",
            "facebot",
        ],
        "blockedAppIds": [],
        "metadata": {
            "lastUpdated": "2020-10-23T15:05:50.778Z",
            "lastUpdatedBy": "bob@example.com",
            "created": "2020-10-01T23:53:06.141Z",
            "createdBy": "Jane (jane@example.com)"
        }
    }
  ],
  "next_pagination_token": "v17555fe8105"
}

 

Domain Settings

GET /settings/recording/v1/domain

This endpoint returns the current domain recording settings on web and current allowlisted webview domains for mobile apps. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
platform string [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Response Keys:

Name Type Description
onlyRecordKnownDomains boolean Is recording for “all other domains” disabled?
domains array A list of domains configured in recording settings.
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/recording/v1/domain?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "onlyRecordKnownDomains": false,
  "domains": [
      {
        "disabled": true,
        "domain": "www.example.com"
      }
   ],
   "metadata": {
       "lastUpdated": "2020-10-01T23:53:05.821Z",
       "lastUpdatedBy": "bob@example.com",
       "created": "2020-10-01T23:53:05.821Z",
       "createdBy": "bob@example.com"
    }
}

 

Domain Settings History

GET /settings/recording/v1/domain/history

This endpoint returns a list of versions, each with a list of domain recording settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.
platform string [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Example Request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/domain/history?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example Response:

{
  "versions": [
      {
          "onlyRecordKnownDomains": false,
          "domains": [
              {
                  "disabled": false,
                  "domain": "fullstory.com"
              }
          ],
          "metadata": {
              "lastUpdated": "2020-10-01T23:53:05.821Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-10-01T23:53:05.821Z",
              "createdBy": "bob@example.com"
          }
      }
  ],
  "next_pagination_token": "n46851kd6425"
}

 

Geographic Recording Restrictions

GET /settings/recording/v1/geo

This endpoint returns a list of all geographic recording restrictions and settings. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header.

Response Keys:

Name Type Description
recordGeoMode string GEO_ALL - Record from everywhere
GEO_ALLOW_LIST - Record from only these zones
GEO_BLOCK_LIST - Block recording from these zones
recordGeoZones array A list of country zones that are specified in geographic rules.
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/geo \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "recordGeoMode": "GEO_ALLOW_LIST",
  "recordGeoZones": [
      "CA",
      "US"
  ],
  "metadata": {
      "lastUpdated": "2020-10-01T23:53:06.038Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-10-01T23:53:06.038Z",
      "createdBy": "bob@example.com"
  }
}

 

Geographic Recording Restrictions History

GET /settings/recording/v1/geo/history

This endpoint returns a list of versions, each with a list of geographic based recording settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/geo/history?limit=1 \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
      {
          "recordGeoMode": "GEO_ALLOW_LIST",
          "recordGeoZones": [
              "CA",
              "US"
          ],
          "metadata": {
              "lastUpdated": "2020-10-01T23:53:06.038Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-10-01T23:53:06.038Z",
              "createdBy": "bob@example.com"
          }
      }
  ],
  "next_pagination_token": ""
}

 

Privacy Settings

GET /settings/recording/v1/privacy

This endpoint returns a list of all current privacy settings including element masking and exclusion rules, AJAX request settings, whether Private by Default is enabled, if your org is discarding IP addresses, etc. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header and an Admin API Key.

Response Keys:

Name Type Description
elementBlocks array Lists element privacy/masking rules applied in settings as individual objects.
ajaxWatches array Lists AJAX recording rules applied in settings as individual objects.
discardIpAddresses boolean Is your org configured to discard IP addresses from recordings?
defaultPrivacyMode string PRIVACY_MODE_OFF - Private by Default is disabled
PRIVACY_MODE_MASK_BODY - Private by Default is enabled using legacy rules
PRIVACY_MODE_MASK_DEFAULT - Private by Default is enabled
elementRuleGroups object Reserved for future use.
metadata object Date updated, and updater. Date created, and creator.

 

elementBlock Keys:

Name Type Description
selector string The targeted CSS Selector
consent boolean Is the selector marked for “Record with user consent” in settings?
notes string Notes added to the selector recording rule.
type string BLOCK_EXCLUDE - The selector is excluded
BLOCK_SCRUB - The selector is masked
BLOCK_RECORD - The selector is unmasked and will be recorded
scope string ALL_SESSIONS - The selector rule is applied to preview and live sessions.
PREVIEW_SESSIONS - The selector rule is applied only to preview sessions.
LIVE_SESSIONS - The selector rule is applied only to live sessions.
NO_SESSIONS - The selector rule is not applied to any sessions and is effectively disabled.
lastUpdated date The date the rule was most recently updated.
label string Unused / reserved for future use.
targetingConditions array An array of objects detailing targeted recording rules for FullStory for Mobile Apps
editable string EDITABLE_ANY - The entire rule can be edited.
EDITABLE_DESCRIPTION_ONLY - Only the rule's description can be edited.
EDITABLE_DESCRIPTION_SCOPE_AND_EXCEPTIONS - The rule's description, scope, and exceptions can be edited.
exceptionSelectors array A list of CSS selectors excluded from this rule.
groupId integer Reserved for future use.

 

ajaxWatches Keys:

Name Type Description
urlRegex string The regex patteern for the AJAX recording rule.
recordReq string ELIDE - Do not record the request.
RECORD - Record the full request body.
WHITELIST - Record only allowed fields of the request body.
recordRes string ELIDE - Do not record the response.
RECORD - Record the full response body.
WHITELIST - Record only allowed fields of the response body.
whitelistReq string A string containing allowed request body fields.
whitelistRsp string A string containing allowed response body fields.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/privacy \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "elementBlocks": [
      {
          "selector": "input[type=password]",
          "consent": false,
          "notes": "",
          "type": "BLOCK_EXCLUDE",
          "scope": "ALL_SESSIONS",
          "lastUpdated": "0001-01-01T00:00:00Z",
          "label": "",
          "targetingConditions": null,
          "editable": "EDITABLE_DESCRIPTION_ONLY",
          "exceptionSelectors": [],
          "groupId": 0
      },
      {
          "selector": "img.avatar",
          "consent": false,
          "notes": "",
          "type": "BLOCK_SCRUB",
          "scope": "ALL_SESSIONS",
          "lastUpdated": "2021-05-30T20:05:30.032Z",
          "label": "Avatar Images",
          "targetingConditions": null,
          "editable": "EDITABLE_DESCRIPTION_ONLY",
          "exceptionSelectors": [],
          "groupId": 0
      }
  ],
  "ajaxWatches": [
      {
          "urlRegex": "/session\\?.*",
          "recordReq": "ELIDE",
          "recordRsp": "WHITELIST",
          "whitelistReq": "",
          "whitelistRsp": ""
      },
      {
          "urlRegex": "/highlights/share.*",
          "recordReq": "ELIDE",
          "recordRsp": "WHITELIST",
          "whitelistReq": "",
          "whitelistRsp": ""
      }
  ],
  "discardIpAddresses": false,
  "metadata": {
      "lastUpdated": "2021-06-03T14:57:32.623593Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-09-30T18:49:27.391Z",
      "createdBy": "bob@example.com"
  },
  "defaultPrivacyMode": "PRIVACY_MODE_OFF",
  "elementRuleGroups": {}
}

 

Privacy Settings History

GET /settings/recording/v1/privacy/history

This endpoint returns a list of versions, each with a list of privacy settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header and an Admin API Key. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/privacy/history?limit=1 \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
    {
      "elementBlocks": [
          {
              "selector": "input[type=password]",
              "consent": false,
              "notes": "",
              "type": "BLOCK_EXCLUDE",
              "scope": "ALL_SESSIONS",
              "lastUpdated": "0001-01-01T00:00:00Z",
              "label": "",
              "targetingConditions": null,
              "editable": "EDITABLE_DESCRIPTION_ONLY",
              "exceptionSelectors": [],
              "groupId": 0
          }
      ],
      "ajaxWatches": [
          {
              "urlRegex": "/session\\?.*",
              "recordReq": "ELIDE",
              "recordRsp": "WHITELIST",
              "whitelistReq": "",
              "whitelistRsp": ""
          },
          {
              "urlRegex": "/highlights/share.*",
              "recordReq": "ELIDE",
              "recordRsp": "WHITELIST",
              "whitelistReq": "",
              "whitelistRsp": ""
          }
      ],
      "discardIpAddresses": false,
      "metadata": {
          "lastUpdated": "2021-06-03T14:57:32.623593Z",
          "lastUpdatedBy": "bob@example.com",
          "created": "2020-09-30T18:49:27.391Z",
          "createdBy": "bob@example.com"
      },
      "defaultPrivacyMode": "PRIVACY_MODE_OFF",
      "elementRuleGroups": {}
    }
  ],
  "next_pagination_token": "v179a4d1019fg"
}

 

Recording Feature Settings

GET /settings/recording/v1/features

This endpoint returns a list recording features and whether or not they're enabled. This endpoint accepts a GET request and an optional platform parameter. The endpoint requires an Authorization header.

Request Parameters:

Name Type Description
platform string

[optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Response Keys:

Name Type Description
enabled boolean Is recording enabled?
consoleWatcher boolean Is console recording enabled?
ajaxWatcher boolean Is AJAX recording enabled?
resourceUploading boolean Is Asset Uploading being used?
clientSideRageClick boolean Are client-side ragehooks enabled for rage clicks?
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/features?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "enabled": true,
  "consoleWatcher": true,
  "ajaxWatcher": true,
  "resourceUploading": false,
  "recordingShutoff": false,
  "metadata": {
      "lastUpdated": "2021-05-12T15:16:10.268269Z",
      "lastUpdatedBy": "Bob (bob@example.com)",
      "created": "2020-09-08T15:57:20.830Z",
      "createdBy": "jane@example.com"
  },
  "clientSideRageClick": false
}

 

Recording Features Settings History

GET /settings/recording/v1/features/history

This endpoint returns a list of versions, each with a list of recording features settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.
platform integer [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/domain/history?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
      {
          "enabled": true,
          "consoleWatcher": true,
          "ajaxWatcher": true,
          "resourceUploading": false,
          "recordingShutoff": false,
          "metadata": {
              "lastUpdated": "2021-05-12T15:16:10.268269Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-09-08T15:57:20.830Z",
              "createdBy": "bob@example.com"
          },
          "clientSideRageClick": false
      },
      {
          "enabled": true,
          "consoleWatcher": true,
          "ajaxWatcher": true,
          "resourceUploading": false,
          "recordingShutoff": false,
          "metadata": {
              "lastUpdated": "2021-05-12T15:15:53.309243Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-09-08T15:57:20.830Z",
              "createdBy": "bob@example.com"
          },
          "clientSideRageClick": true
      }
  ],
  "next_pagination_token": "v17861a0f56b"
}

 


 

The following two endpoints will only return data for customers using FullStory for Mobile Apps who are also using the beta Targeted Recording Rules feature. 

Targeted Recording Rules (Mobile Apps only)

GET /settings/recording/v1/targeting

This endpoint lists any Targeted Recording Rules related to Mobile app versions or Mobile OS versions. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header.

Response Keys:

Name Type Description
sessionTargetingRules array A list of constraints detailing when a session should not be recorded.
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/targeting \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "sessionTargetingRules": [],
  "metadata": {
      "lastUpdated": "2020-10-01T23:53:06.496Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-10-01T23:53:06.496Z",
      "createdBy": "bob@example.com"
  }
}

 

Targeted Recording Rules History (Mobile Apps only)

GET /settings/recording/v1/targeting/history

This endpoint returns a list of versions, each with a list of targeted recording rules settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/targeting/history \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
      {
          "sessionTargetingRules": [],
          "metadata": {
              "lastUpdated": "2020-10-01T23:53:06.496Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-10-01T23:53:06.496Z",
              "createdBy": "bob@example.com"
          }
      }
  ],
  "next_pagination_token": ""
}

Need to get in touch with us?

The FullStory Team awaits your every question.

Contact us