HTTP API - Using Audit Trails for Settings

This feature requires an API Key to work. All endpoints can be called with a standard key except for /privacy and /privacy/history. The /privacy endpoints require an Admin API Key to work.

Fullstory's new Audit Trails API provides users with a way to retrieve current settings and historical data related to blocked User Agents and IP Rules, domain capture settings, geographical block rules, element privacy rules, data capture status, console data capture, and Network data capture configuration. 

It's important to note that the base URL for this api is: https://api.fullstory.com. All requests are scoped to the Fullstory org associated with the API Key used when making the request.

Table of Contents:

Block Rules

GET /settings/recording/v1/blocking

This endpoint returns a list of all current blocked User Agent strings, IP Addresses and blocked AppId (uid) values. It does not have any parameters and accepts a GET request. The endpoint requires an Authorization header.

Response Keys:

Name Type Description
blockedIps array A list of IP Addresses that have been blocked.
blockedUas array A list of User Agent strings that have been blocked.
blockedAppIds array A list of User AppIds (uids) that have been blocked.
metadata object Date updated and updater. Date created and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/blocking \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "blockedIps": [
      "55.55.55.55",
      "99.99.99.*",
  ],
  "blockedUas": [
      "YandexBot",
      "facebot",
  ],
  "blockedAppIds": [],
  "metadata": {
      "lastUpdated": "2020-10-23T15:05:50.778Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-10-01T23:53:06.141Z",
      "createdBy": "bob@example.com"
  }
}

 

Block Rules History

GET /settings/recording/v1/blocking/history

This endpoint returns a list of versions, each with a list of blocked User Agent strings and IP addresses. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. If not provided, default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example Request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/blocking/history?limit=1 \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example Response:

{
  "versions": [
      {
        "blockedIps": [
            "55.55.55.55",
            "99.99.99.*",
        ],
        "blockedUas": [
            "YandexBot",
            "facebot",
        ],
        "blockedAppIds": [],
        "metadata": {
            "lastUpdated": "2020-10-23T15:05:50.778Z",
            "lastUpdatedBy": "bob@example.com",
            "created": "2020-10-01T23:53:06.141Z",
            "createdBy": "Jane (jane@example.com)"
        }
    }
  ],
  "next_pagination_token": "v17555fe8105"
}

 

Domain Settings

GET /settings/recording/v1/domain

This endpoint returns the current domain data capture settings on web and current allowlisted webview domains for mobile apps. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
platform string [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Response Keys:

Name Type Description
onlyRecordKnownDomains boolean Is capturing for “all other domains” disabled?
domains array A list of domains configured in Data Capture settings.
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/recording/v1/domain?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "onlyRecordKnownDomains": false,
  "domains": [
      {
        "disabled": true,
        "domain": "www.example.com"
      }
   ],
   "metadata": {
       "lastUpdated": "2020-10-01T23:53:05.821Z",
       "lastUpdatedBy": "bob@example.com",
       "created": "2020-10-01T23:53:05.821Z",
       "createdBy": "bob@example.com"
    }
}

 

Domain Settings History

GET /settings/recording/v1/domain/history

This endpoint returns a list of versions, each with a list of domain data capture settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.
platform string [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Example Request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/domain/history?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example Response:

{
  "versions": [
      {
          "onlyRecordKnownDomains": false,
          "domains": [
              {
                  "disabled": false,
                  "domain": "fullstory.com"
              }
          ],
          "metadata": {
              "lastUpdated": "2020-10-01T23:53:05.821Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-10-01T23:53:05.821Z",
              "createdBy": "bob@example.com"
          }
      }
  ],
  "next_pagination_token": "n46851kd6425"
}

 

Geographic Data Capture Restrictions

GET /settings/recording/v1/geo

This endpoint returns a list of all geographic data capture restrictions and settings. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header.

Response Keys:

Name Type Description
recordGeoMode string GEO_ALL - Data capture from everywhere
GEO_ALLOW_LIST - Data capture from only these zones
GEO_BLOCK_LIST - Block data capture from these zones
recordGeoZones array A list of country zones that are specified in geographic rules.
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/geo \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "recordGeoMode": "GEO_ALLOW_LIST",
  "recordGeoZones": [
      "CA",
      "US"
  ],
  "metadata": {
      "lastUpdated": "2020-10-01T23:53:06.038Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-10-01T23:53:06.038Z",
      "createdBy": "bob@example.com"
  }
}

 

Geographic Data Capture Restrictions History

GET /settings/recording/v1/geo/history

This endpoint returns a list of versions, each with a list of geographic based data capture settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/geo/history?limit=1 \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
      {
          "recordGeoMode": "GEO_ALLOW_LIST",
          "recordGeoZones": [
              "CA",
              "US"
          ],
          "metadata": {
              "lastUpdated": "2020-10-01T23:53:06.038Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-10-01T23:53:06.038Z",
              "createdBy": "bob@example.com"
          }
      }
  ],
  "next_pagination_token": ""
}

Privacy Settings

GET /settings/recording/v1/privacy

This endpoint returns a list of all current privacy settings including element masking and exclusion rules, Network request settings, whether Private by Default is enabled, if your org is discarding IP addresses, etc. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header and an Admin API Key.

Response Keys:

Name Type Description
elementBlocks array Lists element privacy/masking rules applied in settings as individual objects.
ajaxWatches array Lists Network data capture rules applied in settings as individual objects.
discardIpAddresses boolean Is your org configured to discard IP addresses from data capture?
defaultPrivacyMode string PRIVACY_MODE_OFF - Private by Default is disabled
PRIVACY_MODE_MASK_BODY - Private by Default is enabled using legacy rules
PRIVACY_MODE_MASK_DEFAULT - Private by Default is enabled
elementRuleGroups object Reserved for future use.
metadata object Date updated, and updater. Date created, and creator.

 

elementBlock Keys:

Name Type Description
selector string The targeted CSS Selector
consent boolean Is the selector marked for “Data capture with user consent” in settings?
notes string Notes added to the selector data capture rule.
type string BLOCK_EXCLUDE - The selector is excluded
BLOCK_SCRUB - The selector is masked
BLOCK_RECORD - The selector is unmasked and will be captured
scope string ALL_SESSIONS - The selector rule is applied to preview and live sessions.
PREVIEW_SESSIONS - The selector rule is applied only to preview sessions.
LIVE_SESSIONS - The selector rule is applied only to live sessions.
NO_SESSIONS - The selector rule is not applied to any sessions and is effectively disabled.
lastUpdated date The date the rule was most recently updated.
label string Unused / reserved for future use.
targetingConditions array An array of objects detailing targeted data capture rules for Fullstory for Mobile Apps
editable string EDITABLE_ANY - The entire rule can be edited.
EDITABLE_DESCRIPTION_ONLY - Only the rule's description can be edited.
EDITABLE_DESCRIPTION_SCOPE_AND_EXCEPTIONS - The rule's description, scope, and exceptions can be edited.
exceptionSelectors array A list of CSS selectors excluded from this rule.
groupId integer Reserved for future use.

 

ajaxWatches Keys:

Name Type Description
urlRegex string The regex pattern for the Network data capture rule.
recordReq string ELIDE - Do not capture the request.
RECORD - Capture the full request body.
WHITELIST - Capture only allowed fields of the request body.
recordRes string ELIDE - Do not capture the response.
RECORD - capture the full response body.
WHITELIST - capture only allowed fields of the response body.
whitelistReq string A string containing allowed request body fields.
whitelistRsp string A string containing allowed response body fields.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/privacy \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "elementBlocks": [
      {
          "selector": "input[type=password]",
          "consent": false,
          "notes": "",
          "type": "BLOCK_EXCLUDE",
          "scope": "ALL_SESSIONS",
          "lastUpdated": "0001-01-01T00:00:00Z",
          "label": "",
          "targetingConditions": null,
          "editable": "EDITABLE_DESCRIPTION_ONLY",
          "exceptionSelectors": [],
          "groupId": 0
      },
      {
          "selector": "img.avatar",
          "consent": false,
          "notes": "",
          "type": "BLOCK_SCRUB",
          "scope": "ALL_SESSIONS",
          "lastUpdated": "2021-05-30T20:05:30.032Z",
          "label": "Avatar Images",
          "targetingConditions": null,
          "editable": "EDITABLE_DESCRIPTION_ONLY",
          "exceptionSelectors": [],
          "groupId": 0
      }
  ],
  "ajaxWatches": [
      {
          "urlRegex": "/session\\?.*",
          "recordReq": "ELIDE",
          "recordRsp": "WHITELIST",
          "whitelistReq": "",
          "whitelistRsp": ""
      },
      {
          "urlRegex": "/highlights/share.*",
          "recordReq": "ELIDE",
          "recordRsp": "WHITELIST",
          "whitelistReq": "",
          "whitelistRsp": ""
      }
  ],
  "discardIpAddresses": false,
  "metadata": {
      "lastUpdated": "2021-06-03T14:57:32.623593Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-09-30T18:49:27.391Z",
      "createdBy": "bob@example.com"
  },
  "defaultPrivacyMode": "PRIVACY_MODE_OFF",
  "elementRuleGroups": {}
}

 

Privacy Settings History

GET /settings/recording/v1/privacy/history

This endpoint returns a list of versions, each with a list of privacy settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header and an Admin API Key. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/privacy/history?limit=1 \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
    {
      "elementBlocks": [
          {
              "selector": "input[type=password]",
              "consent": false,
              "notes": "",
              "type": "BLOCK_EXCLUDE",
              "scope": "ALL_SESSIONS",
              "lastUpdated": "0001-01-01T00:00:00Z",
              "label": "",
              "targetingConditions": null,
              "editable": "EDITABLE_DESCRIPTION_ONLY",
              "exceptionSelectors": [],
              "groupId": 0
          }
      ],
      "ajaxWatches": [
          {
              "urlRegex": "/session\\?.*",
              "recordReq": "ELIDE",
              "recordRsp": "WHITELIST",
              "whitelistReq": "",
              "whitelistRsp": ""
          },
          {
              "urlRegex": "/highlights/share.*",
              "recordReq": "ELIDE",
              "recordRsp": "WHITELIST",
              "whitelistReq": "",
              "whitelistRsp": ""
          }
      ],
      "discardIpAddresses": false,
      "metadata": {
          "lastUpdated": "2021-06-03T14:57:32.623593Z",
          "lastUpdatedBy": "bob@example.com",
          "created": "2020-09-30T18:49:27.391Z",
          "createdBy": "bob@example.com"
      },
      "defaultPrivacyMode": "PRIVACY_MODE_OFF",
      "elementRuleGroups": {}
    }
  ],
  "next_pagination_token": "v179a4d1019fg"
}

 

Data Capture Feature Settings

GET /settings/recording/v1/features

This endpoint returns a list data capture features and whether or not they're enabled. This endpoint accepts a GET request and an optional platform parameter. The endpoint requires an Authorization header.

Request Parameters:

Name Type Description
platform string

[optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Response Keys:

Name Type Description
enabled boolean Is data capture enabled?
consoleWatcher boolean Is console data capture enabled?
ajaxWatcher boolean Is Network data capture enabled?
resourceUploading boolean Is Asset Uploading being used?
clientSideRageClick boolean Are client-side ragehooks enabled for rage clicks?
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/features?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "enabled": true,
  "consoleWatcher": true,
  "ajaxWatcher": true,
  "resourceUploading": false,
  "recordingShutoff": false,
  "metadata": {
      "lastUpdated": "2021-05-12T15:16:10.268269Z",
      "lastUpdatedBy": "Bob (bob@example.com)",
      "created": "2020-09-08T15:57:20.830Z",
      "createdBy": "jane@example.com"
  },
  "clientSideRageClick": false
}

 

Data Capture Features Settings History

GET /settings/recording/v1/features/history

This endpoint returns a list of versions, each with a list of data capture features settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.
platform integer [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/features/history?platform=web \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
      {
          "enabled": true,
          "consoleWatcher": true,
          "ajaxWatcher": true,
          "resourceUploading": false,
          "recordingShutoff": false,
          "metadata": {
              "lastUpdated": "2021-05-12T15:16:10.268269Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-09-08T15:57:20.830Z",
              "createdBy": "bob@example.com"
          },
          "clientSideRageClick": false
      },
      {
          "enabled": true,
          "consoleWatcher": true,
          "ajaxWatcher": true,
          "resourceUploading": false,
          "recordingShutoff": false,
          "metadata": {
              "lastUpdated": "2021-05-12T15:15:53.309243Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-09-08T15:57:20.830Z",
              "createdBy": "bob@example.com"
          },
          "clientSideRageClick": true
      }
  ],
  "next_pagination_token": "v17861a0f56b"
}

 


 

The following two endpoints will only return data for customers using Fullstory for Mobile Apps who are also using the beta Targeted Data Capture Rules feature. 

Targeted Data Capture Rules (Mobile Apps only)

GET /settings/recording/v1/targeting

This endpoint lists any Targeted Data Capture Rules related to Mobile app versions or Mobile OS versions. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header.

Response Keys:

Name Type Description
sessionTargetingRules array A list of constraints detailing when a session should not be captured.
metadata object Date updated, and updater. Date created, and creator.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/targeting \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "sessionTargetingRules": [],
  "metadata": {
      "lastUpdated": "2020-10-01T23:53:06.496Z",
      "lastUpdatedBy": "bob@example.com",
      "created": "2020-10-01T23:53:06.496Z",
      "createdBy": "bob@example.com"
  }
}

 

Targeted Data Capture Rules History (Mobile Apps only)

GET /settings/recording/v1/targeting/history

This endpoint returns a list of versions, each with a list of targeted data capture rules settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.

Request Parameters:

Name Type Description
pagination_token string [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings.
limit integer [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100.

 

Example request:

curl -X GET \
  https://api.fullstory.com/settings/recording/v1/targeting/history \
  -H "content-type: application/json" \
  -H "Authorization: Basic YOUR_API_KEY"

Example response:

{
  "versions": [
      {
          "sessionTargetingRules": [],
          "metadata": {
              "lastUpdated": "2020-10-01T23:53:06.496Z",
              "lastUpdatedBy": "bob@example.com",
              "created": "2020-10-01T23:53:06.496Z",
              "createdBy": "bob@example.com"
          }
      }
  ],
  "next_pagination_token": ""
}

Was this article helpful?

Got Questions?

Get in touch with a Fullstory rep, ask the community or check out our developer documentation.