This feature requires an API Key to work. All endpoints can be called with a standard key except for /privacy
and /privacy/history
. The /privacy
endpoints require an Admin API Key to work.
Fullstory's new Audit Trails API provides users with a way to retrieve current settings and historical data related to blocked User Agents and IP Rules, domain capture settings, geographical block rules, element privacy rules, data capture status, console data capture, and Network data capture configuration.
It's important to note that the base URL for this api is: https://api.fullstory.com
. All requests are scoped to the Fullstory org associated with the API Key used when making the request.
Table of Contents:
- Block Rules
- Block Rules History
- Domain Settings
- Domain Settings History
- Geographic Data Capture Restrictions
- Geographic Data Capture Restrictions History
- Privacy Settings
- Privacy Settings History
- Data Capture Features
- Data Capture Features History
- Targeted Data Capture Rules (mobile only)
- Targeted Data Capture Rules History (mobile only)
Block Rules
GET /settings/recording/v1/blocking
This endpoint returns a list of all current blocked User Agent strings, IP Addresses and blocked AppId (uid) values. It does not have any parameters and accepts a GET request. The endpoint requires an Authorization header.
Response Keys:
Name | Type | Description |
blockedIps |
array | A list of IP Addresses that have been blocked. |
blockedUas |
array | A list of User Agent strings that have been blocked. |
blockedAppIds |
array | A list of User AppIds (uids) that have been blocked. |
metadata |
object | Date updated and updater. Date created and creator. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/blocking \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "blockedIps": [ "55.55.55.55", "99.99.99.*", ], "blockedUas": [ "YandexBot", "facebot", ], "blockedAppIds": [], "metadata": { "lastUpdated": "2020-10-23T15:05:50.778Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:06.141Z", "createdBy": "bob@example.com" } }
Block Rules History
GET /settings/recording/v1/blocking/history
This endpoint returns a list of versions, each with a list of blocked User Agent strings and IP addresses. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.
Request Parameters:
Name | Type | Description |
pagination_token |
string | [optional] If specified, this is the token to start the page of results at. If not provided, default is the most recent version of settings. |
limit |
integer | [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100. |
Example Request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/blocking/history?limit=1 \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example Response:
{ "versions": [ { "blockedIps": [ "55.55.55.55", "99.99.99.*", ], "blockedUas": [ "YandexBot", "facebot", ], "blockedAppIds": [], "metadata": { "lastUpdated": "2020-10-23T15:05:50.778Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:06.141Z", "createdBy": "Jane (jane@example.com)" } } ], "next_pagination_token": "v17555fe8105" }
Domain Settings
GET /settings/recording/v1/domain
This endpoint returns the current domain data capture settings on web and current allowlisted webview domains for mobile apps. This endpoint accepts GET requests.
Request Parameters:
Name | Type | Description |
platform |
string | [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”. |
Response Keys:
Name | Type | Description |
onlyRecordKnownDomains |
boolean | Is capturing for “all other domains” disabled? |
domains |
array | A list of domains configured in Data Capture settings. |
metadata |
object | Date updated, and updater. Date created, and creator. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/recording/v1/domain?platform=web \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "onlyRecordKnownDomains": false, "domains": [ { "disabled": true, "domain": "www.example.com" } ], "metadata": { "lastUpdated": "2020-10-01T23:53:05.821Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:05.821Z", "createdBy": "bob@example.com" } }
Domain Settings History
GET /settings/recording/v1/domain/history
This endpoint returns a list of versions, each with a list of domain data capture settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.
Request Parameters:
Name | Type | Description |
pagination_token |
string | [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings. |
limit |
integer | [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100. |
platform |
string | [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”. |
Example Request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/domain/history?platform=web \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example Response:
{ "versions": [ { "onlyRecordKnownDomains": false, "domains": [ { "disabled": false, "domain": "fullstory.com" } ], "metadata": { "lastUpdated": "2020-10-01T23:53:05.821Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:05.821Z", "createdBy": "bob@example.com" } } ], "next_pagination_token": "n46851kd6425" }
Geographic Data Capture Restrictions
GET /settings/recording/v1/geo
This endpoint returns a list of all geographic data capture restrictions and settings. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header.
Response Keys:
Name | Type | Description |
recordGeoMode |
string | GEO_ALL - Data capture from everywhereGEO_ALLOW_LIST - Data capture from only these zonesGEO_BLOCK_LIST - Block data capture from these zones |
recordGeoZones |
array | A list of country zones that are specified in geographic rules. |
metadata |
object | Date updated, and updater. Date created, and creator. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/geo \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "recordGeoMode": "GEO_ALLOW_LIST", "recordGeoZones": [ "CA", "US" ], "metadata": { "lastUpdated": "2020-10-01T23:53:06.038Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:06.038Z", "createdBy": "bob@example.com" } }
Geographic Data Capture Restrictions History
GET /settings/recording/v1/geo/history
This endpoint returns a list of versions, each with a list of geographic based data capture settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.
Request Parameters:
Name | Type | Description |
pagination_token |
string | [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings. |
limit |
integer | [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/geo/history?limit=1 \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "versions": [ { "recordGeoMode": "GEO_ALLOW_LIST", "recordGeoZones": [ "CA", "US" ], "metadata": { "lastUpdated": "2020-10-01T23:53:06.038Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:06.038Z", "createdBy": "bob@example.com" } } ], "next_pagination_token": "" }
Privacy Settings
GET /settings/recording/v1/privacy
This endpoint returns a list of all current privacy settings including element masking and exclusion rules, Network request settings, whether Private by Default is enabled, if your org is discarding IP addresses, etc. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header and an Admin API Key.
Response Keys:
Name | Type | Description |
elementBlocks |
array | Lists element privacy/masking rules applied in settings as individual objects. |
ajaxWatches |
array | Lists Network data capture rules applied in settings as individual objects. |
discardIpAddresses |
boolean | Is your org configured to discard IP addresses from data capture? |
defaultPrivacyMode |
string | PRIVACY_MODE_OFF - Private by Default is disabledPRIVACY_MODE_MASK_BODY - Private by Default is enabled using legacy rulesPRIVACY_MODE_MASK_DEFAULT - Private by Default is enabled |
elementRuleGroups |
object | Reserved for future use. |
metadata |
object | Date updated, and updater. Date created, and creator. |
elementBlock
Keys:
Name | Type | Description |
selector |
string | The targeted CSS Selector |
consent |
boolean | Is the selector marked for “Data capture with user consent” in settings? |
notes |
string | Notes added to the selector data capture rule. |
type |
string | BLOCK_EXCLUDE - The selector is excludedBLOCK_SCRUB - The selector is maskedBLOCK_RECORD - The selector is unmasked and will be captured |
scope |
string | ALL_SESSIONS - The selector rule is applied to preview and live sessions.PREVIEW_SESSIONS - The selector rule is applied only to preview sessions.LIVE_SESSIONS - The selector rule is applied only to live sessions.NO_SESSIONS - The selector rule is not applied to any sessions and is effectively disabled. |
lastUpdated |
date | The date the rule was most recently updated. |
label |
string | Unused / reserved for future use. |
targetingConditions |
array | An array of objects detailing targeted data capture rules for Fullstory for Mobile Apps |
editable |
string | EDITABLE_ANY - The entire rule can be edited.EDITABLE_DESCRIPTION_ONLY - Only the rule's description can be edited.EDITABLE_DESCRIPTION_SCOPE_AND_EXCEPTIONS - The rule's description, scope, and exceptions can be edited. |
exceptionSelectors |
array | A list of CSS selectors excluded from this rule. |
groupId |
integer | Reserved for future use. |
ajaxWatches
Keys:
Name | Type | Description |
urlRegex |
string | The regex pattern for the Network data capture rule. |
recordReq |
string | ELIDE - Do not capture the request.RECORD - Capture the full request body.WHITELIST - Capture only allowed fields of the request body. |
recordRes |
string | ELIDE - Do not capture the response.RECORD - capture the full response body.WHITELIST - capture only allowed fields of the response body. |
whitelistReq |
string | A string containing allowed request body fields. |
whitelistRsp |
string | A string containing allowed response body fields. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/privacy \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "elementBlocks": [ { "selector": "input[type=password]", "consent": false, "notes": "", "type": "BLOCK_EXCLUDE", "scope": "ALL_SESSIONS", "lastUpdated": "0001-01-01T00:00:00Z", "label": "", "targetingConditions": null, "editable": "EDITABLE_DESCRIPTION_ONLY", "exceptionSelectors": [], "groupId": 0 }, { "selector": "img.avatar", "consent": false, "notes": "", "type": "BLOCK_SCRUB", "scope": "ALL_SESSIONS", "lastUpdated": "2021-05-30T20:05:30.032Z", "label": "Avatar Images", "targetingConditions": null, "editable": "EDITABLE_DESCRIPTION_ONLY", "exceptionSelectors": [], "groupId": 0 } ], "ajaxWatches": [ { "urlRegex": "/session\\?.*", "recordReq": "ELIDE", "recordRsp": "WHITELIST", "whitelistReq": "", "whitelistRsp": "" }, { "urlRegex": "/highlights/share.*", "recordReq": "ELIDE", "recordRsp": "WHITELIST", "whitelistReq": "", "whitelistRsp": "" } ], "discardIpAddresses": false, "metadata": { "lastUpdated": "2021-06-03T14:57:32.623593Z", "lastUpdatedBy": "bob@example.com", "created": "2020-09-30T18:49:27.391Z", "createdBy": "bob@example.com" }, "defaultPrivacyMode": "PRIVACY_MODE_OFF", "elementRuleGroups": {} }
Privacy Settings History
GET /settings/recording/v1/privacy/history
This endpoint returns a list of versions, each with a list of privacy settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header and an Admin API Key. This endpoint accepts GET requests.
Request Parameters:
Name | Type | Description |
pagination_token |
string | [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings. |
limit |
integer | [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/privacy/history?limit=1 \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "versions": [ { "elementBlocks": [ { "selector": "input[type=password]", "consent": false, "notes": "", "type": "BLOCK_EXCLUDE", "scope": "ALL_SESSIONS", "lastUpdated": "0001-01-01T00:00:00Z", "label": "", "targetingConditions": null, "editable": "EDITABLE_DESCRIPTION_ONLY", "exceptionSelectors": [], "groupId": 0 } ], "ajaxWatches": [ { "urlRegex": "/session\\?.*", "recordReq": "ELIDE", "recordRsp": "WHITELIST", "whitelistReq": "", "whitelistRsp": "" }, { "urlRegex": "/highlights/share.*", "recordReq": "ELIDE", "recordRsp": "WHITELIST", "whitelistReq": "", "whitelistRsp": "" } ], "discardIpAddresses": false, "metadata": { "lastUpdated": "2021-06-03T14:57:32.623593Z", "lastUpdatedBy": "bob@example.com", "created": "2020-09-30T18:49:27.391Z", "createdBy": "bob@example.com" }, "defaultPrivacyMode": "PRIVACY_MODE_OFF", "elementRuleGroups": {} } ], "next_pagination_token": "v179a4d1019fg" }
Data Capture Feature Settings
GET /settings/recording/v1/features
This endpoint returns a list data capture features and whether or not they're enabled. This endpoint accepts a GET request and an optional platform parameter. The endpoint requires an Authorization header.
Request Parameters:
Name | Type | Description |
platform |
string |
[optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”. |
Response Keys:
Name | Type | Description |
enabled |
boolean | Is data capture enabled? |
consoleWatcher |
boolean | Is console data capture enabled? |
ajaxWatcher |
boolean | Is Network data capture enabled? |
resourceUploading |
boolean | Is Asset Uploading being used? |
clientSideRageClick |
boolean | Are client-side ragehooks enabled for rage clicks? |
metadata |
object | Date updated, and updater. Date created, and creator. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/features?platform=web \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "enabled": true, "consoleWatcher": true, "ajaxWatcher": true, "resourceUploading": false, "recordingShutoff": false, "metadata": { "lastUpdated": "2021-05-12T15:16:10.268269Z", "lastUpdatedBy": "Bob (bob@example.com)", "created": "2020-09-08T15:57:20.830Z", "createdBy": "jane@example.com" }, "clientSideRageClick": false }
Data Capture Features Settings History
GET /settings/recording/v1/features/history
This endpoint returns a list of versions, each with a list of data capture features settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.
Request Parameters:
Name | Type | Description |
pagination_token |
string | [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings. |
limit |
integer | [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100. |
platform |
integer | [optional] If specified, this parameter determines which platform to return results from (web vs mobile apps). Accepted values are “web” or “mobile”. If not provided this defaults to “web”. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/features/history?platform=web \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "versions": [ { "enabled": true, "consoleWatcher": true, "ajaxWatcher": true, "resourceUploading": false, "recordingShutoff": false, "metadata": { "lastUpdated": "2021-05-12T15:16:10.268269Z", "lastUpdatedBy": "bob@example.com", "created": "2020-09-08T15:57:20.830Z", "createdBy": "bob@example.com" }, "clientSideRageClick": false }, { "enabled": true, "consoleWatcher": true, "ajaxWatcher": true, "resourceUploading": false, "recordingShutoff": false, "metadata": { "lastUpdated": "2021-05-12T15:15:53.309243Z", "lastUpdatedBy": "bob@example.com", "created": "2020-09-08T15:57:20.830Z", "createdBy": "bob@example.com" }, "clientSideRageClick": true } ], "next_pagination_token": "v17861a0f56b" }
The following two endpoints will only return data for customers using Fullstory for Mobile Apps who are also using the beta Targeted Data Capture Rules feature.
Targeted Data Capture Rules (Mobile Apps only)
GET /settings/recording/v1/targeting
This endpoint lists any Targeted Data Capture Rules related to Mobile app versions or Mobile OS versions. This endpoint does not have any parameters and is a GET request. The endpoint requires an Authorization header.
Response Keys:
Name | Type | Description |
sessionTargetingRules |
array | A list of constraints detailing when a session should not be captured. |
metadata |
object | Date updated, and updater. Date created, and creator. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/targeting \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "sessionTargetingRules": [], "metadata": { "lastUpdated": "2020-10-01T23:53:06.496Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:06.496Z", "createdBy": "bob@example.com" } }
Targeted Data Capture Rules History (Mobile Apps only)
GET /settings/recording/v1/targeting/history
This endpoint returns a list of versions, each with a list of targeted data capture rules settings. A new version is created each time these settings are modified. This endpoint allows for paging through the history of these versions for audit purposes and requires an Authorization header. This endpoint accepts GET requests.
Request Parameters:
Name | Type | Description |
pagination_token |
string | [optional] If specified, this is the token to start the page of results at. The default is the most recent version of settings. |
limit |
integer | [optional] If specified, this is the max number of returned versions. The default is 20 and the max is 100. |
Example request:
curl -X GET \ https://api.fullstory.com/settings/recording/v1/targeting/history \ -H "content-type: application/json" \ -H "Authorization: Basic YOUR_API_KEY"
Example response:
{ "versions": [ { "sessionTargetingRules": [], "metadata": { "lastUpdated": "2020-10-01T23:53:06.496Z", "lastUpdatedBy": "bob@example.com", "created": "2020-10-01T23:53:06.496Z", "createdBy": "bob@example.com" } } ], "next_pagination_token": "" }