This REST API is used to authenticate the users. A user needs to authenticate when he wants to use the API for administrative tasks like enrolling a token.

This API must not be confused with the validate API, which is used to check, if a OTP value is valid. See Validate endpoints.

Authentication of users and admins is tested in tests/test_api_roles.py

You need to authenticate for all administrative tasks. If you are not authenticated, the API returns a 401 response.

To authenticate you need to send a POST request to /auth containing username and password.

14.1.1.1. Audit endpoint

GET /audit/

return a paginated list of audit entries.

Params can be passed as key-value-pairs.

Httpparam timelimit

A timelimit, that limits the recent audit entries. This param gets overwritten by a policy auditlog_age. Can be 1d, 1m, 1h.

Example request:

GET /audit?realm=realm1 HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

 {
   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": [
       {
          "serial": "....",
          "missing_line": "..."
       }
     ]
   },
   "version": "privacyIDEA unknown"
 }
GET /audit/(csvfile)

Download the audit entry as CSV file.

Params can be passed as key-value-pairs.

Example request:

GET /audit/audit.csv?realm=realm1 HTTP/1.1
Host: example.com
Accept: text/csv

Example response:

HTTP/1.1 200 OK
Content-Type: text/csv

 {
   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": [
       {
          "serial": "....",
          "missing_line": "..."
       }
     ]
   },
   "version": "privacyIDEA unknown"
 }