This REST API is used to authenticate the users. A user needs to authenticate when he wants to use the API for administrative tasks like enrolling a token.

This API must not be confused with the validate API, which is used to check, if a OTP value is valid. See Validate endpoints.

Authentication of users and admins is tested in tests/

You need to authenticate for all administrative tasks. If you are not authenticated, the API returns a 401 response.

To authenticate you need to send a POST request to /auth containing username and password. Audit endpoint

GET /audit/

return a paginated list of audit entries.

Params can be passed as key-value-pairs.

Httpparam timelimit

A timelimit, that limits the recent audit entries. This param gets overwritten by a policy auditlog_age. Can be 1d, 1m, 1h.

Example request:

GET /audit?realm=realm1 HTTP/1.1
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": [
          "serial": "....",
          "missing_line": "..."
   "version": "privacyIDEA unknown"
GET /audit/(csvfile)

Download the audit entry as CSV file.

Params can be passed as key-value-pairs.

Example request:

GET /audit/audit.csv?realm=realm1 HTTP/1.1
Accept: text/csv

Example response:

HTTP/1.1 200 OK
Content-Type: text/csv

   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": [
          "serial": "....",
          "missing_line": "..."
   "version": "privacyIDEA unknown"