Notification of changes to FusionAuth

dan · 9 Jul 2020, 15:15

We'd like to be notified of changes to FusionAuth, for security reasons.

What is available and how can we be notified?

dan · 9 Jul 2020, 15:18

A couple of ideas.

Consume the audit log to look for changes ( https://fusionauth.io/docs/v1/tech/apis/audit-logs ). When in the UI, all changes to applications and tenants will result in an audit log.
If you use the APIs on your end, ensure you create an audit log to coincide with the change. You'd do this by calling the Audit log API.
You can restrict API keys as well. For instance you can set up an API key that cannot modify tenants or applications. (.ie. remove the PUT, POST and DELETE methods from any API keys with access to the /api/tenant or /api/application endpoint)

If you have other suggestions for such security measures, please open a github issue with more details.

dan · 9 Jul 2020, 17:35

If you'd like APIs to automatically log to the audit log, without additional calls to the Audit Log API, please vote for this issue: https://github.com/FusionAuth/fusionauth-issues/issues/507