cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
687
Views
0
Helpful
9
Replies

"limit" in cisco duo admin api logs

sriramduo
Level 1
Level 1

Hi., 
what is the minimum value for "limit" param in csico duo admin log api authentication logs..,
when trying to hit authentication logs with limit=1 getting 

GET https://{hostname}/admin/v2/logs/authentication?maxtime=1700540043000&mintime=1699149677000&limit=1

{
    "code"40103,
    "message""Invalid signature in request credentials",
    "stat""FAIL"
}
But, if I hit the api without limit its working fine
GET https://{hostname}/admin/v2/logs/authentication?maxtime=1700540043000&mintime=1699149677000
{
"response": {
"authlogs": [],
"metadata": {
"next_offset": null,
"total_objects": 0
}
},
"stat": "OK"
}

 @DuoKristina 

9 Replies 9

DuoKristina
Cisco Employee
Cisco Employee

1 is valid and worked for me? I sent this (in Postman) and got back one authlog event and the offset info (datestring and txid) for the next one:

 

https://api-nnn.duosecurity.com/admin/v2/logs/authentication?limit=1&mintime=1698770162000&maxtime=1698809762000

 

Duo, not DUO.

sriramduo
Level 1
Level 1

But, why is it failing in my case?
Do we need to make any configuration changes in Admin api console? 

and also I am using a free 30 day trail account, is it an issue?

sriramduo
Level 1
Level 1

And I didn't see any documentation on Rate limit/ throttling for the api calls? 
can you please provide me the link for the same if its available?

@DuoKristina 

DuoKristina
Cisco Employee
Cisco Employee

>But, why is it failing in my case?
I don't know why you may be having an issue, but I can confirm specifying a limit value of 1 is valid.How are you making the request? Are you using one of our API clients from GitHub, or Postman, or your own script/code? Are you certain however you are sending the request is handling additional params correctly with regard to constructing the HMAC signature? https://duo.com/docs/adminapi#authentication

>Do we need to make any configuration changes in Admin api console? 
No, If you are able to pull authlog records without specifying a limit value then there is nothing to adjust in the Admin Panel. The permission required is "Read information" and if you can pull any logs then the permission for the Admin API application is sufficient.

>And I didn't see any documentation on Rate limit/ throttling for the api calls? 

For authentication v2 logs endpoint it is mentioned here https://duo.com/docs/adminapi#authentication-logs:

There is an intentional two minute delay in availability of new authentications in the API response. Duo operates a large scale distributed system, and this two minute buffer period ensures that calls will return consistent results. Querying for results more recent than two minutes will return as empty.

We recommend requesting logs no more than once per minute.

 

Duo, not DUO.

sriramduo
Level 1
Level 1

Hi, Thanks for your prompt reply.


How are you making the request?
using code 

package com.ram.sf.duo;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.*;
import java.util.stream.Collectors;


public class AuthenticationLogs1 {
    public static void main(String[] args) throws InvalidKeyException {
        String method = "GET";
        String host = "api-db88d6a9.duosecurity.com";
        String path = "/admin/v2/logs/authentication";
        Map<String, String> params = new LinkedHashMap<>();
        Date currentDate = new Date();

        // Calculate the date 180 days ago
        long daysToSubtract = 5;
        long millisecondsInADay = 24 * 60 * 60 * 1000;
        long millisecondsToSubtract = daysToSubtract * millisecondsInADay;
        long minTime = currentDate.getTime() - millisecondsToSubtract;

        long millisecondsInADay1 = 1 * 60 * 60 * 1000;
        long maxTime = currentDate.getTime() -millisecondsInADay1;
        params.put("maxtime","1700540043000");
        params.put("mintime","1699149677000");
        //params.put("limit", "1");
        params.put("sort", "ts%3Aasc");
        String ikey = "DIP5K1AZ4J6O9RFOZRRY";
        String skey = "rkI9yXyqQT91Rw02F5Zao0itpV4LwkAUz8KNnrA6";

        // Create canonical string
        SimpleDateFormat dateFormat = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss Z");
        // dateFormat.setTimeZone(TimeZone.getTimeZone("EST"));
        String now = dateFormat.format(new Date());
        //   String now = OffsetDateTime.now().format(DateTimeFormatter.RFC_1123_DATE_TIME);


        StringBuilder canonicalStringBuilder = new StringBuilder();
        canonicalStringBuilder.append(now)
                .append("\n")
                .append(method.toUpperCase())
                .append("\n")
                .append(host.toLowerCase())
                .append("\n")
                .append(path)
                .append("\n");

        String h=params.keySet().stream().map(key->key+"="+params.get(key)).collect(Collectors.joining("&"));

        canonicalStringBuilder.append(h);

        String canonicalString = canonicalStringBuilder.toString();
        System.out.println(canonicalString);
        // Sign canonical string
        try {
            Mac sha1Hmac = Mac.getInstance("HmacSHA1");
            SecretKeySpec secretKey = new SecretKeySpec(skey.getBytes(StandardCharsets.UTF_8), "HmacSHA1");
            sha1Hmac.init(secretKey);
            byte[] signatureBytes = sha1Hmac.doFinal(canonicalString.getBytes(StandardCharsets.UTF_8));
            String signature = toHexString(signatureBytes);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
    }

    private static String toHexString(byte[] bytes) {
        StringBuilder hexString = new StringBuilder();
        for (byte b : bytes) {
            hexString.append(String.format("%02X", b));
        }
        System.out.println("password  is " + hexString.toString());
        return hexString.toString();
    }
}

the other params say sort, mintime, maxtime are working as expected except the limit param...please let me know if there is an issue with code.

@DuoKristina 

We recommend requesting logs no more than once per minute.

So, Rate limit is 1 call per minute? right?

Yeah, you might get away with two per minute but sometimes not which is why we recommend one.

Something I forget a lot is that the params have to be in alpha order. I am not a Java person but it doesn't look like your code sorts the params in alpha order? If you put limit before maxtime does that help? We do require the params to be in lexicographic order.

Duo, not DUO.

rate limit is per account, per user token or per API?

@DuoKristina 

DuoKristina
Cisco Employee
Cisco Employee

Per organization Duo account.

Duo, not DUO.
Quick Links