GET /api/activities

Retrieve activity logs with advanced filtering and pagination.

Endpoint

GET /api/activities

Authentication

Requires API Key with read access (all keys have read access).

Authorization: Bearer <api-key>

Query Parameters

Parameter	Type	Required	Description
`search`	string	No	Advanced query string (generated by convertsearch)
`skip`	integer	No	Number of records to skip (default: 0)
`take`	integer	No	Number of records to return (default: 25, max: 1000)
`sortBy`	string	No	Sort field and direction (e.g., `timestamp desc`)

Request Example

curl -X GET "https://your-shield-host:8080/api/activities?search=QUERY&skip=0&take=100&sortBy=timestamp%20desc" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response Format

{
  "items": [
    {
      "id": "activity-uuid",
      "timestamp": 1704067200,
      "url": "https://api.example.com/users",
      "hostname": "api.example.com",
      "username": "john.doe@company.com",
      "userGroup": "Engineering",
      "apps": [
        {
          "id": "app-uuid",
          "name": "Payment API"
        }
      ],
      "detected": true,
      "obfuscated": true,
      "blocked": false,
      "datatypesDetected": [
        {
          "id": "datatype-uuid",
          "type": "US_SSN",
          "name": "Social Security Number",
          "count": 2
        }
      ],
      "datatypesObfuscated": [
        {
          "id": "datatype-uuid",
          "type": "US_SSN",
          "name": "Social Security Number",
          "count": 2
        }
      ],
      "rules": [
        {
          "id": "rule-uuid",
          "name": "PII Protection Rule"
        }
      ],
      "contentType": "application/json",
      "icapMode": "REQMOD",
      "bodyLength": 2048,
      "httpStatusCode": 200
    }
  ],
  "count": 1543
}

Response Fields

Activity Metadata

Field	Type	Description
`id`	string	Unique activity identifier (UUID)
`timestamp`	integer	Unix timestamp (seconds since epoch)
`url`	string	Full request URL
`hostname`	string	Request hostname
`username`	string	Authenticated username (if available)
`userGroup`	string	User's group membership (if available)

Detection and Action

Field	Type	Description
`detected`	boolean	Whether sensitive data was detected
`obfuscated`	boolean	Whether data was masked
`blocked`	boolean	Whether request was blocked
`bypassed`	boolean	Whether scanning was bypassed

Policy Context

Field	Type	Description
`apps`	object[]	Matched applications
`rules`	object[]	Rules that matched this activity
`datatypesDetected`	object[]	Data types found in the request
`datatypesObfuscated`	object[]	Data types that were masked

Request Details

Field	Type	Description
`contentType`	string	HTTP Content-Type header
`icapMode`	string	`REQMOD`, `RESPMOD`, or `API`
`bodyLength`	integer	Request body size in bytes
`httpStatusCode`	integer	HTTP status code
`clientIPAddress`	string	Client IP address (if available)
`clientDevice`	string	Device type (if available)

Sorting

The sortBy parameter accepts a field name followed by sort direction:

sortBy=timestamp desc
sortBy=username asc
sortBy=request_size desc

Available sort fields:

timestamp
username
hostname
url
content_type
request_size
response_size

Note: Fields containing arrays (e.g., datatypes_detected, rules) cannot be used for sorting.

Pagination

Use skip and take to paginate through large result sets:

Python Example

# Get first page (records 0-99)
page1 = requests.get(
    f"{BASE_URL}/api/activities",
    headers=HEADERS,
    params={"search": query, "skip": 0, "take": 100}
).json()

# Get second page (records 100-199)
page2 = requests.get(
    f"{BASE_URL}/api/activities",
    headers=HEADERS,
    params={"search": query, "skip": 100, "take": 100}
).json()

print(f"Total activities: {page1['count']}")

Complete Example

Example

import requests

BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}

# Build query for last 24 hours
query_request = {
    "simpleToAdvanced": {
        "timestamp": {"withinLast": {"days": 1, "hours": 0, "minutes": 0}}
    }
}

query = requests.post(
    f"{BASE_URL}/api/activities/convertsearch",
    headers=HEADERS,
    json=query_request
).json()["simpleToAdvanced"]

# Get activities
response = requests.get(
    f"{BASE_URL}/api/activities",
    headers=HEADERS,
    params={
        "search": query,
        "skip": 0,
        "take": 100,
        "sortBy": "timestamp desc"
    }
)

activities = response.json()

print(f"Found {activities['count']} activities")
print(f"Retrieved {len(activities['items'])} in this page")

# Process activities
for activity in activities["items"]:
    detected_types = [dt["type"] for dt in activity.get("datatypesDetected", [])]
    print(f"{activity['timestamp']}: {activity['url']} - Detected: {', '.join(detected_types)}")

Error Responses

Status Code	Description	Resolution
400	Invalid query syntax	Verify query string format
401	Invalid or missing API key	Check authentication
500	Server error	Check Shield logs

POST /api/activities/convertsearch - Build query strings programmatically
GET /api/activities/csv - Export activities to CSV format
Extracting Activity Data Workflow - Complete workflow guide