Create or replace a saved audit-log view

POST

/portal/v1/me/audit-views

Authentication

Bearer Token Authorization
JWT access token

Request body

namestring*
Display label for the chip. Trimmed; allowed characters: letters, numbers, spaces, hyphens, underscores. 1–60 chars.
surfaceenum: "admin" | "identities"*
Audit-log surface the view belongs to. Uniqueness is per-`(name, surface)` so a 'Last 24h' chip can live on both tabs.
filtersany*
Filter set snapshot — same shape as the query endpoint.

Code samples

cURL

JavaScript

Python

curl -X POST "https://api.canopy.dev/portal/v1/me/audit-views" \
  -H "Authorization: Bearer $CANOPY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "string",
    "surface": "admin",
    "filters": {
      "from": "2026-04-20T12:00:00.000Z",
      "to": "2026-04-20T12:00:00.000Z",
      "action": [
        "string"
      ],
      "category": "auth",
      "severity": "info",
      "outcome": "success",
      "actor_id": "00000000-0000-0000-0000-000000000000",
      "actor_type": "string",
      "resource_type": "string",
      "resource_id": "00000000-0000-0000-0000-000000000000",
      "correlation_id": "00000000-0000-0000-0000-000000000000",
      "application_id": "00000000-0000-0000-0000-000000000000",
      "environment_id": "00000000-0000-0000-0000-000000000000",
      "q": "string",
      "cursor": "string",
      "limit": 50
    }
  }'

const response = await fetch("https://api.canopy.dev/portal/v1/me/audit-views", {
  method: "POST",
  headers: {
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "name": "string",
    "surface": "admin",
    "filters": {
      "from": "2026-04-20T12:00:00.000Z",
      "to": "2026-04-20T12:00:00.000Z",
      "action": [
        "string"
      ],
      "category": "auth",
      "severity": "info",
      "outcome": "success",
      "actor_id": "00000000-0000-0000-0000-000000000000",
      "actor_type": "string",
      "resource_type": "string",
      "resource_id": "00000000-0000-0000-0000-000000000000",
      "correlation_id": "00000000-0000-0000-0000-000000000000",
      "application_id": "00000000-0000-0000-0000-000000000000",
      "environment_id": "00000000-0000-0000-0000-000000000000",
      "q": "string",
      "cursor": "string",
      "limit": 50
    }
  }),
});

const data = await response.json();

import requests

response = requests.post(
    "https://api.canopy.dev/portal/v1/me/audit-views",
    headers={
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
    },
    json={
        "name": "string",
        "surface": "admin",
        "filters": {
            "from": "2026-04-20T12:00:00.000Z",
            "to": "2026-04-20T12:00:00.000Z",
            "action": [
                "string",
            ],
            "category": "auth",
            "severity": "info",
            "outcome": "success",
            "actor_id": "00000000-0000-0000-0000-000000000000",
            "actor_type": "string",
            "resource_type": "string",
            "resource_id": "00000000-0000-0000-0000-000000000000",
            "correlation_id": "00000000-0000-0000-0000-000000000000",
            "application_id": "00000000-0000-0000-0000-000000000000",
            "environment_id": "00000000-0000-0000-0000-000000000000",
            "q": "string",
            "cursor": "string",
            "limit": 50,
        },
    },
)

data = response.json()

package main

import (
	"bytes"
	"encoding/json"
	"net/http"
)

func main() {
	payload := map[string]interface{}{
		"name": "string",
		"surface": "admin",
		"filters": map[string]interface{}{
			"from": "2026-04-20T12:00:00.000Z",
			"to": "2026-04-20T12:00:00.000Z",
			"action": []interface{}{
				"string",
			},
			"category": "auth",
			"severity": "info",
			"outcome": "success",
			"actor_id": "00000000-0000-0000-0000-000000000000",
			"actor_type": "string",
			"resource_type": "string",
			"resource_id": "00000000-0000-0000-0000-000000000000",
			"correlation_id": "00000000-0000-0000-0000-000000000000",
			"application_id": "00000000-0000-0000-0000-000000000000",
			"environment_id": "00000000-0000-0000-0000-000000000000",
			"q": "string",
			"cursor": "string",
			"limit": 50,
		},
	}
	body, _ := json.Marshal(payload)

	req, _ := http.NewRequest("POST", "https://api.canopy.dev/portal/v1/me/audit-views", bytes.NewBuffer(body))
	req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")
	req.Header.Set("Content-Type", "application/json")

	resp, _ := http.DefaultClient.Do(req)
	defer resp.Body.Close()
}

Responses

201 Atomic upsert by name — POSTing a view whose name already exists overwrites the prior entry. Per-user cap of 20 views; exceeding it returns 400 with `audit.view_limit_exceeded`. The `filters` payload is validated as a strict `AuditQueryDto`.

{
  "name": "string",
  "surface": "admin",
  "filters": {}
}

application/json

namestring*
Display name. Unique per `(user, surface)` pair.
surfaceenum: "admin" | "identities"*
Audit-log surface this view belongs to (plan §19). The dashboard renders each view on its surface's tab only.
filtersany object*
Snapshot of the `AuditQueryDto` filter set. Echoed back verbatim so the dashboard can re-apply the exact filter chips.

400 User has reached the 20-view per-admin limit. Delete an existing view before creating a new one.

401 Invalid or expired token

403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

Returned object

The AuditViewResponseDto object View all properties on this resource

On this page