Help Center> Cloud Trace Service> API Reference> V3 APIs (Recommended)> Key Event Notification Management> Creating a Key Event Notification
Updated on 2024-05-24 GMT+08:00
View PDF

Creating a Key Event Notification

Function

SMS, email, or HTTP/HTTPS notifications can be sent through pre-configured SMN topics to subscribers when key operations occur. This helps you detect high-risk operations promptly. Notifications can also be used as triggers for specific operations or to connect to your own audit system.

API Calling

For details, see Calling APIs.

URI

POST /v3/{project_id}/notifications

Table 1 Path parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details, see Obtaining an Account ID and Project ID.

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

notification_name

Yes

String

Notification name.

operation_type

Yes

String

Operation type. Possible options include complete and customized. If you choose complete, you do not need to specify operations and notify_user_list, and notifications will be sent when any supported operations occur on any of the connected cloud services. If you choose customized, notifications will be sent when operations defined in operations occur.

Values:

  • complete

  • customized

operations

No

Array of Operations objects

Operation list.

notify_user_list

No

Array of NotificationUsers objects

List of users whose operations will trigger notifications. Currently, up to 50 users in 10 user groups can be configured.

topic_id

No

String

Topic URN or function URN. To obtain the topic_urn, call the SMN API for querying topics. Example URN: urn:smn:regionId:f96188c7ccaf4ffba0c9aa149ab2bd57:test_topic_v2 To obtain the function URN, call the FunctionGraph API for querying functions. Example URN: urn:fss:xxxxxxxxx:7aad83af3e8d42e99ac194e8419e2c9b:function:default:test

filter

No

Filter object

Advanced filter of key event notifications.

agency_name

No

String

Name of a cloud service agency. If this parameter is set to cts_admin_trust, a cloud service agency named cts_admin_trust is automatically created during key event notification creation.

Value:

  • cts_admin_trust
Table 3 Operations

Parameter

Mandatory

Type

Description

service_type

Yes

String

Cloud service. The value must be the acronym of a cloud service that has been connected with CTS. It is a word composed of uppercase letters. For cloud services that can be connected with CTS, see section "Supported Services and Operations" in Cloud Trace Service User Guide. You can click the document link of each cloud service to view its acronym.

resource_type

Yes

String

Resource type.

trace_names

Yes

Array of strings

Trace name.
Table 4 NotificationUsers

Parameter

Mandatory

Type

Description

user_group

Yes

String

IAM user group.

user_list

Yes

Array of strings

IAM user.
Table 5 Filter

Parameter

Mandatory

Type

Description

condition

Yes

String

Relationship between conditions.

  • AND (default value) indicates that a rule takes effect after all filtering criteria are met.

  • OR indicates that a rule takes effect when one of the filtering criteria is met.

Values:

  • AND (default value)

  • OR

is_support_filter

Yes

Boolean

Whether to enable the advanced filter.

rule

Yes

Array of strings

Advanced filter criteria rule. Example: key != value. The format is field rule value. - Field options: api_version, code, trace_rating, trace_type, resource_id, or resource_name. - Rule: != or =. - Value: api_version: ^(a-zA-Z0-9_-.){1,64}$; code: 1 to 256 characters; trace_rating: normal, warning, or incident; trace_type: ConsoleAction, ApiCall, or SystemAction; resource_id: 1 to 350 characters; resource_name: 1 to 256 characters.

Response Parameters

Status code: 201

Table 6 Response body parameters

Parameter

Type

Description

notification_name

String

Notification name.

operation_type

String

Operation type. Possible options include complete and customized.

  • complete: Notifications will be sent through SMN for all operations recorded by CTS.

  • customized: Notifications will be sent through SMN for specified operations performed on specified cloud services.

Values:

  • customized

  • complete

operations

Array of Operations objects

Operation list.

notify_user_list

Array of NotificationUsers objects

List of users whose operations will trigger notifications. Currently, up to 50 users in 10 user groups can be configured.

status

String

Notification status.

  • disabled: The key event notification is disabled.

  • enabled: The key event notification is enabled.

Values:

  • enabled

  • disabled

topic_id

String

Unique resource ID of an SMN topic. You can obtain the ID by querying the topic list.

notification_id

String

Unique notification ID.

notification_type

String

Notification type. - smn: Simple Message Notification (SMN). - fun: FunctionGraph.

Values:

  • smn

  • fun

project_id

String

Project ID.

create_time

Long

Time when a notification rule was created.

filter

Filter object

Advanced filter of key event notifications.

agency_name

String

Name of a cloud service agency. If this parameter is set to cts_admin_trust, a cloud service agency named cts_admin_trust is automatically created during key event notification creation.

Value:

  • cts_admin_trust
Table 7 Operations

Parameter

Type

Description

service_type

String

Cloud service. The value must be the acronym of a cloud service that has been connected with CTS. It is a word composed of uppercase letters. For cloud services that can be connected with CTS, see section "Supported Services and Operations" in Cloud Trace Service User Guide. You can click the document link of each cloud service to view its acronym.

resource_type

String

Resource type.

trace_names

Array of strings

Trace name.
Table 8 NotificationUsers

Parameter

Type

Description

user_group

String

IAM user group.

user_list

Array of strings

IAM user.
Table 9 Filter

Parameter

Type

Description

condition

String

Relationship between conditions.

  • AND (default value) indicates that a rule takes effect after all filtering criteria are met.

  • OR indicates that a rule takes effect when one of the filtering criteria is met.

Values:

  • AND (default value)

  • OR

is_support_filter

Boolean

Whether to enable the advanced filter.

rule

Array of strings

Advanced filter criteria rule. Example: key != value. The format is field rule value. - Field options: api_version, code, trace_rating, trace_type, resource_id, or resource_name. - Rule: != or =. - Value: api_version: ^(a-zA-Z0-9_-.){1,64}$; code: 1 to 256 characters; trace_rating: normal, warning, or incident; trace_type: ConsoleAction, ApiCall, or SystemAction; resource_id: 1 to 350 characters; resource_name: 1 to 256 characters.

Status code: 400

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code. Format: CTS.XXX.

error_msg

String

Error message.

Status code: 401

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Error code. Format: CTS.XXX.

error_msg

String

Error message.

Status code: 403

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Error code. Format: CTS.XXX.

error_msg

String

Error message.

Status code: 404

Table 13 Response body parameters

Parameter

Type

Description

error_code

String

Error code. Format: CTS.XXX.

error_msg

String

Error message.

Status code: 500

Table 14 Response body parameters

Parameter

Type

Description

error_code

String

Error code. Format: CTS.XXX.

error_msg

String

Error message.

Status code: 503

Table 15 Response body parameters

Parameter

Type

Description

error_code

String

Error code. Format: CTS.XXX.

error_msg

String

Error message.

Example Request

  • Creating a complete key event notification

    POST https://{endpoint}/v3/{project_id}/notifications

{
  "notification_name" : "test",
  "filter" : {
    "is_support_filter" : true,
    "rule" : [ "code != 200", "api_version = v1.0", "trace_rating = normal", "trace_type != ApiCall", "resource_id = xxx", "resource_name = xxx" ],
    "condition" : "OR"
  },
  "operation_type" : "complete",
  "agency_name" : "cts_admin_trust",
  "topic_id" : "urn:smn:{regionid}:24edf66e79d04187acb99a463e610764:test"
}

  • Creating a custom key event notification

    POST https://{endpoint}/v3/{project_id}/notifications

{
  "notification_name" : "test",
  "operation_type" : "customized",
  "agency_name" : "cts_admin_trust",
  "filter" : {
    "is_support_filter" : true,
    "rule" : [ "code != 200", "api_version = v1.0", "trace_rating = normal", "trace_type != ApiCall", "resource_id = xxx", "resource_name = xxx" ],
    "condition" : "OR"
  },
  "operations" : [ {
    "service_type" : "CTS",
    "resource_type" : "tracker",
    "trace_names" : [ "createTracker", "deleteTracker" ]
  }, {
    "service_type" : "CTS",
    "resource_type" : "notification",
    "trace_names" : [ "deleteNotification", "updateNotification" ]
  }, {
    "service_type" : "AOM",
    "resource_type" : "pe",
    "trace_names" : [ "deletePolicyGroup", "updatePolicyGroup", "createPolicyGroup" ]
  } ],
  "notify_user_list" : [ {
    "user_group" : "admin",
    "user_list" : [ "test1", "test2" ]
  }, {
    "user_group" : "CTS view",
    "user_list" : [ "test3", "test4" ]
  } ],
  "topic_id" : "urn:smn:{regionid}:24edf66e79d04187acb99a463e610764:test"
}

Example Response

Status code: 201

The creation is successful.

{
  "create_time" : 1634001495876,
  "notification_id" : "cda8fd83-d08c-46f0-b914-1453a6a85c00",
  "notification_name" : "test",
  "agency_name" : "cts_admin_trust",
  "notification_type" : "smn",
  "notify_user_list" : [ {
    "user_group" : "admin",
    "user_list" : [ "test1", "test2" ]
  }, {
    "user_group" : "CTS view",
    "user_list" : [ "test3", "test4" ]
  } ],
  "operation_type" : "customized",
  "operations" : [ {
    "resource_type" : "tracker",
    "service_type" : "CTS",
    "trace_names" : [ "createTracker", "deleteTracker" ]
  }, {
    "resource_type" : "notification",
    "service_type" : "CTS",
    "trace_names" : [ "deleteNotification", "updateNotification" ]
  }, {
    "resource_type" : "pe",
    "service_type" : "AOM",
    "trace_names" : [ "deletePolicyGroup", "updatePolicyGroup", "createPolicyGroup" ]
  } ],
  "project_id" : "24edf66e79d04187acb99a463e610764",
  "status" : "enabled",
  "topic_id" : "urn:smn:{regionid}:24edf66e79d04187acb99a463e610764:test"
}

Status Codes

Status Code

Description

201

The creation is successful.

400

The server failed to process the request.

401

The request is rejected due to authentication failure.

403

The server understood the request but refused to authorize it.

404

The server failed to find the requested resource or some key event notifications failed to be deleted.

500

The request failed to be executed or some trackers failed to be deleted.

503

The requested service is invalid. The client should not repeat the request without modifications.

Error Code

For details, see Error Codes.