Querying Access login events with GraphQL
In this example, we are going to use the GraphQL Analytics API to retrieve logs for an Access login event. These logs are particularly useful for determining why a user received a 403
Forbidden error, since they surface additional data beyond what is shown in the dashboard Access logs.
The following API call will request logs for a single Access login event and output the requested fields. The authentication request is identified by its Ray ID, which you can obtain from the 403
Forbidden page shown to the user.
You will need to insert your <CLOUDFLARE_ACCOUNT_TAG>
, your API credentials in <API_TOKEN>
1, and substitute your own values for the following variables:
rayID
: A unique identifier assigned to the authentication request.datetimeStart
: The earliest event time to query (no earlier than September 16, 2022).datetimeEnd
: The latest event time to query. Be sure to specify a time range that includes the login event you are querying.
You can compare the query results to your Access policies to understand why a user was blocked. For example, if your application requires a valid mTLS certificate, Access blocked the request shown above because mtlsStatus
, mtlsCommonName
, and mtlsCertSerialId
are empty.
-
Refer to Configure an Analytics API token for more information on configuration and permissions. ↩