SIEM API

Updated: 五月 21, 2026

The SIEM API exposes Workspace audit events as a paginated JSON feed, compatible with the Common Event Format (CEF) standard. Use it to ingest Altium 365 audit logs into your Security Information and Event Management (SIEM) system or any external compliance tooling.

Enterprise license required. The Audit Export option only appears in Workspace Admin settings when an Enterprise-level license is active.

Finding Your Endpoint and Credentials

Each Workspace has its own audit endpoint URL and credentials. To find them:

Go to Admin → Settings → Audit Export in your Workspace.
Copy the Endpoint URL, Client ID, and Secret Key.

You can regenerate or revoke the Secret Key from this page at any time. Regenerating a key immediately invalidates the previous one.

Authentication

Every request requires two custom headers:

Header	Value
`ClientId`	Your Workspace Client ID
`ClientSecret`	Your Workspace Secret Key

Fetching Events

GET {your-audit-endpoint}?Offset=0&Limit=500
ClientId: {your-client-id}
ClientSecret: {your-secret-key}

Query Parameters

Parameter	Required	Description
`Offset`	No	Starting position in the result set. Default: `0`
`Limit`	No	Maximum number of events to return. Cannot exceed the API maximum; exceeding it returns `400`.

Curl Example

curl -G '{your-audit-endpoint}' \
  -H 'ClientId: {your-client-id}' \
  -H 'ClientSecret: {your-secret-key}' \
  --data-urlencode 'Offset=0' \
  --data-urlencode 'Limit=500'

Response Format

{
  "TotalCount": 2,
  "Events": [
    {
      "CefVersion": "1",
      "DeviceVendor": "Altium",
      "DeviceProduct": "365 Platform",
      "DeviceVersion": "Cloud",
      "DeviceEventClassId": "",
      "Name": "User Login",
      "Extension": {
        "dvchost": "host.domain.com",
        "msg": "User successful login",
        "rt": "2024-01-10T14:30:00Z",
        "dtz": "UTC+00:00",
        "suser": "sampleuser",
        "act": "login",
        "externalId": "45678",
        "cat": "authentication"
      }
    }
  ]
}

Top-level Fields

Field	Type	Description
`TotalCount`	integer	Total number of events available across all pages
`Events`	array	Events on the current page

Event Fields

Field	Type	Description
`CefVersion`	string	CEF version
`DeviceVendor`	string	Always `"Altium"`
`DeviceProduct`	string	Always `"365 Platform"`
`DeviceVersion`	string	Always `"Cloud"`
`DeviceEventClassId`	string	Event class identifier
`Name`	string	Human-readable event name (e.g. `"User Login"`)
`Extension`	object	Detailed event data – see below

Extension Fields

Field	Type	Description
`dvchost`	string	Fully qualified domain name of the Workspace
`msg`	string	Human-readable event description
`rt`	string	Event timestamp (ISO 8601)
`dtz`	string	Timezone (e.g. `"UTC+00:00"`)
`suser`	string	Username associated with the event
`act`	string	Action performed (e.g. `"login"`, `"create"`, `"delete"`)
`externalId`	string	Originating entity ID
`cat`	string	Event category (e.g. `"authentication"`, `"design"`)

Pagination

Use TotalCount from the first response to determine how many pages to fetch. Increment Offset by your Limit on each subsequent request until all events are retrieved.

Page 1: Offset=0,   Limit=500   → events 1–500
Page 2: Offset=500, Limit=500   → events 501–1000
...

HTTP Status Codes

Code	Meaning
`200 OK`	Events returned successfully
`400 Bad Request`	`Limit` exceeds the API maximum
`401 Unauthorized`	Invalid credentials, or Enterprise license not active