ApiEvent

Tracks these user-initiated read-only API calls: query(), queryMore(), and count(). Captures API requests through SOAP API, REST API, and Bulk API for the Enterprise and Partner WSDLs. Tooling API calls and API calls originating from a Salesforce mobile app aren’t captured. You can use ApiEvent in a transaction security policy. ApiEvent is a big object that stores the event data of ApiEventStream. This object is available in API version 46.0 and later.

Supported Calls

describeSObjects(), query()

Special Access Rules

Accessing this object requires either the Salesforce Shield or Salesforce Event Monitoring add-on subscription and the View Data Leakage Detection Events user permission.

Fields

Field	Details
AdditionalInfo	Type string Properties Nillable Description JSON serialization of additional information that’s captured from the `HTTP` headers during an API request. For example, `{"field1": "value1", "field2": "value2"}`. See Working With AdditionalInfo.
ApiType	Type string Properties Nillable Description The API that was used. Values include: `SOAP Enterprise` `SOAP Partner` `REST API` `N/A`
ApiVersion	Type double Properties Nillable Description The version number of the API.
Application	Type string Properties Nillable Description The application used to access the org. For example, Einstein Analytics or Salesforce Developers Connector. This field is available in API version 41.0 and later.
Client	Type string Properties Nillable Description The service that executed the API event. If you’re using an unrecognized client, this field returns “Unknown” or a blank value.
ConnectedAppId	Type reference Properties Nillable Description The 15-character ID of the connected app associated with the API call. This field is available in API version 41.0 and later.
ElapsedTime	Type int Properties Nillable Description The amount of time it took for the request to complete in milliseconds. The measurement of this value begins before the query executes and ends when the query completes. It doesn’t include the amount of time it takes to return the result over the network.
EvaluationTime	Type double Properties Nillable Description The amount of time it took to evaluate the policy in milliseconds. This field is available in API version 41.0 and later.
EventDate	Type dateTime Properties Filter, Nillable. Sort Description The time when the specified API event was captured (after query execution takes place). For example, 2013-01-01T03:01:01Z. Seconds are the most granular setting.
EventIdentifier	Type string Properties Filter, Group, Nillable, Sort Description The unique ID of the event. For example, 0a4779b0-0da1-4619-a373-0a36991dff90. This field is available in API version 41.0 and later.
LoginHistoryId	Type reference Properties Nillable Description Tracks a user session so you can correlate user activity with a particular series of API events. This field is also available on the LoginEvent, AuthSession, and LoginHistory objects, making it easier to trace events back to a user’s original authentication. This field is available in API version 41.0 and later.
LoginKey	Type string Properties Nillable Description The string that ties together all events in a given user’s login session. The session starts with a login event and ends with either a logout event or the user session expiring.
Operation	Type string Properties Nillable, Restricted Picklist Description The API call that generated the event (`Query`, `QueryAll`, or `QueryMore`).
Platform	Type string Properties Nillable Description The operating system on the login machine. For example, iPhone, Mac OS, Linux, or Unknown. This field is available in API version 41.0 and later.
PolicyId	Type reference Properties Nillable Description The ID of the transaction policy associated with this event. This field is available in API version 42.0 and later.
PolicyOutcome	Type picklist Properties Nillable, Restricted picklist Description The result of the transaction policy. Possible values are: `Block` - The user was blocked from performing the operation that triggered the policy. `EndSession` - The Concurrent Sessions Limiting policy activated, limiting the number of concurrent sessions per user. `Error` - The policy caused an undefined error when it executed. `FailedInvalidPassword` - The user entered an invalid password. `FailedPasswordLockout` - The user entered an invalid password too many times. `NoAction` - The policy didn't trigger. `Notified` - A notification was sent to the recipient. This field is available in API version 41.0 and later.
QueriedEntities	Type string Properties Nillable Description The entities in the SOQL query. For example, Opportunity, Lead, Account, or Case. Can also include custom objects. For relationship queries, the value of this field contains all entities involved in the query. If the query returns 0 records, then the value of this field is null. Examples For `SELECT Contact.FirstName, Contact.Account.Name from Contact`, the value of QueriedEntities is `Account, Contact`. For `SELECT Account.Name, (SELECT Contact.FirstName, Contact.LastName FROM Account.Contacts) FROM Account`, the value of QueriedEntities is `Account, Contact`. For `SELECT Id, Name, Account.Name FROM Contact WHERE Account.Industry = 'media'`, the value of QueriedEntities is `Account, Contact`.
Query	Type string Properties Nillable Description The SOQL query. For example, `SELECT id FROM Lead`.
Records	Type json Properties Nillable Description A JSON string that represents the queried objects’ metadata. This metadata includes the number of results of a query per entity type and the entity IDs. Example `1{ "totalSize" : 1, 2 "done" : true, 3 "records" : [ { 4 "attributes" : { 5 "type" : "Account" 6 }, 7 "Id" : "001xx000003DMvCAAW", 8 "Contacts" : { 9 "totalSize" : 3, 10 "done" : true, 11 "records" : [ { 12 "attributes" : { 13 "type" : "Contact" 14 }, 15 "Id" : "003xx000004U7xKAAS" 16 }, { 17 "attributes" : { 18 "type" : "Contact" 19 }, 20 "Id" : "003xx000004U7xLAAS" 21 }, { 22 "attributes" : { 23 "type" : "Contact" 24 }, 25 "Id" : "003xx000004U7xMAAS" 26 } ] 27 } 28 } ] 29}`
RelatedEventIdentifier	Type string Properties Nillable Description Represents the EventIdentifier of the related event.
RowsProcessed	Type double Properties Nillable Description The number of rows of data returned from the query.
SessionKey	Type string Properties Nillable Description The user’s unique session ID. Use this value to identify all user events within a session. When a user logs out and logs in again, a new session is started. This field is available in API version 41.0 and later.
SessionLevel	Type picklist Properties Nillable, Restricted picklist Description Session-level security controls user access to features that support it, such as connected apps and reporting. Possible values are: `HIGH_ASSURANCE` - A high assurance session was used for resource access. For example, when the user tries to access a resource such as a connected app, report, or dashboard that requires a high-assurance session level. `LOW` - The user’s security level for the current session meets the lowest requirements. This low level is not available, nor used, in the Salesforce UI. User sessions through the UI are either standard or high assurance. You can set this level using the API, but users assigned this level will experience unpredictable and reduced functionality in their Salesforce org. Note `STANDARD` - The user’s security level for the current session meets the Standard requirements set in the current organization Session Security Levels. This field is available in API version 41.0 and later.
SourceIp	Type string Properties Nillable Description The IP from which the API events originated. A Salesforce internal IP (such as from an API event originating from Salesforce AppExchange) is shown as “Salesforce.com IP”.
UserAgent	Type string Properties Nillable Description The platform or environment in which the API call originated. This field could include information about the operating system, application, or web protocol.
UserId	Type reference Properties Nillable Description The origin user’s unique ID. For example, 005000000000123.
Username	Type string Properties Nillable Description The origin username in the format of user@company.com at the time the event was created.

Working With AdditionalInfo

AdditionalInfo enables you to extend the API event with custom data that can be queried later. For example, you can capture a correlation ID when a user executes a SOQL query from an external system that shares that unique ID. This process enables tracking API calls across systems. To store data with ApiEvent, begin all AdditionalInfo field names with x-sfdc-addinfo-{field name}. For example, a valid field assignment is x-sfdc-addinfo-correlation_id = ABC123 where x-sfdc-addinfo-correlation_id is the field name and ABC123 is the field value.

When defining field names, note the following:

x-sfdc-addinfo- is case-insensitive; x-sfdc-addinfo-{field name} is the same as X-SFDC-ADDINFO-{field name} and x-SfDc-AdDiNfO-{field name}.
Fields can contain only alphanumeric and "_" (underscore) characters.
Field names must be from 2 through 29 characters in length, excluding x-sfdc-addinfo-.
Field names that don’t start with x-sfdc-addinfo- are ignored.
Names that contain invalid characters after x-sfdc-addinfo- are ignored, and nothing is stored. For example, a valid field name is x-sfdc-addinfo-correlation_id but x-sfdc-addinfo-correlation->id is not valid.
Only the first 30 valid field names are stored in AdditionalInfo. If you store two valid field names—for example, x-sfdc-addinfo-correlation_id and x-sfdc-addinfo-correlation_number— you can store 28 additional field names. Field names are not necessarily stored in the same order in which they were passed to authentication.

When defining field values, keep the following in mind:

You can’t use existing API field names as AdditionalInfo names in the HTTP header. If the AdditionalInfo name conflicts with an object’s API name, the field value isn’t stored. For example, the HTTP header X-SFDC-ADDINFO-UserId='abc123' doesn’t get stored in AdditionalInfo.
Additional field values can contain only alphanumeric, "_," and "-" characters.
Field values must be 255 characters in length or fewer. If a field value exceeds 255 characters, only the first 255 characters are stored, and the rest are truncated.
Field values that contain invalid characters are saved with a field header of Empty String ("").
Only the first 30 valid field names are stored in the AdditionalInfo field. They are not guaranteed to be stored in the same order that they were passed into the authentication.
When AggregationFieldName or PlatformEventMetrics is SourceIp, you can’t filter on AggregationFieldValue if its value is Salesforce.com IP.

How to Pass Additional Information by Using HTTP with cURL

1curl https://yourInstance.salesforce.com/services/data/v34.0/query?q=SELECT+Name+From+Account -H "X-PrettyPrint:1" -H "x-sfdc-addinfo-correlationid:
2d18c5a3f-4fba-47bd-bbf8-6bb9a1786624"

Example of Using Java

1//adding additional info headers ..
2Map<String, String> httpHeaders = new HashMap<String,String>();
3httpHeaders.put("x-sfdc-addinfo-fieldname1" /* additional info field*/ , "d18c5a3f-4fba-47bd-bbf8-6bb9a1786624" /* value*/);
4httpHeaders.put("x-sfdc-addinfo-fieldname2" /* additional info field*/ , "d18c5a3f-4fba-47bd-bbf8-6bb9a1786624" /* value*/);
5
6ConnectorConfig config = new ConnectorConfig();
7config.setUsername(userId);
8config.setPassword(passwd);
9config.setAuthEndpoint(authEndPoint);
10config.setProxy(proxyHost, proxyPort);
11
12//setting additional info headers
13for (Map.Entry<String, String> entry : httpHeaders.entrySet()) {
14     config.setRequestHeader(entry.getKey(), entry.getValue());
15}
16// Set the username and password if your proxy must be authenticated
17     config.setProxyUsername(proxyUsername);
18     config.setProxyPassword(proxyPassword);
19     try {
20       QueryResult queryResult = connection.query("SELECT Id, Name FROM Account");
21       // etc.
22     } catch (ConnectionException ce) {
23      ce.printStackTrace();
24     }

For the user interface, use proxy servers to intercept call and add required information.

Standard SOQL Usage

ApiEvent allows filtering over two fields: EventDate and EventIdentifier. The only supported SOQL functions on the ApiEvent object are WHERE, ORDER BY, and LIMIT. In the WHERE clause, you can only use comparison operators (<, >, <=, and >=). The != operator isn’t supported. In the ORDER BY clause, you can only use EventDate DESC. Ascending order isn’t supported with EventDate, and EventIdentifier sorting isn’t supported.

Date functions such as convertTimeZone() aren’t supported—for example, SELECT CALENDAR_YEAR(EventDate), Count(Id) FROM ApiEvent GROUP BY CALENDAR_YEAR(EventDate) returns an error. You can use date literals in your queries and some date/time functions like TODAY(), YESTERDAY(), and LAST_n_DAYS:1. However, these functions use comparison operators behind the scenes. Therefore you can only use them in the final expression in the WHERE clause.

Note

The following list provides some examples of valid and invalid queries:

Unfiltered
- Valid—Contains no WHERE clause, so no special rules apply.
  1SELECT ApiType, Client, ElapsedTime, QueriedEntities, Username 2FROM ApiEvent
Filtered on EventDate—you can filter solely on EventDate, but single filters on other fields fail. You can also use a comparison operator in this query type.
- Valid—you can filter solely on EventDate, but single filters on other fields fail. You can also use a comparison operator in this query type.
  1SELECT ApiType, Client, ElapsedTime, QueriedEntities, Username 2FROM ApiEvent 3WHERE EventDate>=2014-11-27T14:54:16.000Z

Async SOQL Usage

With Async SOQL, you can filter on any field in ApiEvent and use any comparison operator in your query.

Example: Find all queries that users ran against Patent__c

SELECT EventDate, EventIdentifier, PolicyOutcome, EvaluationTime, Query FROM ApiEvent WHERE QueriedEntities='Patent_c'

Platform Events Developer Guide