Listen to this article. Also available on Spotify. Subscribe to PolyAPI Squawk.
Enterprise systems must meet high standards for security, auditability, and compliance. A critical component of this is logging all access attempts—both successful and failed. These logs are essential for audit tracking and identifying potential malicious activity. When paired with activity history, auditors can gain a complete picture of what actions a user performed after a successful login.
What’s New in Release 20
With Release 20, access logs are now visible in the UI in addition to the API support introduced in Release 19.
- Access Attempt Logging – All login attempts to Canopy, whether successful or failed via API key or SSO, are now logged. The only exception is unauthenticated keys. This includes both the PolyAPI UI and any Canopy applications created by customers.
- Detailed Log Entries – Each access attempt includes a unique ID, application name, user identity, timestamp, role, and outcome (success or failure).
- Admin Visibility – Only admins with manageUsers permissions can view the access logs.
What’s Coming Next
We’re continuing to invest in security and auditability. Future enhancements include:
- Unknown User Logging – Capture failed login attempts from unknown API keys to detect and protect against brute-force attacks.
- Access Log Forwarding – Enable real-time forwarding of logs to centralized security or SIEM systems.
- API Coverage – Logs are not included for failed API attempts. While adding all successful API usage attempts would overload the system, adding failed attempts due to authentication and authorization issues would be very helpful.
- Additional Metadata – Expand log fields to include user agent, IP address, geo-location, authentication method, and more.
How to View Access Logs
If you are an admin with manageUsers permissions, check out the access logs in the management UI at /canopy/polyui/collections/access-logs.
Have questions about our roadmap or platform? We’d love to hear from you! Reach out to us at hello@polyapi.io, fill out a contact form, or book an intro meeting.