Instance level Audit APIs for MCP Server
Instance level audit APIs enable system administrators to query comprehensive audit trail information across an entire HighQ instance using natural language through the MCP (Model Context Protocol) server. These APIs aggregate audit data from all sites, providing centralised visibility into user activities, site operations, authentication events, and content operations for compliance and security investigations.
How it works?
The instance-level audit APIs expose four categories of audit data as MCP tools, allowing system administrators to query audit information through natural language rather than direct API calls. When you submit a query through an MCP client (such as Claude Desktop/ ChatGPT ), the system translates your natural language request into the appropriate audit API call and returns the results in a structured format.
Audit Reports APIs
The APIs operate directly at the instance level and support four audit API categories:
- Users Audit API- tracks user-related activities across the instance
- Sites Audit API- monitors site operations and changes
- Login Audit API- records authentication events and login activities
- Content Audit API- captures content operations and modifications
What you can do | How it works |
|---|---|
Sign-in & access activity | Who signed in and when - including 2FA, proxy and impersonation context. |
Workspace lifecycle activity | Sites created, archived, or with ownership changed, and by whom. |
Membership activity | Users added to or removed from sites, with external users flagged. |
Content activity | Uploads, downloads and deletions across sites, including bulk-action patterns. |
note
- These APIs operate at the instance level, aggregating audit data from all sites within your HighQ instance. Site-level audit API exposure is not supported.
- Audit APIs respect instance boundaries, meaning you cannot access audit data from other instances.
Accessing the APIs
To access and test the latest System level Audit log APIs:
- Log in to HighQ.
- Navigate toHighQ Home>User Profile>API Documentation.
- Open the System Audit APIs to view available endpoints, parameters, request/response schemas, and sample calls.
Let's look at some use cases how Audit APIs can be applied in real-world scenarios to investigate security incidents, support compliance reporting, and analyze usage patterns. Connecting to your HighQ MCP server using Claude or another supported AI assistant and try the prompts below.
- Site Audit dataPull all login activity across this instance for the last 7 days, show me details of top 10 sites with login events and top 10 users across the instance.Retrieves login activity across the entire instance for the past 7 days and highlights the most active sites and users based on login events.
- Content management auditPull the content management audit for the last 7 days. Which sites had the most document activity? Were there any bulk downloads or mass deletions?Reviews document-related activity over the last 7 days to identify which sites had the highest activity and flags any bulk actions such as mass downloads or deletions.
- External user activity trackingAcross all sites, identify every external users who has logged in or downloaded a document in the last 7 days. For each, show which sites they accessed and what they did.Identifies all external users who accessed the system in the past 7 days and shows which sites they visited along with the actions they performed (e.g., login, download).
Permissions and access
Only users with system administrator permissions can access audit APIs through the MCP server.
If a non-administrator user attempts to query audit data, they receive an "insufficient permissions" error message.
note
Audit API access is restricted to system administrators only. Standard users and site administrators cannot query instance-level audit data through the MCP server.