Can we monitor who is using PAT as admin users?

Can we monitor who is using personal access tokens for API calls and can we specifically see what the API is doing?

1 Like

Testing on play, it seems that Superuser account is only able to view the PAT linked to the same account (even when using the API - which is mostly the same as the UI in terms of authorities and access.)

Even running a SQL query on SQL View, the only token’s table that the sql is executed and displays the tokens associated with the same account, and the other tables are ‘protected.’ Maybe accessing the database directly? :thinking:

I think monitoring API requests need to be at the server level, so only a server administrator has access to such network logs. :+1:

1 Like