API Audit Log on behalf of user

Hello,

We are performing API calls to perform screening as part of an application workflow. I'm wondering is there a way to perform them on behalf of, or acting as a user within the group?

Currently all of our audit logs and thus case summaries are showing as the Admin User the API secret was issued for. We'd like to make our audit via the API consistent with UI queries which at present it won't be.

Any information would be appreicated.

Find more posts tagged with

screening

world-check-one

worldcheck-one-api

#product

Accepted answers

All comments

Pandey Vivek

Hi @Scott_bell ,

Thanks for reaching out !

Yes, it is possible to perform API calls on behalf of individual users within a group. However, to enable this functionality, you will need to purchase separate user licenses for World-Check One .

Additionally, your application must be configured so that when a user makes changes within your system, their user ID is properly logged in the audit trail of that case. This means that the user ID in your application should be mapped to the same user ID in World-Check One. Doing so will ensure that audit logs and case summaries accurately reflect actions taken by each user, rather than attributing all changes to the Admin User.

Thanks

Vivek Pandey

Scott_bell

https://community.developers.refinitiv.com/discussion/comment/125832#Comment_125832

Hi @Pandey Vivek how would I configure the UserID in our api requests?

ram_nitish

Hi @Scott_bell,

Every API call you make requires an API key and secret, which are linked to a unique user ID. You can find this user ID in the Admin Settings section of your World-Check One UI. This same user ID is used to track actions in the audit logs.

As mentioned earlier, if the same API credentials are being used by multiple individuals, each of those users must have a valid license. This ensures that audit trails accurately reflect who performed each action, making case tracking and compliance much easier.

Thanks,
Ram.

Scott_bell

Hi, I'm not sure this answers the question.

The API Credentials are a id and secret that are linked to the admin user. I agree with this as I can see that from the audit log.

However, when another user with a licenese uses my application that integrates with the same API credentials it is unclear how I specify their username in worldcheck to appear on the audit log?

Is there an auth flow that I'm missing for on behalf of or the header of X-On-Behalf-Of

EXPLORE OUR SITES