1Password · Arazzo Workflow

1Password Stream Audit Events

Version 1.0.0

Validate the Events token, open an audit event feed from a start time, then page with the cursor.

1 workflow 1 source API 1 provider
View Spec View on GitHub Password ManagerPasswordsSecuritySecretsArazzoWorkflows

Provider

1password

Workflows

stream-audit-events
Open an audit event feed from a start time and continue paging with the cursor.
Confirms the Events token is valid, opens the audit event feed from the supplied start time, and then fetches the next page of audit events using the cursor returned by the first request.
3 steps inputs: limit, startTime outputs: cursor, hasMore, items
1
introspectToken
introspectToken
Introspect the bearer token to confirm it is valid and carries the features required to read audit events.
2
openFeed
listAuditEventsV2
Open the audit event feed using a ResetCursor start time to retrieve the first page of audit events.
3
nextPage
listAuditEventsV2
Fetch the next page of audit events by submitting the cursor returned by the previous response.

Source API Descriptions

openapi
eventsApi https://raw.githubusercontent.com/api-evangelist/1password/refs/heads/main/openapi/1password-events-openapi.yml

Arazzo Workflow Specification

1password-stream-audit-events-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: 1Password Stream Audit Events
  summary: Validate the Events token, open an audit event feed from a start time, then page with the cursor.
  description: >-
    The 1Password Events API feed pattern for audit events. The workflow first
    introspects the bearer token to confirm it is valid and carries the required
    features, then opens the audit event feed with a ResetCursor start time to
    retrieve the first page, and finally continues paging using the cursor
    returned by the previous response. Each step spells out its request inline so
    the flow can be read and executed without opening the underlying OpenAPI
    description.
  version: 1.0.0
sourceDescriptions:
- name: eventsApi
  url: ../openapi/1password-events-openapi.yml
  type: openapi
workflows:
- workflowId: stream-audit-events
  summary: Open an audit event feed from a start time and continue paging with the cursor.
  description: >-
    Confirms the Events token is valid, opens the audit event feed from the
    supplied start time, and then fetches the next page of audit events using the
    cursor returned by the first request.
  inputs:
    type: object
    required:
    - startTime
    properties:
      startTime:
        type: string
        description: An ISO 8601 timestamp to begin fetching audit events from.
      limit:
        type: integer
        description: The maximum number of audit event records to return per page.
  steps:
  - stepId: introspectToken
    description: >-
      Introspect the bearer token to confirm it is valid and carries the
      features required to read audit events.
    operationId: introspectToken
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      uuid: $response.body#/uuid
  - stepId: openFeed
    description: >-
      Open the audit event feed using a ResetCursor start time to retrieve the
      first page of audit events.
    operationId: listAuditEventsV2
    requestBody:
      contentType: application/json
      payload:
        limit: $inputs.limit
        start_time: $inputs.startTime
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      cursor: $response.body#/cursor
      hasMore: $response.body#/has_more
      items: $response.body#/items
  - stepId: nextPage
    description: >-
      Fetch the next page of audit events by submitting the cursor returned by
      the previous response.
    operationId: listAuditEventsV2
    requestBody:
      contentType: application/json
      payload:
        cursor: $steps.openFeed.outputs.cursor
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      cursor: $response.body#/cursor
      hasMore: $response.body#/has_more
      items: $response.body#/items
  outputs:
    cursor: $steps.nextPage.outputs.cursor
    hasMore: $steps.nextPage.outputs.hasMore
    items: $steps.nextPage.outputs.items