Analytics endpoints require a current bearer JWT and organization membership. Treat login events as sensitive operational data and expose them only to users whose role and product duties require them.
Operating boundaries
- The default date window is 30 days; send explicit dates for reproducible reports.
- Dates with no activity may be omitted rather than returned with a zero count.
- Recent-login events are ordered newest first and are immutable historical records.
- The recent-login
limitis not offset pagination. Do not assume one response is a complete export. - Provider and service counts describe recorded authentication events, not unique active users.
- Protect exported identifiers and timestamps according to your retention and access policy.
Production practices
- Use bounded date ranges for charts and scheduled reports.
- Cache only for an explicitly defined freshness interval.
- Label time zones and report windows in dashboards.
- Monitor unusual spikes, but confirm application releases and traffic changes before treating them as incidents.
- Use audit logs for administrative changes; analytics events serve a different purpose.