Analytics Security and Operations

Access-control, data-window, privacy, volume, and interpretation guidance for authentication analytics.

AuthOS release 0.8.2 API v1 Latest-only documentation
Updated Jul 15, 2026
On this page

Analytics endpoints require a current bearer JWT and organization membership. Treat login events as sensitive operational data and expose them only to users whose role and product duties require them.

Operating boundaries

  • The default date window is 30 days; send explicit dates for reproducible reports.
  • Dates with no activity may be omitted rather than returned with a zero count.
  • Recent-login events are ordered newest first and are immutable historical records.
  • The recent-login limit is not offset pagination. Do not assume one response is a complete export.
  • Provider and service counts describe recorded authentication events, not unique active users.
  • Protect exported identifiers and timestamps according to your retention and access policy.

Production practices

  • Use bounded date ranges for charts and scheduled reports.
  • Cache only for an explicitly defined freshness interval.
  • Label time zones and report windows in dashboards.
  • Monitor unusual spikes, but confirm application releases and traffic changes before treating them as incidents.
  • Use audit logs for administrative changes; analytics events serve a different purpose.