Occasional RESTful API calls to Create User failing but not generating a log in Audit Report
I need help with an issue with the ADManager Plus Management API. Specifically, the create user endpoint:
Create AD user using API | ManageEngine ADManager Plus
Ultimately the primary issue is our IS department would rather make allegations than present evidence but let me be more specific.
Our IS department was tasked with creating an application that sends one of two API call types to our ADManager instance (Create User, User Modification for Username changes for legal name changes). From there, we control everything else.
We have bi-weekly hiring events that occur on Mondays and this typically means everywhere between 30 and 150 user accounts need created Monday morning. As I said, the program that does this, or instigates the account creations is being developed in house and executes these actions via an API post call to the create user endpoint.
For the most part, it's working but on average, roughly 1-2 accounts every time end up not being created and there are no logs in the Audit Report to indicate there was even an attempt to create these accounts. Most of the time, if there is a failure (typically because of a samaccountname already in use), there is a failure log and it's easy to deal with and the reason for the problem is known.
With these rare ones where nothing is logged at all, I have no way of finding out what's breaking down between the IS program and ADManager.
To make matters worse, right now, the stance of the programmer in our IS department is that "if it failed my program would have logged an error. I show a success so it's ADManager."
I have requested he provide the Response Body returned when making the call, but he tells me he does not keep any record of that and essentially discards it.
I of course explain that without that data, failure or success, I have nothing to go on and nothing to open a ticket with but that would me he would have to do his job to start logging that response. He said he would, but we are a year in and his program that we need to do these two things still has issues and still has to be instigated by him and isn't autonomous that the project required.
I started to explore an API monitoring tool like Prometheus or setting up a reverse proxy with NGINX to put in the way, so it can catch the traffic at a different layer and get any kind of information but before I went down that path, I wanted to know if there is a log in the logs folder I could check and what should I be looking for?
If not, what is the recommendation here? I understand the onus is technically on the programmer, but I'd rather go ahead and do what I can to rule out ADMP or simply be able to catch data for these failures so I can take that to support and or prove his program is the problem.
Any guidance is appreciated.
Ultimately the primary issue is our IS department would rather make allegations than present evidence but let me be more specific.
Our IS department was tasked with creating an application that sends one of two API call types to our ADManager instance (Create User, User Modification for Username changes for legal name changes). From there, we control everything else.
We have bi-weekly hiring events that occur on Mondays and this typically means everywhere between 30 and 150 user accounts need created Monday morning. As I said, the program that does this, or instigates the account creations is being developed in house and executes these actions via an API post call to the create user endpoint.
For the most part, it's working but on average, roughly 1-2 accounts every time end up not being created and there are no logs in the Audit Report to indicate there was even an attempt to create these accounts. Most of the time, if there is a failure (typically because of a samaccountname already in use), there is a failure log and it's easy to deal with and the reason for the problem is known.
With these rare ones where nothing is logged at all, I have no way of finding out what's breaking down between the IS program and ADManager.
To make matters worse, right now, the stance of the programmer in our IS department is that "if it failed my program would have logged an error. I show a success so it's ADManager."
I have requested he provide the Response Body returned when making the call, but he tells me he does not keep any record of that and essentially discards it.
I of course explain that without that data, failure or success, I have nothing to go on and nothing to open a ticket with but that would me he would have to do his job to start logging that response. He said he would, but we are a year in and his program that we need to do these two things still has issues and still has to be instigated by him and isn't autonomous that the project required.
I started to explore an API monitoring tool like Prometheus or setting up a reverse proxy with NGINX to put in the way, so it can catch the traffic at a different layer and get any kind of information but before I went down that path, I wanted to know if there is a log in the logs folder I could check and what should I be looking for?
If not, what is the recommendation here? I understand the onus is technically on the programmer, but I'd rather go ahead and do what I can to rule out ADMP or simply be able to catch data for these failures so I can take that to support and or prove his program is the problem.
Any guidance is appreciated.