DNSFilter
**Note:** If you are a distributor integrating with DNSFilter, please check out our [Distributors Development Guide](/docs/distributors).### Authentication- Authentication is required for most, but not all, endpoints.- Authentication is done by setting the `Authorization` request header. The header value is the API key itself. For example: `Authorization: eyJ...`- An API key can be obtained through the DNSFilter dashboard under Account Settings. For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/21169189058323-API-Tokens).### Rate Limiting- All endpoints are rate limited.- The limits may vary by endpoint, but are generally consistent.- When the rate limit is exceeded the API will return the standard `429` HTTP status.- The following headers will also be provided in the response: `Retry-After`, `RateLimit-Policy`, `RateLimit`, `RateLimit-Limit`, `RateLimit-Remaining`, `RateLimit-Reset`. For details on the values of these headers, see the following articles [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After), [here](https://www.ietf.org/archive/id/draft-ietf-httpapi-ratelimit-headers-08.html), and [here](https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-05.html).- For additional information see [this KB article](https://help.dnsfilter.com/hc/en-us/articles/38202811088403-API-Rate-Limits).### Error Handling- The API uses standard HTTP status codes to indicate success or failure.- For _V1_ endpoints the response format is: ```json { "error": "string", "type": "string(optional)" } ```- For _V2_ endpoints the response format is: ```json { "error": { "message": "string", "type": "string(optional)" } } ```### PaginationFor the _V1_ endpoints, the pagination parameters are nested. That is to say,if passed as JSON they look like this: `{"page[number]": 1, "page[size]": 10}`.To pass this information in the URL query string, it would be formatted likethis: `...?page%5Bnumber%5D=1&page%5Bsize%5D=10`.In this guide, the UI will indicate that `page` is an `object` and if youwant to set values when trying the request, you must enter it as if it wasthe JSON above.### A Quick ExampleThe following will return information about the currentlyauthenticated user.```bash% curl -H 'Authorization: ***' https://api.dnsfilter.com/v1/users/self{ "data": { "id": "12345", "type": "users", "attributes": { "name": "John Doe", "email": "john@example.com", ...additional fields...}}}```
Actions328
- AgentLocalUsers Actions
- ApiKeys Actions
- ApplicationCategories Actions
- Applications Actions
- Billings Actions
- BlockPages Actions
- Categories Actions
- CollectionUsers Actions
- User(Current) Actions
- Distributors Actions
- Health Check
- Update
- Show MSP
- Show Organization
- Reactivate suborg
- Users Search
- Show User
- Remove membership
- Get usage info
- Get user info by date
- Health Check
- MSP Search
- Show MSP
- Reactivate
- Show Organization
- Cancel suborganization
- Remove Sku
- Create user
- Reset password
- Get usage info by SKU
- Get
- Cancel suborganization
- Add Sku
- Add membership
- Create
- Update
- Reactivate
- Organizations Search
- Create suborganization
- Remove Sku
- Create user
- Update membership
- Reset password
- Reset password URL
- Get usage info by SKU
- Get
- Update
- Create
- Update
- Cancel
- Organizations Search
- Create suborganization
- Update suborganization
- Reactivate suborg
- Add Sku
- Show User
- Users Search
- Add membership
- Update membership
- Remove membership
- Reset password URL
- Get usage info
- Get user info by date
- DomainNotes Actions
- Domains Actions
- EnterpriseConnections Actions
- Invoices Actions
- IPAddresses Actions
- MACAddresses Actions
- Metrics Actions
- NetworkLANIPs Actions
- NetworkSubnets Actions
- Networks Actions
- OrganizationUsers Actions
- Organizations Actions
- PoliciesBulkActions Actions
- Policies Actions
- Get extant
- Get all
- Delete
- Get application
- Remove allow domain
- Add allow category
- Add block application
- Update permissive mode
- Create
- Show policy
- Update
- Update application
- Add block domain
- Remove block domain
- Add allow domain
- Add block category
- Remove block category
- Remove allow category
- Remove block application
- Get permissive mode
- PolicyIPs Actions
- ScheduledPolicies Actions
- ScheduledReportPreviews Actions
- ScheduledReports Actions
- TrafficReports Actions
- Total threats users
- Category reqs organizations
- Category reqs users
- Domain reqs organizations
- Domain reqs collections
- Collection reqs orgs
- Queries per second
- QPS users
- Top domains
- Top organizations
- Top users
- Organization stats
- Top Organizations Requests
- Deployments
- Application reqs org
- Total requests/time
- Total requests/organizations
- Total threats/time
- Total threats organizations
- Total threats clients
- Total threats collections
- Total category requests
- Category reqs clients
- Category reqs collections
- Total domain reqs
- Domain reqs users
- Total collection reqs
- Collection reqs clients
- Collection reqs users
- QPS organizations
- QPS clients
- QPS collections
- Top categories
- Top application categories
- Top networks
- Top collections
- Query Logs
- Domain stats
- Category stats
- Total Org Requests
- Total Domain Requests
- Total client stats
- Roaming clients
- Application requests
- Application reqs users
- Application reqs collections
- Application reqs clients
- Trials Actions
- UserAgentBulkDeletes Actions
- UserAgentBulkUpdates Actions
- UserAgentCleanups Actions
- UserAgentReleases Actions
- UserAgents Actions
- Users Actions
- UserUISettingsV2 Actions
- NetworksCSVExports Actions
- AgentLocalUserBulkDeletes Actions
- DictionaryLookups Actions
- PSAIntegrations Actions
- UserAgentCSVExports Actions
- CybersightCSVExports Actions
Overview
This node interacts with the DNSFilter API to retrieve traffic report data specifically for the 'Top users' operation under the 'TrafficReports' resource. It allows users to fetch detailed reports about the top users in a network or organization over a specified period, with various filtering options. This is useful for network administrators or security analysts who want to monitor user activity, identify heavy users, or analyze traffic patterns for security and management purposes.
Use Case Examples
- Fetch the top users in an organization for the last 24 hours to identify the most active users.
- Retrieve top users filtered by specific agent IDs and application IDs to analyze traffic from particular sources.
- Get paginated results of top users with detailed filters such as MAC addresses, network IDs, and security report flags.
Properties
| Name | Meaning |
|---|---|
| Return All | Whether to return all results or only a single page. When disabled, no pagination parameters are sent and only one page of results is returned. |
| Additional Fields | Optional filters and parameters to refine the top users traffic report, including agent IDs, application IDs, date range, MAC addresses, network IDs, organization IDs, pagination, and more. |
Output
JSON
json- The JSON response from the DNSFilter API containing the top users traffic report data.
Dependencies
- DNSFilter API key credential
Troubleshooting
- Ensure the DNSFilter API key credential is correctly configured and has the necessary permissions.
- Check that the API endpoint for top users is accessible and not rate-limited.
- Verify that the input parameters, especially date formats and IDs, are correctly formatted as per the API requirements.
- If pagination is enabled, ensure the pagination parameters are set correctly to avoid incomplete data retrieval.
Links
- DNSFilter API Tokens - Information on obtaining and using API tokens for DNSFilter.
- DNSFilter API Rate Limits - Details about rate limiting on DNSFilter API endpoints.