Skip to main content
The API Portal Login Logs page allows portal administrators to view and analyze all user login attempts, successful and failed logins, IP addresses, and error messages in detail. This page is a critical tool for security monitoring, user activity tracking, and system health analysis.

What are API Portal Login Logs?

API Portal Login Logs, is an audit system that maintains detailed records of all login attempts to the API Developer Portal. Through this system, you can:
  • User Login Activity: Track when each user logged in and from which IP address
  • Security Monitoring: Detect suspicious activities, failed login attempts, and potential security threats
  • System Analysis: Analyze portal usage statistics, login trends, and system health
  • Compliance: Store and report log records for legal requirements

Importance of Login Logs

Security Monitoring

Detect brute force attacks, suspicious IP addresses, and unauthorized access attempts

User Tracking

Monitor user activities, identify most active users, and analyze usage patterns

Troubleshooting

Understand why users cannot log in and quickly provide solutions

Compliance and Audit

Maintain detailed log records to meet legal requirements

Accessing the Page

To access the API Portal Login Logs page, follow these steps:
1

Login to Manager Interface

Log in to Apinizer Manager interface with administrator privileges
2

Go to Portal Tab

Click on Portal tab in the top menu bar
3

Go to API Portal Settings

Click on the relevant portal from the portal list or go to Portal → Settings menu
4

Access Login Logs Page

Click on “Login Logs” or “Giriş Kayıtları” option from the left menu or settings page
  • Alternatively, you can follow the path: Portal → Accounts/Developers → Login Logs
API Portal Login Logs Screen

API Portal Login Logs Screen

What Can You Do with Login Logs?

Login Tracking

Track when users logged in and from which IP addresses. Analyze login times, frequency, and geographic distribution.

Success Analysis

View whether logins were successful or failed. Calculate success rates and track trends.

Error Review

Review error messages in failed logins in detail. Understand why users cannot log in and resolve issues.

Advanced Filtering

Search and filter by specific user, IP address, or date range to perform detailed analysis.

Security Monitoring

Detect suspicious activities, brute force attacks, and unauthorized access attempts.

User Activity Reporting

Create and share user activity reports for specific periods.

Filtering and Search Features

The Login Logs page offers various options to filter and search records. These features allow you to quickly access the information you need from thousands of records.

1. Setting Login Date and Time Range

You can set a date range to filter user login or transaction activities within a specific period. This feature is very useful for analyzing activities in a specific period. Date Range Filtering Features:
FeatureDescription
Start Date (From)Select the start date for filtering. Records before this date are not shown.
End Date (To)Select the end date for filtering. Records after this date are not shown.
Date FormatDate format: YYYY-MM-DD (Example: 2025-01-15)
Time SupportTime information can also be selected in the date picker (optional)
1

Select Start Date

Enter the start date you want to filter in the From (Start Date) field or select it from the date picker.Example: 2025-01-01 - Shows records from January 1, 2025 onwards
2

Select End Date

Enter the end date you want to filter in the To (End Date) field or select it from the date picker.Example: 2025-01-31 - Shows records up to January 31, 2025
3

Apply Filtering

After selecting the date range, the system automatically applies the filter or click the “Apply” / “Filter” button.
4

View Results

Only records within the specified date range will be displayed in the table. Records outside the date range are hidden.
Performance Tip: When selecting date range, a maximum 90-day period is recommended for performance. Pagination is used for longer periods.
When no date range is selected, the system displays the last 30 days of records by default. This optimizes page load performance.

2. Search by Email Address

You can search by email to examine a specific user’s activities. This feature is very useful for seeing a user’s complete login history.
email
string
You can search by entering the user’s email address in the Search by email field. With this filtering, only records belonging to the relevant user will be listed.
Email Search Features:
FeatureDescription
Exact MatchYou must enter the complete email address (partial search is not supported)
Case InsensitiveEmail address is not case sensitive
Automatic FilteringFiltering is automatically applied when email is entered
Example Usage Scenarios:
To check a user’s last login time and successful/failed login attempts:
  • Email: [email protected]
  • Date Range: Last 30 days
  • Result: All login attempts for the user are listed
To understand why a user’s account was locked:
  • Email: [email protected]
  • Status: FAILURE
  • Result: Failed login attempts and error messages are displayed
Example Email Addresses:

3. Search by IP Address

You can use IP-based search to filter by the IP address from which login was made. This feature is critical for security analysis and suspicious activity detection.
ipAddress
string
Enter the relevant IP address in the Search by IP address field. This displays activities from a specific IP.
IP Address Search Features:
FeatureDescription
IP FormatIP address in IPv4 format (Example: 192.168.1.100)
Exact MatchYou must enter the complete IP address
Multiple ResultsAll login attempts from the same IP are listed
Security Warning: A large number of failed login attempts from the same IP address in a short time may be a sign of a potential brute force attack. In this case:
  • Block the IP address
  • Inform the user
  • Notify the security team
  • Add additional security layers
IP Address Analysis Scenarios:
To examine all login attempts from a specific IP address:
  • IP Address: 192.168.1.100
  • Date Range: Last 7 days
  • Result: All login attempts from this IP are listed
If there are many failed attempts from this IP, security measures should be taken.
To analyze access from different IP addresses:
  • Search each IP address separately
  • Compare successful and failed login rates
  • Detect suspicious locations
Example IP Addresses:
  • 192.168.1.100 (Local network)
  • 10.0.0.50 (Private network)
  • 203.0.113.45 (Public IP)

Table Columns and Information

The Login Logs table displays the following information. Each column provides different information about the login attempt.

Table Structure

ColumnDescriptionFormatExample
StatusResult of the operation (Success/Failed)BadgeSUCCESS, FAILURE
EmailEmail address of the user attempting to log inString[email protected]
Account NameUser’s account nameStringJohn Doe
DateDate and time when the operation occurredDateTime2025-01-15 14:30:25
IP AddressIP address where the operation was performedString192.168.1.100
MessageError message or operation detailsStringAuthentication failed -> DISABLED

Status

The Status column in the table indicates the result of the operation. This column shows whether the login attempt was successful or failed.
SUCCESS
badge
Successful: The operation was completed successfully. The user entered the correct email and password and logged into the portal.When It Appears:
  • When user logs in with correct email and password
  • When account is active and approved
  • When email verification is completed
Message: When Status is SUCCESS, the Message column is usually empty.
FAILURE
badge
Failed: The operation failed. Failed login attempts, authorization errors, or other operation errors appear in this status.When It Appears:
  • When wrong password is entered
  • When account is disabled
  • When email verification is not done
  • While waiting for admin approval
  • When account is rejected
Message: When Status is FAILURE, a detailed error message is displayed in the Message column.

Message

Error or warning messages related to failed operations are located in this column. These messages explain why the user could not log in. Message Column Features:
StatusMessage ContentDescription
SUCCESS(Empty)Messages are usually empty for successful logins
FAILUREError messageDetailed error message is shown for failed logins
Error messages in the Message column are very important for troubleshooting and user support. By carefully examining these messages, you can quickly resolve user issues.

Email

email
string
Email: The email address of the user on whom the operation was performed. This is the email address the user uses to log into the portal.
Email Column Features:
  • Email address is displayed in full
  • You can filter all records for that user by clicking on this column
  • Email address is used to identify the user

Account Name

accountName
string
Account Name: The user’s account name or display name. This is the name defined in the user’s profile.
Account Name Column Features:
  • User’s full name or display name is shown
  • Unlike email address, it provides a more readable identity
  • May be empty in some cases (if user name is not defined)

Date

date
datetime
Date: The date and time when the operation occurred. This shows the exact time of the login attempt.Format: YYYY-MM-DD HH:mm:ssExample: 2025-01-15 14:30:25
Date Column Features:
  • Date and time information is displayed in full
  • Time information shows the exact time of the login attempt
  • Records are listed in date order (newest at top)

IP Address

ipAddress
string
IP Address: The IP address where the operation was performed. This is the IP address of the device or network from which the user logged in.Format: XXX.XXX.XXX.XXX (IPv4)Example: 192.168.1.100
IP Address Column Features:
  • IP address is shown in IPv4 format
  • You can filter all login attempts from that IP by clicking on this column
  • Critical information for security analysis

API Portal Login Error Messages

Users attempting to log into the API Portal may fail for various reasons. Below, all possible error conditions and their meanings are explained in detail.
When It Appears:
  • User has registered on the portal
  • Has verified email address
  • But admin has not yet approved the account
  • Portal Settings → Security → “Auto Approve Account” = PASSIVE
Error Message:
Authentication failed -> WAITING_FOR_APPROVEMENT
Message Shown to User: “Your account is waiting for administrator approval. You will be able to log in after approval.”Solution:
  • Portal administrator should approve the user from Portal Management → Developer Accounts section
  • Or activate the “Auto Approve Account” feature in Portal Settings → Security
This is part of the manual approval process. Users cannot log into the portal while waiting for admin approval.
When It Appears:
  • User has registered on the portal
  • But has not clicked the link in the email to verify email address
  • If email verification is required
Error Message:
Authentication failed -> CONFIRMATION_NEEDED
Message Shown to User: “Please verify your email address. You can verify your email address by clicking the link in the registration email.”Solution:
  • User should click the verification link in the email received during registration
  • If email did not arrive, can use “Resend Email” feature
Users cannot log into the portal without email verification. This is an important step for security.
When It Appears:
  • Account is automatically locked when user enters wrong password 5 times
  • Or manually disabled by admin
  • When security violation is detected
Error Message:
Authentication failed -> DISABLED
Message Shown to User: “Your account has been disabled. Please contact the administrator.”Solution:
  • Portal administrator can reactivate the account from Portal Management → Developer Accounts section
  • User can request account activation by contacting the administrator
5 Wrong Passwords = Automatic Lockout: User accounts are automatically set to DISABLED status when users enter wrong password 5 times. This is a security measure against brute force attacks.
When It Appears:
  • User’s registration application has been rejected by admin
  • Admin has rejected the user from Portal Management → Developer Accounts section
Error Message:
Authentication failed -> REJECTED
Message Shown to User: “Your account application has been rejected. Please contact the administrator for detailed information.”Solution:
  • User can make a new application
  • Or contact the administrator to get information about the rejection reason
Rejected accounts remain in the system but cannot log into the portal. Administrator can approve the account again if necessary.
When It Appears:
  • Account has not passed the approval process
  • Email verification is done but admin approval is pending
  • Or auto approval feature is passive and admin has not yet approved
Error Message:
Authentication failed -> NOT_APPROVED
Message Shown to User: “Your account has not yet been approved. Please wait for the approval process to complete.”Solution:
  • Portal administrator should approve the account
  • Or activate the “Auto Approve Account” feature in Portal Settings → Security
When It Appears:
  • When user enters wrong password
  • Email address is correct but password is wrong
Error Message:
Account [email protected] failed authentication due to 1 failed login attempts
Message Shown to User: “Email or password is incorrect. Remaining attempts: X” (X = 5, 4, 3, 2, 1)⚠️ Important Security Mechanism:
  • 1st Wrong Attempt: ... failed authentication due to 1 failed login attempts
    • Remaining attempts: 4
  • 2nd Wrong Attempt: ... failed authentication due to 2 failed login attempts
    • Remaining attempts: 3
  • 3rd Wrong Attempt: ... failed authentication due to 3 failed login attempts
    • Remaining attempts: 2
  • 4th Wrong Attempt: ... failed authentication due to 4 failed login attempts
    • Remaining attempts: 1
  • 5th Wrong Attempt: ... failed authentication due to 5 failed login attempts
    • Account automatically goes to DISABLED status
  • 6th Attempt: Cannot log in anymore, account is locked
Solution:
  • User should enter the correct password
  • If forgot password, can use “Forgot Password” feature
  • If account is locked, should contact administrator
Automatic Account Lockout: Account is automatically locked after 5 wrong password attempts. This is a critical security measure.
When It Appears:
  • Entered email address is not registered in the system
  • User has not yet registered on the portal
  • Email address was entered incorrectly
Error Message:
Authentication failed -> Account not found
Message Shown to User: “No user registered with this email address was found. Please check your email address or register.”Solution:
  • User should check the email address
  • If not registered, should register by clicking “Register” button
  • If entered email incorrectly, should enter the correct email address
When It Appears:
  • When email and password are correct
  • When account is active and approved
  • When email verification is completed
  • When admin approval is given (if required)
Error Message: None (message is empty)Status: SUCCESSShown to User: User is redirected to the portal home page and has successfully logged into the portal.
Successful logins are displayed with SUCCESS status in Login Logs. These records are important for user activity tracking.

📋 Error Messages Summary Table

The following table summarizes all error conditions and solutions:
StatusWhenError MessageShown to UserSolution
WAITING_FOR_APPROVEMENTWaiting for admin approvalAuthentication failed -> WAITING_FOR_APPROVEMENT”Your account is waiting for administrator approval”Admin should approve account
CONFIRMATION_NEEDEDEmail not verifiedAuthentication failed -> CONFIRMATION_NEEDED”Please verify your email address”Click email verification link
DISABLED5 wrong attempts or manualAuthentication failed -> DISABLED”Your account is disabled”Admin should activate account
REJECTEDApplication rejectedAuthentication failed -> REJECTED”Your account application has been rejected”New application can be made
NOT_APPROVEDNot approvedAuthentication failed -> NOT_APPROVED”Your account has not yet been approved”Admin should approve account
Wrong PasswordPassword wrongAccount user@... failed authentication due to N failed login attempts”Email or password is incorrect. Remaining: X”Enter correct password
Account Not FoundEmail not foundAuthentication failed -> Account not found”No user found with this email”Register or check email
SuccessfulEmail+password correct(empty)Redirect to home page-

Usage Scenarios and Examples

You can perform analysis and troubleshooting in various scenarios using the Login Logs page. Below, the most common usage scenarios are explained in detail.

Scenario 1: User Activity Check

To check a user’s login activities and learn their last login time:
1

Select Date Range

Select date range to check a specific user’s login activities:
  • From: 2025-01-01 (Start date)
  • To: 2025-01-31 (End date)
You can use the default date range to see last 30 days of activity.
2

Filter User

Enter the user’s email address in the Search by email field:The system automatically filters all records for this user.
3

Review Results

You can see the following information in the table:
  • Last Login Time: Date and time of the last successful login
  • Login Frequency: How often the user logs in
  • Success/Failure Rate: Percentage of successful ones in total login attempts
  • IP Addresses: Which IP addresses the user logged in from
You can easily distinguish successful (SUCCESS) and failed (FAILURE) logins from the Status column.
4

Detailed Analysis

Analyze the user’s activity pattern:
  • Which hours are more active?
  • Which IP addresses are they logging in from?
  • Are there failed login attempts?
  • When was the last login?

Scenario 2: Failed Login Analysis and Troubleshooting

To analyze failed login attempts and resolve user issues:
1

Apply Status Filter

To see only failed logins in the table:
  • Look at the Status column and examine records with FAILURE status
  • Or narrow down failed logins with date range and email filter
Failed logins are marked with a red FAILURE badge.
2

Review Error Messages

Analyze failure reasons from the Message column:Common Error Types:
  • WAITING_FOR_APPROVEMENT → Waiting for admin approval
  • CONFIRMATION_NEEDED → Email not verified
  • DISABLED → Account locked
  • Wrong Password → Wrong password
Immediate intervention may be required for accounts in DISABLED status.
3

Provide User Support

Apply appropriate solution according to error type:Waiting for Admin Approval:
  • Go to Portal Management → Developer Accounts section
  • Find the user and click [Approve] button
Email Not Verified:
  • Tell user to resend email verification link
  • Or you can skip email verification as admin
Account Locked:
  • Go to Portal Management → Developer Accounts section
  • Find the user and activate the account
  • You can send password reset link to the user
Wrong Password:
  • Recommend user to use “Forgot Password” feature
  • Or perform password reset as admin
4

Trend Analysis

Analyze failed login trends:
  • Are there continuous failed attempts for a specific user?
  • Are there many failed attempts from a specific IP address?
  • Did the number of failed attempts increase in a specific time period?
This analysis helps you detect security threats and system issues early.

Scenario 3: Security Violation Detection and Prevention

To detect suspicious activities and take security measures:
1

IP-Based Search

View all logins from a suspicious IP address:
  • Enter IP address in the Search by IP address field
  • Example: 192.168.1.100
The system lists all login attempts from this IP.
2

Check Failed Attempt Count

Check if there are many failed login attempts from the same IP:Suspicious Activity Indicators:
  • 10+ failed attempts in a short time (e.g., within 1 hour)
  • Attempts made with different email addresses
  • Systematically increasing attempt count
Brute Force Attack Indicator: A large number of failed login attempts from the same IP in a short time may be a sign of a potential brute force attack. In this case, immediate security measures should be taken.
3

Take Security Measures

When suspicious activity is detected:1. Block IP Address:
  • Block IP address from firewall or security settings
  • Or apply IP restriction at API Gateway level
2. Protect User Accounts:
  • Check affected user accounts
  • If necessary, make password change mandatory
3. Notify Security Team:
  • Inform security team about suspicious activity
  • Share log records with security team
4. Additional Security Layers:
  • Add CAPTCHA
  • Apply rate limiting
  • Make two-factor authentication (2FA) mandatory
4

Reporting and Documentation

Document security incidents:
  • Record suspicious IP addresses
  • Note incident time and details
  • Document measures taken
  • Create regular security reports

Scenario 4: System Health and Performance Analysis

To analyze portal login statistics and evaluate system health:
1

View General Statistics

Analyze general statistics for a specific period:
  • Total Login Attempts: Total number of login attempts made
  • Successful Login Rate: Percentage of successful logins
  • Failed Login Rate: Percentage of failed logins
  • Most Active Users: Users who log in most frequently
2

Trend Analysis

Analyze trends over time:
  • Daily/weekly/monthly login counts
  • Changes in success rate
  • Peak hours (busiest login hours)
  • Seasonal or periodic changes
3

Performance Metrics

Evaluate system performance:
  • Average login success rate
  • Most common error types
  • User satisfaction indicators

Best Practices and Recommendations

Follow these recommendations to use the Login Logs page effectively:

Regular Review

Review Login Logs regularly (daily or weekly). Detect suspicious activities early.

Automatic Alerts

Set up automatic alerts for critical security events (e.g., 10+ failed attempts).

Log Retention

Retain logs for sufficient period for compliance requirements (e.g., 90 days, 1 year).

Reporting

Create and share regular security and usage reports.

User Education

Inform users about secure password usage and login security.

Security Policies

Create and implement security policies (e.g., password complexity, 2FA).

Important Reminders

5 Wrong Passwords = Automatic LockoutUser accounts are automatically set to DISABLED status when users enter wrong password 5 times. This is a critical security measure against brute force attacks.Administrator Action:
  • Regularly check locked accounts
  • Inform users about account lockout
  • Activate account if necessary
Log Retention PolicyRetain logs for sufficient period and check regularly for compliance requirements. Different retention periods may be required for different industries:
  • General: 90 days
  • Finance: 1 year or longer
  • Healthcare: According to legal requirements
  • Public: According to legal requirements
Regular ReportingCreate regular reports to track security and usage trends:
  • Daily: Critical security events
  • Weekly: General activity summary
  • Monthly: Detailed analysis and trend report
  • Yearly: Annual security and usage report

Conclusion

The API Portal Login Logs page is a powerful tool for monitoring portal security, tracking user activities, and analyzing system health. By using this page regularly, you can: ✅ Detect security threats early
✅ Quickly resolve user issues
✅ Optimize system performance
✅ Meet compliance requirements
✅ Perform detailed analysis and reporting

User Tracking

Track all user login attempts in detail and analyze most active users

Security Monitoring

Quickly detect suspicious activities and security violations, monitor failed login trends

System Analysis

Report portal login statistics, performance metrics, and system health

Compliance

Store log records and create regular reports to meet legal requirements

Geographic Distribution

Analyze access from different IP addresses and location-based activities

Automatic Protection

Ensure security with automatic account lockout after 5 wrong passwords