Developers commonly integrate with cloud storage services such as Google Drive to sync files that change between their app and users’ cloud storage. At Kloudless, we’ve seen activity monitoring used for everything from workflow automation to data loss protection.

The Kloudless unified Events API enables developers to track changes regardless of which cloud storage account a user connects. Google Drive remains one of the most popular services users connect accounts for. In this blog post, we’ll discuss the various ways to track changes in Google Drive and when to use each.

Google Drive provides three different API endpoints each capable of tracking changes in a user’s account:

The Changes API

The Changes API provides an efficient way to detect changes to all files, including those that have been shared with a user. Here is an example of a change resource returned when listing changes in an account:

The Changes API helps detect which data has changed or been removed. It doesn’t provide much information on how the change occurred, or activity other than additions, updates, and deletions. However, the Changes API does support webhook notifications to avoid repeatedly polling the API endpoints.

This API endpoint especially helps with use cases involving basic one-way sync, such as with automation rules. However, the Drive Activity API described below is more helpful for use cases that require additional detail.

The Activity API

The Drive Activity API also retrieves changes in a user’s Google Drive or Team Drive, but provides more detail than the Changes API does. File renames and moves don’t overlap with additions and deletions, for example. Here is an example DriveActivity object:

Examples of additional detail include the type, target, and actor associated with the event. This enables nuanced responses to different types of activity, such as in use cases involving analysis and audit.

This API endpoint’s primary downside is that it requires activity to be queried rather than followed in a stream. The API response returns activity in descending order by time, which makes it harder to get new events beginning at a particular point in time. To do so, developers must paginate backwards in time till reaching the point in the event stream they’d like to begin receiving data from.

The Reports API

Only G Suite admins can grant access to their organization’s activity data via the Admin SDK’s Reports API. It provides the ability to monitor all activity in a G Suite tenant.

This also means that all activity in Team Drives can be monitored with a single query, which is a major benefit over the Changes and Activity API that each require individual requests for activity on every Team Drive. For example, the Activity API only returns activity in a user’s individual Google Drive unless the request specifies a Team Drive ID as the ancestor.

To retrieve org-wide Google Drive activity using the Reports API, set the applicationName to drive in the list request‘s query parameter. Here is an example Drive Audit Activity event:

The Reports API especially helps with use cases related to audit and security, such as Data Loss Prevention. It also supports webhooks.

However, apps might find it challenging to identify complex actions since the API groups together several sub-events and marks one as the primary action. Certain inconsistencies may appear, such as both copies and new file creation including create as the primary action, and change_acl_editors representing either link creation or deletion. In some cases, the API doesn’t identify the primary event either.

The Kloudless implementation

The Kloudless Events API implements all three endpoints described above and uses the one most appropriate for each user account.

Kloudless also simplifies monitoring data across Team Drives via the Activity API by allowing developers to specify which Team Drives to monitor for each end-user account. Kloudless tracks activity data in all of them behind the scenes and enables apps to retrieved the merged event stream via a single endpoint.

In addition, Kloudless normalizes the different response formats into a single stream of events, queryable with checkpoints. This makes it easier to retrieve Activity API data as an event stream.

Developers interested in audit-type data across several cloud apps should check out our v2 Audit API. This API normalizes the granular audit data available across several cloud apps, including the Google Reports API, into a uniform format, making it easy to integrate several apps with a single implementation.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.