Private Preview Feedback: Audit log streaming to a user defined HTTP endpoint

[boylejj]

Private preview of Audit log streaming to a user defined HTTPs event collector

Customer Requirements for Streaming GitHub Audit Logs

This document outlines the necessary requirements for customers hosting endpoints to receive GitHub audit logs through our streaming feature.

1. Maximum Throughput

• Standard Throughput: 200 events per second.
• Additional Throughput: If API events are enabled, an additional 100-200 events per second may be received.

2. Processing Time

• Each payload delivery should be processed within 500 milliseconds.

3. Payload Size

• Maximum Payload Size: 1MB
• Average Individual Event Size: 70KB
• Batch Size: 50 events or up to 5MB

4. Authentication Requirements

Authentication should follow GitHub's standard webhook delivery validation. Here's how it works:

• Expected Header: Each payload includes an X-Hub-Signature-256 header, containing the HMAC signature of the payload.
• Verification: Customers must validate the HMAC signature to ensure payload authenticity. For implementation details, refer to GitHub's documentation on validating webhook deliveries.

---

By adhering to these requirements, customers can ensure reliable, secure, and efficient handling of audit log data.