Audit Logs API
Access Audit Logs programmatically using the Audit Logs API.
Available Plans
- enterprise
3 minute read
This guide provides a detailed reference for the RudderStack Audit Logs API.
Overview
The Audit Logs API lets you programmatically access Audit Logs for running your security audits. You can use the API to:
- Access all existing Audit Logs
- Access the Audit Logs generated after the last access
- Filter Audit Logs based on workspaces, date, etc.
Tip: You can also view Audit Logs in the RudderStack dashboard.
Prerequisites
- Only Admins can access the Audit Logs API
- Generate an organization-level Service Access Token in the RudderStack dashboard to authenticate the API
Token permissions for legacy RBAC system
If you are on the legacy Permissions Management (RBAC) system, see this documentation for generating the organization-level Service Access Token.
Authentication
The Audit Logs API uses Bearer authentication in the following format:
Authorization: Bearer <SERVICE_ACCESS_TOKEN>
Base URL
Use the base URL for your API requests depending on your region:
Access Audit Logs
You can access Audit Logs using the below endpoint:
GET
/v2/audit-logs
Query parameters:
per_page
optional, default is
100integer
Indicates the number of items per page. You can set its value anywhere between the range of 1 to 100.workspace_id
optional
string
Fetches the Audit Logs corresponding to the workspace ID. If not provided, all the Audit Logs corresponding to the organization are fetched.created_after
optional
string
Date and time in the ISO date-time format after which you want to fetch the Audit Logs.- Example request:
- Example response:
{
"data": [{
"id": "2CHj1PJ61lv1NPyQtCiFi2KVX2y",
"actorId": "1vtoxffVBhY2c2iIS6o3GeM0O5B",
"actorType": "user",
"targetId": "2CHj1QBfmNWmpHOMAAkfDZ66fCr",
"targetType": "destination",
"action": "created",
"ip": "::ffff:10.1.3.23",
"createdAt": "2022-07-22T05:03:08.928Z",
"workspaceId": "1vtp6E0bfo3FoGChWFW2f81fogc",
"organizationId": "1vtp6F2GdSqeAHciTsEpNaW9mKy"
},
{
"id": "2CHj6cFHxk11t2QekhPzKhuu7BK",
"actorId": "1vtoxffVBhY2c2iIS6o3GeM0O5B",
"actorType": "user",
"targetId": "2CHj1QBfmNWmpHOMAAkfDZ66fCr",
"targetType": "destination",
"action": "updated",
"ip": "::ffff:10.1.3.23",
"createdAt": "2022-07-22T05:03:49.495Z",
"workspaceId": "1vtp6E0bfo3FoGChWFW2f81fogc",
"organizationId": "1vtp6F2GdSqeAHciTsEpNaW9mKy"
}
],
"paging": {
"next": "/v2/audit-logs?after_cursor=2CHj6cFHxk11t2QekhPzKhuu7BK&per_page=2&workspace_id=1vtp6E0bfo3FoGChWFW2f81fogc",
"total": 200
}
}
RudderStack supports specific values for thetargetTypeandactionparameters. See Supported target types and actions for more information.
Response object parameters:
data
optional
object
Contains the Audit Logs array.id
optional
string
Unique identifier for the audit log entry.actorId
optional
string
Unique identifier for the user who performed the action.actorType
optional
string
Describes who performed the action. RudderStack currently supports only user actor type.targetId
optional
string
Unique identifier for the target of the action.targetType
optional
string
Describes the target on which the action is performed.action
optional
string
Action performed by the user.ip
optional
string
IP address of the user who performed the action.createdAt
optional
string
Timestamp when the audit log was createdworkspaceId
optional
string
Unique identifier for the workspace where the action was performed.organizationId
optional
string
Unique identifier for the organization where the action was performed.paging
optional
object
Contains the pagination information.next
optional
string
Endpoint to fetch the next page.total
required
integer
Total number of Audit Logs resulting from the query.Supported target types and actions
RudderStack currently supports following values for the targetType and action parameters pair:
