Audit Logs API Access audit logs programmatically using the Audit Logs API.
The Audit Logs API lets you programmatically access audit logs for running your security audits. You can use the API to:
Access all existing audit logs. Access the audit logs generated after the last access. Filter audit logs based on workspaces, date, etc. You can also view
audit logs in the RudderStack dashboard.
Prerequisites For production use cases, RudderStack recommends using a service access token instead of
personal access token .
Authentication The Audit Logs API uses Bearer authentication in the following format:
Authorization: Bearer <SERVICE_ACCESS_TOKEN>
Base URL Use the base URL for your API requests depending on your region:
https://api.rudderstack.com
https://api.eu.rudderstack.com
Access audit logs You can access audit logs using the below endpoint:
Query parameters :
per_page
optional, default is 100
integer
Indicates the number of items per page. You can set its value anywhere between the range of 1 to 100. string
Fetches the audit logs corresponding to the workspace ID. If not provided, all the audit logs corresponding to the organization are fetched. string
Date and time in the ISO date-time format after which you want to fetch the audit logs. GET /v2/audit-logs
Host: api.rudderstack.com
Authorization: Bearer 2QHVKQJeojt6Ae9e4iiOhycHrdG
curl --location 'https://api.rudderstack.com/v2/audit-logs?after_cursor=213&per_page=2&workspace_id=1wJCPWvDLHgsi5inTHAChsrFn7O' \
--header 'Authorization: Bearer 2QHVKQJeojt6Ae9e4iiOhycHrdG'
{
"data" : [{
"id" : "2CHj1PJ61lv1NPyQtCiFi2KVX2y" ,
"actorId" : "1vtoxffVBhY2c2iIS6o3GeM0O5B" ,
"actorType" : "user" ,
"targetId" : "2CHj1QBfmNWmpHOMAAkfDZ66fCr" ,
"targetType" : "destination" ,
"action" : "created" ,
"ip" : "::ffff:10.1.3.23" ,
"createdAt" : "2022-07-22T05:03:08.928Z" ,
"workspaceId" : "1vtp6E0bfo3FoGChWFW2f81fogc" ,
"organizationId" : "1vtp6F2GdSqeAHciTsEpNaW9mKy"
},
{
"id" : "2CHj6cFHxk11t2QekhPzKhuu7BK" ,
"actorId" : "1vtoxffVBhY2c2iIS6o3GeM0O5B" ,
"actorType" : "user" ,
"targetId" : "2CHj1QBfmNWmpHOMAAkfDZ66fCr" ,
"targetType" : "destination" ,
"action" : "updated" ,
"ip" : "::ffff:10.1.3.23" ,
"createdAt" : "2022-07-22T05:03:49.495Z" ,
"workspaceId" : "1vtp6E0bfo3FoGChWFW2f81fogc" ,
"organizationId" : "1vtp6F2GdSqeAHciTsEpNaW9mKy"
}
],
"paging" : {
"next" : "/v2/audit-logs?after_cursor=2CHj6cFHxk11t2QekhPzKhuu7BK&per_page=2&workspace_id=1vtp6E0bfo3FoGChWFW2f81fogc" ,
"total" : 200
}
}
Response object parameters :
object
Contains the audit logs array. string
Unique identifier for the audit log entry. string
Unique identifier for the user who performed the action. string
Describes who performed the action. RudderStack currently supports only user
actor type. string
Unique identifier for the target of the action. string
Describes the target on which the action is performed. string
Action performed by the user. string
IP address of the user who performed the action. string
Timestamp when the audit log was created string
Unique identifier for the workspace where the action was performed. string
Unique identifier for the organization where the action was performed. object
Contains the pagination information. string
Endpoint to fetch the next page. integer
Total number of audit logs resulting from the query. Supported target types and actions RudderStack currently supports following values for the targetType
and action
parameters pair:
targetType
parameteraction
parameterdestination
connected_source
destination
connected_transformation
destination
created
destination
deleted
destination
disconnected_source
destination
disconnected_transformation
destination
updated
destination
updated_transformation
notification
updated
permission
deleted_user_permissions
permission
resource_access_updated
permission
resource_locked
profiles
created
profiles
deleted
profiles
updated
source
connected_sql_model
source
connected_tracking_plan
source
created
source
deleted
source
disconnected_sql_model
source
disconnected_tracking_plan
source
updated
source
updated_tracking_plan_config
sql_model
created
sql_model
deleted
sql_model
updated
transformation
created
transformation
deleted
transformation
updated
transformation_library
created
transformation_library
deleted
transformation_library
updated
user
added_to_organization
user
changed_permission
user
disabled_mfa
user
enabled_mfa
user
removed_from_organization
user
updated_phone_number
user_invitation
created
user_invitation
deleted
user_invitation
updated
workspace
deleted
workspace
updated_data_retention
Questions? Contact us by email or on
Slack