API Reference

User

Audit Logs

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get user audit logs

client.User.AuditLogs.List(ctx, query) (*V4PagePaginationArray[AuditLog], error)

GET/user/audit_logs

Gets a list of audit logs for a user account. Can be filtered by who made the change, on which zone, and the timeframe of the change.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Account Settings WriteAccount Settings Read

ParametersExpand Collapse

query AuditLogListParams

ID param.Field[string]optional

Finds a specific log by its ID.

Action param.Field[AuditLogListParamsAction]optional

Type stringoptional

Filters by the action type.

Actor param.Field[AuditLogListParamsActor]optional

Email stringoptional

Filters by the email address of the actor that made the change.

formatemail

IP stringoptional

Filters by the IP address of the request that made the change by specific IP address or valid CIDR Range.

Before param.Field[AuditLogListParamsBeforeUnion]optional

Limits the returned results to logs older than the specified date. A full-date that conforms to RFC3339.

UnionTime

UnionTime

Direction param.Field[AuditLogListParamsDirection]optional

Changes the direction of the chronological sorting.

const AuditLogListParamsDirectionDesc AuditLogListParamsDirection = "desc"

const AuditLogListParamsDirectionAsc AuditLogListParamsDirection = "asc"

Export param.Field[bool]optional

Indicates that this request is an export of logs in CSV format.

HideUserLogs param.Field[bool]optional

Indicates whether or not to hide user level audit logs.

Page param.Field[float64]optional

Defines which page of results to return.

minimum1

PerPage param.Field[float64]optional

Sets the number of results to return per page.

maximum1000

minimum1

Since param.Field[AuditLogListParamsSinceUnion]optional

Limits the returned results to logs newer than the specified date. A full-date that conforms to RFC3339.

UnionTime

UnionTime

Zone param.Field[AuditLogListParamsZone]optional

Name stringoptional

Filters by the name of the zone associated to the change.

ReturnsExpand Collapse

type AuditLog struct{…}

ID stringoptional

A string that uniquely identifies the audit log.

Action AuditLogActionoptional

Result booloptional

A boolean that indicates if the action attempted was successful.

Type stringoptional

A short string that describes the action that was performed.

Actor AuditLogActoroptional

ID stringoptional

The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

Email stringoptional

The email of the user that performed the action.

formatemail

IP stringoptional

The IP address of the request that performed the action.

Type AuditLogActorTypeoptional

The type of actor, whether a User, Cloudflare Admin, or an Automated System.

One of the following:

const AuditLogActorTypeUser AuditLogActorType = "user"

const AuditLogActorTypeAdmin AuditLogActorType = "admin"

const AuditLogActorTypeCloudflare AuditLogActorType = "Cloudflare"

Interface stringoptional

The source of the event.

Metadata unknownoptional

An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

NewValue stringoptional

The new value of the resource that was modified.

OldValue stringoptional

The value of the resource before it was modified.

Owner AuditLogOwneroptional

ID stringoptional

Identifier

maxLength32

Resource AuditLogResourceoptional

ID stringoptional

An identifier for the resource that was affected by the action.

Type stringoptional

A short string that describes the resource that was affected by the action.

When Timeoptional

A UTC RFC3339 timestamp that specifies when the action being logged occured.

formatdate-time

Get user audit logs

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/user"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  page, err := client.User.AuditLogs.List(context.TODO(), user.AuditLogListParams{

  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", page)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}